Pages

Thursday, 15 November 2012

How To Enable Remote Access To MySQL Database Server

If you want to remotely access to the database server from the web server or home, follow this quick tutorial.By default remote access to the MySQL database server is disabled for security reasons.

Step # 1: Login Using SSH (if server is outside your data center)

First, login over ssh to remote MySQL database server:
ssh user@server.nitingoura.com

Step # 2: Edit my.cnf File

Once connected you need to edit the MySQL server configuration file my.cnf using a text editor such as vi.
  • If you are using Debian Linux file is located at /etc/mysql/my.cnf location
  • If you are using Red Hat Linux/Fedora/Centos Linux file is located at /etc/my.cnf location
  • If you are using FreeBSD you need to create a file /var/db/mysql/my.cnf
Edit /etc/my.cnf, run:
# vi /etc/my.cnf

Step # 3: Once file opened, locate line that read as follows

For example, if your MySQL server IP is 192.168.2.25 then entire block should be look like as follows:
bind-address    = 127.0.0.1 192.168.2.25
# skip-networking
  • bind-address: IP address to bind to.
  • skip-networking: This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.

Step# 4 Save and Close the file

If you are using Debian / Ubuntu Linux, type the following command to restart the mysql server:
# /etc/init.d/mysql restart
If you are using RHEL / CentOS / Fedora / Scientific Linux, type the following command to restart the mysql server:
# /etc/init.d/mysqld restart
If you are using FreeBSD, type the following command to restart the mysql server:
# /usr/local/etc/rc.d/mysql-server stop
# /usr/local/etc/rc.d/mysql-server start

OR
# /usr/local/etc/rc.d/mysql-server restart

Step # 5 Grant access to remote IP address

Connect to mysql server:
$ mysql -u root -p

Grant access to a new database

If you want to add a new database called nitin for user goura and remote IP 10.0.0.2. then type following commands
mysql> CREATE DATABASE nitin;
mysql> GRANT ALL ON nitin.* TO goura@'10.0.0.2' IDENTIFIED BY 'PASSWORD';

Step # 7: Open port 3306

You need to open TCP port 3306 using iptables or BSD pf firewall.

A sample iptables rule to open Linux iptables firewall

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
OR only allow remote connection from your web server located at 10.0.0.5:
/sbin/iptables -A INPUT -i eth0 -s 10.0.0.5 -p tcp --destination-port 3306 -j ACCEPT
OR only allow remote connection from your lan subnet 192.168.1.0/24:
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT
Finally save all rules (RHEL / CentOS specific command):
# service iptables save

A sample FreeBSD / OpenBSD pf rule ( /etc/pf.conf)

pass in on $ext_if proto tcp from any to any port 3306
OR allow only access from your web server located at 10.0.0.5:
pass in on $ext_if proto tcp from 10.0.0.5 to any port 3306  flags S/SA synproxy state

Step # 8: Test it

From your remote system or your desktop type the following command:
$ mysql -u goura –h 192.168.2.25 –p
Where,
  • -u goura: goura is MySQL username
  • -h IP or hostname: 192.168.2.25 is MySQL server IP address
  • -p : for password
You can also use the telnet or nc command to connect to port 3306 for testing purpose:
$ echo X | telnet -e X 192.168.2.25 3306



Tuesday, 6 November 2012

OpenSSL on Ubuntu

First, log on to your server and install Apache:
# sudo apt-get install apache2
Now, install and enable SSL module:
# sudo a2enmod ssl
# sudo /etc/init.d/apache2 reload
Creation a directory on this location
# mkdir /etc/apache2/ssl
# cd /etc/apache2/ssl
Run these following commands
# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# chmod 0400 /etc/apache2/ssl/server.key
# chmod 0400 /etc/apache2/ssl/server.crt
# cp /etc/apache2/ssl/server.key server.key.orig
# openssl rsa -in server.key.orig -out server.key
# chmod 400 /etc/apache2/ssl/*


Find and edit the RED TEXT.
# vi /etc/apache2/sites-available/default-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Restart WebServer
/etc/init.d/apache2 restart