How can I limit the mysql connection to a specific IP?

How can I limit the mysql connection to a specific IP? That is, currently only localhost can connect as a Host but I want it to not be localhost but a specific IP

How about using the Firewall? Allow connections to port 3306 (mysql/mariadb) from a specific IP only.

1 Like

I explain, I want to put a new mysql database in the hestia panel so that a program accesses it with a fixed ip and that only that ip to that database can access, not a web on the local server

So… What I understand you want to do is that programs locally on the Hestia server should:

  1. not be able to connect to a specific database in the DB server (let’s call this database “Secure”) even if they “know” the user/pass for that DP
  2. be able to connect to DB Server and in all other databases, except the “Secure” one

Applications on a different server with different IP address, should be able to connect to the “Secure” DB.

Although this is not at all a Hestia related matter, I’ll try to explain what I think needs to be done in this strange case. Please note that I have not tested the following and in my opinion you should setup this “Secure DB” on a completely different server.

Anyhow, try doing these:

  • Go in Hestia UI and create the “Secure” DB
  • Go to phpmyadmin and login as a MySQL Super User (try root with the password you’ll find in /root/.my.cnf). By all means use an https connection when connecting to phpmyadmin
  • Find the user account that connects to the “Secure” DB (it will probably have the same name as the DB) and click Edit privileges, then Login information
  • Change the Hostname from Any host to Use text field and input the IP address of the other server that will be connecting and click Go. You may also need to remove the second (same) user who is able to connect from localhost.
  • Edit /etc/mysql/mariadb.conf.d/50-server.cnf or /etc/mysql/mysql.conf.d/mysqld.cnf and change to bind-address = 0.0.0.0
  • Go in Hestia UI > Firewall > New rule to allow connection to MySQL from the other IP address
  • Restart Mysql

I’d like to warn you once more, that if you don’t feel comfortable with your Linux sysadmin skills, it would be best not to try any of these.

1 Like

ohh thanks, it worked!
I have protected with the firewall a single ip and localhost and the ip can connect, thanks!