UNIX Sockets & TCP/IP


Current versions of MariaDB and MySQL servers can be set to listen to either none, one single IP Address or all of them, regardless of IP version.

So for a dual stacked host listening on IPv6 and IPv4, or a host which has to be reachable on the localhost/ interface and a real network interface, the server must be set to listen on all interfaces. It can not be constrained to listen to e.g. localhost and one IP address. Its either a single one or all of them.


Since the database server we will be open to connections from everywhere we have to …

  • … manage the access rights of our database server users extra carefully.

  • … setup TLS/SSL certificates and keys for clients and server and setup the user profiles on the server accordingly.

  • … set our firewall to block unwanted remote access.

Edit the relevant sections of the file /etc/mysql/my.cnf as follows:


# UNIX Sockets & TCP/IP
port = 3306
socket = /run/mysqld/mysqld.sock

# UNIX Sockets & TCP/IP
socket = /run/mysqld/mysqld.sock

# By default, the MariaDB server listens for TCP/IP connections on a network
# socket bound to a single address, You can specify an alternative when
# the server starts using this option; either a host name, an IPv4 or an IPv6
# address. In Debian and Ubuntu, the default bind_address is, which
# binds the server to listen on localhost only.
# Debian-Default:
# Default: / :: (All available IPv4 and IPv6 interfaces)
bind-address = ::
port = 3306

# If set to ON, only IP addresses are used for connections. Host names are not
# resolved. All host values in the GRANT tables must be IP addresses (or
# localhost).
# Default: OFF
skip-name-resolve = ON

# Set longer periods to avoid timeout errors
connect_timeout = 600
wait_timeout = 28800