DEV Community

Cover image for How to deploy phpMyAdmin with Docker Compose and Traefik in 5 Minutes
Vladislav Satsko
Vladislav Satsko

Posted on

How to deploy phpMyAdmin with Docker Compose and Traefik in 5 Minutes

#phpmyadmin #mysql #docker #traefik

Many times, there's a need to view a MySQL or MariaDB database in a production or local environment. Installing a management tool via a package manager or deploying it manually through Nginx or Apache can be inconvenient. A more efficient solution is to deploy it using Docker Compose. While there are valid security concerns, in some cases, it’s acceptable to use this setup for a short time frame.

To improve security, it's important to avoid the default path /phpmyadmin. Instead, set a PathPrefix to a long, non-obvious string, so bots can’t easily scan and find it. While there are always security concerns, this setup can be acceptable for short-term use in controlled environments.

traefik.http.routers.phpmyadmin.rule: Host(`example.com`) && PathPrefix(`/Wwz3UdlBz4`)`

traefik.http.middlewares.phpmyadmin-stripprefix.stripprefix.prefixes: "/Wwz3UdlBz4"
Enter fullscreen mode Exit fullscreen mode

And you also need to enable the prefix middleware so that the path prefix works correctly. Additionally, there's an authentication middleware available for extra security.

traefik.http.routers.phpmyadmin.middlewares: "phpmyadmin-stripprefix,auth"
Enter fullscreen mode Exit fullscreen mode

The auth middleware sets up basic authentication—you’ll need to define a username and password. Note that passwords must be hashed using MD5, SHA1, or BCrypt. If your hash contains special characters like $, you must escape them by writing the symbol twice (e.g., $$).

traefik.http.middlewares.auth.basicauth.users: "admin:$$2y$$05$$RkJHVGt64gXEyL1yurYnaepMS2jxfBHUp0GVoHd1kgfnOhp727ND"
Enter fullscreen mode Exit fullscreen mode

Next, you need to set the PMA_ABSOLUTE_URI correctly, including the http or https scheme. This is different from the Host directive. For PMA_HOST, specify the hostname or IP address of the MySQL container. It's important that both containers are on the same Docker network.

You can also connect to a MySQL instance running on the host (e.g., 127.0.0.1:3306). To do this, ensure that remote connections are allowed in the my.cnf (or mysql.conf) by removing or commenting out the bind-address directive. If you're using a bridge network between the container and the host, just set your host IP in PMA_HOST, and it should connect successfully.

Here is the complete configuration.

services:
  phpmyadmin:
    restart: always
    image: phpmyadmin/phpmyadmin
    networks:
      - web_network
    labels:
      traefik.enable: "true"
      traefik.http.routers.phpmyadmin.rule: Host(`example.com`) && PathPrefix(`/Wwz3UdlBz4`)
      traefik.http.middlewares.auth.basicauth.users: "admin:$$2y$$05$$3zPppyLkS2h5XilKgnkvsuWaohSJccU5z0DYS16yMiUv3WTDX3Fo2"
      traefik.http.routers.phpmyadmin.middlewares: "phpmyadmin-stripprefix,auth"
      traefik.http.middlewares.phpmyadmin-stripprefix.stripprefix.prefixes: "/Wwz3UdlBz4"
      traefik.http.routers.phpmyadmin.tls: "true"
      traefik.http.routers.phpmyadmin.entrypoints: websecure
    environment:
      - PMA_HOST=backend_mysql
      - PMA_USER=admin
      - PMA_PASSWORD=password
      - PMA_ABSOLUTE_URI=https://example.com/Wwz3UdlBz4/

networks:
  web_network:
    external: true
Enter fullscreen mode Exit fullscreen mode

Top comments (0)