How

NEW To Troubleshoot
App Issues
Platform: reimagining in to
PaaS MySQL
make it simpler for you to build, deploy, and scale apps.
How To Allow Remote Access to…

TUTORIAL

How To Allow Remote Access to MySQL

Ubuntu MySQL Ubuntu 18.04 Databases

By Mark Drake
Published on March 7, 2019  322.2k

Part of the Series: How To Troubleshoot Issues in MySQL

This guide is intended to serve as a troubleshooting resource and starting point as you diagnose
your MySQL setup. We’ll go over some of the issues that many MySQL users encounter and
provide guidance for troubleshooting specific problems. We will also include links to DigitalOcean
tutorials and the official MySQL documentation that may be useful in certain cases.

S C R O L L TO TO P
Many
How Towebsites and applications
Troubleshoot start off with their web server and database backend
Issues in MySQL
hosted
How on theRemote
To Allow same machine. With time, though, a setup like this can become cumbersome
Access to…
and difficult to scale. A common solution is to separate these functions by setting up a
remote database, allowing the server and database to grow at their own pace on their own
machines.

One of the more common problems that users run into when trying to set up a remote
MySQL database is that their MySQL instance is only configured to listen for local
connections. This is MySQL’s default setting, but it won’t work for a remote database setup
since MySQL must be able to listen for an external IP address where the server can be
reached. To enable this, open up your mysqld.cnf file:

$ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

Navigate to the line that begins with the bind-address directive. It will look like this:

/etc/mysql/mysql.conf.d/mysqld.cnf

. . .
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
. . .

By default, this value is set to 127.0.0.1 , meaning that the server will only look for local
connections. You will need to change this directive to reference an external IP address. For
the purposes of troubleshooting, you could set this directive to a wildcard IP address, either
* , :: , or 0.0.0.0 :

/etc/mysql/mysql.conf.d/mysqld.cnf

. . .
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
S C R O L L TO TO P
# localhost which is more compatible and is not less secure.
 bind-address = 0.0.0.0
How To Troubleshoot Issues in MySQL
. . .
How To Allow Remote Access to…

Note: If you’re running MySQL 8 , the bind-address directive will not be in the mysqld.cnf file by
default. In this case, add the following highlighted line to the bottom of the file:

/etc/mysql/mysql.conf.d/mysqld.cnf

. . .
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
log-error = /var/log/mysql/error.log
bind-address = 0.0.0.0

After changing this line, save and close the file ( CTRL + X , Y , then ENTER if you edited it
with nano ).

Then restart the MySQL service to put the changes you made to mysqld.cnf into effect:

$ sudo systemctl restart mysql

If you have an existing MySQL user account which you plan to use to connect to the
database from your remote host, you’ll need to reconfigure that account to connect from the
remote server instead of localhost. To do so, open up the MySQL client as your root MySQL
user or with another privileged user account:

$ sudo mysql

If you’ve enabled password authentication for root, you will need to use the following
command to access the MySQL shell instead:

$ mysql -u root -p

S C R O L L TO TO P
To change
How a user’s host,
To Troubleshoot youincan
Issues use MySQL’s RENAME USER command. Run the following
MySQL
command,
How making
To Allow Remote sure to change
Access to… sammy to the name of your MySQL user account and
remote_server_ip to your remote server’s IP address:

RENAME USER ' sammy '@'localhost' TO ' sammy '@' remote_server_ip ';

Alternatively, you can create a new user account that will only connect from the remote host
with the following command:

CREATE USER ' sammy '@' remote_server_ip ' IDENTIFIED BY ' password ';

Note This command will create a user that authenticates with MySQL’s default authentication
plugin, caching_sha2_password . However, there is a known issue with some versions of PHP that
can cause problems with this plugin.

If you plan to use this database with a PHP application — phpMyAdmin, for example — you may
want to create a remote user that will authenticate with the older, though still secure,
mysql_native_password plugin instead:

CREATE USER ' sammy '@' remote_server_ip ' IDENTIFIED WITH mysql_native_password BY ' passwor

If you aren’t sure, you can always create a user that authenticates with caching_sha2_plugin and
then ALTER it later on with this command:

ALTER USER ' sammy '@' remote_server_ip ' IDENTIFIED WITH mysql_native_password BY ' password

Then grant the new user the appropriate privileges for your particular needs. The following
example grants a user global privileges to CREATE , ALTER , and DROP databases, tables, and
users, as well as the power to INSERT , UPDATE , and DELETE data from any table on the
server. It also grants the user the ability to query data with SELECT , create foreign keys with
S C R O L L TO TO P
the REFERENCES keyword, and perform FLUSH operations with the RELOAD privilege. However,
you should
How only grantIssues
To Troubleshoot usersinthe permissions they need, so feel free to adjust your own user’s
MySQL
privileges
How as Remote
To Allow necessary.
Access to…

GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES, RELOAD on *.* TO ' sammy

Following this, it’s good practice to run the FLUSH PRIVILEGES command. This will free up
any memory that the server cached as a result of the preceding CREATE USER and GRANT
statements:

FLUSH PRIVILEGES;

Then you can exit the MySQL client:

exit

Lastly, assuming you’ve configured a firewall on your database server, you will also need to
open port 3306 MySQL’s default port — to allow traffic to MySQL.

If you only plan to access the database server from one specific machine, you can grant that
machine exclusive permission to connect to the database remotely with the following
command. Make sure to replace remote_IP_address with the actual IP address of the
machine you plan to connect with:

$ sudo ufw allow from remote_IP_address to any port 3306

If you need to access the database from other machines in the future, you can grant them
access on an ad hoc basis with this command. Just remember to include their respective IP
addresses.

Alternatively, you can allow connections to your MySQL database from any IP address with
the following command:

S C R O L L TO TO P
 How To Troubleshoot
Warning Issues
This command in enable
will MySQLanyone to access your MySQL database. Do not run it if
How To Allow Remote Access to…
your database holds any sensitive data.

$ sudo ufw allow 3306

Following this, try accessing your database remotely from another machine:

Note If you added a firewall rule to only allow connections from a specific IP address, you
must try to access the database with the machine associated with that address.

$ mysql -u user -h database_server_ip -p

If you’re able to access your database, it confirms that the bind-address directive in your
configuration file was the issue. Please note, though, that setting bind-address to 0.0.0.0
is insecure as it allows connections to your server from any IP address. On the other hand, if
you’re still unable to access the database remotely, then something else may be causing the
issue. In either case, you may find it helpful to follow our guide on How To Set Up a Remote
Database to Optimize Site Performance with MySQL on Ubuntu 18.04 to set up a more
secure remote database configuration.

Next in series: How To Address Crashes in MySQL 

Was this helpful? Yes No    

6

Report an issue

About the authors

Mark Drake S C R O L L TO TO P

Technical Writer DigitalOcean

 g
How To Troubleshoot Issues in MySQL
How To Allow Remote Access to…

Still looking for an answer?

 Ask a question  Search for more help

REL ATED

Now Available: Managed MySQL Databases

Product

How To Install PHP 7.4 and Set Up a Local Development Environment on Ubuntu 18.04
Tutorial

What is a Database?
Tutorial

Comments

6 Comments

S C R O L L TO TO P
How To Troubleshoot
Leave Issues in MySQL
a comment...
How To Allow Remote Access to…

Sign In to Comment

raghav23 July 3, 2019

0 Thank you, it worked.

Reply Report

maximelebel July 8, 2019

2 Thank you, the only thing that might be missing is that by default port 3306 should be blocked
by your firewall.

sudo ufw allow 3306

should do the trick ;)

Reply Report

qazxsw21000 August 20, 2019

0 This almost worked for me lol. I’m trying to set up a development LAMP server in a virtual
machine. I finally managed to get most of it set up. The VM is running the server stuff (duh) but
I’m using the host machine Windows 10 to do the testing. I got Windows to access the server;
I created a “test.php” file with a simple echo command to test if it would behave as expected
and it did.

Now I’m trying to set up MySQL to allow remote access, which is how I ended up here. I want to
use a graphical interface to set up databases and tables and everything. As far as the VM and
Windows itself is concerned, the server is just another real PC on the same network. At first,
MySQL Workbench was throwing an error that it was unable to connect to the server. Following
the instructions here, the error became that it wasn’t allowed to access the server.

S C R O L L TO TO P
HowI don’t know whereIssues
To Troubleshoot my issue is. When I installed MySQL, I wasn’t asked to make a password and
in MySQL
HowI wasn’t made
To Allow aware
Remote of oneto…
Access being created. One website pointed me towards a file that didn’t
exist, saying a random generated password was there. Another website said it was in the error
log. The error log said it created a “root” user with a blank password. What should I do next?

| EDIT |
Turns out I just needed to access MySQL from the server VM itself and create a new user. If
anyone else has this issue, here’s what I did:

From Linux’s command line, run, without quotes, “mysql”

This starts the utility where you input SQL commands to be ran. You know you’re here when the
command line leads with “mysql>”

Type in, also without double quotes “CREATE USER ’ USERNAME ’@’ SERVER_HOSTNAME ’
IDENTIFIED BY ’ PASSWORD ’;”
USERNAME will be the name of the new user. SERVER_HOSTNAME should be the host
name of the remote computer. I used the IP address of my host machine. And of course,
PASSWORD will be the new users password. The single quotes (aka: apostrophes) around
these three items is required, I believe. I left them in and it worked just fine.
Reply Report

sarvap November 14, 2019

0 You missed to mention about opening port in firewall.

To allow connection from any IP address to port 3306

ufw allow 3306

To allow connection from one particular IP address to port 3306

ufw allow from **IP_ADDRESS** to any port 3306

Reply Report

eraklesecm May 8, 2020

0 I followed this steps, but I still cannot connect to my MySQL database running on my
digitalocean server. I did these steps:
S C R O L L TO TO P
Installed MySQL Server + adding a new user
 Activated the
How To Troubleshoot firewall:
Issues sudo ufw enable
in MySQL
How To Allow Remote
Allowed the Access
MySQL to…
port: sudo ufw allow 3306

Reloaded the Firewall: sudo ufw reload

Am I missing something?
Reply Report

csselo May 28, 2020

0 forget it.

mysql>GRANT ALL ON . to root@‘123.123.123.123’ IDENTIFIED BY 'put-your-password’;

mysql>FLUSH PRIVILEGES;
Reply Report

This work is licensed under a Creative

Commons Attribution-NonCommercial-
ShareAlike 4.0 International License.

GET OUR BIWEEKLY NEWSLETTER

Sign up for Infrastructure as a

Newsletter.

S C R O L L TO TO P
How To Troubleshoot Issues in MySQL
How To Allow Remote Access to…

HOLLIE'S HUB FOR GOOD

Working on improving health and

education, reducing inequality,
and spurring economic growth?
We'd like to help.

BECOME A CONTRIBUTOR

You get paid; we donate to tech

nonprofits.

Featured on Community Kubernetes Course Learn Python 3 Machine Learning in Python

Getting started with Go Intro to Kubernetes

DigitalOcean Products Virtual Machines Managed Databases Managed Kubernetes Block Storage
Object Storage Marketplace VPC Load Balancers

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the S C R O L L TO TO P

cloud and scale up as you grow – whether you’re

 p y g y
How To Troubleshoot Issues in MySQL
running
How To Allow Remote one
Access virtual
to… machine or ten thousand.

Learn More

Company

About
Leadership
© 2021 DigitalOcean, LLC. All rights reserved.
Blog
Careers
Partners
Referral Program
Press
Legal
Security & Trust Center

Products Community Contact

Pricing Tutorials Get Support

Products Overview Q&A Trouble Signing In?
Droplets Tools and Integrations Sales
Kubernetes Tags Report Abuse
Managed Databases Product Ideas System Status
Spaces Write for DigitalOcean
Marketplace Presentation Grants
Load Balancers Hatch Startup Program
Block Storage Shop Swag
S C R O L L TO TO P
API Documentation Research Program
Documentation Open Source
 Documentation Open Source
How To Troubleshoot Issues in MySQL
Release Notes Code of Conduct
How To Allow Remote Access to…

S C R O L L TO TO P