How to Install phpMyAdmin on Ubuntu (26.04, 24.04, 22.04)

Install phpMyAdmin on Ubuntu with a LEMP stack to manage MySQL and MariaDB databases from a browser on Nginx-based servers. This setup is practical for WordPress administration, database imports, user management, and day-to-day query work without switching to Apache.

Ubuntu includes a phpmyadmin package in the Universe repository on 26.04, 24.04, and 22.04, but this tutorial uses the upstream source archive to keep the Nginx and PHP-FPM configuration predictable and to make newer phpMyAdmin releases easier to deploy.

Install phpMyAdmin on Ubuntu with a LEMP Stack

Compare Default LEMP and phpMyAdmin Package Versions on Ubuntu

Ubuntu release differences mainly affect PHP-FPM service names, MariaDB defaults, and the version available from the Ubuntu phpmyadmin package. This table helps you map the version-specific commands used later in the guide.

Ubuntu Release	Default PHP	Default MariaDB	Ubuntu phpMyAdmin Package
Ubuntu 26.04 LTS	PHP 8.4.x	MariaDB 11.8.x	phpMyAdmin 5.2.x (Universe)
Ubuntu 24.04 LTS	PHP 8.3.x	MariaDB 10.11.x	phpMyAdmin 5.2.x (Universe)
Ubuntu 22.04 LTS	PHP 8.1.x	MariaDB 10.6.x	phpMyAdmin 5.1.x (Universe)

These steps cover Ubuntu 26.04 LTS, 24.04 LTS, and 22.04 LTS. The install flow is the same across all three releases, but PHP-FPM socket names and the MariaDB secure-script command name differ.

Update Ubuntu Before Installing phpMyAdmin and LEMP

Start by refreshing package metadata and applying pending upgrades so the LEMP packages install cleanly from current repositories:

sudo apt update && sudo apt upgrade

This guide uses sudo for commands that need root privileges. If your account does not have sudo access yet, follow the steps to add a new user to sudoers on Ubuntu before continuing.

Install Nginx for the Ubuntu LEMP Stack

Install Nginx from Ubuntu’s default repository for a stable baseline. If you need newer Nginx features later, use our guide to install Nginx mainline on Ubuntu.

sudo apt install nginx

Ubuntu usually enables Nginx during installation, but verify the service before moving on:

sudo systemctl status nginx

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Sat 2025-12-28 08:30:15 UTC; 5s ago
       Docs: man:nginx(8)
    Process: 1234 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 1235 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 1236 (nginx)
      Tasks: 3 (limit: 4556)
     Memory: 3.2M
        CPU: 25ms
     CGroup: /system.slice/nginx.service
             ├─1236 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─1237 "nginx: worker process"

If Nginx is inactive, enable and start it in one command:

sudo systemctl enable nginx --now

Install MariaDB for phpMyAdmin on Ubuntu

MariaDB is the default database server in Ubuntu and works as a drop-in MySQL replacement for phpMyAdmin. If you need a newer upstream MariaDB release than Ubuntu ships by default, follow our guide to install MariaDB on Ubuntu.

sudo apt install mariadb-server mariadb-client

Once installed, verify the MariaDB service status to ensure it’s running without errors:

sudo systemctl status mariadb

● mariadb.service - MariaDB 11.8.6 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Sat 2025-12-28 08:31:22 UTC; 3s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 2345 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
    Process: 2346 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
    Process: 2348 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] (code=exited, status=0/SUCCESS)
    Process: 2349 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
   Main PID: 2347 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 8 (limit: 4556)
     Memory: 81.5M
        CPU: 420ms
     CGroup: /system.slice/mariadb.service
             └─2347 /usr/sbin/mariadbd

Otherwise, if the service is inactive, enable and start MariaDB with this command:

sudo systemctl enable mariadb --now

Secure MariaDB with the Initial Hardening Script

After installation, run the security script to lock down your MariaDB instance. This script removes insecure defaults that could leave your database vulnerable.

Run the MariaDB hardening script:

sudo mariadb-secure-installation

Ubuntu 22.04 and 24.04 still provide mysql_secure_installation as a compatibility command, but Ubuntu 26.04 may only ship mariadb-secure-installation. Using the MariaDB command name works on all supported Ubuntu LTS releases.

The script walks through common hardening prompts. These responses are a safe default for most phpMyAdmin deployments:

• Switch to unix_socket authentication: Y (enables socket-based root authentication)
• Change the root password: Y (recommended if you want a password-based fallback in addition to socket authentication)
• Remove anonymous users: Y (prevents unauthenticated access)
• Disallow root login remotely: Y (restricts root to localhost only)
• Remove test database: Y (removes the insecure default test database)
• Reload privilege tables: Y (applies all changes immediately)

Once complete, your MariaDB installation is now secured against common attack vectors including anonymous access and remote root logins.

Install PHP-FPM for phpMyAdmin on Ubuntu

PHP-FPM (FastCGI Process Manager) connects Nginx to PHP applications such as phpMyAdmin. Ubuntu ships different default PHP branches by release, so the PHP-FPM service and socket names vary. For alternate PHP branches, use our guide to install PHP on Ubuntu.

Install PHP-FPM and the modules required by phpMyAdmin:

sudo apt install php-fpm php-mbstring php-bcmath php-xml php-mysql php-common php-gd php-cli php-curl php-zip

After installation, identify your PHP version to determine the correct service name:

php -v

PHP 8.4.11 (cli) (built: Jan  7 2026 08:44:28) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.4.11, Copyright (c) Zend Technologies

Use the major and minor version from the first line (for example, 8.4, 8.3, or 8.1) in the PHP-FPM service commands below.

Ubuntu 26.04 (PHP 8.4):

sudo systemctl status php8.4-fpm

Ubuntu 24.04 (PHP 8.3):

sudo systemctl status php8.3-fpm

Ubuntu 22.04 (PHP 8.1):

sudo systemctl status php8.1-fpm

● php8.4-fpm.service - The PHP 8.4 FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php8.4-fpm.service; enabled; preset: enabled)
     Active: active (running) since Sat 2025-12-28 08:32:45 UTC; 2s ago
       Docs: man:php-fpm8.4(8)
    Process: 3456 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/8.4/fpm/pool.d/www.conf 84 (code=exited, status=0/SUCCESS)
   Main PID: 3455 (php-fpm8.4)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 4556)
     Memory: 8.5M
        CPU: 52ms
     CGroup: /system.slice/php8.4-fpm.service
             ├─3455 "php-fpm: master process (/etc/php/8.4/fpm/php-fpm.conf)"
             ├─3457 "php-fpm: pool www"
             └─3458 "php-fpm: pool www"

If the PHP-FPM service is not running, enable and start it with your installed version number:

sudo systemctl enable php8.3-fpm --now

Replace 8.3 with your actual PHP version (use 8.4 on Ubuntu 26.04 or 8.1 on Ubuntu 22.04).

Install phpMyAdmin from Source on Ubuntu

This section downloads phpMyAdmin from the upstream project and prepares the files, permissions, and database user needed for an Nginx-based Ubuntu deployment.

Create a phpMyAdmin Database User on Ubuntu

You can sign in to phpMyAdmin with the MariaDB root account, but a dedicated account is safer for routine administration. Start by opening the MariaDB shell:

sudo mariadb

Create the phpMyAdmin account and grant global privileges without GRANT OPTION (you can add it later if you need to create database users from phpMyAdmin):

CREATE USER 'pmauser'@'localhost' IDENTIFIED BY 'your_secure_password';
GRANT ALL PRIVILEGES ON *.* TO 'pmauser'@'localhost';
FLUSH PRIVILEGES;

Replace your_secure_password with a strong password. Do not use the example password in production.

Verify that MariaDB created the account before leaving the shell:

SELECT User, Host FROM mysql.user WHERE User='pmauser';

+---------+-----------+
| User    | Host      |
+---------+-----------+
| pmauser | localhost |
+---------+-----------+

Exit the MariaDB shell when you are finished:

QUIT;

Download phpMyAdmin Source on Ubuntu

These commands download the current phpMyAdmin release from the official downloads page. The phpMyAdmin version.txt endpoint now uses a multi-line format, so the command reads the first line for the version number and then downloads the Linux-friendly .tar.gz archive.

PMA_META="$(curl -fsSL https://www.phpmyadmin.net/home_page/version.txt)"
VERSION="$(printf '%s\n' "$PMA_META" | sed -n '1p')"
curl -fLO --progress-bar "https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-all-languages.tar.gz"

Check that the version variable was populated and the archive downloaded successfully:

echo "$VERSION"
ls -lh "phpMyAdmin-${VERSION}-all-languages.tar.gz"

5.2.3
-rw-rw-r-- 1 user user 14M Feb 23 14:16 phpMyAdmin-5.2.3-all-languages.tar.gz

If you only want the English-language archive, replace the last line in the download block with this command:

curl -fLO --progress-bar "https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-english.tar.gz"

Extract the downloaded archive:

tar -xf "phpMyAdmin-${VERSION}-all-languages.tar.gz"
ls -d "phpMyAdmin-${VERSION}-all-languages"

phpMyAdmin-5.2.3-all-languages

Configure phpMyAdmin on Ubuntu

First, move the extracted files to the web server directory:

sudo mv phpMyAdmin-*/ /var/www/phpmyadmin

phpMyAdmin also needs a writable temporary directory for caching and uploads. Create it with the correct permissions:

sudo install -d -m 0755 /var/www/phpmyadmin/tmp

Next, phpMyAdmin includes a sample configuration file. Copy it to create the active configuration:

sudo cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.php

Now, open the configuration file with your preferred text editor:

sudo nano /var/www/phpmyadmin/config.inc.php

phpMyAdmin requires a Blowfish secret for cookie-based authentication. Locate the line that starts with $cfg['blowfish_secret']:

$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

This field needs 32 random characters. You can generate a 32-character value with OpenSSL, which is already available on most Ubuntu installs:

openssl rand -hex 16

Use the generated 32-character string as the Blowfish secret. Example output:

7d34d16efb0db7f39ea4d78518e0f5f7

Example of adding the cipher to the configuration file (Do not copy):

$cfg['blowfish_secret'] = '7d34d16efb0db7f39ea4d78518e0f5f7';

For most users, the default settings work well. However, if your MariaDB database runs on a separate server instead of localhost, update the host setting with that server’s IP address:

$cfg['Servers'][$i]['host'] = '192.168.55.101';

Check the configuration file for syntax errors before continuing:

php -l /var/www/phpmyadmin/config.inc.php

No syntax errors detected in /var/www/phpmyadmin/config.inc.php

Configure phpMyAdmin File Permissions on Ubuntu

Properly setting the directory owner to the www-data user (the default web server user on Ubuntu) ensures both compatibility and security.

The next commands apply recursive ownership and permission changes to /var/www/phpmyadmin/. Double-check the path before running them so you do not change permissions on the wrong web directory.

First, set the directory ownership:

sudo chown -R www-data:www-data /var/www/phpmyadmin/

Similarly, set the correct file permissions:

sudo find /var/www/phpmyadmin/ -type d -exec chmod 755 {} \;
sudo find /var/www/phpmyadmin/ -type f -exec chmod 644 {} \;

Verify the top-level directory and temporary directory are owned by www-data:

ls -ld /var/www/phpmyadmin /var/www/phpmyadmin/tmp

drwxr-xr-x 14 www-data www-data 4096 Feb 23 14:16 /var/www/phpmyadmin
drwxr-xr-x  2 www-data www-data 4096 Feb 23 14:16 /var/www/phpmyadmin/tmp

Create an Nginx Server Block for phpMyAdmin on Ubuntu

Create a dedicated Nginx server block for phpMyAdmin and use a separate subdomain such as pma.example.com. This keeps the phpMyAdmin interface isolated from your main site and makes access controls easier to manage.

Create and open the Nginx server block file:

sudo nano /etc/nginx/sites-available/phpmyadmin.conf

Then, paste the following configuration, replacing pma.example.com with your actual domain:

server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com;
  root /var/www/phpmyadmin/;
  index index.php index.html;

  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;

  location / {
    try_files $uri $uri/ /index.php$is_args$args;
  }

  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.3-fpm.sock;
  }

  location ~ /\.ht {
    deny all;
  }
}

The above example includes some important notes:

• PHP-FPM socket path: The fastcgi_pass line specifies php8.3-fpm.sock as an example. Change this to match your installed PHP version: php8.1-fpm.sock for Ubuntu 22.04 or php8.4-fpm.sock for Ubuntu 26.04.
• Socket symlink: Ubuntu also creates /run/php/php-fpm.sock, but the versioned socket is clearer when you upgrade PHP later.
• Document root: The /var/www/phpmyadmin/ path matches this tutorial. Update this line if you chose a different installation directory.
• Server name: Replace pma.example.com with your actual subdomain.

If only a small number of static IP addresses need access, add an allowlist inside the server { } block before the first location section:

allow 203.0.113.10;
deny all;

This blocks unauthorized visitors with a 403 Forbidden response before phpMyAdmin loads. Save the file and exit the editor when you finish.

Next, enable the server block by creating a symbolic link from sites-available to sites-enabled:

sudo ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/

Before restarting Nginx, always test the configuration to catch any syntax errors:

sudo nginx -t

If your configuration is error-free, you should receive the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart Nginx to apply the changes:

sudo systemctl restart nginx

Access phpMyAdmin in a Web Browser on Ubuntu

Open a web browser and visit pma.example.com (replace the example domain with your own). If the Nginx server block is working, phpMyAdmin will load the login page shown below.

Next, enter your login credentials and proceed to the phpMyAdmin dashboard, which you can see an example of below.

The Status page shows real-time server statistics and query performance metrics:

The Advisor page analyzes your MariaDB configuration and suggests performance improvements:

The Advisor page is most useful after the server has collected enough workload data. Let it run for at least 24 hours (72 hours is better) before acting on suggestions, and treat its recommendations as a starting point, not an automatic tuning checklist.

Secure phpMyAdmin on Ubuntu with HTTPS (Let’s Encrypt)

phpMyAdmin should not stay on plain HTTP. Use Let’s Encrypt with the Nginx plugin to install a free TLS certificate and redirect all traffic to HTTPS.

Install Certbot and the Nginx plugin:

sudo apt install python3-certbot-nginx

Request the certificate and let Certbot update the Nginx server block automatically:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d pma.example.com

Certbot may ask whether you want renewal notices and Electronic Frontier Foundation emails. After you answer, it configures the certificate, enables HTTPS redirects, and updates the Nginx server block for pma.example.com.

Let’s Encrypt certificates expire every 90 days, so verify the renewal workflow before relying on it:

sudo certbot renew --dry-run

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No simulated renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

This message appears on hosts that do not have an issued certificate yet. After certbot --nginx creates a certificate for pma.example.com, the dry run simulates a renewal instead.

Certbot automatically installs a systemd timer that handles certificate renewal. Verify this timer is active:

sudo systemctl status certbot.timer --no-pager

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/usr/lib/systemd/system/certbot.timer; enabled; preset: enabled)
     Active: active (waiting)
    Trigger: Tue 2026-02-24 05:33:18 AWST

Certbot already installs and enables certbot.timer. Avoid adding a separate cron job unless you intentionally disable the systemd timer first, because duplicate renewal jobs make troubleshooting harder.

Troubleshoot phpMyAdmin on Ubuntu (Nginx and PHP-FPM)

Fix phpMyAdmin 502 Bad Gateway Errors on Nginx

A 502 Bad Gateway error usually means Nginx cannot reach PHP-FPM. The most common cause is a mismatched socket path after using the wrong PHP version in fastcgi_pass.

connect() to unix:/run/php/php8.3-fpm.sock failed (2: No such file or directory) while connecting to upstream

Check the PHP-FPM service that matches your Ubuntu release (replace 8.3 with 8.4 on Ubuntu 26.04 or 8.1 on Ubuntu 22.04):

sudo systemctl status php8.3-fpm

If the service is inactive, start it and inspect the journal:

sudo systemctl start php8.3-fpm
sudo journalctl -xeu php8.3-fpm

Confirm the socket path exists and matches the Nginx fastcgi_pass line:

ls -la /run/php/

drwxr-xr-x  2 www-data www-data  100 Feb 23 14:13 .
lrwxrwxrwx  1 root     root       30 Feb 23 14:13 php-fpm.sock -> /etc/alternatives/php-fpm.sock
srw-rw----  1 www-data www-data    0 Feb 23 14:13 php8.4-fpm.sock

Fix phpMyAdmin 403 Forbidden Errors on Ubuntu

A 403 Forbidden error is usually caused by incorrect file permissions or an IP allowlist rule blocking your current address.

403 Forbidden
nginx/1.24.0 (Ubuntu)

Reset the phpMyAdmin directory permissions first:

sudo chown -R www-data:www-data /var/www/phpmyadmin/
sudo find /var/www/phpmyadmin/ -type d -exec chmod 755 {} \;
sudo find /var/www/phpmyadmin/ -type f -exec chmod 644 {} \;

Then verify the top-level permissions and review any allow/deny rules in your Nginx server block:

ls -ld /var/www/phpmyadmin /var/www/phpmyadmin/tmp
sudo nginx -t

Fix Blank phpMyAdmin Pages and PHP Extension Errors

A blank page often points to a PHP fatal error, missing extension, or syntax issue in config.inc.php. Start with the Nginx error log:

sudo tail -50 /var/log/nginx/phpmyadmin_error.log

PHP Fatal error:  Uncaught Error: Call to undefined function mysqli_connect()

Verify the required PHP extensions are loaded:

php -m | grep -E "mbstring|xml|mysql|curl|gd|zip"

curl
gd
libxml
mbstring
mysqli
xml
xmlreader
xmlwriter
zip

If you recently edited config.inc.php, run a syntax check as well:

php -l /var/www/phpmyadmin/config.inc.php

Fix phpMyAdmin Login Failures with Correct Credentials

If phpMyAdmin rejects valid credentials, confirm the MariaDB user exists on localhost and has the expected privileges:

sudo mariadb -e "SELECT User, Host FROM mysql.user WHERE User='pmauser';"

User    Host
pmauser localhost

If the user is missing or incorrect, recreate it:

sudo mariadb -e "DROP USER IF EXISTS 'pmauser'@'localhost';"
sudo mariadb -e "CREATE USER 'pmauser'@'localhost' IDENTIFIED BY 'your_password';"
sudo mariadb -e "GRANT ALL PRIVILEGES ON *.* TO 'pmauser'@'localhost';"
sudo mariadb -e "FLUSH PRIVILEGES;"

Remove phpMyAdmin and LEMP Components on Ubuntu

If you need to remove phpMyAdmin or the full LEMP stack later, use the sections below to clean up files, services, and optional certificate data.

Remove phpMyAdmin Files and Nginx Configuration

The next command permanently deletes the phpMyAdmin web files in /var/www/phpmyadmin/. Back up any custom themes or modified configuration files first if you want to keep them.

Remove the phpMyAdmin files and Nginx server block:

sudo rm -rf /var/www/phpmyadmin/
sudo rm -f /etc/nginx/sites-enabled/phpmyadmin.conf
sudo rm -f /etc/nginx/sites-available/phpmyadmin.conf
sudo nginx -t && sudo systemctl reload nginx

Remove the dedicated MariaDB login if you created one for phpMyAdmin:

sudo mariadb -e "DROP USER IF EXISTS 'pmauser'@'localhost'; FLUSH PRIVILEGES;"

Remove LEMP and Certbot Packages on Ubuntu

Removing MariaDB will delete all databases. Export critical data first using mariadb-dump --all-databases > backup.sql before proceeding.

Remove PHP-FPM and the PHP extensions installed for phpMyAdmin:

sudo apt remove php-fpm php-mbstring php-bcmath php-xml php-mysql php-common php-gd php-cli php-curl php-zip

Remove MariaDB, Nginx, and Certbot packages:

sudo apt remove mariadb-server mariadb-client nginx python3-certbot-nginx certbot python3-certbot
sudo apt autoremove

If you also want to remove MariaDB data files or Let’s Encrypt certificates, those directories contain real data. Back up anything important before deleting /var/lib/mysql or /etc/letsencrypt.

sudo rm -rf /var/lib/mysql
sudo rm -rf /etc/letsencrypt

Confirm the key server packages are gone (no output is expected if they were removed successfully):

dpkg -l | grep -E 'phpmyadmin|mariadb-server|python3-certbot-nginx'
systemctl status nginx mariadb --no-pager

Unit nginx.service could not be found.
Unit mariadb.service could not be found.

phpMyAdmin and LEMP Resources for Ubuntu

These links help with phpMyAdmin maintenance, upstream documentation, and related Ubuntu hardening or application setup after the initial install.

Official phpMyAdmin Resources

• phpMyAdmin Official Website: Visit the official phpMyAdmin website for information about the database management tool, features, and download options.
• phpMyAdmin Documentation: Access comprehensive documentation for detailed guides on installing, configuring, and using phpMyAdmin.
• phpMyAdmin Themes: Explore available themes to customize the appearance of phpMyAdmin.
• phpMyAdmin GitHub Repository: Access the phpMyAdmin GitHub repository to view the source code, report issues, and contribute to the development.

Related Ubuntu Guides

• Install WordPress with LEMP on Ubuntu: Deploy WordPress on your newly configured LEMP stack.
• Configure UFW Firewall on Ubuntu: Secure your server by allowing only necessary ports (80, 443, 22).
• Set Up Nginx FastCGI Cache on Ubuntu: Improve phpMyAdmin and website performance with caching.

External Project Resources

• MariaDB Official Website: Visit the MariaDB website for information about the database system, download options, and community resources.
• MySQL Official Website: Access the MySQL website for product information, features, and download options.
• PHP Official Website: Explore the PHP website for documentation, installation guides, and resources for PHP development.

Frequently Asked Questions

Conclusion

phpMyAdmin is now installed on Ubuntu with a LEMP stack, including an Nginx server block, a dedicated MariaDB login, and HTTPS protection with Certbot. Keep the setup healthy by updating phpMyAdmin from the upstream project when new releases land, then rechecking file permissions and running sudo nginx -t before reloading Nginx.