Cannot establish remote mysql connection - mysql

I recently moved a few websites of mine from one hosting to another, but I decided to keep databases on the old hosting.
I did all the steps:
whitelisted new server's IP
changed all dbcon config ''localhost'' to old server IP
even changed outdated ''mysql_connect'' with mysqli
Still I cannot establish db connection at all!
How do I troubleshoot this? I have bno idea where else to look!
There might be some issues with PHP in the new hosting!
In PHP settings, the dropdown menu of ''Select PHP version" has only WARNING:Alternatives and ERROR:User options. Shouldn't there be PHP versions???

You may have to look at the MySQL user connections from within MySQL.
Here is what you do:
SELECT user,host FROM mysql.user;
This will reveal where each MySQL user can connection from.
If a user has host='%', then that user can connect from anywhere.
If a user has host='10.20.30.%', then that user can connect from '10.20.30.%' netblock only.
Let's take the latter case: a specific netblock.
Suppose your new servers are on netblock 20.30.40.%. You may have to go to each user and change the netblock in mysql.user.
EXAMPLE: For the user myuser.'10.20.30.%', and you want to change myuser to access MySQL from netblock 20.30.40.%, you would login to the DB server, connect to mysql as root#localhost, and execute this:
UPDATE mysql.user SET host='20.30.40.%' WHERE host='10.20.30.%';
FLUSH PRIVILEGES;
This will update every user's host column with the new netblock.
You could always use the GRANT command instead of hacking it like I just suggested.
If you cannot change mysql.user in either way, you may have to ask the DB Host provider to do that for you.
Give it a Try !!!

Related

how to connect to azure database for mysql, from azure app service with wordpress docker image?

I have an azure app service, using the latest wordpress image from docker hub. The screenshot for the azure app service:
Then in the azure app service -> application setting, I added the following key/value pairs which will be used to connect Azure database for mysql:
WORDPRESS_DB_HOST
WORDPRESS_DB_NAME
WORDPRESS_DB_PASSSWORD
WORDPRESS_DB_USER
screenshot:
Inside my Azure database for mysql, I have enabled public access / allow public access from any azure service / also add my client ip and this ip range 0.0.0.0 - 255.255.255.255. I can access it from my client and create the database which will be used by azure app service. Screenshot like below:
in server parameters, I also turn off the require_secure_transport setting:
At last, I tried to launch the site, but it throws the error "Error establishing a database connection", screenshot below:
I'm new to wordpress / docker, and don't know how to fix this issue. I also reviewed some videos / docs, and didn't see any other configuration differences. Could you please guide me how to fix this issue? Thanks very much.
You received this error message.
Warning: mysqli_real_connect(): (HY000/1045)>: Access denied for user 'ivan'#'52.xx.xxx.xx' (using password: YES)
It means MySQL received, processed, and rejected your WordPress instance's attempt to connect. So you know the hostname is right and your cloud provider's firewall settings allow your WordPress instance to exchange network data with your MySQL instance.
What's wrong?
MySQL's user name / account name setup has a quirk. An account name can look like 'ivan'#'localhost' or 'ivan'#'%' (or even something like 'ivan'#'192.0.22.33').
The first of those only allows login from localhost (or via tunneling via ssh). The second allows login from '%', meaning any host. You need the second one for your WordPress instance to get access to MySQL.
When you're logged in to MySQL from your machine, do this.
SELECT host, user FROM mysql.user WHERE user='ivan';
You should see two rows, like these
host user
---- ---
% ivan
localhost ivan
It's possible the account with '%' as the host is missing. If so that means you need to create another MySQL account and give it access to your database. Do that like this.
CREATE USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
Next, make sure the user account you just created -- the one your WordPress software will use to connect to MySQL -- has access to your database.
GRANT ALL PRIVILEGES ON wordpress.* TO 'ivan'#'%';
FLUSH PRIVILEGES;
If you still get the error message, it's possible the password on your 'ivan'#'%' account doesn't match what you put into your WordPress configuration. You can change it with
ALTER USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
If it still gives the same error message, it's possible that your cloud vendor requires TLS to connect to MySQL. You may want to consult their support team about that.
(This is a common stumbling block setting up new WordPress instances.)
ok just to keep and make things clear. all IPs can connect to the DB but are you actually authorized to read/write date in the DB?
I.E. this might be a permission/privilege issue.
I suggest double checking user privileges and determine who can do what on your DB
Best Regards. :-)

MySQL Server 8.0 remote database

I am very frustrated that I am trying this from over 5 days.
I need to create database on my PC that has to be visible for all other PCs in the same LAN.
I tried with XAMPP - Apache + MySQL - no result even after reading all articles from first 2 pages of Google and watching many youtube clips.
Now I am trying with MySQL Server 8.0 on my PC. I tried again all of Google first pages stuff without result. How can I do that?
I know that this has been asked many times here but there is no complex solution at all.
Does anybody of you have tutorial that is tested nowadays and it is working?
you should provide more details like the error message you get when connecting to the remote mysql server, anyway, to allow remote access, here is a checklist you need to go through:
grant permission, mysql by default only allow access from localhost(127.0.0.1), to allow other ip access:
// replace root for the username, '123456' for the password
grant all privileges on . to 'root'#'%' identified by '123456';
flush privileges;
check your server firewall settings to allow your mysql through port 3306(default)
others:
for linux server I think you also need to comment out "bind address" in your mysql config file;
some other issues for example your mysql client autodetect the wrong timezone, you may need to manually set it;
check your inbound rule on your client pc;
etc.
my suggestion for you, don't just google around blindly, think about it logically first, sometimes there is no direct answer
The problem was in connection String.
static final String USERNAME="[username]";
static final String PASSWORD="[password]";
static final String CONN_STRING="jdbc:mysql://[ip-address]:[port]/[database-name]";
So as LIU YUE suggested I just granted access for this username. The problem was that my other computer has a different name.

MariaDB 10.1 change old password to new password on centos 7 and enable secure-auth

I have upgraded MariaDB 5.5 to 10.1 now and it says mysql uses secure-auth and change old password to new password. I have disabled secure-auth in my.cnf and able to login.
Now my question is how do I change old password to new password and enable secure-auth on the database.
suggest how do I do it.
I'm going to assume your MariaDB server doesn't have other users that you don't know the passwords for, and that you have requisite PRIVILEGES to modify users and set system level variables. Super_Priv may be enough :)
Note: You run the risk of locking yourself out, but as long as you are logged in, changing these won't log you out of your current session so you can recover if things go the wrong way, without having to restart. I always test with a second connection, because it is a buzzkill to lock yourself out of a database. Not that I would know anything about that.
Note2: I'd strongly recommend backing up the user table for safety with SQL similar to this:
CREATE TABLE mysql.user_backup_YYYYMMDD LIKE mysql.user;
INSERT INTO mysql.user_backup_YYYYMMDD SELECT * FROM mysql.user;
You can modify the "secure_auth" setting in real-time (so you don't have to restart your mariadb server) by changing the system variable "secure_auth" (if your user account has the required privileges) with the following sql (ie. run in a mysql client):
SET GLOBAL secure_auth="ON";
or
SET GLOBAL secure_auth="OFF";
To see what the current value is:
SHOW GLOBAL VARIABLES LIKE '%auth%';
To make it permanent through a reboot, change the value in your:
/etc/my.cnf.d/server.cnf (or possibly your /etc/my.cnf - hopefully it's not set in both, but it's worth checking)
[mysqld]
secure-auth=on
(Note: As you found out, changes in the .cnf won't be loaded until your mariadb server is restarted)
Once you enable auth_secure, users with "old passwords" won't be able to log in as they have been. The easiest approach, if possible, at the point is to upgrade the password types on all accounts to avoid any issues trying to support both.
You can view the current accounts and (encrypted) passwords with the following SQL:
SELECT user, host, password FROM mysql.user;
Before updating, you can verify that your password is what you think it is by comparing this sql to the PASSWORD field in the mysql.user table:
SELECT OLD_PASSWORD('What You Think Your Password Is');
And the same thing, but for the new passwords:
SELECT PASSWORD('newpass');
From there, you have options, but the normal way would be to set the passwords:
SET PASSWORD FOR 'foo'#'%' = PASSWORD('newpass');
where foo and % are the fields HOST and USER from the mysql.user table.
Another (funky) option would be to clear the passwords using the ALTER USER command and no INDENTIFIED BY clause as described here:
https://mariadb.com/kb/en/library/alter-user/
Obviously that could lead to security anti-joy.
You can also set the password fields by an update statement, for example, if you wanted to set it back to a saved value:
UPDATE mysql.user SET PASSWORD="SOME SAVED VALUE" where USER = "sqllove" and host = "localhost";
Or you could set it back to an "old password" format, if you know the password:
UPDATE mysql.user SET PASSWORD=OLD_PASSWORD("Old Password") where USER = "sqllove" and host = "localhost";
One (scary) nice thing about this approach is if you are setting a password for multiple users, you can do it in one command - for example, to make the password "easy" for people connecting on the same machine via localhost:
UPDATE mysql.user set PASSWORD=PASSWORD("easy") where host="localhost";
And to make sure your latest user changes are visible immediately, when done, some final SQL:
FLUSH privileges;
I'd stay logged into the MariaDB client the entire time - make changes, flush, test from another account, relog any services (they will continue to work even if something is wrong but will fail next login attempt) and once it's safe then log out.
Tip: If you are in unix and logged into the client and need to run a shell command, instead of logging out of your client, you can hit Ctrl-Z to get a shell prompt (suspending your client) program, and you can then run shell commands (ie. run a 2nd client! or restart services that connect to the database) and when ready, enter %1 to get back into the client (you might have to hit enter to reload the prompt). This works in most console programs in unix, not just the MariaDB client. If you do it repeatedly like Inception, the return command would be %2 and %3 and so on depending on how many levels you go down. But time won't go slower.

How do I allow mysql client connections to be established with our mysql web server?

It seems that the web server is preventing me to change permissions to the user. It does not allow me to GRANT ALL ON foo.* TO bar#'202.54.10.20' IDENTIFIED BY 'PASSWORD'; and returns an error message of access denied for the username that I'm using.
It also appears that the folder etc in the file manager is empty whereas in the given link below, it shows that the bind address can be edited in the my.cnf inside etc folder.
How do I allow my mysql database to be accessible remotely by any computer?
http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
The bind option in my.cnf is not that problem (since you can connect, the MySQL server is just not letting you in), and judging from the screenshot, you don't seem to have the permissions to edit that file anyways.
Most likely, your request is not coming from 202.54.10.20, or you have mistyped username/password. If the web application runs on the same machine as the MySQL server, connections will come from somewhere in the 127.0.0.0/8 range.
Look at the connection string in your web application:
If it is a public IP address, check username/password and originating IP.
If it starts with 127., GRANT to your local address.
If it is localhost, you're connecting via Unix socket instead of TCP. This is a good thing, and you can simply GRANT to localhost.
To issue this command:
GRANT ALL ON foo.* TO bar#'202.54.10.20' IDENTIFIED BY 'PASSWORD';
You MUST connect to the database first. So if you don't have permissions to remotely access database, you should go to the database server host and login locally, using root#localhost.
I just found out that there is an option which basically do the same thing as what I wanted it to be doing. There is an option for the user to enable remote database access to its clients.

Mysql query browser (an external program) cant see all databases

I have a database to work with. There is phpMyAdmin and it works good but I want to use an external database manager. I use the same login account what PhP script uses, still query browser doesnt see a database.
Anyone can know why?
I would guess that with phpMyAdmin, you are accessing MySQL from the WebServer that has IP address 1.0.0.1.
Then, from the external DB manager, you are accessing from IP address 1.0.0.2.
MySQL handles authentication and authorization using IP address (among other things) to authorize. So it's probably the case that you don't have all permissions for 1.0.0.2 in your MySQL database.
Your account is probably limited to 'localhost' only, try adding 'user'#'remote-ip' aswell.
For example:
GRANT ALL ON db.* TO 'jsmith'#'office.example.com' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;