How install and secure phpmyadmin with nginx on a ubuntu 18.04 server?

Introduction

MySQL is being wanted by many users for the functionality of a database. And it is interacting with the system solely from the MySQL command. It is required a SQL language familiarity for line clients also. But someone is not preferred to this interface.

Table of Contents Show

Introduction
Prerequisites
Step 01: Installing phpMyAdmin
Step 02: Changing phpMyAdmin,s default location.
How Install and secure phpMyAdmin with Nginx on a Ubuntu 16.04 Server?
Can I use phpMyAdmin with Nginx?
How do I completely install phpMyAdmin on Ubuntu?
How configure PHP Nginx ubuntu?

phpMyAdmin created so that users can interact with MySQL and it runs with a PHP development environment for an intuitive web interface. Through this article, we discuss the way of installing phpMyAdmin on top of an Nginx server and the way of configuration to increase the security of the server.

Note:

When using software like phpMyAdmin, there is an important security consideration. Because it runs on the database server. It deals with the database credentials. Arbitrary SQL queries are facilitated to users to easily execute. phpMyAdmin widely based on the PHP application. And this is a target for attack. Through this article, we informed you regarding security measurement. Then you can make a decision either the knowledge.

Prerequisites

Before you install this, you should have to fulfill the following requirements with you.

According to the description of the initial server setup guide for Ubuntu 18.04, the Ubuntu 18.04 server running a LEMP (Linux, Nginx, MySQL, and PHP) stack secured with of. Still, you haven’t set up your server; you can follow some guides through the searching article.
You have to access this server as a non-root user with sudo privileges.

Using MySQL credentials, phpMyAdmin handle authentication. It is better to install an SSL or TLS certificate. Through that, it enables encrypted traffic between server and client. If you have not available domain configured with a valid certificate then you can available article to match with your issue.

Warning

If you not available SSL or TLS certificates ha installed on your server and if you want to still continue the process, then you can consider enforcing access via SSH tunnels which will be explained in step 05 of this article.

When you fulfilled those mention requirements, Now you can go ahead to the installation process.

Step 01: Installing phpMyAdmin

AS the first step, we have to install phpMyAdmin on the LEMP. To achieve our target, we use our usual default Ubuntu repositories.

We will start with updating the server’s package index,

$ sudo apt update

Now you have the ability to install phpMyAdmin with:

$ sudo apt install PHPMyAdmin

When you are in the installation process, it will be asked you choose the webserver. (Either Apache or Lighthttp) to configure. But there is no need to choose a server because we use the Nginx as the web server. To move to the next step, press on the tab key and click on ok.

Then it will ask you whether you use dbconfig- common for configuring the application database. Now you select the “Yes” option. Now it will set up the internal database and administrative user for PHPMyAdmin. It will be ask from you to define a new password for the PHPMyAdmin MySQL user. It is not necessary to enter a password. if you leave it blank, it will automatically create a password for PHPMyAdmin.

Now it is finished the installation. Now we have to create a symbolic link for the installation files to Nginx document for root directory, because of the Nginx web server find and serve the phpMyAdmin files correctly.

$ sudo ln -s /usr/ share/ phpmyadmin/ var/ www/ html/ phpmyadmin

Now, it is process your phpMyAdmin installation. For the access to the interface, go to your server’s domain name or public IP address followed by phpmyadmin in your web browser:

https:// server_domain_or IP/phpmyadmin

As mention before, using MySQL credentials, phpMyAdmin handles authentication. The meaning of that, to connect to database to the database via console or via an API, you should use the same user name and password.

Note: It may be discourage the logging into phpMyAdmin as the root MySQL. Through that, it represents a significant security risk. We will discuss the way of disabling the root login.

At this point, your phpMyAdmin installation should be starting to the completely functional. We have exposed our MySQL database server to the outside world through installing a web interface. phpMyAdmin is popular in the world and it have large amount of data it may provide access to, because of that, phpMyAdmin may be a common targets for a attacker. We go ahead through this article and it will discuss the different ways for increase the security of our phpMyAdmin installation.

Step 02: Changing phpMyAdmin,s default location.

Through making it harder to find, we can protect our phpMyAdmin installation. And it is the most basic way to secure the phpMyAdmin installation. Bots will scan the common path such as phpMyAdmin, pma, admin, mysql and etc. Through changing the URL phpMyAdmin interface to non standard interface, it make difficult to find for the automated scripts the phpMyAdmin installation and attempt are may be inherit bad results for attackers.

It creates a symbolic link pointing, when we installed the phpMyAdmin. It located in the actual file application which is the user/ share/ phpMyAdmin. We have to rename the symbol link for change the interface of phpMyAdmin.

First of all we will navigate to the Nginx document root directory and will list the files which are containing it. Through that will get a better knowledge of the change we’ll make:

$ cd / var/ www/ html/
$ ls –l

Then, you will receive the output as follow.

Output
total 8
-rw- r-- r-- 1 root root 612 Apr 8 13:30 index. nginx- debian.html
lrwxrwxrwx 1 root root 21 Apr 8 15:36 phpmyadmin -> / user/ share/ phpmyadmin

The meaning of this output is, there is a symbolic link called phpMyAdmin in this directory. If you want, you can change this link name as you want. In addition to, this will change the access URL of phpMyAdmin. It will help to obscure the endpoint from bots hardcoded to search common endpoint names.

style="font-weight:400;">It is better to select an obscures name with purpose of the endpoint. As an example, we use the “&lt;/span&gt;&lt;b&gt;nothintosee&lt;/b&gt;&lt;span style="font-weight:400"&gt;” as our end point. As that, you should use the alternative name. According to that; we will rename the link as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;&nbsp;sudo mv phpmyadmin nothingtosee&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;&nbsp;ls -l&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;After running the above commands, you’ll receive this output as follow:&lt;/span&gt;&lt;span style="font-weight:400"&gt;&lt;br /&gt; &lt;/span&gt;&lt;span style="font-weight:400"&gt;&lt;br /&gt; &lt;/span&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;&lt;b&gt;Output&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;total 8&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-rw-r--r-- 1 root root 612 Apr &nbsp;8 13:30 index.nginx- debian.html&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;lrwxrwxrwx 1 root root &nbsp;21 Apr 8 15:36 nothingtosee -&amp;gt; / user/ share/ phpmyadmin&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, you will go the old URL and you will get a 404 error;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;&nbsp;&nbsp;&nbsp; &lt;/span&gt;&lt;b&gt;https://server_ domain_ or_ IP/ phpmyadmin&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now it is available the phpMyAdmin interface now at the new URL as soon as configured;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;&nbsp;&nbsp;&nbsp; &lt;/span&gt;&lt;b&gt;https://server_ domain_ or_ IP/ nothingtosee&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Through obfuscating the real location of &lt;/span&gt;&lt;span style="font-weight:400"&gt;phpMyAdmin on the server, your phpMyAdmin installation is securing against automated scan and from attackers.&lt;/span&gt;&lt;/p&gt; &lt;h3&gt;&lt;b&gt;Step 03: Disabling root login&lt;/b&gt;&lt;/h3&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;As well as regular Linux system, on MySQL is also have root account and it is a special administrative account with unrestricted access to the system. Although it is a privilege account, it inherits disadvantages being with a popular login name. With this known login it may be easy target for attackers. To minimize the risk, we can configure phpMyAdmin to reject any login attempts coming from the user root. According to that, you will get an “access denied” error and won’t be allowing to login, even you provide valid credentials.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;To configure and store phpMyAdmin setting we select the dbconfig- common. Because of that, the default configuration is currently stored in the database. With the purpose of define our custom setting; we have to create a new config. Inc. php file.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;The PHP file locates in the user/ share/ phpmyadmin for phpMyAdmin installation. But the application use the configuration file available in /etc/ phpmyadmin. Now we will create a new custom file inside the /etc/ phpmyadmin/ conf.d. We name it as pma_ secure.php:&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;&nbsp;&nbsp;&nbsp; &lt;/span&gt;&lt;b&gt;$ &nbsp;&nbsp;sudo nano / etc/ phpmyadmin/ conf.d/ pma_ secure.php&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;There is the necessary setting for the disabling password setting in the following configuration file.( &lt;/span&gt;&lt;b&gt;AllownoPassword&lt;/b&gt;&lt;span style="font-weight:400"&gt; set to &lt;/span&gt;&lt;b&gt;false) &lt;/b&gt;&lt;span style="font-weight:400"&gt;and root login (&lt;/span&gt;&lt;b&gt;AllowRoot&lt;/b&gt;&lt;span style="font-weight:400"&gt; set to &lt;/span&gt;&lt;b&gt;false);&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;etc/ phpmyadmin/ conf.d/ pma_secure.php&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;code&gt;&lt;/code&gt;&lt;/b&gt;&lt;b&gt;&amp;lt;?php&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;# PhpMyAdmin Settings&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;# This should be set to a random string of at least 32 chars&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;cfg['blowfish_secret'] = '3!#&lt;a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5e6d6c1e6d2d3f"&gt;[email&nbsp;protected]&lt;/a&gt;(+=_4?),5XP_:U%%8\34sdfSdg43yH# {o';&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;i=0;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;i++;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;&nbsp;cfg ['Servers'] [$i] ['auth_type'] &nbsp;= 'cookie';&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;&nbsp;cfg ['Servers'] [$i] ['AllowNoPassword'] = &nbsp;false;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Icfg ['Servers'] [$i] ['AllowRoot'] = &nbsp;false;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;span style="font-weight:400"&gt;After you done editing, you have to save the changes. For that, you can press the &lt;/span&gt;&lt;b&gt;CTRL + X &lt;/b&gt;&lt;span style="font-weight:400"&gt;and then press &lt;/span&gt;&lt;b&gt;Y &lt;/b&gt;&lt;span style="font-weight:400"&gt;to confirm the changes and press &lt;/span&gt;&lt;b&gt;ENTER. &lt;/b&gt;&lt;span style="font-weight:400"&gt;Now, the changes will apply to automatically. Now there may be display error as &lt;/span&gt;&lt;b&gt;Access Denied&lt;/b&gt;&lt;span style="font-weight:400"&gt;, if you try to reload the login page and try to log in as root.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;On your phpMyAdmin installation, it prohibited the root login. This will help you to secure your phpMyAdmin installation from attacks through trying to guess the root database password on your server. In addition to, for accessing the interface of phpMyAdmin, you can use less privileged MySQL account. It is also good security measurement.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&nbsp;&lt;/p&gt; &lt;h3&gt;&lt;b&gt;Step 04: Creating an authentication gateway&lt;/b&gt;&lt;/h3&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;You can avoid some automated bots through hiding your phpMyAdmin installation on unusual location. But it is not a solution for targeted attacks. It is better to protect a web application with restricted access and it generally wise protective action to stop attackers before they reach the application. Through this, attackers are unable to attacks to guess the access credentials and use generic exploits.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;It is more important to keep the login interface locked away at specific case of phpMyAdmin. You provide a chance for attackers to guess your database credentials through keeping it open to the world.&lt;/span&gt;&lt;span style="font-weight:400"&gt;&nbsp;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;You can increase security of your phpMyAdmin installation, through adding an extra layer of authentication. Before seeing the phpMyAdmin login screen, user will required to pass through an HTTP authentication prompt. Most of time, Most of web servers and Nginx also provide this capability natively.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;First of all, we should have created a password file to store the authentication credentials for set this. Nginx requires to crate the password ne encrypted through using the &lt;/span&gt;&lt;b&gt;crypt ( ) &lt;/b&gt;&lt;span style="font-weight:400"&gt;function. It is already included in the OpenSSL suite which you have installed on your server. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;To create an encrypted password, type as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$ openssl passwd&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now it will require entering and confirming the password, which you wish to use as password. After confirming the password, it will display the encrypted version of the password. It may be as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Output&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;O5az. RSPzd. HE&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;This code will be need to past into the authentication file which we will be creating. Because of that copy this value. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, we have to create an authentication file. We identify this file as &lt;/span&gt;&lt;b&gt;pma_ pass &lt;/b&gt;&lt;span style="font-weight:400"&gt;and place it in the Nginx configuration directory;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;&lt;b&gt;$ &nbsp;&nbsp;sudo nano / etc/ nginx/ pma_ pass&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;In this file, you have to specify which you like username. Now you can use follow by a colon (: ) the encryption version of your password receive from the &lt;/span&gt;&lt;b&gt;openssl passwd &lt;/b&gt;&lt;span style="font-weight:400"&gt;utility.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now we will rename our user as &lt;/span&gt;&lt;b&gt;Sammy&lt;/b&gt;&lt;span style="font-weight:400"&gt;, so, you can use that kind of alternative username. Then it should like as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;/etc/ nginx/ pma_pass&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;sammy: O5az. RSPzd. HE&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now save and close your file.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now we are going to modify the configuration file of Nginx. For that we use the configuration file, which located is /etc/ nginx/ sites-available/ example.com. For the phpMyAdmin is currently hosted, you have to select Nginx configuration file. To get started, open the file through your text editor.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$ sudo nano /etc/ nginx/ sites- available/ example.com&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, find the &lt;/span&gt;&lt;b&gt;server&lt;/b&gt;&lt;span style="font-weight:400"&gt; block and &lt;/span&gt;&lt;b&gt;location&lt;/b&gt;&lt;span style="font-weight:400"&gt; section with it. To match with phpMyAdmin’s current path on the server, we have to create a &lt;/span&gt;&lt;b&gt;new location&lt;/b&gt;&lt;span style="font-weight:400"&gt; within this block. According to this article, the location of phpMyAdmin relative to the web root is /nothingsee:&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;&lt;b&gt;/etc/ nginx/ sites- available/ default&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;server {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;location / {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;try_ files $uri $uri/ =404;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;location / nothingtosee {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Settings for phpMyAdmin will go here&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;}&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;In here we have to set up two different directives. Through &lt;/span&gt;&lt;b&gt;auth_basic &lt;/b&gt;&lt;span style="font-weight:400"&gt;define the message that will be displayed on the authentication prompt and &lt;/span&gt;&lt;b&gt;auth_basic_user_files&lt;/b&gt;&lt;span style="font-weight:400"&gt;, pointing to the file we just created. The configuration looks like as follow when you finish it;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;/etc/ nginx/ sites- available/ default&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;server {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;location / nothingtosee {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_ basic "Admin Login";&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_ basic_ user_ file /etc/ nginx/ pma_ pass;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;}&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now save and close your file when you finished. You can run it to check whether configuration file is valid.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sudo nginx -t&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Then it can be see the output as follow.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Output&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;nginx: the configuration file / etc/ nginx/ nginx.conf syntax is ok&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;nginx: configuration file / etc/ nginx/ nginx.conf test is successful&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;After that you have to reload the web server to activate the authentication gate.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;sudo systemctl reload nginx&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now we have to provide the user name and password, which you set to the &lt;/span&gt;&lt;b&gt;pma_ pass &lt;/b&gt;&lt;span style="font-weight:400"&gt;file, for visit the phpMyAdmin URL in your web browser.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;https://server_domain_or_IP/ nothingtosee&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;After you entering the credentials, you will able to taken to the standard phpMyAdmin login page.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Note: &lt;/b&gt;&lt;span style="font-weight:400"&gt;After refreshing the page does not work, then you have to clear your &lt;a href="https://clearcachewiki.com/how-to-wipe-cache-partition-and-clear-data-on-android/" data-internallinksmanager029f6b8e52c="18" title="Clear Cache" target="_blank" rel="noopener"&gt;cache&lt;/a&gt; or use a different browser, if you are already use phpMyAdmin.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;This is providing the extra layer of security. In addition to it help to keep the MySQL logs clean of spammy authentication attempts.&lt;/span&gt;&lt;/p&gt; &lt;h3&gt;&lt;b&gt;Step 05: Setting up access via encrypted tunnels (Optional)&lt;/b&gt;&lt;/h3&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Through lock down the phpMyAdmin installation to authorized hosts only, is be a reason for increase the security of phpMyAdmin installation. For the authorized hosts in your Nginx configuration file, you can &lt;/span&gt;&lt;b&gt;whitelist&lt;/b&gt;&lt;span style="font-weight:400"&gt; those files. Then it automatically rejected any IP address requests which are not included in the list. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;For the some cases, it is sufficient this feature alone. But this is not the best solution and not valid for long term. Most of times, peoples are not accessing to the internet using static IP address. When you receive a new IP address from your internet provider, you should update the Nginx configuration file with your new IP address. Without updating, you are unable to access to the phpMyAdmin interface.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;There is the more robust long term another solution. For the users can access to phpMyAdmin interface by using IP based access control. But this is valid only for access through &lt;/span&gt;&lt;b&gt;authorized IP address &lt;/b&gt;&lt;span style="font-weight:400"&gt;or &lt;/span&gt;&lt;b&gt;Local host via SSH tunneling. &lt;/b&gt;&lt;span style="font-weight:400"&gt;Now we focus on the way for that. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;In addition to provide a secure channel between user and server through the using of encrypted tunnels, it is increase the security with combining IP based access control withSSH tunneling are work as to blocking access coming from the public internet. (Except for authorized IPs)&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Setting up IP bases access control on Nginx&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;We can define the corresponding location block given site based on IP based access control on Nginx, using the directives allow and deny. As a example, if want to allow only specific request which are coming from given host, Then we can include following two lines, inside the relevant location block for the site we would like to protect;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;allow hostname_ or_IP;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;deny all;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;You will be able to allow the hosts as you want. It is enough to include one allow line for each authorized host/ IP inside the respective location block for the site you’re protecting. Until it will be find a match or due to reject the all request through deny all directives, it will be evaluated in same order as they listed.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, for the requests are coming from only local host or your current IP address, Nginx will be configured to allow. For that, first of all you should know your current public IP address which your local machine is use to connect to the internet. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;There are several ways available to find that information. Because of simplicity, we will move to the get understand the service provided by ipinfo.io Otherwise you can open the URL &lt;/span&gt;&lt;a href="https://ipinfo.io/ip"&gt;&lt;span style="font-weight:400"&gt;https://ipinfo.io/ip&lt;/span&gt;&lt;/a&gt;&lt;span style="font-weight:400"&gt; in your browser. If not, you can enter following command in your local machine;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;&lt;b&gt;&nbsp;&nbsp;$ &nbsp;&nbsp;&nbsp;curl &nbsp;&lt;/b&gt;&lt;a href="https://ipinfo.io/ip"&gt;&lt;b&gt;https://ipinfo.io/ip&lt;/b&gt;&lt;/a&gt;&lt;b&gt; &nbsp;&nbsp;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Then you can get an IP address as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Output&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;203.0.113.111&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Above output is your current public IP address. We can configure the phpMyAdmin’s location block, for only approve the request, which are coming from your local host and that IP address. For that, we have to edit the configuration block for phpMyAdmin inside the &lt;/span&gt;&lt;b&gt;etc/ nginx/ sites-available/ example.com.&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, using your command line editor of your choice, open the Nginx configuration line. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ &nbsp;sudo nano / etc/ nginx/ sites-available/ example.com&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;It is already have an access rule in our current configuration. Through using the &lt;/span&gt;&lt;b&gt;Satisfy all &lt;/b&gt;&lt;span style="font-weight:400"&gt;directives, we can combine it the IP based access control. For the increase security, we can keep the current HTTP authentication prompt. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;After configuration of your phpMyAdmin, it will be display as follow:&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/&lt;/span&gt;&lt;b&gt;etc/ nginx/ sites-available/ example.com&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;server {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;location / nothingtosee {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;satisfy all; #requires both conditions&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allow 203.0.113.111; #allow your IP&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allow 127.0.0.1; #allow localhost via SSH tunnels&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;deny all; #deny all other sources&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_basic "Admin Login";&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_basic_user_file / etc/ nginx/ &lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;..6pma_pass;&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;}&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;}&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, keep in mind to replace the &lt;/span&gt;&lt;b&gt;nothingtosee &lt;/b&gt;&lt;span style="font-weight:400"&gt;with the actual path which phpMyAdmin can be found, and highlight the IP address with your current public IP address. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;When you finished he process, you can save and close the file. And you can run it to check whether configuration file is valid.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ sudo nginx –t&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Then the output may be as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Output&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;nginx: the configuration file / etc/ nginx/ nginx.conf syntax is ok&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;nginx: configuration file / etc/ nginx/ nginx.conf test is successful&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, when you open the web server, it will change through above affects;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ &nbsp;&nbsp;&nbsp;sudo systemctl reload nginx&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;It should not disturb to access for your IP address because of it clearly listed as an authorized host. When others are trying to access your phpMyAdmin installation, they will receive a 403 error message (Forbidden).&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;a href="https://server_domain_or_ip/nothingtosee"&gt;&lt;b&gt;https://server_domain_or_IP/nothingtosee&lt;/b&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Next we move to the usage of SSH tunneling to access the web server through local request. Through this way, if your IP address will be changed, you will be able to access to the interface of phpMyAdmin. &lt;/span&gt;&lt;span style="font-weight:400"&gt;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Accessing phpMyAdmin through an encrypted tunnel&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;SSH tunnel work as to way of redirecting network traffic through encrypted channels. You can set a secure tunnel between your local machine and the server, through running as SSH command similar to what you would use to login into server. Now it can redirect through the encrypted tunnel the all traffic coming in on a given local port. And also can use the remote server as proxy before reaching out to the internet. When use VPN (Virtual Private Network), there also happen same procedure. But VPN is simple than set up SSH tunnels.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;We will use SSH tunneling to proxy our request to the remote web server running phpMyAdmin. You can redirect the local requests to the remote web server, through creating a tunnel between your local machine and the server where phpMyAdmin installed. More important thing of thing behind that, traffic will be encrypted and the request will reach as coming from local host to the Nginx. Through this, you can access to the phpMyAdmin interface as securely, without any matter regarding the IP address which you use. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;This is the best security method, if you cannot install SSL or TSL certificate on the web server running phpMyAdmin, because the traffic between your local machine and the remote web server will be encrypted. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;You can run the following command in your local machine for access to phpMyAdmin.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;$ &nbsp;&nbsp;ssh &lt;a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bcc9cfd9cefccfd9cecad9ce"&gt;[email&nbsp;protected]&lt;/a&gt;_domain_or_IP -L 8000: localhost:80 -L 8443:localhost:443 – N&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Let’s examine each part of the command:&lt;/span&gt;&lt;span style="font-weight:400"&gt;&lt;br /&gt; &lt;/span&gt;&lt;span style="font-weight:400"&gt;&lt;br /&gt; &lt;/span&gt;&lt;span style="font-weight:400"&gt;user: SSH user to connect to the server where phpMyAdmin is running&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;hostname_or_IP: SSH host where phpMyAdmin is running&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;-L 8000: localhost: 80 redirect HTTP traffic on port 8000&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;-L 8443: localhost: 443 redirect HTTPS traffic on port 8443&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;-N: do not execute remote commands&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Note: &lt;/b&gt;&lt;span style="font-weight:400"&gt;&nbsp;This command can be block the terminal till interrupted with a &lt;/span&gt;&lt;b&gt;CTRL + C. &lt;/b&gt;&lt;span style="font-weight:400"&gt;In such a situation, it will be a reason for disconnect the SSH connection and packet redirection. You will be able to use the SSH option –f, if you want run this command in background mode.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now, you have to go your browser and replace &lt;/span&gt;&lt;b&gt;server_domain_or_IP&lt;/b&gt;&lt;span style="font-weight:400"&gt; with &lt;/span&gt;&lt;b&gt;localhost:PORT,&lt;/b&gt;&lt;span style="font-weight:400"&gt; where &lt;/span&gt;&lt;b&gt;PORT&lt;/b&gt;&lt;span style="font-weight:400"&gt; is either &nbsp;&lt;/span&gt;&lt;b&gt;8000&lt;/b&gt;&lt;span style="font-weight:400"&gt; for HTTP or &lt;/span&gt;&lt;b&gt;8443&lt;/b&gt;&lt;span style="font-weight:400"&gt; for HTTPS:&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;http://localhost:8000/ nothingtosee&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;a href="https://localhost:443/nothingtosee"&gt;&lt;b&gt;https://localhost:443/nothingtosee&lt;/b&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Note: &lt;/b&gt;&lt;span style="font-weight:400"&gt;You well receive a alert message questioning the security of the SSL certificate, if you use https for accessing to the phpMyAdmin. This happens due to the mismatch with the domain name, which you use (local host) and the address registered within the certificate. (damain where phpMyAdmin is actually being served) Actually, this is a safe to proceed.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Now it being to redirect through a secure tunnel to your remote phpMyAdmin application, all request on &lt;/span&gt;&lt;b&gt;local host: 8000&lt;/b&gt;&lt;span style="font-weight:400"&gt; (HTTP) and &lt;/span&gt;&lt;b&gt;local host: 8443&lt;/b&gt;&lt;span style="font-weight:400"&gt; (HTTPS). You can increase security of your phpMyAdmin through disabling public access to your phpMyAdmin. In addition to it help to protect all traffic between your local computer and the remote server, through using encrypted tunnel to send and receive data. &lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;If you want to enable the access of usage of SSH tunnel for anyone to your phpMyAdmin interface (including you). For that you can remove any authorized IPs from the Nginx configuration file, for that leaving &lt;/span&gt;&lt;b&gt;127.0.0.1 &lt;/b&gt;&lt;span style="font-weight:400"&gt;as the only allowed host to access that location. It is safety action to remove HTTP authentication in order to simplify your set up, when consider nobody will be able to make direct request to phpMyAdmin. In such a situation your configuration file appearance as follow;&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/etc/ nginx/ sites-available/ example.com&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;server {&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;location / nothingtosee { &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allow 127.0.0.1; #allow localhost only&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;deny all; #deny all other sources&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;}&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt; &nbsp;&nbsp;&nbsp;. . .&lt;/b&gt;&lt;b&gt;&lt;br /&gt; &lt;/b&gt;&lt;b&gt;}&lt;/b&gt;&lt;b&gt;&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;After you reload the Nginx’s configuration &lt;/span&gt;&lt;b&gt;sudo systemctl reload nginx. &lt;/b&gt;&lt;span style="font-weight:400"&gt;You want to use the SSH tunnels to access the interface of phpMyAdmin via redirect request, because your phpMyAdmin installation will be locked down.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;Conclusion&lt;/b&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Through this article, we discuss about the way of install phpMyAdmin on Ubuntu 18.04 running Nginx as the web server. This article covered the way of secure a phpMyAdmin installation such as disabling root login, create an extra layer of authentication, and use the SSH tunneling to access a phpMyAdmin installation via local request only.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;span style="font-weight:400"&gt;Through this article, you will be able to secure your MySQL database from a reasonably secure web interface. So we hope this article will be a help for you to secure your phpMyAdmin database.&lt;/span&gt;&lt;/p&gt; &lt;p&gt;&lt;b&gt;&nbsp;&nbsp;&lt;/b&gt;&lt;/p&gt; &lt;div class="quads-location quads-ad18611 " id="quads-ad18611" style="float:none;text-align:center;padding:0px 0 0px 0"&gt; &lt;script data-cfasync="false"&gt;<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"> <ins class="adsbygoogle" style="display:block" data-ad-format="autorelaxed" data-ad-client="ca-pub-3680998947648633" data-ad-slot="3296425561"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({});

How Install and secure phpMyAdmin with Nginx on a Ubuntu 16.04 Server?

Introduction..

Prerequisites..

Step 1 — Installing phpMyAdmin..

Step 2 — Changing phpMyAdmin's Default Location..

Step 3 — Disabling Root Login..

Step 4 — Creating an Authentication Gateway..

Step 5 — Setting Up Access via Encrypted Tunnels..

Setting Up IP-Based Access Control on Nginx..

Can I use phpMyAdmin with Nginx?

You will be able to access your MySQL or MariaDB databases in phpMyAdmin with Nginx through a graphical web interface easily, running alongside a PHP development environment. In this guide, we are going to describe steps how to install and secure PhpMyAdmin with Nginx on Ubuntu 20.04.