UNIX Sockets & TCP/IP
Note
Current versions of MariaDB and MySQL servers can be set to listen to either none, one single IP Address or all of them, regardless of IP version.
So for a dual stacked host listening on IPv6 and IPv4, or a host which has to be reachable on the localhost/127.0.0.1 interface and a real network interface, the server must be set to listen on all interfaces. It can not be constrained to listen to e.g. localhost and one IP address. Its either a single one or all of them.
Warning
Since the database server we will be open to connections from everywhere we have to …
… manage the access rights of our database server users extra carefully.
… setup TLS/SSL certificates and keys for clients and server and setup the user profiles on the server accordingly.
… set our firewall to block unwanted remote access.
Edit the relevant sections of the file
/etc/mysql/my.cnf
as follows:
[client]
#
# UNIX Sockets & TCP/IP
port = 3306
socket = /run/mysqld/mysqld.sock
[mysqld]
# UNIX Sockets & TCP/IP
#
socket = /run/mysqld/mysqld.sock
# By default, the MariaDB server listens for TCP/IP connections on a network
# socket bound to a single address, 0.0.0.0. You can specify an alternative when
# the server starts using this option; either a host name, an IPv4 or an IPv6
# address. In Debian and Ubuntu, the default bind_address is 127.0.0.1, which
# binds the server to listen on localhost only.
# Debian-Default: 127.0.0.1
# Default: 0.0.0.0 / :: (All available IPv4 and IPv6 interfaces)
bind-address = ::
port = 3306
# If set to ON, only IP addresses are used for connections. Host names are not
# resolved. All host values in the GRANT tables must be IP addresses (or
# localhost).
# Default: OFF
skip-name-resolve = ON
# Set longer periods to avoid timeout errors
connect_timeout = 600
wait_timeout = 28800