• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How to connect "Plesk remote db from other host"

Juyal Ahmed

New Pleskian
I'm working on a CakePHP project which requires the db connected to plesk remote mysql server. If I use below db configuration example

'port' => '3306',
'host' => 'xxx.xxx.xxx.xxx',
'username' => 'usernmae',
'password' => 'pass',
'database' => 'db',

When I run the app getting mysql error connection timeout.

What I have tried so far:

1. Tools & Settings > Database Servers > ALLOW REMOTE CONNECTIONS FROM ANY HOST
2. Databases > Database Users > ALLOW REMOTE CONNECTIONS FROM ANY HOST
3. Tools & Settings > Firewall > I added the following rule : Allow
incoming from all on port 3306/tcp
4. Edited /etc/mysql/my.cnf and changed the bind-address = 0.0.0.0
5. GRANT ALL PRIVILEGES ON *.* TO 'user'@'%'
 
I'd write bind-address = ::
Also check the firewall that your provider might have in front of your server. Some OVH customers had previously experienced issues with connections to the server because they were not aware of the fact, that in front of their server the data center operates a firewall where the port must be opened, too.
 
I'd write bind-address = ::
Also check the firewall that your provider might have in front of your server. Some OVH customers had previously experienced issues with connections to the server because they were not aware of the fact, that in front of their server the data center operates a firewall where the port must be opened, too.

Thanks for the reply.
Still doesn't work though I used bind-address = ::
 
- Did you restart the database service after applying the bind address change?
- What is the exact error message that a connection attempt delivers on the system that tries to connect?
 
- Did you restart the database service after applying the bind address change?
- What is the exact error message that a connection attempt delivers on the system that tries to connect?
Code:
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port        = 3306
socket        = /var/run/mysqld/mysqld.sock

# Here is entries for some specific programs
# The following values assume you have at least 32M ram

# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket        = /var/run/mysqld/mysqld.sock
nice        = 0

[mysqld]
#bind-address = ::ffff:127.0.0.1
#bind-address = ::
#bind-address = 0.0.0.0
bind-address = ::
local-infile=0
#
# * Basic Settings
#
user        = mysql
pid-file    = /var/run/mysqld/mysqld.pid
socket        = /var/run/mysqld/mysqld.sock
port        = 3306
basedir        = /usr
datadir        = /var/lib/mysql
tmpdir        = /tmp
lc-messages-dir    = /usr/share/mysql
#skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#
# * Fine Tuning
#
key_buffer        = 16M
max_allowed_packet    = 16M
thread_stack        = 192K
thread_cache_size       = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover         = BACKUP
#max_connections        = 100
#table_cache            = 64
#thread_concurrency     = 10
#
# * Query Cache Configuration
#
query_cache_limit    = 1M
query_cache_size        = 16M
server-id = 23
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file        = /var/log/mysql/mysql.log
#general_log             = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#slow_query_log_file = /var/log/mysql/mysql-slow.log
#slow_query_log      = 1
#long_query_time = 2
#log_queries_not_using_indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#       other settings you may need to change.
#server-id        = 1
#log_bin            = /var/log/mysql/mysql-bin.log
expire_logs_days    = 10
max_binlog_size         = 100M
#binlog_do_db        = include_database_name
#binlog_ignore_db    = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem



[mysqldump]
quick
quote-names
max_allowed_packet    = 16M

[mysql]
#no-auto-rehash    # faster start of mysql but no tab completition

[isamchk]
key_buffer        = 16M

#
# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#
# !includedir /etc/mysql/conf.d/

THIS IS THE CONTENT OF MY my.cnf file
YES I've restarted [sudo systemctl restart mysql] my database service after applying the bind address change.

The issue is when I am trying to reach it, connection getting timed out!!

mysql -u upto_app -p -P3306 -h 142.142.142.152 #ERROR 2003 (HY000): Can't connect to MySQL server on '142.142.142.152' (110 "Connection timed out")

OR If I try to connect using PHP code it doesn't
 
I have tested the same constellation with a Plesk system and another host and was able to connect. The command is correct, the configuration file looks correct, too.

Please test, if you can reach port 3306 at all:
# nc -zv 142.142.142.152 3306
should return
"Connection to 142.142.142.152 3306 port [tcp/mysql] succeeded!"

This is independent of access restrictions in MySQL. If you don't get the "succeeded" message, a firewall is blocking access.
 
I have tested the same constellation with a Plesk system and another host and was able to connect. The command is correct, the configuration file looks correct, too.

Please test, if you can reach port 3306 at all:
# nc -zv 142.142.142.152 3306
should return
"Connection to 142.142.142.152 3306 port [tcp/mysql] succeeded!"

This is independent of access restrictions in MySQL. If you don't get the "succeeded" message, a firewall is blocking access.

nc: connect to 142.142.142.152 port 3306 (tcp) failed: Connection timed out
This is what I am getting as response!!!
 
Let's go back to start. As previously said, it does not necessarily have to be a firewall on this server. It can be a firewall on the system that is requesting the connection or a firewall in between, e.g. separat from the server / in front of the server. For example an extra firewall operated in the data center that you might be able to control from a customer control panel that the data center provides for you.
 
And here is another idea: Maybe the IP address of the requestor has been blocked by iptables / fail2ban?
 
And here is another idea: Maybe the IP address of the requestor has been blocked by iptables / fail2ban?
IP Address Banning (Fail2ban) service was not running, however I've started it

After starting when I see the status it is responding:
Status
|- Number of jail: 0
`- Jail list:

I Am USING:
OS ‪Debian 8.11‬
Product Plesk Onyx
Version 17.8.11 Update #38, last updated on Jan 30, 2019 08:14 PM
 
an extra firewall operated in the data center that you might be able to control from a customer control panel that the data center provides for you.

As Peter said, there is a firewall between the data center and the server, check it, if you're using a cloud provider ..maybe there is a chance of misconfigured Network ACLs.
 
I have the same problem. But before, I had no problem. I opened the "Allow remote connections from" option and wrote my static IP address, and after that, I closed this option to "Allow remote connections from any host." But I cannot still connect except for my static IP address.

Note: I tried some points which were given above. But still not working.
 
Back
Top