Connect to MySQL/MariaDB from a different machine or network
NOTE: We are in the process of modifying the configuration for many Bitnami stacks. On account of these changes, the file paths and commands stated in this guide may change depending on whether your Bitnami stack uses MySQL or MariaDB. To identify which database server is used in your stack, run the command below:
$ test -d /opt/bitnami/mariadb && echo "MariaDB" || echo "MySQL"
The output of the command indicates which database server (MySQL or MariaDB) is used by the installation, and will allow you to identify which guides to follow in our documentation for common database-related operations.
IMPORTANT: By default, the database port for the nodes in this solution cannot be accessed over a public IP address. As a result, you will only be able to connect to your database nodes from machines that are running in the same network. For security reasons, we do not recommend making the database port accessible over a public IP address. If you must make it accessible over a public IP address, we recommend restricting access to a trusted list of source IP addresses using firewall rules. Refer to the FAQ for information on opening ports in the server firewall.
Connect from the same network
To connect to the database server from a different machine in the same network, use a command like the one below:
$ mysql -h SERVER-IP -u root -p
You will be prompted to enter the root user password. This is the same password entered during the server deployment process.
If you wish to connect to the primary database host from a different network using its public IP address, we recommend creating an SSH tunnel, as described in the FAQ. However, you should only do this if you wish to temporarily connect to, or use, the CLI. This approach is not recommended to permanently connect your application to the database cluster, as a connectivity failure in the SSH tunnel would affect your application’s functionality.
Connect from a different network
If you must connect to the database from a machine that it is not running in the same network as the WordPress cluster, you can follow these approaches (these are shown in order of preference, from the most secure to the least recommended solution):
- Option 1: Peer both virtual networks to secure the connections between the two instances. Learn how to connect instances in different networks using network peering.
Option 2: Create an SSH tunnel to connect the database console to perform administrative tasks using the primary host’s public IP address. Refer to the FAQ for more information on this.
NOTE: You should only access the primary server using an SSH tunnel if you wish to temporarily connect to, or use, the WordPress console. This approach is not recommended to permanently connect your application to the WordPress cluster, as a connectivity failure in the SSH tunnel would affect your application’s functionality.
Option 3: Make the server publicly accessible and restrict access to a trusted list of source IP addresses using firewall rules. Refer to the FAQ for information on opening ports in the server firewall.