Don Matteo | UNBLOG Tutorials

How to install phpMyAdmin with PHP8 on Debian 12

This tutorial shows how to install phpMyAdmin on Debian 12 with Apache2 and PHP8. For administration and management of MySQL and MariaDB databases from web browsers.

On Debian 11, the easiest way to install phpMyAdmin is via the Package Manager, withapt install phpmyadminbut this is no longer up-to-date since php 8 is provided.

Since Debian 11 installs from the default repository, phpMyAdmin is provided for PHP 7.4, but if requires a newer PHP version, i.e. for current CMS such as WordPress, where PHP 8 or newer is recommended, phpMyAdmin can be installed manually in just a few steps.

INSTALLATION

The phpMyAdmin installation on Debian is done here as root by using “su -“, for the packages Apache2, MariaDB and PHP 8.2 provided by DEB.SURY.ORG.

First of all, required service packages are installed.

$ apt install lsb-release apt-transport-https ca-certificates wget gnupg -y

Add the Sury Repository for PHP8 on the system.

$ wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list

Update the package lists as follows.

$ apt update

If the Apache2 web server is not already installed.

$ apt install apache2 -y

Now install PHP 8.2 with the most important PHP modules.

$ apt install php8.2 php8.2-common php8.2-cli php8.2-curl php8.2-imap php8.2-apcu php8.2-intl php8.2-cgi php8.2-mbstring php8.2-gd php8.2-mysql php8.2-opcache php8.2-bcmath php8.2-xml php8.2-xsl php8.2-zip php8.2-bz2 libapache2-mod-php8.2 -y

Update the packages as follows.

$ apt update && apt upgrade -y
$ [ -f /var/run/reboot-required ] && reboot -f

Install MariaDB

The next step is to install the MariaDB server and (MySQL) client.

$ apt install mariadb-server mariadb-client -y

Then complete the configuration of the MariaDB server.

$ mysql_secure_installation

Since the root password for the database is not yet set, press Enter to skip the initial query. Complete the following queries:

Switch to unix_socket authentication [Y/n] – Enter n to skip.
Set root password? [Y/n] – Type y and press Enter to create a root password for your database. If you already have a root password, enter n to not change the root password.
Remove anonymous users? [Y/n] – Type y and press Enter.
Disallow root login remotely? [Y/n] – Type y and press Enter.
Remove test database and access to it? [Y/n] – Type y and confirm with Enter.
Reload privilege tables now? [Y/n] – Type y and confirm with Enter.

MariaDB is now operational.

Install phpMyAdmin on Debian

First change the directory into install phpMyAdmin on Debian.

$ cd /usr/share

To download phpMyAdmin run the command as follows.

$ wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip -O phpmyadmin.zip

Unzip the archive you just downloaded as follows.

$ unzip phpmyadmin.zip

After unzipping, remove the downloaded archive.

$ rm -f phpmyadmin.zip

Then rename the unzipped directory.

$ mv phpMyAdmin-*-all-languages phpmyadmin

And change the permissions to the phpMyAdmin directory.

$ chmod -R 0755 phpmyadmin

Apache2 config for phpMyAdmin

Now create an Apache2 configuration file for phpMyAdmin /etc/apache2/conf-available/phpmyadmin.conf.

Paste the following content into the terminal shell.

$ cat << EOF > /etc/apache2/conf-available/phpmyadmin.conf
Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
</Directory>

<Directory /usr/share/phpmyadmin/templates>
    Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
    Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Require all denied
</Directory>
EOF

Check the new Apache2 configuration you just modified.

$ apachectl -t
Syntax OK

Enable the Apache2 configuration file you just created.

$ a2enconf phpmyadmin

And reload the Apache2 web server.

$ systemctl reload apache2

Create the temporary directory that phpMyAdmin needs.

$ mkdir /usr/share/phpmyadmin/tmp/

Now grant the web server user the required owner rights.

$ chown -R www-data:www-data /usr/share/phpmyadmin/tmp/

Up to and including Debian 10 and Ubuntu, password authentication to the MariaDB server is not possible by default for root login (e.g. via phpMyAdmin) for security reasons. On Debian 11, however, this is possible. For Debian 10, the following steps can be performed to allow root login using a password as well.

$ mysql -u root
UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket';
FLUSH PRIVILEGES;
Quit

The Apache2 web server with PHP 8, the MariaDB server and phpMyAdmin is now ready to use.

The phpMyAdmin website can be reached by adding /phpmyadmin to the IP address or FQDN in the browser URL.
for example: http://192.168.1.2/phpmyadmin

Welcome to phpMyAdmin, Install with PHP8 on Debian 11

View and change PHP version

If several PHP versions are installed on the system, an installed PHP version can be activated for the Apache2 web server.

The corresponding module is activated with the Apache helper, with the command a2enmod, and deactivated with a2dismod.

$ a2dismod php7.4
$ a2enmod php8.2
$ systemctl restart apache2

The current PHP version and modules are displayed by creating a php file with the following content. If no other Apache2 site is available, this can be saved as phpinfo.php in the docroot at /usr/share/phpmyadmin.

<?php
phpinfo();
?>

The PHP settings for the Apache2 web server are displayed in tabular form in the web browser. i.e. http://192.168.1.2/phpinfo.php

For productive systems, phpinfo should be removed again.

FortiClient on Windows 11 shows the Warning: Credential or SSLVPN configuration is wrong. (-7200)

FortiClient SSL-VPN connects successfully on Windows 10 but not on Windows 11. An article by the staff was posted in the fortinet community they describes a potential cause for why SSL-VPN connections may fail on Windows 11 yet work correctly on Windows 10.

SSL-VPN tunnel-mode connections via FortiClient fail at 48% on Windows 11, it shows the warning: Credential or SSLVPN configuration is wrong (-7200). We remember, tunnel-mode connections was working fine on Windows 10.

Users are unable to authenticate if they are in a User Group that is configured in an SSL-VPN Authentication/Portal Mapping (known as authentication-rule in the CLI), but they can successfully authenticate when using the All Other Users/Groups catch-all authentication rule.

Windows 11 is uses TLS 1.3 by default for outbound TLS connections, whereas Windows 10 appears to use TLS 1.2 by default.

The cipher setting is set to high by default. This setting specifically designates the acceptable key-strength of the encryption cipher being used to ≥ 168 bits.

If TLS-AES-256-GCM-SHA384 is removed from the list, Windows 11/FortiClient will still be able to establish a TLS 1.3 connection using one of the alternative TLS Cipher Suites available.

Windows 11 may be unable to connect to the SSL-VPN if the ciphersuite setting on the FortiGate has been modified to remove TLS-AES-256-GCM-SHA384, and an SSL-VPN authentication-rule has been created for a given User Group that has the cipher setting set to high (which it is by default).

The solution can be determined as follows by running the command in the FortiGate CLI to solve the issue. First of all, show the current SSL-VPN settings used on the FortiGate appliance:

show vpn ssl settings

Then use unset to make the cipher suite according to windows 11:

config vpn ssl settings
  unset ciphersuite
end

Or set the cipher suite with the append command:

config vpn ssl settings
  append ciphersuite TLS-AES-256-GCM-SHA384
end

Note see Microsoft learn about TLS Cipher Suites in Windows 11

UNBLOG Tutorials

All posts by Don Matteo

Install phpMyAdmin with PHP8 on Debian