wget https://files.phpmyadmin.net/phpMyAdmin/4.9.4/phpMyAdmin-4.9.4-all-languages.zip
unzip phpMyAdmin-4.9.4-all-languages.zip
/usr/share/phpmyadmin
directory:sudo mv phpMyAdmin-4.9.4-all-languages.zip /usr/share/phpmyadmin
cd /usr/share/phpmyadmin
sudo mv config.sample.inc.php config.inc.php
sudo nano config.inc.php
$cfg['blowfish_secret'] = '';
$cfg['blowfish_secret']='my_password';
mkdir /usr/share/phpmyadmin/tmp
chown -R apache:apache /usr/share/phpmyadmin
chmod 777 /usr/share/phpmyadmin/tmp
sudo nano /etc/httpd/conf.d/phpmyadmin.conf
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpmyadmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Save the file (Ctrl+o) and exit (Ctrl+x).
Finally, restart the Apache service to apply the changes made in the configuration file:
systemctl restart httpd
SELinux stands for Security-Enhanced Linux. This is a kernel-level enhancement that improves security. Reconfigure this protocol for phpMyAdmin to work.
yum -y install policycoreutils-python-utils
Some versions of CentOS 8 may already have this package installed. In that case, the output indicates it has nothing to do and you can move on to the next step.
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpmyadmin/'
semanage fcontext -a -t httpd_sys_rw_content_t "usr/share/phpmyadmin/tmp(/.*)?"
restorecon -Rv '/usr/share/phpmyadmin/'
The first two commands may take a moment to complete. The third command recurses through the phpmyadmin directory to apply the changes.
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
localhost/phpmyadmin
The browser should display the phpMyAdmin login page. However, if you attempt to log in, an error message may appear:
"The server requested an authentication method unknown to the client."
This error occurs because MySQL 8.x upgraded the password authentication mechanism. PhpMyAdmin has not been updated yet to use this authentication method.
mysql -u root -p
password
ALTER USER 'root'@'localhost' IDENTIFIED WITH myswl_native_password BY 'password';
Replace password with the actual password you set when securing the MySQL installation.
Refresh the web browser phpMyAdmin page, and log in with your MySQL username and password.
You should now have a working phpMyAdmin utility. This section will help you prevent unauthorized access to sensitive databases. Allow phpMyAdmin Only From a Specific IP Address
sudo nano /etc/httpd/conf.d/phpmyadmin.conf
Require all granted
Require ip your_system's_ip_address
Require ip ::1
I was running CentOS 8 with SELinux enforcing, and I was getting an error (mysqli_real_connect(): (HY000/2002): No such file or directory
) despite having all the configurations fixed correctly. I later got out of trouble after allowing MySQL connections through SELinux.
Check SELinux status using this command:
sestatus
Allow Apache to connect database through SELinux
setsebool httpd_can_network_connect_db 1
Use -P
option makes the change permanent. Without this option, the boolean would be reset to 0 at reboot.
setsebool -P httpd_can_network_connect_db 1
At this point, the phpMyAdmin instance is functioning properly. However, securing your phpMyAdmin instance from the outside world it an important task for you. In this section, we will show you how to secure your phpMyAdmin instance.
First, you will need to configure your phpMyAdmin to accessible only from your home connection’s IP address.
You can configure it by editing /etc/httpd/conf.d/phpmyadmin.conf
file:
nano /etc/httpd/conf.d/phpmyadmin.conf
Find the following lines:
<RequireAny>
Require all granted
</RequireAny>
And, replace them with the following:
<RequireAny>
Require ip your-home--connection-ip-address
Require ip ::1
</RequireAny>
Save and close the file when you are finished.
It is a good idea to password protect your phpmyadmin directory by setting up a basic authentication.
To do so, create a new authentication file using the htpasswd tool as shown below:
mkdir /etc/phpmyadmin
htpasswd -c /etc/phpmyadmin/.htpasswd admin
You will be asked to provide your admin password as shown below:
New password:
Re-type new password:
Adding password for user admin
Next, you will need to configure Apache to use the .htpasswd file. You can do this by editing the file /etc/httpd/conf.d/phpmyadmin.conf.
nano /etc/httpd/conf.d/phpmyadmin.conf
Add the following lines below the line “AddDefaultCharset UTF-8”:
Options +FollowSymLinks +Multiviews +Indexes
AllowOverride None
AuthType basic
AuthName "Authentication Required"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Save the file and restart the Apache service for changes to take effect:
systemctl restart httpd
Now, your phpMyAdmin instance is secured with an extra layer of security. Open your web browser and type the URL http://your-server-ip/phpmyadmin. You will be asked to enter the login credentials of the user you previously created.
Provide your admin username and password, then click on the OK button. You will be redirected to the phpMyAdmin login page. Now, provide your MySQL administrative user login credentials and click on the Go button.
স্নাপ সমস্যা: এসই লিনাক্সে স্নাপ সমস্যা করছিলো, কিছু ক্ষণ পরপর এলার্ট করে। এই লিংকে সমাধান আছে বলে মনে হলো: https://forum.snapcraft.io/t/centos-8-snapd-installation-selinux/14998/4
The solution is to enable the continuous release (CR) repository 41 since it contains the upcoming 8.1 packages.
Enable CR repo:
The repository configuration file is included in the newest centos-release package. First update your system with dnf update to get the new centos-release package, then run dnf config-manager –enable cr to enable the CR repository.
SELinux Alert Browser এ এই সাজেশন দিয়েছে: তা চালালাম:
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'snapd' --raw | audit2allow -M my-snapd
# semodule -X 300 -i my-snapd.pp