Menu
Opening the default port 3306 to the outside world is something I would like to avoid if possible. We have Nginx running for reverse proxy purposes for other applications. The goal here is to access the MySQL databases with clients such as MySQL Workbench from outside the local network, in a secure way. The MySQL server runs on a Debian (Linux) Virtual Machine.
I configured a server block as described below. Connecting to mysql.domain.com, port 80, with a non-root user in MySQL Workbench results in a failure.
Server block:
server {
server_name mysql.domain.com;
location / {
proxy_pass http://localhost:3306/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Error message:
Failed to Connect to MySQL at mysql.domain.com:80 with user non-root.
Lost connection to MySQL at 'waiting for initial communication packet', system error: 10060
900
asked Sep 01 '25 10:09
The goal here is to access the MySQL databases with clients such as MySQL Workbench from outside the local network
All modern MySQL GUI clients support SSH tunneling. This is the most secure approach to connect and requires zero configuration on the server-side: if you can connect via SSH, then you can connect to MySQL on that host.
In MySQL Workbench, while creating a connection, select "Standard TCP/IP over SSH" as the connection method, then fill out SSH connection details and MySQL connection details. The key point is putting MySQL server as 127.0.0.1 as you typically want to connect to MySQL instance which is running on the machine you SSH into. That's all there is to it.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
