Cannot connect to MySQL server hosted in docker from external machine

Question

I'm setting up a MySQL server inside a Docker container

sudo docker run --name test-mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=password -e MYSQL_USER=desktop -e MYSQL_PASSWORD=password -e MYSQL_ROOT_HOST=% -d mysql

For some reason I can't figure out, an external machine cannot connect to it, no matter what I try.

Here is the content of my.cnf

root@f9042fc2a105:/# cat /etc/mysql/my.cnf
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
datadir         = /var/lib/mysql
secure-file-priv= NULL

# Custom config should go here
!includedir /etc/mysql/conf.d/

Here is docker.cnf

root@f9042fc2a105:/# cat /etc/mysql/conf.d/docker.cnf
[mysqld]
skip-host-cache
skip-name-resolve

Here is mysql.cnf

# Copyright (c) 2015, 2021, Oracle and/or its affiliates.
[mysql]

Here is the content of the User table

mysql> select user, host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| desktop          | %         |
| root             | %         |
| mysql.infoschema | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+
6 rows in set (0.00 sec)

Here is the error I get when connecting from an external machine using MySQL shell :

 MySQL  JS > \connect --mysql root@192.186.1.85
Creating a Classic session to 'root@192.186.1.85'
Please provide the password for 'root@192.186.1.85': ********
MySQL Error 2013 (HY000): Lost connection to MySQL server at 'waiting for initial communication packet', system error: 10060

The docker host machine has no firewall.

Answer 1

you should check the firewall rules. Maybe you have to allow something like:

ufw route allow proto tcp from any to any port 3306

Did you manage to ping the instance of MySql on the port 3306?

By the way keep in mind that allowing any is not safe, you should allow only your ip o the one you are trying to connect from.

Best regards, Vittorio

Answer 2

It seems that if you have to activate and allow the port that MySQL is listening to, which is 3306 , due to the port mapping -p 3306:3306 in your description. And also check if MySQL remote access is enabled or not.

By default, UFW is set to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world.

You can read about the default inactive firewall here .

You may try the below steps:

Step 1 : Setting up the rules BEFORE activate your ufw firewall.

sudo ufw allow ssh
sudo ufw allow 3306

Make sure you allow ssh port too if the host is a remote machine. If anything happens, at least we can ssh to it and find what is happening.

Step 2 : Activate your firewall

sudo ufw enable

Step 3 : Check the host machine's firewall status

sudo ufw status

It should be somewhat like this

Status: active

To                         Action      From
--                         ------      ----
3306                       ALLOW       Anywhere
22                         ALLOW       Anywhere
3306 (v6)                  ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)

Step 4 : Enabling MySQL remote access. By default, MySQL remote access is disabled. Find the mysqld.cnf file of your MySQL in the container

sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf

and add the configuration below

#bind-address   = 127.0.0.1 <-- If there is any line like this, comment it out.
bind-address   = 0.0.0.0

Hope this helps!