远程连接到 Google Compute Engine VM 上的 MySQL

Remotely connect to MySQL on Google Compute Engine VM(远程连接到 Google Compute Engine VM 上的 MySQL)

本文介绍了远程连接到 Google Compute Engine VM 上的 MySQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的问题类似于

在 my.cnf 文件中我有:

<块引用>

绑定地址 = 0.0.0.0

关于 MySQL 用户的权限,我有以下几点:

当我尝试与 wkreport 用户远程连接时,我得到以下结果:

我的问题是,我错过了什么?!

解决方案

我刚刚找到了解决问题的方法,

特别感谢@Slava 为我指路,毕竟它是 iptables.

所以,我在尝试远程连接时一直收到MySQL 连接被拒绝"消息,所以我搜索了一种查看 TCP 连接日志的方法,并找到了 tcpdump 命令.

通过运行 sudo tcpdump port 3306 -vvv -n 我每次尝试远程连接时都会看到以下输出:

我搜索了 tcpdump 手册页,发现 R 表示 TCP RST (RESET) 标志.

搜索了一下,发现了这个

在此之后,我刚刚删除了接受 tcp:3306 的规则并将其添加到拒绝 tcp 规则之前,瞧!

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPTiptables -I INPUT {第一个拒绝 tcp 规则的行号} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES 现在看起来像这样,最后我可以远程连接到 MySQL:

要列出带有行号的 iptables,请键入:

sudo iptables -nL --line-numbers

最后的挑战:

  • 出于安全考虑,可以通过将您进行远程连接的源 IP 地址列入白名单来改善这一点.

My problem is similar to this question but since I don't have enough reputation to write a comment AND the answer to that question dindn’t help, I am starting a new question.

I have an GCE VM instance with LEMP with MySQL Ver 15.1 Distrib 10.1.18-MariaDB and I'm trying to connect remotely to it from my local machine.

I already tried all the suggestions in the question link that I mentioned before.

This is my firewall configuration:

In my.cnf file I have:

bind-address = 0.0.0.0

And about MySQL users privileges I have the following:

When I try to connect remotely with wkreport user I get the following result:

My question is, what am I missing ?!

解决方案

I just found the solution to my problem,

Special thanks to @Slava for pointing me the way, after all it was iptables.

So, I kept receiving a "MySQL connection refused" message when trying to connect remotely so I searched for a way to see TCP connection logs and I found the tcpdump command.

By running sudo tcpdump port 3306 -vvv -n I saw the following output every time I tried to connect remotely:

I searched the tcpdump man page and saw that R means for TCP RST (RESET) flag.

Searched a little bit and found this question and its accepted answer led me again into IPTABLES that @Slava suggested since the first comment.

That's when I looked closely and saw that my INPUT ACCEPT tcp:3306 was defined after the REJECT TCP reject-with tcp-reset rule hence the log was showing.

After this I just removed the rule to accept tcp:3306 and prepended it to the reject tcp rules and voila!

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -I INPUT {line number from the first reject tcp rule} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES now looks like this and finally I can connect to MySQL remotely:

To list the iptables with line numbers type:

sudo iptables -nL --line-numbers

Final toughts:

  • This can be improved by whitelisting the source IP address from where you're making the remote connection for security matters.

这篇关于远程连接到 Google Compute Engine VM 上的 MySQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:远程连接到 Google Compute Engine VM 上的 MySQL

基础教程推荐