Matty Maloney

Create "lap-pma-baseline" by Adding phpMyAdmin to "lap-baseline" on an AWS VPC with EC2 Linux and RDS MariaDB, Take 3

Apr 12, 2016

Create phpMyAdmin EC2 instance

Choosing:

  • OS/AMI: lap-baseline created previously.
  • Instance Type: t2.nano (since this is a necessary, but not-oft-used vm)
  • VPC: the VPC that was created with the RDS instance
  • Availability Zone: same that was chosen when creating the RDS instance
  • Enable termination protection: yes
  • Security Group: Select or create one with the following settings:
    • port 22 from office and home IPs.
    • ports 80 and 443 from all.

Permission to Access RDS Instance

Make sure that this EC2 instance’s security group is added to the permitted ingress traffic for the RDS instance’s security group.

Update Apache ServerName

Edit /etc/httpd/conf/httpd.conf to update the ServerName directive.

Restart Apache.

Cleanup conf.modules.d

Delete any files in /etc/httpd/conf.modules.d that were added by yum during updates.

e.g. sudo rm -rf /etc/httpd/conf.modules.d/10-php*

Install phpMyAdmin

This expects that php56-mbstring is already installed.

cd /var/www
wget --no-check-certificate https://files.phpmyadmin.net/phpMyAdmin/4.6.1/phpMyAdmin-4.6.1-english.tar.gz
tar xzf phpMyAdmin-4.6.1-english.tar.gz
rm phpMyAdmin-4.6.1-english.tar.gz
#sudo mv phpMyAdmin-4.6.1-english/* html/
sudo rm -rf html
sudo mv phpMyAdmin-4.6.1-english html
sudo chown -R apache:www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;

Use mysql cli to connect to rds with root id. Create new user for this wordpress installation and assign privileges.

mysql -h db.instance.endpoint.rds.amazonaws.com -u root -p

To setup the phpMyAdmin configuration database (to hold data for sql history, user configuration choices, etc), run the sql found in [phpmyadmin-installation-dir]/sql/create_tables.sql file.

source /var/www/html/sql/create_tables.sql;

And create the phpmyadmin management user, run this sql outside of any DB context. Use a different password of course.

GRANT SELECT, INSERT, UPDATE, DELETE ON `phpmyadmin`.* TO 'pma_config'@'%'  IDENTIFIED BY 'pmapass';

We’re allowing access for this user from any host, since we’re relying on the vpc’s security group to not allow any mysql traffic from outside the vpc. In the future, if we do need to allow mysql traffic from outside the vpc, we’ll do so by allowing traffic from specific IP addresses.

Create database(s) and user(s) for wordpress or other app(s)

While still in mysql cli, create the database, create the user, and grant permissions for that user on the database. I’m granting permissions for the user from all hosts, as I’ll rely on VPC security to limit which hosts can contact the db server.

create database `db_name`;
create user 'username' identified by 'awesome-password';
grant all privileges on `db_name`.* to 'username'@'%';
flush privileges;
exit;

Setup phpMyAdmin configuration, including configuration db and user.

After updating the configuration name (‘verbose’), rds endpoint (‘host’), time zone (‘SessionTimeZone’), the password (‘password’), and adding/changing some random characters in the blowfish secret, put this file in /var/www/phpMyAdmin (or /var/www/html, if that’s where phpMyAdmin is installed).

<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 4.6.0 setup script
 * Date: Sun, 27 Mar 2016 17:57:44 -0600
 */

/* Servers configuration */
$i = 0;

/* Server: ccb_dev [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = 'rds-endpoint';
$cfg['Servers'][$i]['host'] = 'rds.endpoint.region.rds.amazonaws.com';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['SessionTimeZone'] = 'America/Denver';
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['controluser'] = 'pma_config';
$cfg['Servers'][$i]['controlpass'] = 'pmapassword';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
$cfg['Servers'][$i]['MaxTableUiprefs'] = 300;
$cfg['Servers'][$i]['tracking_version_auto_create'] = true;

/* End of servers configuration */

$cfg['blowfish_secret'] = '56f870090a8aa8.80789340';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
?>

Finished with phpMyAdmin.