How to Allow Remote Access to MySQL

Originally posted on Monday, April 17, 2023 by Joshua James
Last Updated on Monday, April 17, 2023
Estimated reading time: 7 minutes
How to Allow Remote Access to MySQL

MySQL is a popular open-source database management system used by millions of developers and businesses worldwide. When working with MySQL databases, you may often find yourself needing to access them from a remote location or allow other team members to do so. In this article, we’ll guide you through the process of allowing remote access to MySQL while maintaining the security and integrity of your data.

Understanding Remote Access in MySQL

Remote access to MySQL is an essential feature for web developers, system administrators, and database administrators alike. It allows them to access, manage, and manipulate data from a MySQL server located on a different machine or network.

Benefits of Remote Access

  • Facilitates collaborative work among team members
  • Enables access to databases from remote locations
  • Simplifies management of databases hosted on remote servers

Security Concerns

Despite the benefits, remote access also poses security risks, such as unauthorized access or data theft. Thus, it is crucial to implement proper security measures when enabling remote access to your MySQL server.

Configuring MySQL for Remote Access

To allow remote access to your MySQL server, you need to make some changes to its configuration, create a remote user, and configure the firewall.

Editing the MySQL Configuration File

Locate the Configuration File

On Linux systems, the MySQL configuration file is typically found at /etc/mysql/my.cnf or /etc/my.cnf. On Windows systems, the file is usually located in the MySQL installation directory, with a filename like my.ini.

Here are some examples of where to find the configuration file on different platforms:

  • Ubuntu/Debian: /etc/mysql/my.cnf
  • CentOS/RHEL: /etc/my.cnf
  • Windows: C:\Program Files\MySQL\MySQL Server x.x\my.ini (where x.x is the version number)

Adjust the Bind-Address

The bind-address directive determines which IP addresses the MySQL server should listen to for incoming connections. By default, the server listens only to local connections (i.e., from the same machine) by setting the bind-address to 127.0.0.1. To allow remote connections, you need to change the value of the bind-address directive to 0.0.0.0, which means the server will listen to connections from any IP address.

Open the configuration file with a text editor (e.g., nano, vim, or Notepad++):

sudo nano /etc/mysql/my.cnf

Replace /etc/mysql/my.cnf with the correct path to your configuration file, if necessary.

Locate the bind-address directive in the [mysqld] section of the configuration file. It should look like this:

bind-address = 127.0.0.1

If the bind-address directive is not present in the file, you can add it under the [mysqld] section.

Change the value of bind-address to 0.0.0.0:

bind-address = 0.0.0.0

This change will allow connections from any IP address.

Save the file and exit the editor. For example, in nano, press Ctrl + X, then Y, and finally Enter to save and close the file.

Note: If you want to restrict remote access to specific IP addresses or ranges, you can replace 0.0.0.0 with the desired IP address or CIDR notation (e.g., 192.168.1.0/24 for an IP range of 192.168.1.1 to 192.168.1.254). However, it is generally better to use firewall rules for such restrictions, as described later in this article.

Restarting the MySQL Server

Restart the MySQL server to apply the changes:

sudo systemctl restart mysql

You can check the status of the MySQL server with the following command:

sudo systemctl status mysql

If the server has restarted successfully, you should see a message like “Active: active (running)”.

Creating a Remote MySQL User

To enable remote access to your MySQL server, you must create a dedicated remote user with the necessary privileges. When creating this user, you can specify which hosts can connect to the server and what level of access the user should have.

To create a remote MySQL user, log in to the MySQL server as the root user or another privileged user:

mysql -u root -p

Enter your password when prompted. Once you are connected to the MySQL server, create a new remote user with a secure password:

CREATE USER 'remoteuser'@'%' IDENTIFIED BY 'strong_password';

Replace 'remoteuser' and 'strong_password' with your desired username and a secure password. The % symbol allows connections from any IP address. If you want to restrict connections to a specific IP address or range, replace % with the desired IP address or CIDR notation (e.g., 192.168.1.100 or 192.168.1.0/24).

Next, grant the appropriate privileges to the remote user. To grant full access to all databases and tables, use the following command:

GRANT ALL PRIVILEGES ON *.* TO 'remoteuser'@'%' WITH GRANT OPTION;

However, granting full access may not be necessary or secure in all cases. To limit the remote user’s access to a specific database or table, replace *.* with the desired database and table names. For example, to grant access only to the mydb database, use this command:

GRANT ALL PRIVILEGES ON mydb.* TO 'remoteuser'@'%';

After granting the necessary privileges, flush the privilege cache to apply the changes:

FLUSH PRIVILEGES;

Finally, exit the MySQL server:

EXIT;

Configuring Your Firewall

To secure your MySQL server and protect it from unauthorized access, it is crucial to configure your firewall properly. Several firewall solutions are available, and the configuration process may vary depending on the tool you are using.

Firewall Types

  • iptables: A powerful command-line utility for managing firewall rules on Linux systems.
  • Uncomplicated Firewall (UFW): A user-friendly firewall tool for Linux systems.
  • firewalld: Another firewall management tool available on many Linux distributions.

Firewall Configuration Examples

Allowing incoming connections to the MySQL port (3306) is necessary for remote access. However, to minimize security risks, it is advisable to restrict access to specific IP addresses or ranges.

iptables

To allow access only from a specific IP address, such as 192.168.1.100, run the following command:

sudo iptables -A INPUT -p tcp -s 192.168.1.100 --dport 3306 -j ACCEPT

This command adds a rule that permits incoming connections on port 3306 from the specified IP address.

UFW

To allow access only from a specific IP address, such as 192.168.1.100, run the following command:

sudo ufw allow mysql

This command creates a rule that allows incoming connections on port 3306 from the specified IP address.

firewalld

To allow access only from a specific IP address, such as 192.168.1.100, run the following command:

sudo firewall-cmd --permanent --zone=public --add-service=mysql
sudo firewall-cmd --reload

This command creates a rule that allows incoming connections on port 3306 from the specified IP address and then reloads the firewall configuration to apply the changes.

When configuring your firewall, it is essential to strike a balance between security and accessibility. Ensure that you allow access only from trusted IP addresses or networks, and always monitor your server for signs of unauthorized access or suspicious activity.

Testing Remote MySQL Access

Using MySQL Workbench

MySQL Workbench is a graphical tool for working with MySQL servers. To test your remote access, follow these steps:

  1. Open MySQL Workbench and click on the “+” icon next to “MySQL Connections.”
  2. Fill in the connection details:
    • Connection Name: Choose a name for the connection.
    • Hostname: Enter the IP address or hostname of the remote MySQL server.
    • Port: Use the default MySQL port, 3306.
    • Username: Enter the remote MySQL user you created earlier.
  3. Click “Test Connection” to verify that you can connect to the remote MySQL server. If successful, click “OK” to save the connection.

Using Command-Line Tools

You can also test remote access using the command-line MySQL client. Replace remoteuser, strong_password, and remote_server_ip with your remote MySQL user, password, and server IP address, respectively:

mysql -u remoteuser -p'strong_password' -h remote_server_ip

Conclusion

Allowing remote access to MySQL is an essential feature for managing databases across networks or collaborating with team members. Following the steps in this guide, you can configure MySQL for remote access, set up firewall rules, and test the connection using various tools. Remember to always use strong passwords and restrict access to trusted IP addresses for optimal security.

You may also like:

  1. How to Check the MySQL Version
  2. Enhancing MySQL Performance: Install MySQL Tuner
  3. How to Create a New User and Grant Permissions in MySQL
  4. How to Repair Corrupted MySQL Tables
  5. How to Delete MySQL User Accounts
  6. How to Back Up and Restore a MySQL Database
  7. How to Reset MySQL Root Password on Linux
  8. How to Create a Database in MySQL Terminal on Linux
  9. How to List All MySQL Databases with Command Line
  10. How to Change a MySQL User Password

How To Use Indexes in MySQL

How to Install digiKam on Ubuntu 24.04, 22.04 or 20.04

If you have any legitimate inquiries, such as article suggestions, don't hesitate to contact LinuxCapable. Kindly ensure that your message is written in the English language.

Contact Us
About Us Copyright Policy Disclaimer Privacy Policy Terms & Conditions Contact Us