I am running PhpMyAdmin using Docker on my local machine with docker-compose. On remote server i'm using mysql user who can only access from localhost which is why i need ssh tunneling.
version: '3.1'
services:
phpmyadmin:
image: phpmyadmin
restart: always
ports:
- 8080:80
environment:
- PMA_ARBITRARY=1
volumes:
- /usr/local/etc/php/php.ini:/php-make/upload.ini
- ./config.inc.php:/etc/phpmyadmin/config.inc.php
networks:
- host
networks:
host:
Since i'm using host network, docker container should be aware of local port forwarding (not really sure about this tho, but i couldn't find much information online on how host network actually works).
SSH config
host remote-server-name
HostName remote-server-ip
User user
IdentityFile path-to-ssh-key
ForwardAgent yes
LocalForward 3306 127.0.0.1:3306
After i do ssh to remote server there should be a tunnel on my local machine on port 3306 that is pointing to 3306 on remote server. Here is netstat -tulpn to confirm that:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 17506/ssh
Server choice configuration for PhpMyAdmin (phpmyadmin.config.inc)
$cfg['Servers'][$i]['verbose'] = 'remote-server-name';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['LoginCookieValidity'] = 24*60*60*30;
After i choose remote-server-name in server choice i get the following message
mysqli::real_connect(): (HY000/2002): Connection refused
which means mysql user in not allowed to access from given ip address (in this case my public ip) and i guess that's because docker container is not using ssh tunneling from my local machine even if i'm using host network (which again i'm not sure what it actually does).
Anyone got any ideas what i'm doing wrong?
You need to change your service configuration to say
services:
phpmyadmin:
network_mode: host
# and not networks:
The configuration you have creates a Compose network that happens to be named host, but it's not "the host network".
You may be able to use a different approach to connect to the ssh tunnel; also see From inside of a Docker container, how do I connect to the localhost of the machine?. In particular, if you're on a MacOS or Windows host, host networking just doesn't work (you connect to the "host network" of a hidden Linux VM) and you'll need to use the special host.docker.internal host name instead of localhost. For this you don't need any special networks: or network_mode: option at all.
You might need to change the settings of the ssh tunnel listener for this to work. The 127.0.0.1:3306 setting binds to the host's localhost interface, but at least on native Linux the request will actually arrive from the docker0 interface. Setting the tunnel listener to listen on 0.0.0.0:3306 will solve this problem but also will allow others on the network to connect to the forwarded database. There's not a trivial solution for this.
Related
I have a docker image with mysql which has an internal port of 3307.
I'm also trying to run the container for adminer, but when it starts it tries to connect to the standard port 3306, is there any variable that would indicate the port number to connect to?
You can map the 3306 port of the host and the 3307 port of the container, so that you can connect by connecting the IP:3306 of the host. Of course, you can change the my.cnf file of the container and change the port to 3306, which can also be solved.
I've created a docker container that runs MySQL on it and exposes it on the default port (3306) on a DO droplet (Ubuntu 20).
I tried accessing it on my laptop with the following parameters:
Hostname: (VPS's IP address. I also tried Public Gateway IP)
Connection: Standard (TCP/IP)
Port: 3306
Username: root
Password: (Password I have set while creating the container)
The error message just says "Could not connect to localhost"
Am I missing a step that maybe exposes the container to the internet?
After a couple of hours, I found out that the docker run command has to have -p parameter. -p=3306:3306 in my case.
I have doctrine config:
doctrine:
dbal:
driver:pdo_mysql
url:"mysql://%database_user%:%database_password%#%database_host%:%database_port%/%database_name%"
Where database_user is root, password is root user password (re-checked), host is my server ip address, port is 3306 and name is my db name.
When I use these from workbench I can connect but from running docker container for php and nginx. And this config, I get connection refused.
Do I need somehow to allow connections from localhost? Why is it working from workbench then?
I'm working with node, docker, mysql and sequelize and am trying to connect sequelize to mysql container running on docker. It will only connect through port 3306 despite me having changed the "ports" to 3308-3308. When i look up the running containers i get the following for the mysql database:
ticketgo_database_1 docker-entrypoint.sh mysqld Up 3306/tcp,
0.0.0.0:3308->3308/tcp
Which explains why it can only connect to port 3306 but I need to change the connection port from 3306 since that port is busy on my computer. How can i do that?
Mysql container:
database:
image: mysql
environment:
MYSQL_DATABASE: "ticketgo"
MYSQL_ROOT_PASSWORD: "pass"
volumes:
- "./sql:/docker-entrypoint-initdb.d"
ports:
- "3308:3308"
I guess your app is managed by docker-compose as well. There is no need to change which port is MySQL listening in its own container. Leave squelize connecting to databade:3306 and either do not specify port mapping in MySQL docker compose config or specify: 3308:3306 which means that port 3308 on host will be mapped to the 3306 container port. This does not mean that MySQL will listen to the 3308. It will be continuing listening in its container 3306, and a new port 3308 on the host will be mapped to it.
Only specify a port mapping if you need to access MySQL from outside docker-compose services (from another app on your host or a MySQL GUI for example)
In Port section, change second Port to any you want "3308:3309";
Or You can do this in she'll by -p 3309:3308
I'm trying to set up a MySQL container for developing.
So I used docker-compose to set it up.
The container and the mysql looks OK. The thing is that I want to connect to it from a DBeaver client and I can't find how I do it.
Here is my docker-compose.yml:
version: '2'
services:
db:
image: 'mysql:5.7'
volumes:
- '~/dev/dbs-data/mysql:/var/lib/mysql'
restart: 'always'
expose:
- '3306'
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: 'pass'
MYSQL_DATABASE: 'db'
MYSQL_USER: 'user'
MYSQL_PASSWORD: 'pass'
When I try to connect it from DBeaver I get:
java.sql.SQLException: null, message from server:
"Host '172.18.0.1' is not allowed to connect to this MySQL server"
UPDATE
I'm not trying to connect using the IP 172.18.0.1. I tried to connect using localhost:3306, 127.0.0.1:3306 and with the sub IP docker gave it 0.0.0.0:3306
UPDATE
After having success connecting on my Mac, I tried again with DBeaver on my linux and again:
Tried to connect with other tool, mysql workbench:
As you can see in the official image documention :
MYSQL_ROOT_HOST : By default, MySQL creates the 'root'#'localhost' account. This account can only be connected to from inside the container, requiring the use of the docker exec command as noted under Connect to MySQL from the MySQL Command Line Client. To allow connections from other hosts, set this environment variable. As an example, the value "172.17.0.1", which is the default Docker gateway IP, will allow connections from the Docker host machine.
So you have to set the MYSQL_ROOT_HOST variable with the address 172.18.0.1 that you can see in the error message.
On Docker, run this command to create a MySql container and it will expose the ports to the outside world of docker.
docker run --name <mysql-container-name> -p 3306:3306 -e MYSQL_ROOT_PASSWORD=<root-password> -e MYSQL_USER=root -e MYSQL_PASSWORD=<user-password> -d mysql:latest
Few points to note:
You may see below error when trying to connect with DBeaver:
Public Key Retrieval is not allowed
Solution: When creating a new connection on DBeaver, go to Driver Properties look for allowPublicKeyRetrievel and set it to TRUE. Also, if needed set useSSL to FALSE.
Test your connection from DBeaver or any other clients, and it should be working.
I am new to docker and was experiencing the same issue in Linux, it was an issue with the addresses allowed to accept connection; here is what worked out for me:
Find the MySql configuration file named mysqld.cnf
It would be: /etc/mysql/mysql.conf.d/mysqld.cnfOr if you have your own configuration file.
Edit the bind-address key in it. Set it as: bind-address = 0.0.0.0
This will allow to accept connections from any IP address Restart docker-compose by $ docker-compose down$ docker-compose up
Wait for MySQL to start, it should work fine now.