Overview
What is phpIPAM?
phpIPAM is an open-source web-based IP Address Management (IPAM) application built with PHP, MySQL/MariaDB, and modern web technologies. Its goal is to provide a lightweight, modern, and user-friendly solution for managing IP addresses and network infrastructure.
Key Features
- IPv4/IPv6 address management with automatic subnet calculations
- VLAN and VRF management support
- Built-in IPv4/IPv6 subnet calculator
- Domain authentication (Active Directory, LDAP)
- Email notifications for IP address changes
- Custom fields and tags for flexible organization
- REST API for automation and integration
- Multi-user support with granular permissions
- Network discovery and ping scanning capabilities
- DHCP lease monitoring and reporting
Common Use Cases
| Use Case | Description |
|---|---|
| Enterprise Network Documentation | Centralized inventory of all IP addresses, subnets, and network devices |
| Data Center Management | Track IP allocation across multiple racks, zones, and environments |
| Cloud Infrastructure | Manage IP assignments for VMs, containers, and cloud resources |
| ISP/Telecom Operations | Handle large IP blocks, customer assignments, and billing integration |
| Security & Compliance | Audit IP usage, detect unauthorized devices, maintain change logs |
| Network Automation | Integrate with Ansible, Terraform, or custom scripts via REST API |
🔐 Note on Self-Signed SSL: This guide uses a self-signed certificate for encrypted HTTPS connections. Browsers will show a security warning—this is expected. Self-signed certs are suitable for internal/lab environments. For production internet-facing deployments, use a trusted CA certificate (e.g., Let's Encrypt).
🛠️ Prerequisites
Before installation, ensure your Ubuntu 24.04 server meets these requirements:
sudo apt update && sudo apt upgrade -y
php -v
df -hRequired Software Stack:
- Apache2 web server with PHP support
- MariaDB/MySQL 5.7.7+ or 8.0+ (utf8mb4 support required)
- PHP 7.2–8.5 with required modules:
pdo_mysql,gmp,ldap,mbstring,xml,gd,curl,sockets,openssl,json,gettext,filter,pcntl,cli - Git for version-controlled deployments
- SNMP daemon (optional, for network discovery)
- OpenSSL for generating self-signed certificates
Installation Steps
Step 1: System Preparation
sudo hostnamectl set-hostname ipam
sudo apt-get install apache2 mariadb-client mariadb-server \
curl wget zip git php php-curl php-common php-gmp php-mbstring \
php-gd php-xml php-mysql php-ldap php-pear fping snmpd openssl -yStep 2: Configure MariaDB Database
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
sudo mysql_secure_installationFollow prompts to set root password and secure the installation. Then create the database:
sudo mysql -u root -p <<EOF
CREATE DATABASE phpipam CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL ON phpipam.* TO 'phpipam'@'localhost' IDENTIFIED BY 'YourStrongPassword!';
FLUSH PRIVILEGES;
EXIT;
EOFStep 3: Deploy phpIPAM Application
sudo mkdir -p /var/www/html/phpipam
sudo git clone https://github.com/phpipam/phpipam.git /var/www/html/phpipam
cd /var/www/html/phpipam
sudo git checkout $(git tag --sort=v:refname | tail -n1)
sudo chown -R www-data:www-data /var/www/html/phpipam
sudo chmod -R 755 /var/www/html/phpipamStep 4: Configure Application
sudo cp /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.php
sudo nano /var/www/html/phpipam/config.phpUpdate these critical settings in config.php:
<?php
$db['host'] = "localhost";
$db['user'] = "phpipam";
$db['pass'] = "YourStrongPassword!";
$db['name'] = "phpipam";
define('BASE', "/");
?>Step 5: Generate Self-Signed SSL Certificate
sudo mkdir -p /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/apache2/ssl/phpipam.key \
-out /etc/apache2/ssl/phpipam.crt \
-subj "/C=TL/ST=Dili/L=Dili/O=YourOrg/OU=IT/CN=ipam.yourdomain.local"
sudo chmod 600 /etc/apache2/ssl/phpipam.key
sudo chmod 644 /etc/apache2/ssl/phpipam.crtℹ️ Adjust CN, C, ST, L, O, OU to match your organization. Browsers will warn users the certificate is not trusted.
Step 6: Configure Apache with HTTPS
sudo a2enmod rewrite ssl headers
sudo nano /etc/apache2/sites-available/phpipam-ssl.confPaste the following configuration:
<VirtualHost *:443>
ServerName ipam.yourdomain.local
DocumentRoot /var/www/html/phpipam
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/phpipam.crt
SSLCertificateKeyFile /etc/apache2/ssl/phpipam.key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
<Directory /var/www/html/phpipam>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpipam-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/phpipam-ssl-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName ipam.yourdomain.local
Redirect permanent / https://ipam.yourdomain.local/
</VirtualHost>sudo a2dissite 000-default.conf
sudo a2ensite phpipam-ssl.conf
sudo apache2ctl configtest
sudo systemctl restart apache2.service
sudo systemctl enable apache2.serviceStep 7: Import Database Schema
sudo mysql phpipam < /var/www/html/phpipam/db/SCHEMA.sqlStep 8: Configure SNMP (Optional)
sudo nano /etc/snmp/snmpd.confAdd/modify:
rocommunity public 127.0.0.1
syslocation Your Data Center, City
syscontact admin@yourdomain.localsudo systemctl restart snmpd.service
sudo systemctl enable snmpd.serviceStep 9: Finalize Installation via Web Browser
- Open browser and navigate to:
https://ipam.yourdomain.local/ - Accept the SSL warning (click "Advanced" → "Proceed to site")
- The installer will verify requirements
- Select "Automatic installation"
- Complete the setup wizard
- Default login: Username:
Admin| Password:ipamadmin(⚠️ Change immediately!)
Post-Installation Hardening
sudo chmod 640 /var/www/html/phpipam/config.php
sudo chown root:www-data /var/www/html/phpipam/config.php
sudo ufw allow 'Apache Full'
sudo ufw allow OpenSSH
sudo ufw enableTrusting the Self-Signed Certificate on Clients (Optional)
Linux: Copy phpipam.crt to /usr/local/share/ca-certificates/ and run sudo update-ca-certificates
Windows: Install via Certificate Import Wizard → Place in "Trusted Root Certification Authorities"
macOS: Add to Keychain Access → Set Trust to "Always Trust"
Upgrade Instructions
⚠️ Always backup before upgrading!
Step 1: Backup Database & Configuration
sudo bash
mkdir -p /var/www/html/phpipam/db/bkp
/usr/bin/mysqldump -u phpipam -p phpipam > /var/www/html/phpipam/db/bkp/phpipam_$(date +%Y%m%d).sql
cp /var/www/html/phpipam/config.php /var/www/html/phpipam/db/bkp/config.php.backup
sudo cp -r /etc/apache2/ssl /var/www/html/phpipam/db/bkp/ssl_backupStep 2: Update Application Code
cd /var/www/html/phpipam/
git pull origin master
git submodule update --init --recursive
cp /var/www/html/phpipam/db/bkp/config.php.backup /var/www/html/phpipam/config.php
sudo chown -R www-data:www-data /var/www/html/phpipamStep 3: Upgrade Database Schema
- Open phpIPAM in your browser
- Follow the on-screen wizard to apply schema updates automatically
Manual fallback (if web upgrade fails):
php /var/www/html/phpipam/functions/upgrade_queries.php X.XStep 4: Verify Upgrade
- Check version in footer
- Test core functions (subnet creation, scanning, login)
- Review logs:
tail -f /var/log/apache2/phpipam-ssl-error.log
🛠️ Troubleshooting Tips
| Issue | Solution |
|---|---|
| Browser SSL warning | Expected for self-signed certs. Add cert to trusted store or proceed manually |
| White screen / PHP errors | Check Apache error logs; verify PHP modules: php -m |
| Database connection failed | Verify config.php credentials; test MySQL access manually |
| 403 Forbidden on subpages | Ensure AllowOverride All and mod_rewrite enabled |
| SSL handshake errors | Verify certificate paths & file permissions on .key |
| Forgot admin password | Run: php /var/www/html/phpipam/functions/scripts/reset-admin-password.php |
Maintenance & Best Practices
Automated Backups (Cron)
sudo crontab -e
0 2 * * * /usr/bin/mysqldump -u phpipam -p'YourPassword' phpipam | gzip > /backup/phpipam_$(date +\%Y\%m\%d).sql.gz && find /backup -name "phpipam_*.sql.gz" -mtime +10 -deleteSSL Certificate Renewal (Self-Signed)
#!/bin/bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/apache2/ssl/phpipam.key \
-out /etc/apache2/ssl/phpipam.crt \
-subj "/C=TL/ST=Dili/L=Dili/O=YourOrg/OU=IT/CN=ipam.yourdomain.local"
chmod 600 /etc/apache2/ssl/phpipam.key
chmod 644 /etc/apache2/ssl/phpipam.crt
systemctl reload apache2Schedule via root crontab to renew annually.
Security Recommendations
- Change default admin credentials immediately
- Restrict MySQL access to localhost
- Keep Ubuntu, PHP, and phpIPAM updated regularly
- Restrict HTTPS access via firewall or Apache
Require ipdirectives - Add HSTS header for internal clients:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Additional Resources
💡 Pro Tip: Test upgrades first in a staging environment. phpIPAM's Git-based deployment makes rollback simple: git checkout <previous-tag> + restore database backup. Maintain secure backups of your .crt and .key files to avoid re-trusting on all clients after renewal.
