debian 源代码编译_如何在Debian 10上从源代码安装phpMyAdmin
debian 源代码编译
介绍 (Introduction)
While many users need the functionality of a database management system like MariaDB, they may not feel comfortable interacting with the system solely from the MariaDB prompt.
尽管许多用户需要像MariaDB这样的数据库管理系统的功能,但他们可能不满意仅通过MariaDB提示与该系统进行交互。
phpMyAdmin was created so that users can interact with MariaDB through a web interface. In this guide, we’ll discuss how to install and secure phpMyAdmin so that you can safely use it to manage your databases on a Debian 10 system.
创建phpMyAdmin是为了使用户可以通过Web界面与MariaDB进行交互。 在本指南中,我们将讨论如何安装和保护phpMyAdmin,以便您可以安全地使用它来管理Debian 10系统上的数据库。
先决条件 (Prerequisites)
Before you get started with this guide, you’ll need the following:
在开始使用本指南之前,您需要满足以下条件:
-
Access to a Debian 10 server. This server should have a non-root user with
sudo
privileges and a firewall configured withufw
. To set this up, follow our Initial Server Setup Guide for Debian 10.访问Debian 10服务器。 该服务器应具有具有
sudo
特权的非root用户以及使用ufw
配置的防火墙。 要进行设置,请遵循我们的Debian 10初始服务器设置指南 。 -
A LAMP (Linux, Apache, MariaDB, and PHP) stack installed on your Debian 10 server. Follow our guide on installing a LAMP stack on Debian 10 to set this up.
在您的Debian 10服务器上安装了LAMP( L inux, A pache, M ariaDB和P HP)堆栈。 按照我们的指南在Debian 10上安装LAMP堆栈进行设置。
Note: MariaDB is a community-developed fork of MySQL, and although the two programs are closely related, they are not completely interchangeable. While phpMyAdmin was designed specifically for managing MySQL databases and makes reference to MySQL in various dialogue boxes, rest assured that your installation of MariaDB will work correctly with phpMyAdmin.
注意: MariaDB是MySQL的社区开发分支,尽管两个程序密切相关,但它们并不完全可互换。 尽管phpMyAdmin专为管理MySQL数据库而设计,并在各种对话框中引用了MySQL,但是请放心,您的MariaDB安装将与phpMyAdmin一起正常工作。
Finally, there are important security considerations when using software like phpMyAdmin, since it:
最后,使用诸如phpMyAdmin之类的软件时,需要考虑一些重要的安全性考虑,因为它:
- Communicates directly with your MariaDB installation 与您的MariaDB安装直接通信
- Handles authentication using MariaDB credentials 使用MariaDB凭据处理身份验证
- Executes and returns results for arbitrary SQL queries 执行并返回任意SQL查询的结果
For these reasons, and because it is a widely-deployed PHP application which is frequently targeted for attack, you should never run phpMyAdmin on remote systems over a plain HTTP connection.
由于这些原因,并且由于它是一个广泛部署PHP应用程序,经常受到攻击,因此永远不要通过纯HTTP连接在远程系统上运行phpMyAdmin。
If you do not have an existing domain configured with an SSL/TLS certificate, you can follow this guide on securing Apache with Let’s Encrypt on Debian 10 to set one up. This will require you to register a domain name, create DNS records for your server, and set up an Apache Virtual Host.
如果您没有使用SSL / TLS证书配置的现有域,则可以按照本指南使用Debian 10上的Let's Encrypt来设置Apache的安全性 。 这将要求您注册一个域名 , 为您的服务器创建DNS记录 ,并设置一个Apache虚拟主机 。
Once you are finished with these steps, you’re ready to get started with this guide.
完成这些步骤后,即可开始使用本指南。
第1步-安装phpMyAdmin和推荐的软件包 (Step 1 — Installing phpMyAdmin and Recommended Packages)
Before installing and configuring phpMyAdmin, the official documentation recommends that you install a few PHP extensions onto your server to enable certain functionalities and improve performance.
在安装和配置phpMyAdmin之前, 官方文档建议您在服务器上安装一些PHP扩展,以启用某些功能并提高性能。
If you followed the prerequisite LAMP stack tutorial, several of these modules will have been installed along with the php
package. However, it’s recommended that you also install these packages:
如果您遵循了前提条件LAMP堆栈教程 ,那么其中的几个模块将与php
软件包一起安装。 但是,建议您还安装以下软件包:
-
php-mbstring
: a PHP extension used to manage non-ASCII strings and convert strings to different encodingsphp-mbstring
:一个PHP扩展,用于管理非ASCII字符串并将字符串转换为不同的编码 -
php-zip
: a PHP module that supports uploading.zip
files to phpMyAdminphp-zip
:一个支持将.zip
文件上传到phpMyAdminPHP模块 -
php-gd
: another PHP module, this one enables support for the GD Graphics Libraryphp-gd
:另一个PHP模块,该模块支持GD图形库
First, update your server’s package index if you’ve not done so recently:
首先,如果您最近没有更新服务器的软件包索引,请执行以下操作:
- sudo apt update sudo apt更新
Then use apt
to pull down the files and install them on your system:
然后使用apt
下拉文件并将其安装在系统上:
- sudo apt install php-mbstring php-zip php-gd sudo apt安装php-mbstring php-zip php-gd
Next, we can install phpMyAdmin. As of this writing, phpMyAdmin is not available from the default Debian repositories, so you will need to download the source code to your server from the phpMyAdmin site.
接下来,我们可以安装phpMyAdmin。 在撰写本文时,默认Debian仓库中没有phpMyAdmin,因此您需要从phpMyAdmin站点将源代码下载到服务器。
In order to do that, navigate to the phpMyAdmin Downloads page, scroll down to the table with download links for the latest stable release, and copy the download link ending in tar.gz
. This link points to an archive file known as a tarball that, when extracted, will create a number of files on your system. At the time of this writing, the latest release is version 4.9.0.1.
为此,请导航至phpMyAdmin下载页面 ,向下滚动至带有最新稳定版本下载链接的表,然后复制以tar.gz
结尾的下载链接。 该链接指向一个称为tarball的存档文件,该存档文件在解压缩后将在系统上创建许多文件。 在撰写本文时,最新版本是4.9.0.1版。
Note: On this Downloads page, you will notice that there are download links labeled all-languages
and english
. The all-languages
links will download a version of phpMyAdmin that will allow you to select one of 72 available languages, while the english
links will only allow you to use phpMyAdmin in English.
注意:在此下载页面上,您会发现有标记为all-languages
和english
下载链接。 all-languages
链接都将下载phpMyAdmin版本,该版本将允许您从72种可用语言中选择一种,而english
链接仅允许您以英语使用phpMyAdmin。
This guide will use the all-languages
package to illustrate how to install phpMyAdmin, but if you plan to use phpMyAdmin in English, you can install the english
package. Just be sure to replace the links and file names as necessary in the following commands.
本指南将使用all-languages
软件包来说明如何安装phpMyAdmin,但是,如果您打算以英语使用phpMyAdmin,则可以安装english
软件包。 只要确保在以下命令中根据需要替换链接和文件名即可。
Replace the link in the following wget
command with the download link you just copied, then press ENTER
. This will run the command and download the tarball to your server:
将以下wget
命令中的链接替换为您刚刚复制的下载链接,然后按ENTER
。 这将运行命令并将tarball下载到您的服务器:
-
wget https://files.phpmyadmin.net/phpMyAdmin/4.9.0.1/phpMyAdmin-4.9.0.1-all-languages.tar.gz
wget https://files.phpmyadmin.net/phpMyAdmin/ 4.9.0.1 / phpMyAdmin- 4.9.0.1- 所有语言 .tar.gz
Then extract the tarball:
然后提取压缩包:
-
tar xvf phpMyAdmin-4.9.0.1-all-languages.tar.gz
tar xvf phpMyAdmin- 4.9.0.1- 所有语言 .tar.gz
This will create a number of new files and directories on your server under a parent directory named phpMyAdmin-4.9.0.1-all-languages
.
这将在名为phpMyAdmin- 4.9.0.1 - all-languages
的父目录下的服务器上创建许多新文件和目录。
Then run the following command. This will move the phpMyAdmin-4.9.0.1-all-languages
directory and all its subdirectories to the /usr/share/
directory, the location where phpMyAdmin expects to find its configuration files by default. It will also rename the directory in place to just phpmyadmin
:
然后运行以下命令。 这会将phpMyAdmin- 4.9.0.1 - all-languages
目录及其所有子目录移动到/usr/share/
目录,即phpMyAdmin希望在默认位置找到其配置文件的位置。 它还会将目录重命名为phpmyadmin
:
-
sudo mv phpMyAdmin-4.9.0.1-all-languages/ /usr/share/phpmyadmin
sudo mv phpMyAdmin- 4.9.0.1- 所有语言 / / usr / share / phpmyadmin
With that, you’ve installed phpMyAdmin, but there are a number of configuration changes you must make in order to be able to access phpMyAdmin through a web browser.
这样,您已经安装了phpMyAdmin,但是必须进行许多配置更改才能通过Web浏览器访问phpMyAdmin。
第2步-手动配置phpMyAdmin (Step 2 — Configuring phpMyAdmin Manually)
When installing phpMyAdmin with a package manager, as one might in an Ubuntu environment, phpMyAdmin defaults to a “Zero Configuration” mode which performs several actions automatically to set up the program. Because we installed it from source in this guide, we will need to perform those steps manually.
当在软件包管理器中安装phpMyAdmin时,就像在Ubuntu环境中那样,phpMyAdmin默认为“零配置”模式,该模式会自动执行一些操作来设置程序。 由于我们是从本指南的源代码安装的,因此我们需要手动执行这些步骤。
To begin, make a new directory where phpMyAdmin will store its temporary files:
首先,新建一个目录phpMyAdmin,用于存储其临时文件:
- sudo mkdir -p /var/lib/phpmyadmin/tmp 须藤mkdir -p / var / lib / phpmyadmin / tmp
Set www-data — the Linux user profile that web servers like Apache use by default for normal operations in Ubuntu and Debian systems — as the owner of this directory:
将www-data设置为该目录的所有者, www-data是Apache之类的Web服务器在Ubuntu和Debian系统中默认用于正常操作的Linux用户配置文件:
- sudo chown -R www-data:www-data /var/lib/phpmyadmin 须藤chown -R www-data:www-data / var / lib / phpmyadmin
The files you extracted previously include a sample configuration file that you can use as your base configuration file. Make a copy of this file, keeping it in the /usr/share/phpmyadmin
directory, and rename it config.inc.php
:
先前提取的文件包括一个样本配置文件,您可以将其用作基本配置文件。 复制该文件,并将其保存在/usr/share/phpmyadmin
目录中,并将其重命名为config.inc.php
:
- sudo cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php 须藤cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
Open this file using your preferred text editor. Here, we’ll use nano
:
使用您喜欢的文本编辑器打开此文件。 在这里,我们将使用nano
:
- sudo nano /usr/share/phpmyadmin/config.inc.php 须藤纳米/usr/share/phpmyadmin/config.inc.php
phpMyAdmin uses the cookie
authentication method by default, which allows you to log in to phpMyAdmin as any valid MariaDB user with the help of cookies. In this method, the MariaDB user password is stored and encrypted with the Advanced Encryption Standard (AES) algorithm in a temporary cookie.
phpMyAdmin默认使用cookie
身份验证方法,该方法允许您在cookie的帮助下以任何有效的MariaDB用户身份登录phpMyAdmin。 在这种方法中,MariaDB用户密码在高级 cookie中存储和使用高级加密标准(AES)算法加密 。
Historically, phpMyAdmin instead used the Blowfish cipher for this purpose, and this is still reflected in its configuration file. Scroll down to the line that begins with $cfg['blowfish_secret']
. It will look like this:
从历史上看,phpMyAdmin为此使用了Blowfish密码 ,并且仍然反映在其配置文件中。 向下滚动到以$cfg['blowfish_secret']
开头的行。 它看起来像这样:
. . .
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
. . .
In between the single quotes, enter a string of 32 random characters. This isn’t a passphrase you need to remember, it will just be used internally by the AES algorithm:
在单引号之间,输入32个随机字符的字符串。 这不是您需要记住的密码,它将由AES算法在内部使用:
. . .
$cfg['blowfish_secret'] = 'STRINGOFTHIRTYTWORANDOMCHARACTERS'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
. . .
Note: If the passphrase you enter here is shorter than 32 characters in length, it will result in the encrypted cookies being less secure. Entering a string longer than 32 characters, though, won’t cause any harm.
注意:如果您在此处输入的密码短语长度少于32个字符,则将导致加密的cookie的安全性降低。 但是,输入长度超过32个字符的字符串不会造成任何伤害。
To generate a truly random string of characters, you can install and use the pwgen
program:
要生成真正随机的字符串,您可以安装并使用pwgen
程序:
- sudo apt install pwgen sudo apt安装pwgen
By default, pwgen
creates easily pronounceable, though less secure, passwords. However, by including the -s
flag, as in the following command, you can create a completely random, difficult-to-memorize password. Note the final two arguments to this command: 32
, which dictates how long the password string pwgen
will generate should be; and 1
which tells pwgen
how many strings it should generate:
默认情况下, pwgen
会创建易于声明但安全性较低的密码。 但是,通过包含-s
标志(如以下命令中所示),可以创建一个完全随机且难以记忆的密码。 请注意此命令的最后两个参数: 32
,它指示密码字符串pwgen
将生成多长时间。 和1
告诉pwgen
它应该生成多少个字符串:
- pwgen -s 32 1 pwgen -s 32 1
Next, scroll down to the comment reading /* User used to manipulate with storage */
. This section includes some directives that define a MariaDB database user named pma which performs certain administrative tasks within phpMyAdmin. According to the official documentation, this special user account isn’t necessary in cases where only one user will access phpMyAdmin, but it is recommended in multi-user scenarios.
接下来,向下滚动到注释阅读/* User used to manipulate with storage */
。 本部分包括一些指令,这些指令定义了名为pma的MariaDB数据库用户,该用户在phpMyAdmin中执行某些管理任务。 根据官方文档 ,在只有一个用户访问phpMyAdmin的情况下,不需要此特殊用户帐户,但是在多用户方案中建议使用此特殊用户帐户。
Uncomment the controluser
and controlpass
directives by removing the preceding slashes. Then update the controlpass
directive to point to a secure password of your choosing. If you don’t do this, the default password will remain in place and unknown users could easily gain access to your database through the phpMyAdmin interface.
取消对controluser
和controlpass
通过除去前述斜线指示。 然后更新controlpass
指令以指向您选择的安全密码。 如果您不这样做,则默认密码将保留不变,未知用户可以通过phpMyAdmin界面轻松访问您的数据库。
After making these changes, this section of the file will look like this:
进行这些更改之后,文件的这一部分将如下所示:
. . .
/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'password';
. . .
Below this section, you’ll find another section preceded by a comment reading /* Storage database and tables */
. This section includes a number of directives that define the phpMyAdmin configuration storage, a database and several tables used by the administrative pma database user. These tables enable a number of features in phpMyAdmin, including Bookmarks, comments, PDF generation, and more.
在本节下面,您将找到另一节,其前面是注释,读为/* Storage database and tables */
。 本节包括许多指令,这些指令定义了phpMyAdmin配置存储 ,一个数据库以及管理pma数据库用户使用的几个表。 这些表启用了phpMyAdmin中的许多功能,包括书签,注释,PDF生成等。
Uncomment each line in this section by removing the slashes at the beginning of each line so it looks like this:
通过删除每行开头的斜杠来取消注释本节中的每一行,因此如下所示:
. . .
/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
. . .
These tables don’t yet exist, but we will create them shortly.
这些表尚不存在,但是我们很快会创建它们。
Lastly, scroll down to the bottom of the file and add the following line. This will configure phpMyAdmin to use the /var/lib/phpmyadmin/tmp
directory you created earlier as its temporary directory. phpMyAdmin will use this temporary directory as a templates cache which allows for faster page loading:
最后,向下滚动到文件底部,然后添加以下行。 这会将phpMyAdmin配置为使用您先前创建的/var/lib/phpmyadmin/tmp
目录作为其临时目录。 phpMyAdmin将使用此临时目录作为模板缓存,以加快页面加载速度:
. . .
$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';
Save and close the file after adding this line. If you used nano
, you can do so by pressing CTRL + X
, Y
, then ENTER
.
添加此行后,保存并关闭文件。 如果您使用过nano
,则可以通过按CTRL + X
, Y
,然后按ENTER
。
Next, you’ll need to create the phpMyAdmin storage database and tables. When you installed phpMyAdmin in the previous step, it came with a file named create_tables.sql
. This SQL file contains all the commands needed to create the configuration storage database and tables phpMyAdmin needs to function correctly.
接下来,您需要创建phpMyAdmin存储数据库和表。 在上一步中安装phpMyAdmin时,它带有一个名为create_tables.sql
的文件。 此SQL文件包含创建配置存储数据库和phpMyAdmin表正常运行所需的所有命令。
Run the following command to use the create_tables.sql
file to create the configuration storage database and tables:
运行以下命令以使用create_tables.sql
文件创建配置存储数据库和表:
- sudo mariadb < /usr/share/phpmyadmin/sql/create_tables.sql sudo mariadb </usr/share/phpmyadmin/sql/create_tables.sql
Following that, you’ll need to create the administrative pma user. Open up the MariaDB prompt:
然后,您需要创建管理pma用户。 打开MariaDB提示符:
- sudo mariadb 苏多·玛丽亚德
From the prompt, run the following command to create the pma user and grant it the appropriate permissions. Be sure to change password
to align with the password you defined in the config.inc.php
file:
在提示符下,运行以下命令来创建pma用户并为其授予适当的权限。 确保更改password
使其与您在config.inc.php
文件中定义的密码一致:
-
GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'password';
在phpmyadmin上进行GRANT SELECT,INSERT,UPDATE,DELETE。*至'pma'@'localhost'由' password '标识;
If haven’t created one already, you should also create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, as it’s recommended that you log in using another account than the pma user. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:
如果尚未创建,则还应该创建一个常规的MariaDB用户,以便通过phpMyAdmin管理数据库,因为建议您使用除pma用户之外的其他帐户登录。 您可以使用此命令创建一个对数据库中所有表具有特权的用户,以及添加,更改和删除用户特权的功能。 无论您分配给该用户什么特权,也请确保为其设置一个强密码:
-
GRANT ALL PRIVILEGES ON *.* TO 'sammy'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
将所有特权授予*。*到' sammy '@'localhost',由' password '标识,并带有GRANT OPTION;
Following that, exit the MariaDB shell:
之后,退出MariaDB shell:
- exit 出口
phpMyAdmin is now fully installed and configured on your server. However, your Apache server does not yet know how to serve the application. To resolve this, we will create an Apache configuration file for it.
phpMyAdmin现在已在您的服务器上完全安装并配置。 但是,您的Apache服务器尚不知道如何为应用程序提供服务。 为了解决这个问题,我们将为其创建一个Apache配置文件。
第3步-配置Apache服务phpMyAdmin (Step 3 — Configuring Apache to Serve phpMyAdmin)
When installing phpMyAdmin from the default repositories, the installation process creates an Apache configuration file automatically and places it in the /etc/apache2/conf-enabled/
directory. Because we installed phpMyAdmin from source, however, we will need to create and enable this file manually.
从默认存储库安装phpMyAdmin时,安装过程会自动创建一个Apache配置文件,并将其放置在/etc/apache2/conf-enabled/
目录中。 因为我们是从源代码安装的phpMyAdmin,所以我们将需要手动创建和启用此文件。
Create a file named phpmyadmin.conf
in the /etc/apache2/conf-available/
directory:
在/etc/apache2/conf-available/
目录中创建一个名为phpmyadmin.conf
的文件:
- sudo nano /etc/apache2/conf-available/phpmyadmin.conf 须藤纳米/etc/apache2/conf-available/phpmyadmin.conf
Then add the following content to the file
然后将以下内容添加到文件中
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
<IfModule mod_php5.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/
php_admin_value mbstring.func_overload 0
</IfModule>
<IfModule mod_php.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/
php_admin_value mbstring.func_overload 0
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authz_core.c>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Require all denied
</Directory>
This is the default phpMyAdmin Apache configuration file found on Ubuntu installations, though it will be adequate for a Debian setup as well.
这是在Ubuntu安装中找到的默认phpMyAdmin Apache配置文件,尽管它对于Debian安装也是足够的。
Save and close the file, then enable it by typing:
保存并关闭文件,然后通过键入以下内容启用它:
- sudo a2enconf phpmyadmin.conf 须藤a2enconf phpmyadmin.conf
Then reload the apache2
service to put the configuration changes into effect:
然后重新加载apache2
服务以使配置更改生效:
- sudo systemctl reload apache2 sudo systemctl重新加载apache2
Following that, you’ll be able to access the phpMyAdmin login screen by navigating to the following URL in your web browser:
之后,您可以通过在Web浏览器中导航到以下URL来访问phpMyAdmin登录屏幕:
https://your_domain/phpmyadmin
You’ll see the following login screen:
您将看到以下登录屏幕:
Log in to the interface with the MariaDB username and password you configured. After logging in, you’ll see the user interface, which will look something like this:
使用您配置的MariaDB用户名和密码登录到界面。 登录后,您将看到用户界面,该界面类似于以下内容:
Now that you’re able to connect and interact with phpMyAdmin, all that’s left to do is harden your system’s security to protect it from attackers.
现在您可以连接phpMyAdmin并与之交互,剩下要做的就是增强系统的安全性,以保护其免受攻击者的攻击。
步骤4 —保护您的phpMyAdmin实例 (Step 4 — Securing Your phpMyAdmin Instance)
Because of its ubiquity, phpMyAdmin is a popular target for attackers, and you should take extra care to prevent unauthorized access. One of the easiest ways of doing this is to place a gateway in front of the entire application by using Apache’s built-in .htaccess
authentication and authorization functionalities.
由于phpMyAdmin无处不在,因此它是攻击者的首选目标,因此应格外小心,以防止未经授权的访问。 最简单的方法之一是使用Apache内置的.htaccess
身份验证和授权功能,将网关放置在整个应用程序的前面。
To do this, you must first enable the use of .htaccess
file overrides by editing your Apache configuration file.
为此,必须首先通过编辑Apache配置文件来启用.htaccess
文件覆盖。
Edit the linked file that has been placed in your Apache configuration directory:
编辑已放置在Apache配置目录中的链接文件:
- sudo nano /etc/apache2/conf-available/phpmyadmin.conf 须藤纳米/etc/apache2/conf-available/phpmyadmin.conf
Add an AllowOverride All
directive within the <Directory /usr/share/phpmyadmin>
section of the configuration file, like this:
在配置文件的<Directory /usr/share/phpmyadmin>
部分中添加AllowOverride All
指令,如下所示:
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
<IfModule mod_php5.c>
. . .
When you have added this line, save and close the file.
添加此行后,保存并关闭文件。
To implement the changes you made, restart Apache:
要实现您所做的更改,请重新启动Apache:
- sudo systemctl restart apache2 sudo systemctl重新启动apache2
Now that you have enabled .htaccess
use for your application, you need to create one to actually implement some security.
既然已经为应用程序启用了.htaccess
使用,则需要创建一个以实际实现某种安全性。
In order for this to be successful, the file must be created within the application directory. You can create the necessary file and open it in your text editor with root privileges by typing:
为了使此操作成功,必须在应用程序目录中创建文件。 您可以创建必要的文件,并通过输入以下内容以root用户权限在文本编辑器中将其打开:
- sudo nano /usr/share/phpmyadmin/.htaccess 须藤纳米/usr/share/phpmyadmin/.htaccess
Within this file, enter the following content:
在此文件中,输入以下内容:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/share/phpmyadmin/.htpasswd
Require valid-user
Here is what each of these lines mean:
这些行的含义如下:
-
AuthType Basic
: This line specifies the authentication type that you are implementing. This type will implement password authentication using a password file.AuthType Basic
:此行指定您要实现的身份验证类型。 此类型将使用密码文件实现密码验证。 -
AuthName
: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.AuthName
:设置身份验证对话框的消息。 您应该保留此通用名称,以便未经授权的用户不会获得有关受保护内容的任何信息。 -
AuthUserFile
: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.AuthUserFile
:这将设置用于身份验证的密码文件的位置。 这应该在正在提供的目录之外。 我们将很快创建该文件。 -
Require valid-user
: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering.Require valid-user
:这指定应仅向经过身份验证的用户授予对此资源的访问权限。 这实际上是阻止未经授权的用户进入的原因。
When you are finished, save and close the file.
完成后,保存并关闭文件。
The location that you selected for your password file was /usr/share/phpmyadmin/.htpasswd
. You can now create this file and pass it an initial user with the htpasswd
utility:
您为密码文件选择的位置是/usr/share/phpmyadmin/.htpasswd
。 您现在可以创建此文件,并使用htpasswd
实用程序将其传递给初始用户:
-
sudo htpasswd -c /usr/share/phpmyadmin/.htpasswd username
须藤htpasswd -c /usr/share/phpmyadmin/.htpasswd 用户名
You will be prompted to select and confirm a password for the user you are creating. Afterwards, the file is created with the hashed password that you entered.
系统将提示您选择并确认要创建的用户的密码。 然后,使用您输入的哈希密码创建文件。
If you want to enter an additional user, you need to do so without the -c
flag, like this:
如果要输入其他用户,则需要不带 -c
标志,例如:
-
sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser
须藤htpasswd的/etc/phpmyadmin/.htpasswd additionaluser
Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured:
现在,当您访问phpMyAdmin子目录时,将提示您输入刚刚配置的其他帐户名和密码:
https://your_domain_or_IP/phpmyadmin
After entering the Apache authentication, you’ll be taken to the regular phpMyAdmin authentication page to enter your MariaDB credentials. This setup adds an additional layer of security, which is desirable since phpMyAdmin has suffered from vulnerabilities in the past.
输入Apache身份验证后,您将被带到常规的phpMyAdmin身份验证页面以输入您的MariaDB凭据。 此设置增加了一层额外的安全性,这是合乎需要的,因为phpMyAdmin过去曾遭受漏洞的困扰。
结论 (Conclusion)
You should now have phpMyAdmin configured and ready to use on your Debian 10 server. Using this interface, you can easily create databases, users, tables, etc., and perform the usual operations like deleting and modifying structures and data.
现在,您应该已经配置了phpMyAdmin,并准备在Debian 10服务器上使用它。 使用此界面,您可以轻松创建数据库,用户,表等,并执行常规操作,如删除和修改结构和数据。
翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-phpmyadmin-from-source-debian-10
debian 源代码编译
上一篇: Java小白学习笔记d2
下一篇: Linux 安装配置jdk