Host '172.18.0.1' is not allowed to connect to this MySQL server

[sougiovn]

I'm trying to connect to the MySQL by the DBeaver db manager.

But I get this error: java.sql.SQLException: null, message from server: "Host '172.18.0.1' is not allowed to connect to this MySQL server"

I using docker-compose, here is my docker-compose.yml:

version: '2'
services:
  db:
    image: 'mysql:5.7'
    volumes:
       - '~/dev/dbs-data/mysql:/var/lib/mysql'
    restart: 'always'
    expose:
      - '3306'
    ports:
      - '3306:3306'
    environment:
       MYSQL_ROOT_PASSWORD: 'pass'
       MYSQL_DATABASE: 'db'
       MYSQL_USER: 'user'
       MYSQL_PASSWORD: 'pass'

The problem is that, in my Mac it works, but in my Linux I get the error above.

Should I do some other configuration for my linux?

[vuonghovan]

Hi @meenakshik-optimus,

Create new user with host '%' rather than localhost. Below is works for me. It may useful to you. mysql> CREATE USER 'usernameall'@'%' IDENTIFIED BY 'ThePassword'; mysql> grant all on . to 'usernameall'@'%';

It's working for me. Thank @meenakshik-optimus

[Lipathor]

Well, it worked with new user@%, but first i had to delete every mysql data and initialize it again. No idea, why it didn't work and works now. Initialization bug?

[remones]

The problem was fixed by add env MYSQL_ROOT_HOST=%, thanks all of you.

[gvlasov]

For me MYSQL_ROOT_HOST=% didn't work. After examining the docker-entrypoint.sh, it turned out that this environment variable only works when you mount a volume for your database. I didn't, so setting MYSQL_ROOT_HOST=% did nothing for me. I fixed that by extending the base image to allow root to log in without password from any host and have all privileges:

Dockerfile:

FROM mysql/mysql-server:5.7
COPY root-config.sql /docker-entrypoint-initdb.d/root-config.sql
ENV MYSQL_ROOT_PASSWORD ''
ENV MYSQL_ALLOW_EMPTY_PASSWORD 1
ENV MYSQL_DATABASE mydb

root-config.sql:

CREATE USER 'root'@'%' IDENTIFIED BY '' ;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';

[Dragas]

Since you can ping container_name and docker DNS resolves which container you want to use, would it not make more sense to use create user 'database_user'@'[container_name]' instead?

[mwaeckerlin]

Since you can ping container_name and docker DNS resolves which container you want to use, would it not make more sense to use create user 'database_user'@'[container_name]' instead?

No, it makes no sense. The mysql docker image must be generic and it does not know [the client's] container name.

[edited due to the following comment]

[Dragas]

I never claimed that you should use its own container name as the hostname, but instead the container name of the service that would use the said database.

[mwaeckerlin]

I never claimed that you should use its own container name as the hostname, but instead the container name of the service that would use the said database.

Sorry, my fault, but it is the same problem vice versa: The mysql docker container has absolutely no knowledge of the container that is using it. The mysql server is independent of the client. Only the client needs to know how to reach the server. I updated my comment above.

[sjaswinder2017]

Hi @meenakshik-optimus,

Create new user with host '%' rather than localhost. Below is works for me. It may useful to you. mysql> CREATE USER 'usernameall'@'%' IDENTIFIED BY 'ThePassword'; mysql> grant all on . to 'usernameall'@'%';

worked for me. Along that added volume volumes:

• ./mysqldata:/var/lib/mysql:rw,delegated

[Maxiaoyu0]

i hava the same problem, it is ok in my mac but problem in my linux..

[Elte156]

I had this similar 'not allowed to connect' issue and solved it; so I'd like to share.

TL;DR If you stand up your MySQL container for the very first time, with an empty mounted volume, without the MYSQL_ROOT_HOST: '%' environment variable set; your databases will initialize and "block" your host (since it's not defined).

Long Version I've been iteratively building on my docker-compose file. I started with this

  db:
    image: mysql:8.0
    volumes:
      - ./database:/var/lib/mysql
    ports:
      - 3306:3306
    # Use root/example as user/password credentials
    environment:
      MYSQL_ROOT_PASSWORD: example

I tried to login from MySQL workbench using root:example and got the connection issue. I then deleted everything in the ./database directory. I added the following:

    environment:
      MYSQL_ROOT_PASSWORD: example
      MYSQL_ROOT_HOST: '%'

Then I stood my MySQL container back up, it rebuilt the databases while taking the wildcard host % into account and now I can connect just fine.

[shmidtelson]

MYSQL_ROOT_HOST: '%' is my solution! Thanks!

[yosifkit]

MYSQL_ROOT_HOST is not required; the default is already %: https://github.com/docker-library/mysql/blob/a7a737f1eb44db467c85c8229df9d886dd63460e/8.0/docker-entrypoint.sh#L150-L151

https://github.com/docker-library/mysql/blob/a7a737f1eb44db467c85c8229df9d886dd63460e/8.0/docker-entrypoint.sh#L21-L25

[kasun-rhino]

For some reason, this is happening again. My dockerfile is

version: '2'
services:
    web:
        build:
            context: ./
            dockerfile: web.docker
        volumes:
            - ./:/var/www
        ports:
            - "8097:97"
        links:
            - app
    app:
        build:
            context: ./
            dockerfile: app.docker
        volumes:
            - ./:/var/www
        links:
            - database
        environment:
            - "DB_PORT=3306"
            - "DB_HOST=database"
    database:
        image: mysql:5.7
        command: --init-file /tmp/phpunit-database.sql
        volumes:
            - ./phpunit-database.sql:/tmp/phpunit-database.sql
        environment:
            - "MYSQL_ROOT_PASSWORD=secret"
            - "MYSQL_DATABASE=dockerApp_sing"
        ports:
            - "33067:3306"

No clue. Already tried 'MYSQL_ROOT_HOST=%' and removing the 'volumes'

[yosifkit]

@kasun-rhino, don't use init-file. I am quite sure the image is not designed to handle that; especially since that will be imported my MySQL before the entrypoint script has a chance to create the root user and requested database. Instead drop your .sql file in /docker-entrypoint-initdb.d/ and it will be automatically used on first initialization (https://github.com/docker-library/docs/tree/71ef75f7db8dc71a803ce5d1d2be997ba0eda610/mysql#initializing-a-fresh-instance)

[martinezcarlos]

I faced this problem and I fixed it collecting some of the answers here (@lucile-sticky and @tarikhagustia), but I did it using Kitematic. This was my approach:

Configure the container before running it

1. Make sure you expose the default MySQL Docker port to default MySQL port (or any port you want).

2. When you create a new MySQL container, or use an existing one, make sure you have deleted the contents on the volume used by this container before starting the container. You can check the local folder in the "Volumes" tab.

   

3. The container will ask you to assign a root password related properties so the container can run. Add these environment properties (all at once) and then save the changes. Saving will trigger the container run and it'll create the data in the volume described in point 2. so add the properties before saving:

   MYSQL_ROOT_HOST = % MYSQL_ROOT_PASSWORD =

Note that MYSQL_ROOT_PASSWORD** is just one of the 3 required options you are given to start this container.

Check your root host access

To check if you did the previous part properly you can use the command prompt as @lucile-sticky describes in their answer. I'm taking part of their answer directly.

Check if the database user exists and can connect

In MySQL, each database user is defined with IP address in it, so you can have for example a root user allowed to connect from localhost (127.0.0.1) but not from other IP addresses. With a container, you never access to the database from 127.0.0.1, it could explain the problem.

To check it, you can do the following:

1. From a terminal, connect you to your MySQL running container

docker exec -it your_container_name_or_id bash

2. In your container, connect you to the MySQL database

mysql -u your_user -p

It will ask you your password, you have to write it and press enter.

3. In your MySQL database, execute this SQL script to list all existing database users

SELECT host, user FROM mysql.user;

...

It has to contain a line with your database user and '%' to works (% means "every IP addresses are allowed"). Example:

+------------+------------------+
| host       | user             |
+------------+------------------+
| %          | root             |
+------------+------------------+

• @lucile-sticky

Connecting MySQL Workbench to the Docker container.

To connect MySQL Workbench to the Docker container you must use the user and password defined for this example in literal 2. (root) and the port exposed in literal 1.

Test the connection and it should work properly now.

[anasanzari]

+1

[mukhtiarahmed]

I have a falcon app which uses pony orm for mysql. I am binding the db using this-- db.bind(provider='mysql', user='shankha', password='shankhaSQL@123', host='127.0.0.1', database='smart_senseV2') In my Docker file (my_falcon_app:0.1) I have -

EXPOSE 8081
CMD ["gunicorn", "--reload", "routes:api", "-b:8081"]

My Docker-compose looks like this-

version: "3"
services:
  app:
    image: my_falcon_app:0.1
    links:
      - my-db
    ports:
      - "8081:8081"

  my-db:
    image: mysql:5.7
    ports:
      - "3308:3306"
    environment:
      MYSQL_ROOT_PASSWORD: password
      MYSQL_DATABASE: db_1
      MYSQL_USER: root
      MYSQL_PASSWORD: password
      # MYSQL_ROOT_HOST: '127.0.0.1'

    volumes:
      - ./SQP_SCRIPTS:/docker-entrypoint-initdb.d
      - ./DB_DATA:/var/lib/mysql:rw
      - ./DB_config/mysqld.conf:/etc/mysql/mysql.conf.d/mysqld.cnf

config_file--

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
bind-address   = 0.0.0.0

the container for DB gets created but the app crashes every time, error message: app_1 | pony.orm.dbapiprovider.OperationalError: (2003, "Can't connect to MySQL server on '127.0.0.1' ([Errno 111] Connection refused)") app_ exited with code 3

HELP!

you can try

db.bind(provider='mysql', user='shankha', password='shankhaSQL@123', host='0.0.0.0', database='smart_senseV2')

I replaced 127.0.0.1 whit 0.0.0.0

It should work well

[shankha117]

@mukhtiarahmed this did not work for me. However, from compose file, I was passing

    environment:
      DB_HOST: my-db

and in code

import os
db.bind(provider='mysql', user='shankha', password='shankhaSQL@123', host=os.environ['DB_HOST'], database='smart_senseV2')

it was working well NOW agin the same problem came. is not there any permanent solution for this??

[pamoller]

I've got the connection problem on mysql 5.7, 5.7.26 and 5.7.16 on the actual Docker / WSL Ubuntu / WinX Prof

ERROR 1130 (HY000): Host '172.17.0.1' is not allowed to connect to this MySQL server

[jeremie-crt]

To change the Localhost "%" :

GRANT ALL PRIVILEGES ON . TO 'root'@'%' IDENTIFIED BY 'root';

[loooping-old]

Hi @meenakshik-optimus,

Create new user with host '%' rather than localhost. Below is works for me. It may useful to you. mysql> CREATE USER 'usernameall'@'%' IDENTIFIED BY 'ThePassword'; mysql> grant all on . to 'usernameall'@'%';

thank you so much

[stancl]

Using docker-compose, I replaced the environment values with references to env variables from .env. Then I shut down the containers, deleted the volume (docker volume ls, docker volume rm ...) and ran docker-compose up.

# docker-compose.yml
environment:
    MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    MYSQL_DATABASE: ${MYSQL_DATABASE}
    MYSQL_USER: ${MYSQL_USER}
    MYSQL_PASSWORD: ${MYSQL_PASSWORD}

# .env
MYSQL_ROOT_PASSWORD=...
MYSQL_DATABASE=...
MYSQL_USER=...
MYSQL_PASSWORD=...

[ElijahLynn]

I just had this issue with a Lando setup. The comments about volumes led me to just nuke everything locally with docker system prune --all and now it all works again for me (plus I got 23GB freed up).

[idontusenumbers]

You cannot just add MYSQL_ROOT_HOST after you discover you cannot connect. This value is apparently only used on initial container creation.

The simplest solution is to delete the existing containers.

[ervinb]

If MYSQL_ROOT_HOST is not working for you, like in older versions of the image (5.5, 5.6), you can create a startup script, which updates the host field for the root user:

## docker-compose.yaml
...
volumes:                                    
  - ./mysql/:/docker-entrypoint-initdb.d/:ro

## ./mysql/update-root-host.sql
use mysql;
update user set host='%' where user='root' and host='127.0.0.1';

[rbrisita]

You cannot just add MYSQL_ROOT_HOST after you discover you cannot connect. This value is apparently only used on initial container creation.

The simplest solution is to delete the existing containers.

--env "MYSQL_ROOT_HOST=%" is valid when running a container like so:

docker run --detach --name dev_mysql --network dev_net --env="MYSQL_ALLOW_EMPTY_PASSWORD=yes" --env="MYSQL_ROOT_HOST=%" mysql/mysql-server:5.7.26

Your other containers in your dev_net network will be able to connect by either its IP or hostname, dev_mysql in this instance.

[idontusenumbers]

You cannot just add MYSQL_ROOT_HOST after you discover you cannot connect. This value is apparently only used on initial container creation. The simplest solution is to delete the existing containers.

--env "MYSQL_ROOT_HOST=%" is valid when running a container like so:

docker run --detach --name dev_mysql --network dev_net --env="MYSQL_ALLOW_EMPTY_PASSWORD=yes" --env="MYSQL_ROOT_HOST=%" mysql/mysql-server:5.7.26

Your other containers in your dev_net network will be able to connect by either its IP or hostname, dev_mysql in this instance.

I'm saying that the MYSQL_ROOT_HOST value is used during database initialization, which only occurs on the container's first startup. After the first startup, the database is initialized and the value will never be used again (unless the db data files are deleted manually).

If one discovers they can't connect because of the permissions issue caused by that value missing during startup, they can't just shutdown the container, set the value, then start it back up. The new value will be present in the environment, but the only code looking at that value is the code that executes during 'db initialization', which only happens in the absence of an existing database.

[samayo]

been on this error for days, why aren't the mysql devs doing anything about this?

[Abadii]

I was facing the same issue with the mariadb:10.1 image on docker. After deleting my volumes regarding this container, it solved my problem.

I think that something went wrong on the first time I started my container. The entrypoint of this image checks if the data has been initialised. If so, it skips all initialisations. But if something went wrong on the first time, the corrupted configuration will exist in the volume.

So if you are facing the same problem, try to remove the regarding volumes.

[mrmedicine]

I was facing this issue as well (mysql:8.0.16), seemingly at random "SQLSTATE[HY000] [1045] Access denied" would popup. I've tried all suggested solutions before diagnosing the problem: I was running multiple instances of mysql in different composer files and subsequent containers, I stopped / removed one and the issue was solved. My guess is that docker was routing randomly between the two sockets, 1 of them only familiar with the user.

[Netthacker]

It's simply works to me doing this steps:

in the mysql, inside the container, i put: GRANT ALL ON . to root @'%' IDENTIFIED BY 'your-password-here';

[lightecoder]

I solved my problem with creating new user in table. First check yours users in table: SELECT user,host FROM mysql.user; You have to have the host for user root like %. If it is no % then execute queries: CREATE USER 'root'@'%' IDENTIFIED BY 'root'; GRANT ALL PRIVILEGES ONroot.* TO 'root'@'%'; Now you can connect to the server with credentials login = root, pass = root;

[Netthacker]

yep.....thanks...but I resolve this doing exactly this..thx for this information...

Em qui., 2 de abr. de 2020 às 07:35, Yaroslav notifications@github.com escreveu:

I solved my problem with creating new user in table. First check yours users in table: SELECT user,host FROM mysql.user; You have to have the host for user root like %. If it is no % then execute query: CREATE USER 'root'@'%' IDENTIFIED BY 'root'; Now you can connect to the server with credentials login = root, pass = root;

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/docker-library/mysql/issues/275#issuecomment-607763976, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFLF25Y3IJIQ2JP2NQBIO3RKRS7BANCNFSM4DENEZ2A .

[otavionestares]

docker run --name mysql1 -e MYSQL_ROOT_HOST=% -e MYSQL_ROOT_PASSWORD=your_password -p 3306:3306 -d mysql:latest

worked and without need to create user / set grant.

[felipemeddeiros]

I tried everything written here but it didn't work. My problem is a kind of weird.

when I got my containers up I can't connect to my database by any database manager. I get

mysql      | 2020-05-11T15:48:56.348312Z 8 [Warning] [MY-010055] [Server] IP address '172.21.0.1' could not be resolved: Name or service not known

but after I execute my migrations by terminal with the command above, I can access my database by any database manager normally.

$ docker-compose exec php-fpm php artisan migrate

my docker-compose.yml

  #MySQL Service
  mysql:
    image: mysql:8
    container_name: mysql
    restart: unless-stopped
    tty: true
    ports:
      - "3306:3306"
    environment:
      MYSQL_DATABASE: database
      MYSQL_ROOT_PASSWORD: root
      SERVICE_TAGS: dev
      SERVICE_NAME: mysql
    volumes:
      - ./mysql/dbdata:/var/lib/mysql/
      - ./mysql/my.cnf:/etc/mysql/my.cnf
    networks:
      - app-network

and my 'my.cnf'

[mysqld]
general_log = 1
general_log_file = /var/lib/mysql/general.log
secure-file-priv= NULL
#Accept connections from any IP address
bind-address = 0.0.0.0

[lakshyabatman]

I'm facing this issue, but in my case instead of using docker-compose, I used simply docker run. Any idea how I can solve?

[felipemeddeiros]

I fixed my case here

[juanluiscb]

Muchas gracias fue de mucha ayuda!!

[palashCItobuz]

In my case It works only when the container is run second time. That's because the mysql service is restarted after first failure. So mysql loads with new config my.cnf with bind-address set to 0.0.0.0. How can this be fixed?

version: '3.3'

services:
  mysql:
    container_name: affility-mysql
    image: mysql:8.0
    command: --default-authentication-plugin=mysql_native_password
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'root'
      MYSQL_DATABASE: 'wellness_db'
      MYSQL_USER: 'someuser'
      MYSQL_PASSWORD: 'somepassword'
    ports:
      - '3306:3306'
    expose:
      - '3306'
    volumes:
      - mysqldb-data:/var/lib/mysql
      - './mysql/my.cnf:/etc/mysql/my.cnf'

volumes:
  affility-datavolume:

[felipemeddeiros]

In my case It works only when the container is run second time. That's because the mysql service is restarted after first failure. So mysql loads with new config my.cnf with bind-address set to 0.0.0.0. How can this be fixed?

version: '3.3'

services:
  mysql:
    container_name: affility-mysql
    image: mysql:8.0
    command: --default-authentication-plugin=mysql_native_password
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'root'
      MYSQL_DATABASE: 'wellness_db'
      MYSQL_USER: 'someuser'
      MYSQL_PASSWORD: 'somepassword'
    ports:
      - '3306:3306'
    expose:
      - '3306'
    volumes:
      - mysqldb-data:/var/lib/mysql
      - './mysql/my.cnf:/etc/mysql/my.cnf'

volumes:
  affility-datavolume:

Look to my answer above.

[palashCItobuz]

Look to my answer above.
@felipemeddeiros

I did that and that's how I created the my.cnf file. I only have the default my.cnf along with bind-address set to 0.0.0.0, and it sometimes work and sometimes doesn't work. I logged into the container and found this..

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
datadir         = /var/lib/mysql
secure-file-priv= NULL
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# Custom config should go here
!includedir /etc/mysql/conf.d/
bind-address=0.0.0.0

Which means that my changes are being written there. But it works only when I restart the cotainer, as I'm not restarting the mysql service in the container somehow. Some other times it shows the same old message and my app reports Error: ER_HOST_NOT_PRIVILEGED: Host '172.18.0.3' is not allowed to connect to this MySQL server that I figured because the environment variables are being overlooked while building the container because of the volume declaration.

      MYSQL_ROOT_PASSWORD: 'root'
      MYSQL_DATABASE: 'wellness_db'
      MYSQL_USER: 'someuser'
      MYSQL_PASSWORD: 'somepassword'

...and I can't login into the container mysql as root using password root, no database named wellness_db or user someuser.

Database changed
mysql> select host, user from user;
+-----------+------------------+
| host      | user             |
+-----------+------------------+
| localhost | mysql.infoschema |
| localhost | mysql.session    |
| localhost | mysql.sys        |
| localhost | root             |
+-----------+------------------+
4 rows in set (0.00 sec)

[felipemeddeiros]

Look to my answer above. @felipemeddeiros

I did that and that's how I created the my.cnf file. I only have the default my.cnf along with bind-address set to 0.0.0.0, and it sometimes work and sometimes doesn't work. I logged into the container and found this..

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
datadir         = /var/lib/mysql
secure-file-priv= NULL
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# Custom config should go here
!includedir /etc/mysql/conf.d/
bind-address=0.0.0.0

Which means that my changes are being written there. But it works only when I restart the cotainer, as I'm not restarting the mysql service in the container somehow. Some other times it shows the same old message and my app reports Error: ER_HOST_NOT_PRIVILEGED: Host '172.18.0.3' is not allowed to connect to this MySQL server that I figured because the environment variables are being overlooked while building the container because of the volume declaration.

      MYSQL_ROOT_PASSWORD: 'root'
      MYSQL_DATABASE: 'wellness_db'
      MYSQL_USER: 'someuser'
      MYSQL_PASSWORD: 'somepassword'

...and I can't login into the container mysql as root using password root, no database named wellness_db or user someuser.

Database changed
mysql> select host, user from user;
+-----------+------------------+
| host      | user             |
+-----------+------------------+
| localhost | mysql.infoschema |
| localhost | mysql.session    |
| localhost | mysql.sys        |
| localhost | root             |
+-----------+------------------+
4 rows in set (0.00 sec)

Did you update your mysql version?

[palashCItobuz]

@felipemeddeiros

Did you update your mysql version?

Yes, image: mysql:8.0. Actually I have never been using 5.7.

[felipemeddeiros]

@felipemeddeiros

Did you update your mysql version?

Yes, image: mysql:8.0. Actually I have never been using 5.7.

As I said you didn't see my answer properly on staskoverflow. Use 8.0.20 version. I was facing the same problem with 8.0 version.

[manik-ushur]

docker run --name mysql1 -e MYSQL_ROOT_HOST=% -e MYSQL_ROOT_PASSWORD=your_password -p 3306:3306 -d mysql:latest

worked and without need to create user / set grant.

This might solve the problem, but won’t it create security risk?

[tianon]

Yes -- that will expose your MySQL instance to your network (which in many cases, especially with VMs on cloud providers, might be the internet at large, depending on your local networking), so you will want to ensure your password is strong, you don't have any additional GRANTs, you keep your instance up-to-date, you firewall access to that port as much as possible from a higher level firewall, etc (standard "exposing my database to the outside world" precautions).

[palashCItobuz]

@felipemeddeiros

Did you update your mysql version?

Yes, image: mysql:8.0. Actually I have never been using 5.7.

As I said you didn't see my answer properly on staskoverflow. Use 8.0.20 version. I was facing the same problem with 8.0 version.

Okay, I have set it up with mysql:8.0.20 now but the problem remains. After rebuilding everything often there is no new entry in mysql.user table or any new database. However, that works after couple of retrials!

[Wirone]

If anyone struggles with this needs to:

• Ensure that volume was freshly created when starting Docker because users and passwords are created only on initial startup (so changing passwords in docker-compose.yml doesn't actually change password in existing volume)
• Passwords defined in docker-compose.yml doesn't contain characters that would malform compose format. For example if $ is used it would be interpolated, so for password foo$bar/foo you could get WARNING: The bar variable is not set. Defaulting to a blank string. when starting and actual password would be foo/foo (and then you would get Access denied for user 'your_user'@'172.19.0.1' (using password: YES) when trying to connect with "complete" password)
• Passwords defined in your web apps using .env files are loaded properly. I don't have example right now, but I remember one day I had a problem that file wasn't parsed properly (probably because of = or ") so actual password used in the app wasn't the password defined in .env and in the database
• ensure that correct user+password is provided :wink: For example I was using non-root user with password defined in MYSQL_ROOT_PASSWORD, so it wasn't matched. Silly mistake, but it happens.

Happy connecting!

[alingse]

MYSQL_ROOT_HOST=172.*.*.* 

https://dev.mysql.com/doc/refman/5.7/en/docker-mysql-more-topics.html