3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 15:47:36 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/docs/tcp/mysql.md
Alex Fornuto b2b8c481d5
Refresh and Update TCP documentation (#2627) 
* init client app doc

* init TCP section

* add redirect for TCP client doc

* Redis and Mysql

* finish TCP exampels

* init Draft template

* cleanup whitespace

* escape markdown image in template

* add redirect and update links

* copy edit

* Update readme.md

* fmt

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* optimize png

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* header cleanup and child listing

* Update docs/docs/tcp/ssh.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2021-10-14 09:35:31 -05:00

2.4 KiB
Raw Blame History

title description
MySQL & MariaDB Tunnel MySQL connections through Pomerium

Tunneled MySQL Connections

This document explains how to connect to a MySQL or MariaDB database through an encrypted TCP tunnel. We use the mysql command line utility, but the same tunnel can be used by GUI tools.

Basic Connection

  1. Create a TCP tunnel, using either pomerium-cli or the Pomerium Desktop client:

    ::::: tabs :::: tab pomerium-cli

    pomerium-cli tcp aService.corp.example.com:3306 --listen :3306

    :::tip --listen The --listen flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port. :::

    :::: :::: tab Pomerium Desktop An example connection to a MySQL service from Pomerium Desktop

    :::tip Local Address The Local Address field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port. :::

    :::: :::::

  2. Initiate your MySQL connection, pointing to localhost:

    mysql -h 127.0.0.1 -u USER -p

Allow Access from Remote Hosts:

  1. Your MySQL or MariaDB service may not accept connections from remote hosts. Find the bind-address key in the configuration files (usually located in /etc/mysql/) and edit it to accept remote connections. For example:

    # Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 0.0.0.0

  2. When connecting, you may get an error like ERROR 1130 (HY000): Host '192.0.2.10' is not allowed to connect to this MariaDB/MySQL server. You can create a user entry in your database for the Pomerium host:

    CREATE USER 'user'@'pomerium.local' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'pomerium.local'

    Or create a user entry with no host associated:

    CREATE USER 'user'@'%' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%'

More Resources