Dedicated SQL server - service showing as down

Discussion in 'Installation/Configuration' started by dmgeurts, Nov 13, 2019.

  1. dmgeurts

    dmgeurts Member

    HI, I've got a dedicated MySQL server (CiviCRM doesn't like replicated servers) and this server sits on a private (backend) network. It does (for now) have a public IP address but MySQL isn't exposed there. In short, MySQL doesn't listen on 0.0.0.0. As this is a dedicated SQL only server having a local socket and listening on 192.168.x.x is enough and provides some good security as well.
    ISPconfig, however, thinks that MySQL is down when it's not. I've disabled the recovery for this service but it would be great to get rid of the reported error on the system state page.
    What checks does ISPconfig do to test if a service is active and can this be configured or modified?
    Thanks,
     
  2. dmgeurts

    dmgeurts Member

    Found this post which states
    MariaDB can't bind to more than one IP address, though 0.0.0.0 will make it listen on all addresses but I don't want to externally expose this SQL server. I know I can firewall it, but prefer the current design where the service only listens on the IP address it needs to... It's safer to put up with the error.
    https://www.cyberciti.biz/faq/unix-linux-mysqld-server-bind-to-more-than-one-ip-address/
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    It connects to thze service on localhost.

    The correct way is to close the port in the firewall or bind it to 127.0.0.1 IP.
     
    dmgeurts likes this.
  4. dmgeurts

    dmgeurts Member

    Hi Till,
    Understood, thank you for your reply.

    I might just do a port forward rule from 127.0.0.1:3306 to the private interface IP address just for monitoring purposes. I prefer to keep a multi-layered security approach. Binding it to localhost would stop the webservers from connecting to the SQL server via the private network.
     
    Jesse Norell likes this.

Share This Page