Introduction

In environments where application servers and database servers communicate over a private network, configuring MySQL to listen on a private IP address improves security and reduces exposure to public networks. This approach ensures that database connections are restricted to trusted internal systems while maintaining application connectivity.

This guide outlines the process of configuring MySQL to accept connections through a private IP address and updating dependent applications accordingly.

Prerequisites

Before proceeding, ensure that:

  • Root or administrative access to the MySQL server is available.
  • The server has a configured private IP address.
  • MySQL service is installed and running.
  • Firewall rules allow MySQL traffic on port 3306 between the required servers.
  • Access to application .env configuration files and Docker environments is available.

Implementation

Step 1: Review Existing MySQL Users

List the existing MySQL users configured with localhost and identify the users that require remote access through the private network.

Command:

SELECT User, Host FROM mysql.user;

Step 2: Create Equivalent Users for Remote Access

Create corresponding MySQL users using % as the host value and assign the same privileges.

Example:

CREATE USER 'dbuser'@'%' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON database_name.* TO 'dbuser'@'%';

FLUSH PRIVILEGES;

Step 3: Update the MySQL Bind Address

Open the MySQL configuration file and modify the bind address to the server’s private IP address.

Example:

bind-address =

Save the configuration after making the changes.

Step 4: Restart the MySQL Service

Restart the MySQL service to apply the updated configuration.

Example:

systemctl restart mysql

or

systemctl restart mysqld

Verify that the service is running successfully.

Step 5: Update Application database’s .env configuration

For applications running inside Docker containers, update the database host value in the application’s .env file to use the new private IP address of the MySQL server.

Example:

DB_HOST=

DB_PORT=3306

Save the configuration after updating the database host.

Step 6: Redeploy or Restart Docker Containers

Redeploy or restart the Docker containers so that the updated database configuration is loaded.

Step 7: Validate Database Connectivity

Test the application and confirm that database operations are functioning correctly through the private network connection.

Ensure that:

  • Applications can connect to the database.
  • No authentication errors are reported.
  • Database-dependent services operate as expected.

Conclusion

Configuring MySQL to listen on a private IP address improves security by restricting database access to trusted internal networks. After updating MySQL user permissions and bind settings, it is important to update any dependent Docker-based applications with the new database host information and redeploy the containers to ensure uninterrupted connectivity.

Post Views: 16

Leave a Reply