HI, I've got a dedicated MySQL server (CiviCRM doesn't like replicated servers) and this server sits on a private (backend) network. It does (for now) have a public IP address but MySQL isn't exposed there. In short, MySQL doesn't listen on 0.0.0.0. As this is a dedicated SQL only server having a local socket and listening on 192.168.x.x is enough and provides some good security as well. ISPconfig, however, thinks that MySQL is down when it's not. I've disabled the recovery for this service but it would be great to get rid of the reported error on the system state page. What checks does ISPconfig do to test if a service is active and can this be configured or modified? Thanks,
Found this post which states MariaDB can't bind to more than one IP address, though 0.0.0.0 will make it listen on all addresses but I don't want to externally expose this SQL server. I know I can firewall it, but prefer the current design where the service only listens on the IP address it needs to... It's safer to put up with the error. https://www.cyberciti.biz/faq/unix-linux-mysqld-server-bind-to-more-than-one-ip-address/
It connects to thze service on localhost. The correct way is to close the port in the firewall or bind it to 127.0.0.1 IP.
Hi Till, Understood, thank you for your reply. I might just do a port forward rule from 127.0.0.1:3306 to the private interface IP address just for monitoring purposes. I prefer to keep a multi-layered security approach. Binding it to localhost would stop the webservers from connecting to the SQL server via the private network.