Why access denied happen with mysql , with docker-compose - mysql

I'm trying to create mySQL container for development DB.
My app is made by golang.
Now, I created docker-compose.yml to run APP & DB.
mySQL container was created and I can start it, but Access denied shows up if when I tried to connect with this DB, via DB client (Sequel Pro).
it's my docker-compose.yml
version: '3'
services: app:
build:
context: .
dockerfile: "Dockerfile"
ports:
- "8080:8080"
volumes: mysql:
image: mysql:5.7.10
environment:
MYSQL_ROOT_PASSWORD: 'pass'
ports:
- '3306:3306'
volumes:
- mysql-data:/var/lib/mysql volumes: mysql-data:
driver: local
I did
$ docker-compose build
and
$ docker-compose up -d
Then containers are created, mySQL is as below, if exec command
$ docker ps -a
1f7540fdedc1 mysql:5.7.10 "/entrypoint.sh mysq…" 1 second ago Up 2 seconds 0.0.0.0:3306->3306/tcp XXX_mysql_1
After that,If I tried to connect this DB with sequel pro, I can see this message in kitematic.
Access denied for user 'root'#'172.18.0.1' (using password: YES)
ip, user name, password, port must be correct.
Also, if I create docker container for mySQL with using kitematic, I can connect with the container.
I don't know why access denied shows up.
Screenshot when access denied shows up

I have this similar problem fixed. Make sure you have the latest image of mysql version. docker pull mysql:5.7.10.
Then delete the associated volume (backup if there is existing data). If you are using the docker-compose yml version 3 you should map your environment like MYSQL_ROOT_PASSWORD=password. Verify that it is correctly set by going to the container and run command echo $MYSQL_ROOT_PASSWORD.
If you are logging in from the host machine try to pass the protocol flag.
mysql -u root -p --protocol=tcp (you may also pass the host localhost or 127.0.0.1) -h 127.0.0.1

Related

Cannot connect to mysql server (root) inside docker container executed with docker-compose: Access denied

I am running a mysql server inside a docker container using docker-compose, here is my yaml file:
version: '3'
services:
mysqltest:
image: mysql
network_mode: host
ports:
- "3306:3306"
volumes:
- "/home/myuser/bds/mysql/:/var/lib/mysql"
user: "1000:1000"
environment:
- "MYSQL_ROOT_PASSWORD=mysecret"
The container loads file with the docker-compose up command, but when i try to connect from the host machine to the mysql server with user root, it fails:
mysql -h 127.0.0.1 -u root -pmysecret
ERROR 1045 (28000): Access denied for user 'root'#'127.0.0.1' (using password: YES)
However, i can connect to the server inside the container using the same command, if i start the container using docker command line:
docker run -it --rm --name mysqltest --user 1000:1000 -v /home/myuser/bds/mysql/:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=mysecret -p 3306:3306 -d mysql
I tried setting network_mode to host, none and also without specifying it, but the result is the same using docker-compose.
What could be wrong with my YAML file so that i cannot connect as when i use docker command ?
Thanks in advance
I assume you didn't change your default Docker configuration. By default Docker will run in the network mode: 'bridge' and not host. See the difference here.
You can check using docker inspect container.
When you just start the container using the command you will start your container in bridge mode and the container port 3306 will be mapped on 3306. This will not happen when you try host. Again see the link for the difference.
So update your docker-compose.yaml and define bridge as network mode:
version: '3'
services:
mysqltest:
image: mysql
network_mode: bridge
ports:
- "3306:3306"
volumes:
- "/home/myuser/bds/mysql/:/var/lib/mysql"
user: "1000:1000"
environment:
- "MYSQL_ROOT_PASSWORD=mysecret"
SOLVED !! The issue was originated from setting different mysql root passwords with the different docker commands:
The first time i was testing the container i user std docker command and the environment MYSQL_ROOT_PASSWORD=othersecret. Everything worked fine. i connected from host using mysql command and restored a database
Once i finished testing, i wrote yaml file, but with the root password i wanted to use for producction:
environment:
MYSQL_ROOT_PASSWORD: "mysecret"
But then, when i started the container with docker-compose and the yaml file, i could not connect from host using mysql command. It seems the original root password ("othersecret") was written to the user table inside the mysql schema and that is why i could not connect using the password set in the yaml file. I cleaned up the mysql directory and started the container using docker-compose (without specifying a network mode) and finally i was able to connect from host.

Cannot connect to the MySQL from the Docker container on the AWS EC2

I try to run my app with DB on single AWS EC2 (Ubuntu), and decided to try with docker.
I have very basic setup:
docker-compose.yml
version: '3.3'
services:
db:
image: library/mysql:8.0.20
restart: always
env_file:
- ./.env
ports:
# <Port exposed> : < MySQL Port running inside container>
- '3306:3306'
expose:
# Opens port 3306 on the container
- '3306'
# Where our data will be persisted
volumes:
- my-db:/var/lib/mysql
# Names our volume
volumes:
my-db:
And with following .env content:
MYSQL_DATABASE=db
MYSQL_USER=user
MYSQL_PASSWORD=password
MYSQL_ROOT_PASSWORD=password
MYSQL_HOST=localhost
I run it in detached mode with docker-compose:
sudo docker-compose up -d
And after when I try to connect from the host it fails, but what the more interesting, I'm not even able to connect from the container using following command:
sudo docker exec -it db_1 mysql db -P 3306 --protocol=tcp -u root -h localhost -p
I got the next response:
ERROR 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES)
There is nothing appearing in docker logs, and I'm out of ideas what possibly can be wrong.
Please help me if you have faced with this issue before or know what I'm missing!
Investigated issue with #nub8er, we found out that it was wrongly initially configured MySQL image. It looks like on the first run I've killed container before it has properly initialised, and for all next tried I was not able to connect properly.
Now everything works correctly, thank you #num8er for the help on investigation!

"Host '192.XXX.XXX.X' is not allowed to connect to this MySQL server" error when attempting to access mysql Docker container from another container

I have a docker compose file which creates one container to run my app (Ruby on Rails) and another to run a mysql server.
version: "3"
volumes:
test-db:
external: false
services:
db:
image: mysql:5.7
env_file: .env
environment:
MYSQL_DATABASE: test_development
MYSQL_ROOT_PASSWORD: foobar
MYSQL_USER: root
MYSQL_PASSWORD: foobar
volumes:
- test-db:/var/lib/mysql
ports:
- "3306:3306"
app:
build:
./
image: test_app:latest
env_file: .env
command: "rails server -b 0.0.0.0"
volumes:
- .:/app
ports:
- "3000:3000"
depends_on:
- db
tty: true
stdin_open: true
I exec into the db container, and can access the mysql cli as expected.
$ docker exec -it test_db_1 mysql -pfoobar
Welcome to the MySQL monitor. Commands end with ; or \g.
However, I am met with the following when I attempt to access the server through the app container.
$ docker exec -it test_app_1 mysql -hdb -pfoobar
ERROR 1130 (HY000): Host '192.168.144.3' is not allowed to connect to this MySQL server
Why is the container running the mysql server unable to receive requests from the test app container?
When I run docker ps, I see the following:
COMMAND PORTS
"rails server -b 0.0…" 0.0.0.0:3000->3000/tcp
"docker-entrypoint.s…" 0.0.0.0:3306->3306/tcp, 33060/tcp
By default when you start MySQL container, it creates automatically the root user which you are using it to access the same container test_db_1 based on environment variables passed, this root user is granted/allowed to connect from localhost only.
But if you want to access MySQL from the other container, you should create a user that is granted to connect to the database from a remote host (either username#% or username#container-name) - as each container has a different IP inside the docker default network,
Note: you can do that by logging into MySQL in the container, and create a user, in your case it will be something like: grant all on <your-database>#`%` to <yourusername>#`%` identified by '<password>'
portsoption expose the ports to your host machine but I don't think it does between the same between containers. Try using expose: 3306 on the db configuration. By the way, I'd like to point out that even though you are using depends_on option that doesn't guarantee your database will be up when you start your application only that the db container will be ready so keep that in mind.

Can't connect to database: Access denied for user

I am setting up a CakePHP 3.7 application and using docker compose. I have a mysql service as well that I'm trying to connect to, but I am getting this error: Access denied for user 'ws_user'#'172.20.0.3' (using password: YES)
I am granting permissions to the user like so: GRANT ALL PRIVILEGES ON mydb.* TO 'ws_user'#'%' IDENTIFIED BY '<superSecretPasswordHere>'.
If I use the root credentials, cakephp is able to make the connection just fine.
I also expose the mysql service on port 3030 to my local machine and I am able to connect with the ws_user credentials just fine.
I also setup mysql running on my local machine with the same credentials and cake is able to connect to host 172.17.0.1 just fine as well.
I'm perplexed as what could be the problem. It sure seems like it's a permissions problem (because of the error message), but I'm able to connect via the exposed port via the command line. My next thought was that it might be because of special characters in the password, but again, if I connect to mysql running on my host machine, it works fine with the same password.
Here is my docker-compose file:
version: '2'
# define all services
services:
# our service is called CakePHP ;-)
cakephp:
# we want to use the image which is build from our Dockerfile
build:
context: .
dockerfile: Dockerfile
# apache is running on port 80 but we want to expose this to port 4000 on our local machine
ports:
- "80:80"
# we are depending on the mysql backend
depends_on:
- mysql
# we mount the working dir into the container, handy for development
volumes:
- .:/var/www/html/
environment:
- SECURITY_SALT
- MYSQL_HOST
- MYSQL_USERNAME
- MYSQL_PASSWORD
mysql:
# we use the mysql base image, version 5.6.36
#image: mysql:5.6.39
build:
context: .
dockerfile: Dockerfile.mysql
ports:
- "3030:3006"
# we mount a datavolume to make sure we don't lose data
volumes:
- mysql_data:/var/lib/mysql
# setting some envvars to create the DB
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_DATABASE
volumes:
mysql_data:
From "cakephp" you connect to "mysql:3306". This should be in your connection string.
From your host you can connect to "127.0.0.1:3030" to verify that your database accepts remote login.
Then you should check the credentials that they are the same. I suggest you put them in a .env file and then test the connection by "copy-paste" of the values.
you can check the values that are actually passed to the containers by running:
docker-compose config
This shows you the exact version of the docker-compose file that will be sent to the docker engine.
Hope this works, otherwise drop me a comment.

Docker Wordpress connection to the database server on the localhost

I run docker wordpress image with command
docker run --name test-wordpress -p 8081:80 -d wordpress
MySQL 8 is on localhost on Windows 10. Database credentials are valid.
In wordpress setup I use this configuration
Database name: wordpress (not exist yet)
Username: root
Password: ***
Database host: localhost || 127.0.0.1 || host.docker.internal
I get error
Error establishing a database connection
What is correct database host?
By default, docker will attach your new container to a bridged network. This means that addresses such as: localhost and 127.0.0.1 only refers to the container itself. Not the host machine.
The easy was to solve this, is to wrap the MySQL database in a container of it's own. This way your containers can address eachother without issues.
Connect to MySQL database on the host
If you really want to connect the service in the container with a service on the host, you will need to connect the container to the appropriate network.
First, you will need to create a network. Assuming that your local machine has a fixed IP of 192.168.0.1, you should be able to do this with:
docker network create -d bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 dockernet
You can then:
docker run --name test-wordpress --net=dockernet -p 8081:80 -d wordpress
And you should then be able to refer to the host from inside the container by the IP: 192.168.0.1.
Create stack with wordpress and MySQL
The better alternative here though, is to create an application stack definition with docker-compose, that includes both the database and the wordpress application.
You can create a docker-compose.yml file like this:
docker-compose.yml
version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
And the start the stack with this:
docker-compose up
Then visit: http://localhost:8000
Notice that the database data will be stored in the docker managed volume called db_data.
Details on installing docker-compose can be found here: https://docs.docker.com/compose/install/
Start both containers with just docker run
The same can be achieved with just docker run, like this:
docker volume create db_data
docker network create mysqlnet
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=somewordpress -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=wordpress -v db_data:/var/lib/mysql --net=mysqlnet -d mysql:5.7
docker run --name test-wordpress -e WORDPRESS_DB_HOST=test-mysql:3306 -e WORDPRESS_DB_USER=wordpress -e WORDPRESS_DB_PASSWORD=wordpress -e WORDPRESS_DB_NAME=wordpress --net=mysqlnet -p 8081:80 -d wordpress:latest
You can change the mapping of the mysql datafiles to a local directory instead, and just ommit the docker volume create statement.
Found a great article explaining How to setup Wordpress using Docker.
The issue is MySQL container is not accessible from the wordpress container, so to fix this we will have to create docker network and connect both the containers.
Lets create a docker network -
> docker network create --attachable wordpress-network
Now attach both the containers with following command -
> docker network connect wordpress-network mysql-container
> docker network connect wordpress-network wordpress-container
Now open the wordpress in browser and set mysql-container as Database Host
The accepted answer is incomplete and inaccurate. You can very easily connect to MySQL running in host machine with wordpress running inside container by providing --network=host option during docker run.
Issue With Wordpress:
The only caveat is wordpress can't connect with MySQL with default setup.
In Ubuntu systems running MySQL 5.7 (and later versions), any MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external incompatible program like wordpress to access the user.
In order to use a password to connect to MySQL as user, you will need to switch its authentication method from auth_socket to mysql_native_password.
Solution:
Create a dedicated mysql user for wordpress database in legacy mysql_native_password mode.
$> sudo mysql
mysql> CREATE USER 'wpuser'#'localhost' IDENTIFIED WITH mysql_native_password BY 'wp_password';
mysql> CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
mysql> GRANT ALL ON wordpress_db.* TO 'wpuser'#'localhost';
mysql> FLUSH PRIVILEGES;
Run Wordpress container:
docker run --rm --name my_wordpress --network=host -e WORDPRESS_DB_USER=wpuser -e WORDPRESS_DB_PASSWORD=wp_password -e WORDPRESS_DB_NAME=wordpress_db -e WORDPRESS_DB_HOST=127.0.0.1 wordpress