Article directory
Latest HestiaCP This complete guide to installing Adminer includes one-click deployment, security hardening, and automated configuration steps. It teaches you step-by-step how to deploy database management tools and protect your server, making it easy for beginners to get started quickly and solving the pain points of HestiaCP + Adminer operation and maintenance.
If you're still using database management tools without any protection, you're handing the keys to hackers.
Why choose Adminer instead of... phpMyAdmin?
Adminer consists of a single PHP file of less than 1MB, making deployment extremely simple, fast, and resource-efficient.
Compared to the complex structure of phpMyAdmin, Adminer is more suitable for VPS, small websites, and personal projects.
Steps to install Administrator in HestiaCP
1. Download the Administrator file
Go to Adminer Official Website Download the latest version adminer.php.
Upload the file to the HestiaCP website directory, for example:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. Create a subdomain and enable SSL.
Add a subdomain in the HestiaCP panel adminer.domain.comEnable Let's Encrypt SSL to ensure secure transmission.
3. Configure Nginx password protection
Add the following to the Nginx configuration file for the subdomain:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Generate password file:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
When accessing the Administrator, a password dialog box will pop up, and you can only log in by entering the correct username and password.
Automatically update Administrator files
To avoid the security risks associated with using older versions, automatic updates can be achieved using shell scripts and Cron scheduled tasks.
Update script example
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
Save as /usr/local/bin/update-adminer.shAnd add a scheduled task:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
This way, the Administrator file will be automatically updated every Monday at 3 AM.
Fail2Ban anti-brute-force attack
Simple Basic Auth is vulnerable to brute-force attacks, while Fail2Ban can automatically block malicious IPs.
Filter configuration
file:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Jail configuration (incremental ban duration)
file:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Effect: The first ban is for 10 minutes, the second for 20 minutes, the third for 40 minutes, and so on. Continuous attackers will be banned for increasingly longer periods.
Complete one-click deployment script
Save as /usr/local/bin/setup-fail2ban-adminer.sh :
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
carried out:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Conclusion: Balancing Safety and Efficiency
I firmly believe that database management tools are not something you can simply leave on the public internet and use with peace of mind. Adminer's lightweight design is appealing, but security measures must keep pace. Password protection is the first line of defense, automatic updates provide continuous protection, and Fail2Ban offers intelligent countermeasures. Only by combining these three elements can you create a database management environment that is both efficient and secure.
A true master is not someone who only knows how to build tools, but someone who knows how to protect them.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ The article "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" shared here may be helpful to you.
Welcome to share the link of this article:https://www.chenweiliang.com/cwl-34018.html