[英]MYSQL refuses remote connection with error “ERROR 2003 (HY000)” and TCP error 111
I have installed MySQL 8.0.25 on Ubuntu 20.04 LTS (ARM) instance on AWS.我已经在 AWS 上的 Ubuntu 20.04 LTS (ARM) 实例上安装了 MySQL 8.0.25。
I can access it using 127.0.0.1 address locally, but can't access it remotely from another instance.我可以在本地使用 127.0.0.1 地址访问它,但不能从另一个实例远程访问它。
"Bind-address" was commented out originally, I uncommented it and changed to "0.0.0.0" (mysql service was restarted) - didn't help, so I commented it back. “绑定地址”最初被注释掉,我取消注释并更改为“0.0.0.0”(mysql服务已重新启动) - 没有帮助,所以我把它评论回来。
"Skip-networking" is not in the cnf file. “跳过网络”不在 cnf 文件中。
I changed the port to 3307 just to be sure that I'm looking at the right cnf, and now MYSQL does listen to port 3307:我将端口更改为 3307 只是为了确保我正在查看正确的 cnf,现在 MYSQL 确实监听了端口 3307:
locally I can connect using port 3307, but not remotely:在本地我可以使用端口 3307 进行连接,但不能远程连接:
Here are the iptables:这是iptables:
I know that firewall works well, because if I remove port 3307 from the rules, the error is different:我知道防火墙运行良好,因为如果我从规则中删除端口 3307,错误会有所不同:
As you can see, TCP error 111 ("Connection Refused") became error 113 ("No Route to Host").如您所见,TCP 错误 111(“连接被拒绝”)变成了错误 113(“没有到主机的路由”)。
Telnet connection is refused with the same error: Telnet 连接被拒绝并出现同样的错误:
I've rebooted the MySQL instance - no change.我重新启动了 MySQL 实例 - 没有变化。
Why would MYSQL refuse remote connection, if "bind-address" is commented out, and firewall is open?为什么 MYSQL 会拒绝远程连接,如果“绑定地址”被注释掉,并且防火墙是打开的?
@stdunbar's comment pointed me in the right direction. @stdunbar 的评论为我指明了正确的方向。
The problem happened because I followed the MYSQL installation instructions at https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04 , and ran the security script while configuring MYSQL:问题的发生是因为我在https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04遵循 MYSQL 安装说明,并在配置 MYSQL 安装说明时运行了安全脚本,同时配置 Z144978F4ADFDFDAD
sudo mysql_secure_installation
For some reason, this script causes MYSQL to ignore the bind-address
setting in the cnf file, while it still uses the port
setting - very confusing!由于某种原因,这个脚本导致 MYSQL 忽略 cnf 文件中的
bind-address
设置,而它仍然使用port
设置 - 非常混乱!
When I installed MYSQL without running the security script, the "local address" of the MYSQL daemon in the netstat -lnp | grep mysql
当我在不运行安全脚本的情况下安装 MYSQL 时,
netstat -lnp | grep mysql
netstat -lnp | grep mysql
command changed from 127.0.0.1: netstat -lnp | grep mysql
命令从 127.0.0.1 更改:
After this, MYSQL started to accept remote connections.此后,MYSQL 开始接受远程连接。 Of course, I still had to create a remote user:
当然,我还是要创建一个远程用户:
CREATE USER 'root'@'remotehostname' IDENTIFIED WITH caching_sha2_password BY 'newpassword';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'remotehostname' WITH GRANT OPTION;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.