I'm trying to access my mysql database from workbench through SSH tunnel, mysql is in a container (working with docker-compose).
Here is my mysql container config in docker-compose :
mysql:
image: mysql:5.7
container_name: mysql
expose:
- 3306
ports:
- '3306:3306'
volumes:
- ./mysql:/var/lib/mysql
environment:
- "MYSQL_ROOT_PASSWORD=#####"
- "MYSQL_DATABASE=#####"
- "MYSQL_USER=#####"
- "MYSQL_PASSWORD=#####"
restart: always
But I'm getting a "Failed to Connect to MySQL" error, just like if my ports were not well reforwarding from SSH to MySQL container (and so, not hitting the good door).
Please note I did not allowed remote access from mysql, as I want to only keep SSH/localhost access possible.
Do you have any idea? Thanks
You are already exposing port 3306, so you should be able to access it from your system with below command -
mysql -u <mysql_user> -p -h localhost -p 3306
If not accessible, try if you are able to access it inside the docker session by logging in to mysql container in interactive mode.
Related
I have the following docker-compose.yml file:
version: '3.2'
services:
mysql:
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=verysecret
- MYSQL_DATABASE=yii2advanced
- MYSQL_USER=yii2advanced
- MYSQL_PASSWORD=secret
I run it via docker-compose up -d. But I can't connect from SQL client to my database (I use DataGrip from JetBrains). Here is my configuration:
The password of course is secret. I have already tried to check allowed hosts for yii2advanced user:
As you can see for my yii2advanced connection is allowed from any host. I have tried to change mysqld.cnf and set bind-address = 0.0.0.0. Tried to setbind-address to *. Tried to set not 127.0.0.1 but 172.17.0.1 in the settings of my SQL client. Tried to create manually new one user with full privileges. No effect. The problem still exists. I can't connect to mysql in the container from my localhost.
What is wrong?
By default, docker-compose create a bridge network that will isolate your application from outside including the localhost.
You need to expose 3306 port from isolated network to localhost.
Try this.
version: '3.2'
services:
mysql:
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=verysecret
- MYSQL_DATABASE=yii2advanced
- MYSQL_USER=yii2advanced
- MYSQL_PASSWORD=secret
ports:
- 3306:3306 # <host port>:<container port>
Good to read docker network section. https://docs.docker.com/network/
I have a docker compose file which creates one container to run my app (Ruby on Rails) and another to run a mysql server.
version: "3"
volumes:
test-db:
external: false
services:
db:
image: mysql:5.7
env_file: .env
environment:
MYSQL_DATABASE: test_development
MYSQL_ROOT_PASSWORD: foobar
MYSQL_USER: root
MYSQL_PASSWORD: foobar
volumes:
- test-db:/var/lib/mysql
ports:
- "3306:3306"
app:
build:
./
image: test_app:latest
env_file: .env
command: "rails server -b 0.0.0.0"
volumes:
- .:/app
ports:
- "3000:3000"
depends_on:
- db
tty: true
stdin_open: true
I exec into the db container, and can access the mysql cli as expected.
$ docker exec -it test_db_1 mysql -pfoobar
Welcome to the MySQL monitor. Commands end with ; or \g.
However, I am met with the following when I attempt to access the server through the app container.
$ docker exec -it test_app_1 mysql -hdb -pfoobar
ERROR 1130 (HY000): Host '192.168.144.3' is not allowed to connect to this MySQL server
Why is the container running the mysql server unable to receive requests from the test app container?
When I run docker ps, I see the following:
COMMAND PORTS
"rails server -b 0.0…" 0.0.0.0:3000->3000/tcp
"docker-entrypoint.s…" 0.0.0.0:3306->3306/tcp, 33060/tcp
By default when you start MySQL container, it creates automatically the root user which you are using it to access the same container test_db_1 based on environment variables passed, this root user is granted/allowed to connect from localhost only.
But if you want to access MySQL from the other container, you should create a user that is granted to connect to the database from a remote host (either username#% or username#container-name) - as each container has a different IP inside the docker default network,
Note: you can do that by logging into MySQL in the container, and create a user, in your case it will be something like: grant all on <your-database>#`%` to <yourusername>#`%` identified by '<password>'
portsoption expose the ports to your host machine but I don't think it does between the same between containers. Try using expose: 3306 on the db configuration. By the way, I'd like to point out that even though you are using depends_on option that doesn't guarantee your database will be up when you start your application only that the db container will be ready so keep that in mind.
I'm trying to create mySQL container for development DB.
My app is made by golang.
Now, I created docker-compose.yml to run APP & DB.
mySQL container was created and I can start it, but Access denied shows up if when I tried to connect with this DB, via DB client (Sequel Pro).
it's my docker-compose.yml
version: '3'
services: app:
build:
context: .
dockerfile: "Dockerfile"
ports:
- "8080:8080"
volumes: mysql:
image: mysql:5.7.10
environment:
MYSQL_ROOT_PASSWORD: 'pass'
ports:
- '3306:3306'
volumes:
- mysql-data:/var/lib/mysql volumes: mysql-data:
driver: local
I did
$ docker-compose build
and
$ docker-compose up -d
Then containers are created, mySQL is as below, if exec command
$ docker ps -a
1f7540fdedc1 mysql:5.7.10 "/entrypoint.sh mysq…" 1 second ago Up 2 seconds 0.0.0.0:3306->3306/tcp XXX_mysql_1
After that,If I tried to connect this DB with sequel pro, I can see this message in kitematic.
Access denied for user 'root'#'172.18.0.1' (using password: YES)
ip, user name, password, port must be correct.
Also, if I create docker container for mySQL with using kitematic, I can connect with the container.
I don't know why access denied shows up.
Screenshot when access denied shows up
I have this similar problem fixed. Make sure you have the latest image of mysql version. docker pull mysql:5.7.10.
Then delete the associated volume (backup if there is existing data). If you are using the docker-compose yml version 3 you should map your environment like MYSQL_ROOT_PASSWORD=password. Verify that it is correctly set by going to the container and run command echo $MYSQL_ROOT_PASSWORD.
If you are logging in from the host machine try to pass the protocol flag.
mysql -u root -p --protocol=tcp (you may also pass the host localhost or 127.0.0.1) -h 127.0.0.1
When I try to tunnel via SSH to the Host Mashine (vServer) and then try to connect via the internal docker Container-IP then I can't connect to MySQL.
This is my docker-compose file.
version: '2'
services:
mysql:
build: ./mysql
environment:
MYSQL_ROOT_PASSWORD: test
volumes:
- ./db:/var/lib/mysql
The only solution I found was to forward the MySQL-Port of the mysql container to the Host-Mashine.
version: '2'
services:
mysql:
build: ./mysql
environment:
MYSQL_ROOT_PASSWORD: test
volumes:
- ./db:/var/lib/mysql
ports:
- 3306:3306
Then I am able to connect via the Host IP to MySQL but this is without SSH its direct via TCP and the port.
This is a No-Go for me to bring the MySQL Service into the internet.
Reasons can be found here https://security.stackexchange.com/questions/63881/is-it-not-safe-to-open-mysqls-port-to-the-internet why it is not a good practice to bring your mysql port into the internet.
So what is a good practice to connect to my docker mysql container with SSH but keep the mysql ports closed?
One simple way is to bind the MySQL port only to the localhost address. That assumes the host has a mysql client available outside of Docker.
ports:
- 127.0.0.1:3306:3306
You could also omit the ports section completely (no port binding at all), and use the mysql client that's already inside the container.
docker-compose exec mysql bash
Then run the mysql command inside the container to do whatever queries you want to do.
An easy way to achieve this is to forward the ssh port of the docker conatiner to some port on your host, i.e.
ports:
- 22:<some free host port>
and then access the container via ssh to the host port you used. Note, that it is a bad idea to use port 22, since that will cause a conflict with the ssh server running on your host.
I'm using the official MySQL image from docker hub and expose ports 3333:3306 to connect from outside.
I know that I have to change the bind IP inside /etc/mysql/my.cnf to the IP of this container and grant permission for a user like: GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'container_ip'; so I can connect to this container by:
mysql -h container_ip -u root -p
But I received this error
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Btw, I also try to connect from WordPress in another container but it cannot establish the connection. Here is docker-compose.yml
version: '2'
services:
mysqldb:
image: mysql:5.6
environment:
MYSQL_ROOT_PASSWORD: password
volumes:
- ./mysql-data:/var/lib/mysql
- ./mysql-import-data:/import-data
ports:
- "3333:3306"
blog:
image: webdevops/php-nginx:ubuntu-14.04
environment:
WEB_DOCUMENT_ROOT: /usr/share/nginx/html
volumes:
- ./blog:/usr/share/nginx/html
ports:
- "8080:80"
depends_on:
- mysqldb
What's the mistake I made with this mysql container? I cannot connect to it.
The IP of the container may change every time docker-compose up. How can I configure it?
Hmm I'm a little confused. From the point of view of the host os, the docker container is bound to one or more network interfaces. In your compose file you are exposing port 3333 to the host. That's what you have to connect to.
Plus you need to use an IP address, otherwise the mysql client will try to connect with a unix socket.
mysql -h 127.0.0.1 --port 3333 -u root -p
If you are trying to connect from inside your blog container then you can use mysqldb as your host with the 3306 port.