I have a PHP web app (Snipe-IT) that was previously working.
We went through a security review, and the recommendation was made to enable service endpoints (Microsoft.Sql) on the application subnet so that web apps connect to databases over the Azure backbone. Everything is working fine for the other MSSQL apps, except for our Snipe-IT application, which connects to a GP_Gen5_2 MySQL instance.
The error message says:
D'oh! Looks like we can't connect to your database. Please update your database settings in your .env file. Your database says:
SQLSTATE[HY000] [9009] Client connections to Basic tier servers through Virtual Network Service Endpoints are not supported. Virtual Network Service Endpoints are supported for General Purpose and Memory Optimized severs. (SQL: select 2 + 2)
This error message doesn't match the environment configuration because the database in question is a General Purpose, 2 vCore(s), 50 GB database.
There is no networking tab on the MySQL server, but in the Connection security tab we have tried enabling access to Azure resources, allowing the full public internet (0.0.0.0 - 255.255.255.255), enabling and disabling forced SSL, but nothing changes the result.
Azure won't let us create a Private Endpoint on the MySQL database because 'the subnet contains external resources'
I am hoping there is a way to resolve this without having to rebuild both the app and database in a different App Service Environment and subnet.
Thanks
Related
I don't understand why I got inconsistent connection from my local MySQL Workbench to Google Cloud SQL.
Something, I can connect to my database the first time, sometimes, I need to try multiples times before getting a connection. Sadly, most of the time, it's not working.
Because I can rarely connect to the database, what kind of configuration can cause this problem?
Here's some infos:
My application hosted on Google Compute Engine don't have any connection problem.
My public IP (personnal computer) is added to the Authorised networks in my Google Cloud SQL instance. See: Enabling public IP and adding an authorized address
I have added a Firewall rules to allow port 3306 in Google Cloud VPC network
SSL is currently disable for the testing purpose
I followed these instructions: How to connect to your Cloud SQL instance database with MySQL Workbench
For the benefit of future readers, the result of the comments above was:
The problem was that the client was alternating between two possible external IP addresses. One had been authorized to access Google Cloud, and the other one had not been authorized.
Enable all client IP addresses to connect, and that should fix it.
I am trying to locally run a PHP based project, connecting to an Amazon RDS instance. I am receiving the following error in the browser:
![SQLSTATE[HY000] [2002]]1
I have run a series of networking tests where I pinged the following and received successful test results. I pinged:
iiNet's web address
One of iiNet's DNS servers
The loopback address of my computer
I pinged Google
I then tried the mysql utility to remotely connect and received the
ERROR 2003 (HY000): Can't connect to MySQL server
Last factor I think you should know regarding my own networking situation, I am connecting to the internet via:
modem->Zyxel VPN->Wireless Router->My laptop
What in the Sam Hill is going on?
Thanks,
CM
For this to work, the following must be true:
the RDS instance must resolve to a public IP address (I'd check this for you but since you chose to use a screenshot instead of text, I can't copy paste it, so I'll leave it to you)
the Security Group(s) associated with the RDS instance must allow traffic from your public IP ( the one you'll get from http://wtfismyip.com/text ). This won't bet true by default. I highly recommend you open to your IP, not just everyone, as Mysql is trivial to DOS attack if its port is public.
The network ACL of the VPC hosting the RDS instance must allow the traffic also. This will be allowed by default, so unless you changed the ACLs in your VPC, you can ignore this.
If all those are true, you should be able to connect!
I've recently created a Mule application (3.7.0 CE) on a laptop. I'm connected to an AWS RDS instance when running locally in AnyPoint Studio using Maven. I started with a local MySQL DB and migrated it to AWS because my application "proofofconcept" is just that a proof of concept and I would like to show the application online (public url) instead of my laptop for a presentation. I added the database.url=... property to the application properties when I deployed to Anypoint Runtime Manager in the cloud. I'm currently getting a:
communications link failure
I've tried several things and nothing has worked. I tried a basic database connection first in the database config. And, then I created a JDBC datasource in Spring-beans. Both methods worked locally and in-communication with AWS (remote). When I deploy to Runtime Manager, the application deploys. And, I get the console that's generated runtime by the RAML. When I call a url e.g. api/v1/orders it runs and runs and after timeout provides the communication error.
Does anyone 1) know if the communication is allowed? 2) know how to fix this? I would like to demo the POC online for my client.
Thanks in advance
My issue was with Amazon VPC and the default security group assigned to my RDS instance. By default all outbound activity is set to any protocol and any port for any ip (0.0.0.0/0). Inbound routing, however was specifying only port 3306 but also a custom using-ip that was my home network public ip. I changed the ip specification to be 0.0.0.0/0. This now mean's that any ip can send a request though port 3306 to my Amazon MySQL instance.
I have mysql server installed on my machine. I would like to connect to the same local mysql instance using Google app script's jdbc service. I am getting connection failed error. So, I would like to confirm:
1. is it possible to connect to mysql instance running on private machine(laptop) using jdbc service.
2. If not is it always mandatory to connect to public IP. What is the alternative to connect to mysql instance running on private machine.
This definitely works, but you need to permit Google's machines to connect to your machine. That means opening a hole in your firewall, possibly setting up port forwarding on your router, etc.
There is an alternative to poking a hole in your security arrangement, it is called Secure Data Connector, and it lets your machine initiate the connection to Google - https://developers.google.com/secure-data-connector/
Unfortunately, I don't believe that SDC supports JDBC yet (I believe it only supports HTTP based communication).
(P.S. One very simple work around is to mirror your local database to some kind of cloud service, and then permit access to that replica from Google).
I would like to create a desktop application that should work with data on a mySql server running on a remote machine.
So each user has a copy of the desktop app and edits data on the remote mySql server.
Now my problem is that the mySql server will not allow connections from other hosts.
Question, is this just the wrong way of creating the app. If not how do I give any host access to the MYsql server.
(I know I can open up for a specific IP but that won't work as the app could be running anywhere)
You should front your database on the server with a thin service layer, where you could do some validation / processing on the data, perform authentication, etc. Your client apps would then expose those methods in your service layer as web services, to which your client apps would communicate using either SOAP/XML, REST/JSON, etc. In general, it is a bad idea to expose your database directly if your application is within a LAN, and a terrible one to expose it on the internet.