This document introduces the procedure for connecting to the database via the public network address of TencentDB for MySQL, using a CVM instance or any third-party application.
Background
In scenarios where the private network is unavailable, a public network connection can be employed. This requires that the TencentDB instance has enabled public network access. We advise utilizing public network connections exclusively for development purposes or auxiliary database management.
Note:
The capability to enable public network addresses is currently supported for primary instances in regions including Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Virginia, and Frankfurt. For the information about which regions support enabling public network addresses for read-only instances, please see the information in the console.
The CVM and TencentDB for MySQL instances are in the same VPC in the same region under the same Tencent Cloud root account. For details, please refer to Scenario 1.
The private network provides high-speed connectivity and low latency.
No charge currently
Public Network Connection
In scenarios where private network connections are unavailable, you can use public network connections. For details, please see Scenario 2.
Note:
Public network connections may be susceptible to network performance. If you have high network requirements, we recommend using private network connections or CCN Connections.
Third-party application connection services are supported.
The public network address must be manually enabled.
Enabling the public network address will expose your database services to the public network, which may lead to database intrusions or attacks.
Public network connection applies to development or auxiliary management of databases but is not recommended for formal business access scenarios. Because the potentially uncontrollable factors may lead to unavailability of the public network connection, such as DDoS attacks and bursts of high-traffic access.
This connection method applies when the CVM and MySQL are under different VPCs or if the Lighthouse is used for establishing the connection with MySQL. For details, please refer to Scenario 3.
Configure security group and release the private network ports.
Note:
After enabling public network access, the instance is subjected to the rules of the security group network access policies. While configuring security policies, you must release the private network access port 3306. If you are not sure about the private network port number, you can check it on the instance details page in the console. For detailed steps, please refer to Manage TencentDB Security Group.
Connecting to a CDB from a CVM over a Public Network
Step 1: Log in to CVM.
1. Log in to the CVM Console, find the target CVM in the instance list and click Log In in the actions column on the right.
2. In the Login window, choose password login, enter the username and password of the CVM, and click Log In to successfully access. As illustrated below:
3. Upon successful login, the interface appears as illustrated below:
Step 2: Install MySQL Client (If it has been installed on this CVM, skip this step.)
Run the following command to install MySQL client:
yum install mysql
If Complete! is displayed, the MySQL client is installed successfully.
Step 3: Connect to MySQL by using CVM.
1. Run the following command in the CVM to log in to the MySQL database instance.
mysql -h <public IP address> -u <username, default is root> -P <public port number> -p
<public IP address>: Replace it with the public network address of the target MySQL database instance, which can be viewed on the instance details page in the TencentDB for MySQL console. If the public network address is not enabled, please refer to Enabling Public Network Address.
<Username, default is root>: Replace it with the account name of your target MySQL instance. The default account name is 'root'.
<public port number>: Replace it with the public port number of the target MySQL instance, which can be viewed on the instance details page in the TencentDB for MySQL console.
2. Enter the password corresponding to the MySQL instance's account after the prompt Enter password:. If you forgot the password, you can modify it as instructed in Resetting Password..
If mysql> is displayed, it indicates that you have successfully logged in to MySQL.
Connecting to CDB from a Third-party Application Over the Public Network
1. Download MySQL Workbench from the MySQL Workbench official download page and install it.
2. Navigate to the download page and click MySQL Workbench.
3. On the displayed page, under Windows (x86, 64-bit), MSI Installer, click Download.
4. Click No thanks, just start my download.
5. After the installation, start MySQL Workbench. At the right of MySQL Connections, click the plus sign to add the instance to be connected.
6. In the pop-up window, set the following items and click OK.
Parameter
Description
Connection name
Assign a name to this connection.
Connection Method
Connection method, select Standard(TCP/IP).
Hostname
Enter the public network address of the MySQL instance. The public network address can be found on the Instance Details page.
Port
Enter the public network port number of the MySQL Instance. The port number can be found on the Instance Details page.
Username
Enter the username of the MySQL instance to be connected.
Store in Vault...
Enter and save the password for the MySQL instance account you wish to connect.
7. Navigate back to the MySQL Workbench homepage and click the newly created instance information to connect to the MySQL instance.
8. The UI after successful connection is as follows:
FAQs
Do I need to pay for public network connection?
Public network connection is currently free of charge.
Why is it necessary to release the MySQL private port for a public network connection?
When the MySQL instance enables a public network address, Tencent Cloud's backend cluster is used to connect to the database's private network port. The port mapping and forwarding are performed to achieve public network access. Therefore, after enabling the public network address, the MySQL private port needs to be released in the security group to the backend cluster connections.
Can the public network port be modified?
No. Modifications are not supported.
Is the public network connection secure?
Enabling public network access will expose your database services and be invaded or attacked. It is generally advised to use the private network for database connection.Public network connection is primarily used for development or auxiliary database management and is not recommended for formal business access. Because potential uncontrollable factors may render the connection unavailable, including DDoS attacks and unexpected high-volume traffic.
After enabling a public network address, how can I only allow connections to specific IPs and forbid access from all other IPs?
By imposing restrictions on host permissions, you can modify the authorized host addresses for your database account through the TencentDB console, thus limiting database access. For more information, please refer to Modifying Host Addresses with Access Permissions.
Alternatively, you can use a public CLB for traffic forwarding to enable public network access. Access restrictions can be imposed by using security group policies in CLB. For more information, please refer to Enabling Public Network Access Through CLB.
Why can't I enable public network access?
Public network access can be enabled for main instances deployed in Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Virginia, and Frankfurt. For the latest information about the regions where public network access can be enabled for read-only instances, please refer to the console. If your instance is deployed in a region where public network access is not supported, public network access cannot be enabled.
How can I troubleshoot public network connection errors by myself?
Possible causes for failing to connect to a database through a public network address often involve scenarios related to account passwords, ports, security group, networks, and instance issues. The following content provides methods for self-check in various scenarios.
1. After logging into the CVM instance, if you repeatedly fail to log in to the cloud database via command, it's suggested to check if there are any errors in the database login account and password.
In the command line: mysql -h <public IP address> -u <username, default: root> -P <public port number> -p, the account and password used for login must be paired correctly. If you are logging in with a non-root account, you also need to input the password for the corresponding non-root account. The password will not be displayed as you type it in the CVM interface. You must enter it correctly in one go and press the Enter key to confirm. If you forget your password, you can reset your password and try again.
2. Review whether the DFW configuration is correct and whether the IP is restricted.
Configure outbound rules in the CVM DFW. When the outbound rule is not set to 0.0.0.0/0 and the protocol port is not set to ALL in the target configuration of outbound rules, you need to add the external IP and port of MySQL to the outbound rules.
Configure inbound rules in the security group of MySQL. When the source configuration of the inbound rule is not set to 0.0.0.0/0 and the protocol port is not set to ALL in the inbound rules, you need to release the internal port of the MySQL instance in the inbound rules. The default is 3306.
Connecting to the database over the public internet could fail due to various reasons such as unstable network, local network restrictions, or VPCs bound with ACL policies. In this case, switch your local network, remove relevant restrictions, and try again. We recommend using private network to connect to the database for a more reliable and low-latency experience.
4. Check whether there is an instance-related issue.
If the MySQL instance disk is full, it may affect database connectivity. It's recommended to expand the disk capacity. For the procedure, please refer to Adjusting Database Instance Specification.
When the error message "ERROR 1040(00000): Too many connections" is displayed, it indicates that the maximum number of connections for the current CDB instance has been reached. Common causes and solutions are as follows:
i. If there are too many sleep threads, it's advised to decrease the values of the wait_timeout and interactive_timeout parameters via the console. For details, please refer to Setting Instance Parameters.
ii. If there are few sleep threads and no slow query accumulation, it's suggested to increase the value of the max_connections parameter via the console. For details, please refer to Setting Instance Parameters.
Check whether the MySQL instance is in a "master-slave switch state", as connection attempts will fail if the MySQL instance is in the middle of a master-slave switch. After the switch has completed, connect using the command again.
Yes
No
Was this page helpful?