on Ubuntu 20.04 i have installed Docker with Mysql 5.7.34 , in Plesk is in the firewall all ip blocked in the rule for MySQL-Server, only acesss from my IP Range from my internet provider in the database is in the configuration only acess local connections.
but in the docker log is see this :
…
2023-03-10T14:22:51.352150Z 22875 [Note] Access denied for user ‘hd’@‘89.248.163.132’ (using password: YES)
2023-03-10T14:22:52.696050Z 22876 [Note] Access denied for user ‘view’@‘45.93.201.74’ (using password: YES)
2023-03-10T14:22:55.045903Z 22879 [Note] Access denied for user ‘root’@‘45.93.201.74’ (using password: YES)
2023-03-10T14:23:01.928298Z 22886 [Note] Access denied for user ‘xy’@‘89.248.163.132’ (using password: YES)
2023-03-10T14:23:15.645962Z 22891 [Note] Access denied for user ‘readonly’@‘45.93.201.74’ (using password: YES)
2023-03-10T14:23:18.738455Z 22892 [Note] Access denied for user ‘root’@‘45.93.201.74’ (using password: YES)
2023-03-10T14:23:39.033721Z 22903 [Note] Access denied for user ‘Hoscodb_Masterpro_208TonDucThangHN’@‘45.93.201.74’ (using password: YES)
… and in the Firewall i have blocked this IPs , without success !
Why would you even want to expose the database to the internet?
Have you considered setting up a vpn server on your remote machine and dial into the vpn with your client machine to access the database through the secure connection? Or at least just bind the database port to 127:0.0.1 and use ssh local port forwarding
to bind the database port to localhost on our machine (see A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding for how local port forwarding works).
If you don’t need to access the database using a sql management tool, then the most obvious solution would be to not publish the port.
Your mysql version has known vulnerabilities. First thing you will want to do is to upgrade to a more recent version.
no, I only need the SQL locally in a Linux server, the firewall in plesk is probably not blocking docker.
my application only works with this mysql version 5.7.34, That’s why I also installed mysql with docker because Ubuntu 20, 22.04 only has mariadb by default
I don’t need to access the database for sql management tool.
i have the ip 0.0.0.0 in the database for the docker Mysql, the default DB mariadb have localhost
It is good news that you only need to access the database locally. It makes things much easier.
The database must listen on 0.0.0.0, but your db user does not require to be granted access from everywhere (e.g. `‘user’@‘%’).
You can publish a container port to a host port bound to a specific host ip: docker run -p 127.0.0.1:3306:3306 ... (the same works with compose file port mappings). This allows an application running directly on the docker host to access the database using localhost:3306.
I would be surprised your application would not work with the latest patched 5.7.x version - it would mean your application requires a specific bug in the 5.7 database version to work… which doesn’t really make sense. Furthermore, version 5.7 is out of support after 31 Oct 2023 and will receive no further bug or security fixes.