If you work with MySQL, there will be instances in which you need to give remote access to the server.
Say, for example, you have servers set up specifically for database and web: Your web server hosts an instance of WordPress that needs to be able to access the remote MySQL server. Out of the box, Ubuntu Server does not allow this, so you have to manually configure MySQL to allow remote connections. The process is fairly simply, and you can even lock down that MySQL server so it is only reachable from specific users on specific IP addresses.
Let's dig in and configure your MySQL server to accept remote connections. I'll be working from a 16.04 instance of Ubuntu Server, but the process is quite similar on almost every Linux platform hosting MySQL.
SEE: Remote access policy (Tech Pro Research)
Step one: Allowing access
Out of the box, MySQL will only allow access from the localhost address 127.0.0.1. To change this, you need to open the /etc/mysql/mysql.conf.d/mysqld.conf file and change the line:
bind-address = 127.0.0.1
bind-address = 0.0.0.0
Save and close that file. Restart the MySQL server with the command:
systemctl restart mysql.service
Step two: Granting access to the user
Let's say you have your WordPress server set up (running on IP address 192.168.1.100) to access a MySQL database named wordpressdb on the MySQL server with user wpadmin. On the MySQL server, you must grant access to the wordpressdb to that user from that IP address. Here's how to grant the user access (I'm assuming you already created the user wpadmin on the MySQL server and given it password %u#098Tl3).
- Log in to the MySQL server.
- Log in to MySQL with the command mysql -u root -p
- Type the MySQL root user password.
- Issue the MySQL command:
GRANT ALL ON wordpressdb.* TO 'wpadmin'@'192.168.1.100' IDENTIFIED BY '%u#098Tl3' WITH GRANT OPTION;
- Flush the MySQL privileges with the command FLUSH PRIVILEGES;
- Exit out of the MySQL prompt with the command exit;
Your WordPress instance (set up with the proper user credentials for the database) should be able to use the remote MySQL server as its database host.
Congratulations! You successfully set up MySQL for remote connections.
Keep it secure
Although you can open MySQL for connections from remote servers, you should only grant privileges for select users to avoid possible security breaches. Also, be sure those users use very strong passwords. When you combine that with keeping your MySQL server up to date, you should be good to go.
- How to harden MySQL security with a single command (TechRepublic)
- How to back up MySQL databases from the command line in Linux (TechRepublic)
- How to install WordPress on Ubuntu 16.04 (TechRepublic)
- How to automate database backups with backupninja (TechRepublic)
- More Linux on my new notebook: Fedora, Linux Mint and Ubuntu (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.