UNIX Sockets & TCP/IP¶
Current versions of MariaDB and MySQL servers can be set to listen to either none, one single IP Address or all of them, regardless of IP version.
So for a dual stacked host listening on IPv6 and IPv4, or a host which has to be reachable on the localhost/127.0.0.1 interface and a real network interface, the server must be set to listen on all interfaces. It can not be constrained to listen to e.g. localhost and one IP address. Its either a single one or all of them.
Since the database server we will be open to connections from everywhere we have to …
… manage the access rights of our database server users extra carefully.
… setup TLS/SSL certificates and keys for clients and server and setup the user profiles on the server accordingly.
… set our firewall to block unwanted remote access.
Edit the relevant sections of the file
[client] # # UNIX Sockets & TCP/IP port = 3306 socket = /run/mysqld/mysqld.sock [mysqld] # UNIX Sockets & TCP/IP # socket = /run/mysqld/mysqld.sock # By default, the MariaDB server listens for TCP/IP connections on a network # socket bound to a single address, 0.0.0.0. You can specify an alternative when # the server starts using this option; either a host name, an IPv4 or an IPv6 # address. In Debian and Ubuntu, the default bind_address is 127.0.0.1, which # binds the server to listen on localhost only. # Debian-Default: 127.0.0.1 # Default: 0.0.0.0 / :: (All available IPv4 and IPv6 interfaces) bind-address = :: port = 3306 # If set to ON, only IP addresses are used for connections. Host names are not # resolved. All host values in the GRANT tables must be IP addresses (or # localhost). # Default: OFF skip-name-resolve = ON # Set longer periods to avoid timeout errors connect_timeout = 600 wait_timeout = 28800