How To Allow Remote Access to MySQL
Many websites and applications start off with their web server and database backend hosted on the same machine. With time, though, a setup like this can become cumbersome and difficult to scale. A common solution is to separate these functions by setting up a remote database, allowing the server and database to grow at their own pace on their own machines.
One of the more common problems that users run into when trying to set up a remote MySQL database is that their MySQL instance is only configured to listen for local connections. This is MySQL’s default setting, but it won’t work for a remote database setup since MySQL must be able to listen for an external IP address where the server can be reached. To enable this, open up your mysqld.cnf file:
Navigate to the line that begins with the bind-address directive. It will look like this:
. . . lc-messages-dir = /usr/share/mysql skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 . . . By default, this value is set to 127.0.0.1 , meaning that the server will only look for local connections. You will need to change this directive to reference an external IP address. For the purposes of troubleshooting, you could set this directive to a wildcard IP address, either * , :: , or 0.0.0.0 :
. . . lc-messages-dir = /usr/share/mysql skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 0.0.0.0 . . . Note: In certain versions of MySQL the bind-address directive may not be in the mysqld.cnf file by default. In this case, add the following highlighted line to the bottom of the file:
. . . [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql log-error = /var/log/mysql/error.log bind-address = 0.0.0.0 After changing this line, save and close the file ( CTRL + X , Y , then ENTER if you edited it with nano ).
Then restart the MySQL service to put the changes you made to mysqld.cnf into effect:
If you have an existing MySQL user account which you plan to use to connect to the database from your remote host, you’ll need to reconfigure that account to connect from the remote server instead of localhost. To do so, open up the MySQL client as your root MySQL user or with another privileged user account:
If you’ve enabled password authentication for root, you will need to use the following command to access the MySQL shell instead:
To change a user’s host, you can use MySQL’s RENAME USER command. Run the following command, making sure to change sammy to the name of your MySQL user account and remote_server_ip to your remote server’s IP address:
Alternatively, you can create a new user account that will only connect from the remote host with the following command:
Note: This command will create a user that authenticates with MySQL’s default authentication plugin, caching_sha2_password . However, there is a known issue with some versions of PHP that can cause problems with this plugin.
If you plan to use this database with a PHP application — phpMyAdmin, for example — you may want to create a remote user that will authenticate with the older, though still secure, mysql_native_password plugin instead:
If you aren’t sure, you can always create a user that authenticates with caching_sha2_plugin and then ALTER it later on with this command:
Then grant the new user the appropriate privileges for your particular needs. The following example grants a user global privileges to CREATE , ALTER , and DROP databases, tables, and users, as well as the power to INSERT , UPDATE , and DELETE data from any table on the server. It also grants the user the ability to query data with SELECT , create foreign keys with the REFERENCES keyword, and perform FLUSH operations with the RELOAD privilege. However, you should only grant users the permissions they need, so feel free to adjust your own user’s privileges as necessary.
- «>GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES, RELOAD on *.* TO ‘sammy‘@‘remote_server_ip‘ WITH GRANT OPTION;
Following this, it’s good practice to run the FLUSH PRIVILEGES command. This will free up any memory that the server cached as a result of the preceding CREATE USER and GRANT statements:
Then you can exit the MySQL client:
Lastly, assuming you’ve configured a firewall on your database server, you will also need to open port 3306 — MySQL’s default port — to allow traffic to MySQL.
If you only plan to access the database server from one specific machine, you can grant that machine exclusive permission to connect to the database remotely with the following command. Make sure to replace remote_IP_address with the actual IP address of the machine you plan to connect with:
If you need to access the database from other machines in the future, you can grant them access on an ad hoc basis with this command. Just remember to include their respective IP addresses.
Alternatively, you can allow connections to your MySQL database from any IP address with the following command:
Warning: This command will enable anyone to access your MySQL database. Do not run it if your database holds any sensitive data.
Following this, try accessing your database remotely from another machine:
Note: If you added a firewall rule to only allow connections from a specific IP address, you must try to access the database with the machine associated with that address.
If you’re able to access your database, it confirms that the bind-address directive in your configuration file was the issue. Please note, though, that setting bind-address to 0.0.0.0 is insecure as it allows connections to your server from any IP address. On the other hand, if you’re still unable to access the database remotely, then something else may be causing the issue. In either case, you may find it helpful to follow our guide on How To Set Up a Remote Database to Optimize Site Performance with MySQL on Ubuntu 18.04 to set up a more secure remote database configuration.
Want to launch a high-availability MySQL cluster in a few clicks? DigitalOcean offers worry-free MySQL managed database hosting. We’ll handle maintenance and updates and even help you migrate your database from external servers, cloud providers, or self-hosted solutions. Leave the complexity to us, so you can focus on building a great application.
Tutorial Series: How To Troubleshoot Issues in MySQL
This guide is intended to serve as a troubleshooting resource and starting point as you diagnose your MySQL setup. We’ll go over some of the issues that many MySQL users encounter and provide guidance for troubleshooting specific problems. We will also include links to DigitalOcean tutorials and the official MySQL documentation that may be useful in certain cases.
Manager, Developer Education
Technical Writer @ DigitalOcean
Still looking for an answer?
This textbox defaults to using Markdown to format your answer. You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Thank you, the only thing that might be missing is that by default port 3306 should be blocked by your firewall.
I applied all steps 2 times but it is not working for me. I can’t access the database from other servers or apps. Mysql is in a droplet server, the port is open and the user was created for the public IP. Another idea?
When I change the bind_address to my (APACHE+php) IP server and I restart the MySQL server he refuses to restart and showed me an error. It worked just if I set the IP address to 0.0.0.0 and that’s not good for security I just want my (apache+php) server to connect to MySQL.Do you guys have a problem if you change the bind_address to a specific address.
When i checked /var/log/mysql/error.log it say Can’t start server: Bind on TCP/IP port: Cannot assign requested address .
mysql>GRANT ALL ON . to root@‘123.123.123.123’ IDENTIFIED BY ‘put-your-password’; mysql>FLUSH PRIVILEGES;
I followed this steps, but I still cannot connect to my MySQL database running on my digitalocean server. I did these steps:
- Installed MySQL Server + adding a new user
- Activated the firewall: sudo ufw enable
- Allowed the MySQL port: sudo ufw allow 3306
- Reloaded the Firewall: sudo ufw reload
You missed to mention about opening port in firewall.
To allow connection from any IP address to port 3306:
To allow connection from one particular IP address to port 3306
ufw allow from **IP_ADDRESS** to any port 3306 This almost worked for me lol. I’m trying to set up a development LAMP server in a virtual machine. I finally managed to get most of it set up. The VM is running the server stuff (duh) but I’m using the host machine (Windows 10) to do the testing. I got Windows to access the server; I created a “test.php” file with a simple echo command to test if it would behave as expected and it did.
Now I’m trying to set up MySQL to allow remote access, which is how I ended up here. I want to use a graphical interface to set up databases and tables and everything. As far as the VM and Windows itself is concerned, the server is just another real PC on the same network. At first, MySQL Workbench was throwing an error that it was unable to connect to the server. Following the instructions here, the error became that it wasn’t allowed to access the server.
I don’t know where my issue is. When I installed MySQL, I wasn’t asked to make a password and I wasn’t made aware of one being created. One website pointed me towards a file that didn’t exist, saying a random generated password was there. Another website said it was in the error log. The error log said it created a “root” user with a blank password. What should I do next?
|–EDIT–| Turns out I just needed to access MySQL from the server (VM) itself and create a new user. If anyone else has this issue, here’s what I did:
From Linux’s command line, run, without quotes, “mysql” This starts the utility where you input SQL commands to be ran. You know you’re here when the command line leads with “mysql>”
Type in, also without double quotes “CREATE USER ‘’@‘’ IDENTIFIED BY ‘’;” will be the name of the new user. should be the host name of the remote computer. I used the IP address of my host machine. And of course, will be the new users password. The single quotes (aka: apostrophes) around these three items is required, I believe. I left them in and it worked just fine.
How to Allow MySQL Remote Access in Ubuntu Server
In this tutorial, we are going to learn how to allow remote access to the MySQL server in Ubuntu Server. For the tutorial, I am using Ubuntu Server 20.04, But you can use this on any previous version of Ubuntu Linux.
Enable MySQL Server Remote Connection in Ubuntu
By default MySQL Server on Ubuntu runs on the local interface, which means remote access to the MySQL Server is not allowed. To enable remote connections to the MySQL Server, we need to change the value of the bind-address in the MySQL Configuration File.
First, Open the /etc/mysql/mysql.conf.d/mysqld.cnf file (/etc/mysql/my.cnf in Ubuntu 14.04 and earlier versions).
vim /etc/mysql/mysql.conf.d/mysqld.cnfUnder the [mysqld] Locate the Line,
Then, Restart the Ubuntu MySQL Server:
systemctl restart mysql.serviceNow Ubuntu Server will allow remote access to the MySQL Server, But still, you need to configure MySQL users to allow access from any host.
For example, when you create a MySQL user, you should allow access from any host.
CREATE USER 'username'@'%' IDENTIFIED WITH mysql_native_password BY 'password';Or allow from specific IP Address,
CREATE USER 'username'@'192.168.1.100' IDENTIFIED WITH mysql_native_password BY 'password';Troubleshoot Ubuntu MySQL Remote Access
To make sure that the MySQL server listens on all interfaces, run the netstat command as follows.
netstat -tulnp | grep mysqlThe output should show that MySQL Server is running on the socket 0 0.0.0.0:3306 instead of 127.0.0.1:3306 .
You can also try to telnet to the MySQL port 3306 from a remote host. For example, if the IP Address of your Ubuntu Server is 192.168.1.10, Then from the remote host execute,
You can also run the nmap command from a remote computer to check whether MySQL port 3306 is open to the remote host.
The output should list MySQL port 3306, and the STATE should be open. If the MySQL port 3306 is not open, Then there is a firewall that blocks the port 3306.
Summary: MySQL Remote Access Ubuntu Server 20.04.
In this tutorial, we learned how to enable Remote Access to MySQL Server in Ubuntu 20.04.
To allow MySQL remote Access in Ubuntu 20.04, we change the value of the bind-address to 0.0.0.0 in the /etc/mysql/mysql.conf.d/mysqld.cnf file.