Articles in this section

See more

How to enable remote access to MySQL server in Plesk?

Avatar
Anastasia Zyrianova
Updated
Follow
Plesk for Windows Plesk for Linux FR:PPM-2313 kb: how-to ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to enable remote access to a MySQL database server in Plesk?

Answer

Warning: After enabling the access, all MySQL connections will be unencrypted. To make them encrypted, an SSL certificate is required. For that and additional steps check this link: https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html#using-encrypted-connections-server-side-configuration

Note: Make sure that MySQL port is not blocked by a firewall: How to open all ports on local server needed by Plesk automatically?

When firewalld is enabled the following command may be used to open the port:

# firewall-cmd --zone=plesk --permanent --add-port 3306/tcp

By default, Plesk administrator does not have remote access. It is recommended to create a new user that will be used for the remote connection. Though user admin can be used, too.

In order to enable remote access to a MySQL server follow the instructions below:

Plesk Obsidian for Linux:

  1. Log into Plesk.

  2. Go to Tools & Settings > Database Servers > Settings > click on the Local MySQL Settings link:
    L1.png

  3. Select the Allow local MySQL server to accept external connections checkbox and click OK to apply changes:
    L2.png

Allow remote access to MySQL database server in Plesk for Linux and Plesk for Windows for a specific user:

  1. Log into Plesk.

  2. Go to Subscriptions > example.com > Databases > User Management > example_db_user.

  3. Make sure that the Access control option is set to Allow remote connections from any host or to Allow remote connections from:
    1.png

  4. Connect to the server via SSH/RDP.

  5. Open the MySQL configuration file in any text editor. The location of this file is:

    • For Linux:

      • for CentOS/RHEL-based distributions:
        /etc/my.cnf

      • for Debian/Ubuntu-based distributions:

        /etc/mysql/my.cnf

    • For Windows:
      %plesk_dir%Databases\MySQL\my.ini

  6. Change/add bind-address parameter to:

    CONFIG_TEXT: bind-address = 0.0.0.0

    0.0.0.0 means every IP address on the server. If it is required to bind to a specific IP address, specify this particular IP instead of 0.0.0.0

    Note: Make sure that skip-networking parameter is not defined in MySQL configuration file.

    Note: The bind-address directive may also be specified in the /etc/mysql/mariadb.conf.d/50-server.cnf file. If it is, make sure it is pointing to 0.0.0.0 instead of the loopback address.

  7. Restart MySQL server:

    • For Linux:

      # service mariadb restart || service mysql restart

    • For Windows:

      Start Plesk Services Monitor > select MySQLXX or MariaDBXX (where XX is a version) > click Restart.

To verify connectivity, log in from the remote server using MySQL Workbench or via CLI by executing the following command:

# mysql -u"example_db_user" -p"password" -h"example.com"

Comments

17 comments

Sort by Date Votes
  • Avatar
    adrian TNT

    Server was not responding when I tried from my local windows machine with command: telnet example.com 3306 

    Without the above user editing, I just edited /etc/my.cnf and I changed to:

    bind-address = ::

    This is how it was on a previous plesk server by default. 

    Then restarted db with:

    service mariadb restart

    Worked.

    1
    Comment actions Permalink
  • Avatar
    Andrey Ivanov

    Hello Adrian,

    Thank you for the feedback, the article was updated with additional details. Kindly note, that if the address is set to ::, the server accepts TCP/IP connections on all server host IPv4 and IPv6 interfaces.

    1
    Comment actions Permalink
  • Avatar
    Unknown User

    hi, I tried several times to do this procedure, but with vi when he tells me that I do not have write permissions, in the root I have enabled all writing services, but when I use it tells me that I do not have the services and I do not does not even save with: w! o: wq! you can help me courteously

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @Veronica

    Hello!
    Please, make sure that vi should be started with root privileges (in case you are logged in not as root user use command "sudo vi").

    Also, try another text editor like "nano". 

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    Thanks Iv

    an Postnikov

    for the help, I solved the problem by asking and then releasing as an administrator with the "su" command

    Osa I managed to synchronize the two db and everything works perfectly

    Excellent tutorial

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @Veronica

    Glad to hear that. Thank you for the feedback.

    0
    Comment actions Permalink
  • Avatar
    Kingsley Felix

    Hello;

     

    I want my my site user/system user to have access to mysqldump utility so i can use it for Jetpack vaultpress backup

    0
    Comment actions Permalink
  • Avatar
    Pavel Mikhaylov (Edited )

    Hello,

    That is not possible as MySQL has its own users.

    0
    Comment actions Permalink
  • Avatar
    stathopon

    How can i check if MySQL port is not blocked by a firewall?

     

    what can i do to have access from 2 ips in MYSQL?

    0
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin (Edited )

    Hi @stathopon,

    > "How can i check if MySQL port is not blocked by a firewall?"

    You can try to connect to its port by using, e.g. the "telnet" utility:

    # telnet example.com 3306

    If the next output was returned:

    telnet: Unable to connect to remote host: Connection refused

    then the connection is blocked by a firewall, otherwise, you will see something similar to:

    Trying 203.0.113.2...
    Connected 203.0.113.2.
    Escape character is '^]'.
    b
    5.5.5-10.1.37-MariaDB-0+deb9u1
    > what can i do to have access from 2 ips in MYSQL?

    It can be achieved by performing the next actions:

    1. Install Plesk Firewall:

    How to install Plesk Firewall?

    2. Go to "Plesk > Tools & Settings > Firewall"
    3. Click the "Enable Firewall Rules Management > Enable" buttons

    !!!Warning: if you have already previously manually added rules in iptables they will be removed

    4. Press the "Modify Plesk Firewall Rules" button and then click the "MySQL server" rule
    5. Switch the "Action" directive to the "Allow from selected sources, deny from others" option
    6. Specify the required IPs in the "Add IP address or network" field and press the "Add" button
    7. Press the "OK > Apply Changes > Activate" buttons

    0
    Comment actions Permalink
  • Avatar
    Matt Kennedy

    I had to do this on a new cloud server setup with fasthosts. Just out of interest is this a security risk not entering an IP? Just concerned about external access.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Matt Kennedy

    From the security point of view, it's preferable to specify specific IPs. This way even in case someone will get access credentials won't be able to access.

    0
    Comment actions Permalink
  • Avatar
    Eric Beck

    I have some question.

    Warning: after enabling the access, all MySQL connections will be unencrypted. To make them encrypted, an SSL certificate is required. For that and additional steps check this link:  https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html#using-encrypted-connections-server-side-configuration

    Does this mean that when the bind-address was previously 127.0.0.1 that connections were encrypted?  What should be set up for encryption then?  Server

    If you have a shared server but with only 1 IP address assigned to it, can you set the bind-address then to

    bind-address = 111.111.111.111 (if my ip is that) and it will then allow the remote connections?

    On the other hand if it is changed to bind-address = 0.0.0.0, will anything break (onyx 17.5.3) with existing databases in use, all the users' database applications?  In other words, it's completely ok to make that change to the bind-address without negatively affecting anyting?  I just want to make sure before I do this.

    I'm not sure why you have to do the GRANT thing, if the bind-address is changed to 0.0.0.0 and the subscription has allowed remote connections to the db and the selection in the subscription db user is configured to allow from any host, would that not be setting the GRANT privilege for that user via the panel?  Or do you still have to do it manually?

    Thanks, Eric

    0
    Comment actions Permalink
  • Avatar
    suzie rosen (Edited )

    @... I was trying to connect a remotely to my plesk MySql from a different plesk server, following these instructions, but with the default 'admin' user and credentials.I kept on getting an error while connecting remotely (on the remote server) that 'admin'@'[remoteI P]' does not have permission.

    Only after I created a new MySql user with admin privileges on the MySql server was I able to connect with those credentials.

    When I created a database from the remote server it also didn't show up in plesk on the MySql server.

    Only in phpMyAdmin do all databases come up.

    What is the problem? It seems the default configuration really does not work at all!

    NOTE: Both servers run plesk

     

    1
    Comment actions Permalink
  • Avatar
    André da Gama e Souza

    Hi, I did everything. Even turning off firewall (wich clearly is not the problem). What I really need to do is just allow remote access to mysql (mariaDB) from specific subdomain ip. I did all support material, restarted server several times. I can´t remote access even opening everythig. And, I´m sure it´s not related to that because the error I´m facing is: ERROR 1130 (HY000): Host 'my local ip' is not allowed to connect to this MariaDB server

    I´m trying to open a ticket support, but it just doesn´t work (appears to be only a FAQ service)...

    I´ve replaced Cpanel from this server to use Plesk and future use it on our servers. It seems very good. But this problem is happening for 2 days and still no perspective of resolution. Please, Help me!! Tks.

    0
    Comment actions Permalink
  • Avatar
    marktoddy

    One has to create a new MySQL User and assign privileges as below in Query prompt via phpMyAdmin or command prompt:

    CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;

CREATE USER 'username'@'%' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;

FLUSH PRIVILEGES;

    Once done with all four queries, it should connect with username / password

    0
    Comment actions Permalink
  • Avatar
    SergeyK (Edited )

    Could you explain how to indicate MySQL connection problem?

    Plesk Firewall settings:

    1. 3306 enabled - https://prnt.sc/1sjd6nn

    2. My IP was added to the Whitelist - https://prnt.sc/1sjda8v

    3. DB connection by IP was disabled for test - https://prnt.sc/1sjdhvk

    4. Telnet site.com 3306 - can't connect with DB port 

    What another Rule can block 3306 connection in this case?  

    This is a list of Plesk Firewall Rules - https://prnt.sc/1sje0eb

    Please advise.  :-( 

    Is it possible to find Log with error explanation ? 

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles