Topic: Access MariaDB from a local Network and from remote network

[twijtzes]

My 10.1 server is used only as database server for a few applications that run in my company. I cannot evaluate the new version of the server software as I cannot connect to the database from the local network nor from the remote network. The method that worked very will since SME server 6+ was to run the following commands:

For the local network:
config setprop mysqld LocalNetworkingOnly no
expand-template /etc/my.cnf
sv t /service/mysqld

and the remote network:
config set mysqld service access public status enabled TCPPort 3306
signal-event remoteaccess-update
signal-event reboot

as the service mysqld is not available anymore,
I wonder what the new commands are and
Should the text in https://wiki.koozali.org/MySQL#Access_MySQL_from_the_local_network not be modified (can I help ?)
Thanks,
Taco

[ReetP]

Should probably use a systemd command or a proper event/action.

Code: [Select]

signal-event e-smith-mysql-update
Should probably do it. However, a post-upgrade/reboot may be better.

Should the text in https://wiki.koozali.org/MySQL#Access_MySQL_from_the_local_network not be modified (can I help ?)

Yup - always happy for people to help update the wiki.

You can either add a documentation bug at bugs.koozali.org or ask for wiki access so you can modify things yourself.

[Jean-Philippe Pialasse]

mysql is clear text. 
please do not user network connexion over the internet.  i. other words do not set access public. 
and even if setting private be sure you trust people on this network and no wifi enabled. 

by trusted network i personnaly mean a lan where only few server vm have access and no users.

if you need to do over the internet or over untrusted lan the you need to configure mysql encryption which is not part of what provides sme. 


you will need to read and do what needed. 

[twijtzes]

Thank you all for your answers, in the local network, the availability of the database server is a must, In the remote network we could use vpn when there is no solution like in the previous versions of sme server.

As the sme server is only used as mysql database server, we consider now to remain with v9. Hope.a similar solution as in the previous versions of sme server will become avaiable in v10, as I also understand that not upgrading poses risks as well.

[Jean-Philippe Pialasse]

sme 10 will do the same as sme9 in term of network access for mysql.

my comment is just generik and a warning  not to compromise your db passwords and the db content. 

[twijtzes]

Sorry Jean-Phiippe,

I greatly respect what you do for my favourite linux fork.

I will restart the services and see if it all works. I will keep you posted
Regards Taco

[Skalviai]

Have you found a solution for remote or local network database access?

[ReetP]

As the sme server is only used as mysql database server, we consider now to remain with v9. Hope.a similar solution as in the previous versions of sme server will become avaiable in v10, as I also understand that not upgrading poses risks as well.

Don't. Upgrade. For your own safety. v9 is CentOS 6 is EOL. No further updates of any kind. No support from us either.

As JP said:

sme 10 will do the same as sme9 in term of network access for mysql.

The same options are available on v10.

The ONLY thing we have said is DO NOT expose MySQL over an open network unless you either use a VPN OR use Mysql encryption which is outside of scope for us currently.

That is because all database access is in plain text and easy to read.

So if you want hackers to read all your passwords, just expose it to rest of the world.

So never, ever, set the access as public unless you want your server hacked and your data stolen.

[ReetP]

Have you found a solution for remote or local network database access?

Local access - prefer using a socket.

You can use a port as per the wiki:

Code: [Select]

config setprop mariadb LocalNetworkingOnly yes

Code: [Select]

signal-event e-smith-mysql-update
or

Code: [Select]

signal event post-upgrade;signal-event reboot

Do NOT enable any form of remote access. Use a VPN if you must.

I am not going to comment on it further.