Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Opening MySQL Remote Access (2026)

What will you learn in this guide?

In this guide, you will learn how to open your MySQL database securely for remote access.
We will establish a production compatible structure with authorization, firewall and TLS.

Technical Summary

This guide aims to maintain security while removing MySQL's default localhost restriction.
Steps: bind-address → user → UFW → test → SSL/TLS.

Prerequisites

  • Ubuntu 20.04 / 22.04 / 24.04
  • MySQL 8.0 or above
  • sudo authority
  • UFW active
  • Current database backup

Opening MySQL to Remote Connections

By default MySQL only listens on 127.0.0.1.

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
  • This file contains MySQL network settings.

Find the default line:


bind-address = 127.0.0.1
  1. Recommended (if you are using a private network):

bind-address = 10.0.0.5
  1. If mandatory (all interfaces):

bind-address = 0.0.0.0
  1. Apply the changes:

sudo systemctl restart mysql

Note: 0.0.0.0 should only be used with strict firewall and IP restriction.

Creating a Remote MySQL User

  1. Connect to MySQL with root:

sudo mysql
  1. Create IP specific user:

CREATE USER 'genixnode_app'@'203.0.113.10' IDENTIFIED BY 'GucluBirSifre123!';
  1. Define only the necessary permissions:

GRANT SELECT, INSERT, UPDATE, DELETE ON uygulama_db.* TO 'genixnode_app'@'203.0.113.10';
FLUSH PRIVILEGES;
EXIT;
  • This structure implements the least privilege principle.

Restricting Access with Firewall (UFW)

  1. Open port 3306 to trusted IP only:

sudo ufw allow from 203.0.113.10 to any port 3306

Check the rules:


sudo ufw status
  • Never use sudo ufw allow 3306.

Testing Remote Connection

  1. Connect from the application server:

mysql -u genixnode_app -h VERITABANI_IP -p
  • If the connection opens, the configuration is correct.
  1. Force user to TLS:

ALTER USER 'genixnode_app'@'203.0.113.10' REQUIRE SSL;
  1. Connect via TLS from the client:

mysql --ssl-mode=REQUIRED -u genixnode_app -h VERITABANI_IP -p
  • This setting prevents data leaks on the network.

Security Hardening Recommendations

  1. Keep root remote access disabled

  2. Avoid user@'%' definitions

  3. Watch the logs: /var/log/mysql/error.log

  4. Change passwords periodically

  5. If you have dynamic IP, choose WireGuard VPN

Frequently Asked Questions (FAQ)

1. Is bind-address = 0.0.0.0 safe? By itself, no. IP restriction with firewall is a must.

2. I get the connection refused error. It is usually caused by UFW or bind-address.

3. Can I connect remotely with root? Not recommended. The security risk is very high.

4. My IP address is constantly changing. Use a VPN. % definition is major security vulnerability.

Result

MySQL remote access is secure and scalable when configured correctly. Bind-address, user rights and firewall should be used together.

You can easily install this structure on GenixNode VDS for a high-performance and secure database infrastructure.