External access to Mysql

theRAGEhero · January 27, 2024, 1:32pm

Hello,

I’m trying to connect to the YunoHost mysql database from an external application but without any success.

I need to connect some nocode apps to the database, and I was successfully when I connected application installed on the same server of YnH (NocoDB).

When I try from an external service it doesn’t work. I created an user and I gave access only to the database that I appositely created.

I tried to whitelist the IP of the external app in the

and to open the port 3306 in the firewall service (also restarted it).

Which are the best practices to make it works without compromising security?

Thanks a lot.

My YunoHost server

Hardware: online VPS (8gb of ram)
YunoHost version: 11.2.9.1 (stable)
I have access to my server : SSH, GUI
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

orhtej2 · January 27, 2024, 1:43pm

By default MariaDB server is only bound to 127.0.0.1 as seen in /etc/mysql/mariadb.conf.d/50-server.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1

Changing that is a major security risk and I would advise against doing so.

You could set up site to site VPS, although I’m not sure if that’s possible with apps in the current catalog.

theRAGEhero · January 27, 2024, 2:14pm

Thank you.

Would it be more secure if I whitelist only the ip I need?

es.

bind-address = 127.0.0.1,1.10.20.244

orhtej2 · January 27, 2024, 2:58pm

No, that’s not how it works, this setting sets on which IPs server listens to incoming connections.

theRAGEhero · January 27, 2024, 3:47pm

Thank you.

At the end I decided to install ToolJet on the same server, so I can connect with the “localhost” option.

system · February 26, 2024, 3:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.