Server — MariaDB — phpMyAdmin
The MariaDB command line is entirely sufficient for everything covered in this series. But the command line is not always the fastest tool for exploration: inspecting table structures, running ad-hoc queries, checking user permissions, or getting a quick overview of what is in a database. phpMyAdmin provides a web interface for those tasks. It is not elegant software, but it is functional, widely understood, and available as a Docker image that installs cleanly without touching February’s system PHP.
This article covers two installation paths and the authentication setup that is required on Ubuntu 24.04 regardless of which path you choose.
The authentication problem first
MariaDB’s root user on Ubuntu 24.04 uses unix_socket authentication. This means the root user can only be accessed by a process running as the Linux root system user. phpMyAdmin is a web application running as the www-data user inside a container. It cannot authenticate as MariaDB root, because it is not running as the Linux root user.
The solution is a dedicated phpMyAdmin admin user with password authentication. This user gets broad database privileges, like root, but authenticates with a password that phpMyAdmin can use.
Create it before installing phpMyAdmin:
sudo mariadb
CREATE USER 'phpmyadmin'@'localhost'
IDENTIFIED BY 'your-strong-password-here';
GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Generate the password with openssl rand -base64 24 and store it in the password manager. The WITH GRANT OPTION allows phpMyAdmin to create and manage users through the interface, which is useful for the user management views.
This user should only be used for phpMyAdmin. Do not reuse it as an application database user for any service.
Option one: Docker (recommended)
The Docker approach follows the same pattern as PowerDNS Admin: an official image, host networking, a systemd service unit, access restricted to LAN and VPN. It keeps phpMyAdmin isolated from February’s system PHP installation and stays up to date with image pulls.
Create a systemd service at /etc/systemd/system/phpmyadmin.service:
[Unit]
Description=phpMyAdmin
After=network.target docker.service mariadb.service
Requires=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop phpmyadmin
ExecStartPre=-/usr/bin/docker rm phpmyadmin
ExecStart=/usr/bin/docker run --name phpmyadmin \
--net=host \
-e PMA_HOST=127.0.0.1 \
-e PMA_PORT=3306 \
-e PMA_ABSOLUTE_URI=http://february.home.arpa:8082/ \
-e UPLOAD_LIMIT=64M \
phpmyadmin:latest
ExecStop=/usr/bin/docker stop phpmyadmin
[Install]
WantedBy=multi-user.target
A few notes. --net=host gives the container access to the host network stack, which allows it to reach MariaDB on 127.0.0.1:3306. PMA_ABSOLUTE_URI should match the URL you will actually use to access it, including the port. Port 8082 is used here to avoid clashing with PowerDNS Admin on 9191 or any future reverse proxy on 80 and 443. UPLOAD_LIMIT=64M increases the file upload limit for SQL import operations beyond the default 2 MB.
Enable and start it:
sudo systemctl daemon-reload
sudo systemctl enable --now phpmyadmin
Watch the logs to confirm it starts cleanly:
sudo journalctl -u phpmyadmin -f
Option two: direct install with Apache
If Docker is not available on February or you prefer not to use it for this, the direct install uses Ubuntu’s phpMyAdmin package alongside Apache.
sudo apt install phpmyadmin
During installation the package manager will ask which web server to configure. Select apache2. It will also ask whether to configure a database with dbconfig-common; select yes and set a password for phpMyAdmin’s internal configuration storage database.
After installation, phpMyAdmin is available at http://february.home.arpa/phpmyadmin via Apache on port 80.
The direct install has a few downsides compared to Docker: it installs Apache as a new dependency, it adds PHP and several PHP extensions to the system, and it lives on port 80 which may conflict with a future reverse proxy. For a server where Docker is already running, the Docker approach is cleaner. For a server where it is not, the direct install is straightforward.
UFW rules
Restrict phpMyAdmin access to the LAN and VPN only:
# Docker installation on port 8082
sudo ufw allow from 192.168.1.0/24 to any port 8082
sudo ufw allow from 10.10.0.0/24 to any port 8082
For the direct install on port 80, the Apache article in this series will cover the appropriate rules when reverse proxying is added. In the meantime, if port 80 is not already open from the firewall article:
sudo ufw allow from 192.168.1.0/24 to any port 80
sudo ufw allow from 10.10.0.0/24 to any port 80
Do not open phpMyAdmin to the internet. It is a frequent target for automated attacks and has no business being publicly accessible.
First login
Open a browser on the LAN or over WireGuard and navigate to:
http://february.home.arpa:8082
Log in with the phpmyadmin username and the password created earlier. You should see the phpMyAdmin dashboard with the database list on the left.
Confirm the databases created in this series are visible: powerdns and pdnsadmin. Clicking into each should show the table structure and row counts.
What phpMyAdmin is useful for on February
The command line covers everything and is more scriptable, but phpMyAdmin is faster for certain tasks:
Exploring an unfamiliar schema. Clicking through a new database’s tables and seeing the column types and indexes at a glance is faster than DESCRIBE table; for each one.
Running ad-hoc queries. The SQL tab with syntax highlighting and result pagination is more comfortable for exploratory queries than the command line.
Checking user permissions. The user management tab shows every account and its privileges in a table that is easier to scan than SHOW GRANTS FOR.
Importing a SQL dump. The import interface handles gzip-compressed dumps and provides progress feedback. Useful for restoring a standalone mysqldump backup without piping it through the command line.
Viewing the binary log. phpMyAdmin can display binary log entries through the interface, which is occasionally useful when tracing what changed in a database.
What phpMyAdmin is not useful for on February: anything that should be scripted, anything in a borgmatic hook, anything involving the audit log or slow query log, and any operation sensitive enough that you want a full command history.
Keeping it up to date
For the Docker installation, pull the latest image periodically:
sudo docker pull phpmyadmin:latest
sudo systemctl restart phpmyadmin
phpMyAdmin has had security vulnerabilities in the past, and running an outdated version on an internally accessible port is a meaningful risk even on a LAN-restricted service. Set a reminder to check for updates monthly, or add a watchtower container to handle image updates automatically if February is already running Docker heavily.
For the direct install, sudo apt upgrade handles phpMyAdmin updates alongside everything else.
A note on Adminer
Adminer is a lighter-weight alternative to phpMyAdmin: a single PHP file rather than a full application, with a smaller attack surface and faster load times. It supports MariaDB, PostgreSQL, SQLite, and several other databases from the same interface. If February ever runs PostgreSQL alongside MariaDB, Adminer handles both from one interface rather than needing two separate tools.
The Docker image is equally simple:
docker run --name adminer --net=host -e ADMINER_DEFAULT_SERVER=127.0.0.1 adminer
It is worth knowing the option exists. For a server running only MariaDB, phpMyAdmin has more features and more documentation. For a server running multiple database engines, Adminer’s multi-engine support makes it the more practical choice.