Open alehostert opened 1 week ago
BTW, MariaDB 10.11 added the option to set more interfaces on bind-address
, comma separated:
MariaDB starting with 10.11
Multiple comma-separated addresses can now be given to bind_address to allow the server to listen on more than one specific interface while not listening on others.
https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/
With this, I'm able to connect via private port (inter-container) AND from outside (remote connection):
root@container-b:/speedia# grep -ir bind /etc/mysql/mariadb.conf.d/50-server.cnf
# bind-address = 127.0.0.1
bind-address = 127.0.0.1,10.0.1.2
root@container-a:/speedia# telnet ${publicIpAddress} 40007
Trying ${publicIpAddress}...
Connected to ${publicIpAddress}.
Escape character is '^]'.
X
11.4.3-MariaDB-deb11/P'p!MDK�+5g+;(W\KABhmysql_native_password
alehostert@my-local-machine ➜ ~ telnet ${publicIpAddress} 30002
Trying ${publicIpAddress}...
Connected to ${publicIpAddress}.
Escape character is '^]'.
X
11.4.3-MariaDB-deb11YcfV]Q[V�}60.5]Y%L.A;mysql_native_password
Hello there!
I'm trying to setup MySQL communication between two containers, both using Speedia OS.
Container A doesn't have MariaDB. Container B have only MariaDB running:
Context
The default OS configuration set's MariaDB 10.11
bind-address
to127.0.0.1
(which is pretty right, IMO):With this, I'm able to connect to MariaDB:
localhost
(expected):30002
on my case) (expected, either):30002
on my case):The issue
But I can't connect to Container B from Container A using the local Control private port (
40007
on my case):Using the
mysql
cli we can see the problem:This happens because the
bind-address
will not allow connections from outside, after all it's configured to listen only to127.0.0.1
interface. To change thebind-address
to0.0.0.0
will allow the connection from40007
.Setting the
bind-address
to the host local network IP address will allow the inter-container communication, but will break the remote access (obviously).The only way to communicate between private port and not to break remote access is to set the
bind-address
to0.0.0.0
.To help picture this, I made this spreadsheet:
https://docs.google.com/spreadsheets/d/1cmqIv8k7p9DxklwQx2qn1vv98994qyK_hAMg0t0tPGM/edit?usp=sharing
I think the decision here is to set
bind-address
to0.0.0.0
, allowing the inter-container communication and avoiding the extra step by passing through nginx proxying30002
to40007
.The end-user will have to control the remote access on the granting, which is
%
by default, tho.And, if it's the case, I should probably had open this issue on the OS repo :smile: