phpMyAdmin is a popular web-based interface for managing MySQL and MariaDB databases, offering a graphical alternative to the command line. On RHEL 8, you can install it quickly from the EPEL repository, which provides community-maintained packages not included in the default RHEL channels. After installation, a few configuration steps secure access and integrate phpMyAdmin with Apache. This tutorial walks through installing, configuring, and accessing phpMyAdmin on a RHEL 8 server.
Prerequisites
- A RHEL 8 server with a non-root sudo user
- MySQL or MariaDB installed and running
- Apache (httpd) installed and running
- PHP installed (php, php-mysqlnd, php-json, php-mbstring)
- The EPEL repository enabled (
dnf install -y epel-release) - firewalld configured to allow HTTP/HTTPS traffic
Step 1 — Enable EPEL and Install phpMyAdmin
The EPEL repository provides the phpMyAdmin package for RHEL 8. Enable it and install phpMyAdmin along with its PHP dependencies in one command.
sudo dnf install -y epel-release
sudo dnf install -y phpMyAdmin php-pecl-zip php-tcpdfAfter installation, the configuration file is placed at /etc/phpMyAdmin/config.inc.php and the Apache alias configuration at /etc/httpd/conf.d/phpMyAdmin.conf.
Step 2 — Set the Blowfish Secret and Database Host
phpMyAdmin uses a blowfish secret to encrypt cookies. Open the main configuration file and set a strong random string, then confirm the database host.
sudo nano /etc/phpMyAdmin/config.inc.phpLocate and update the following lines:
$cfg['blowfish_secret'] = 'A32characterOrLongerRandomString!!';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['auth_type'] = 'cookie';Using 127.0.0.1 instead of localhost forces TCP rather than a Unix socket, which is required when MySQL is bound to the loopback address.
Step 3 — Restrict Access by IP Address
By default, the Apache alias configuration restricts phpMyAdmin to localhost. Open the alias file and add your administrative workstation IP so you can access the interface from your browser.
sudo nano /etc/httpd/conf.d/phpMyAdmin.confFind the <RequireAny> blocks inside both <Directory> stanzas and add your IP:
Require ip 127.0.0.1
Require ip ::1
Require ip 203.0.113.50
Replace 203.0.113.50 with your actual client IP. Save the file and restart Apache.
sudo systemctl restart httpdStep 4 — Open the Firewall Port
If your server’s firewall is active, allow HTTP (and optionally HTTPS) traffic so you can reach the phpMyAdmin interface from your browser.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadStep 5 — Secure phpMyAdmin with HTTP Basic Authentication
Adding an extra layer of HTTP basic authentication in front of phpMyAdmin reduces exposure to brute-force attempts. Create a password file and update the Apache configuration.
sudo htpasswd -c /etc/httpd/conf.d/.htpasswd adminuserNow add authentication directives to the phpMyAdmin Apache configuration inside the first <Directory> block:
AuthType Basic
AuthName "phpMyAdmin Access"
AuthUserFile /etc/httpd/conf.d/.htpasswd
Require valid-userRestart Apache to apply the change:
sudo systemctl restart httpdStep 6 — Access phpMyAdmin in Your Browser
Navigate to the phpMyAdmin interface using your server’s IP or hostname:
http://your_server_ip/phpMyAdminYou will first see the HTTP basic authentication prompt. After entering those credentials, you will reach the phpMyAdmin login page. Sign in with your MySQL root user or a dedicated MySQL account. Once logged in, you can browse databases, run SQL queries, manage users, import and export data, and perform administrative tasks through the graphical interface.
Conclusion
You have successfully installed phpMyAdmin on RHEL 8, configured a secure blowfish secret, restricted access by IP address, added HTTP basic authentication as a second authentication layer, and confirmed browser access to the web interface. Keeping phpMyAdmin behind both IP restrictions and HTTP authentication significantly reduces the attack surface compared to leaving it open to the internet.
Next steps: How to Create and Manage MySQL Users and Privileges on RHEL 8, How to Configure MySQL Primary-Replica Replication on RHEL 8, and How to Secure Apache with Let’s Encrypt SSL on RHEL 8.
