tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for MySQL
    Documentation
    Download PDF

    Private Network Connection

    Last updated: 2023-12-27 10:04:25
    Download PDF
      This document provides a detailed guide on how to connect to a database using a CVM instance through the MySQL's private network address.

      Background

      When a CVM instance and MySQL instance belong to the same Tencent Cloud root account, reside in the same region, and are in the same VPC, we suggest establishing the database connection via the private network. The low network latency of the private network ensures a more stable and secure connection environment.
      Connection Methods
      Application Scenarios
      Description
      Billing
      Private Network Connection
      The CVM and TencentDB for MySQL instances are in the same VPC in the same region under the same Tencent Cloud root account. For details, please refer to Scenario 1.
      The private network provides high-speed connectivity and low latency.
      No charge currently
      In scenarios where private network connections are unavailable, you can use public network connections. For details, please see Scenario 2.
      Note:
      Public network connections may be susceptible to network performance. If you have high network requirements, we recommend using private network connections or CCN Connections.
      
      
      Third-party application connection services are supported.
      The public network address must be manually enabled.
      Enabling the public network address will expose your database services to the public network, which may lead to database intrusions or attacks.
      Public network connection applies to development or auxiliary management of databases but is not recommended for formal business access scenarios. Because the potentially uncontrollable factors may lead to unavailability of the public network connection, such as DDoS attacks and bursts of high-traffic access.
      No charge currently
      This connection method applies when the CVM and MySQL are under different VPCs or if the Lighthouse is used for establishing the connection with MySQL. For details, please refer to Scenario 3.
      Whole network is interconnected.
      Provides low latency and high-speed transmission.

      Preparations

      Ensure that the MySQL instance is well-prepared. For detailed guidance, please refer to Creating MySQL Instance.
      Ensure that the CVM is ready. For further instructions, refer to Customizing Configuration of Linux CVM.
      Note:
      When making preparations, please pay attention to the following aspects:
      You need to authorize specific IPs or IP ranges to access the MySQL instance. This can be done via the TencentDB for MySQL console. For more information on this, see Modifying Host Addresses with Access Permissions.
      
      If you choose to use the root account to connect to MySQL, it's recommended to set the password directly when purchasing the MySQL instance. However, if you replicate existing configurations through the purchase page or create instances with identical configurations via the instance list, please ensure that you have reset the root password in the console Reset Password. Otherwise, an error will occur when attempting to log in with a root account that has no password set.
      
      You must configure the inbound and outbound rules for the CVM and MySQL instances in order to limit authorized IPs for accessing the MySQL instance. For details, see TencentDB Security Group Management. The security group must release the internal port of the MySQL instance, which can be done by logging in to the TencentDB for MySQL console and clicking on the instance ID to review its port details. Remember the internal address; it will be used for future database connections.
      MySQL Inbound Security Group Rules
      
      CVM Outbound Security Group Rules:
      
      The CVM and MySQL instances are on the same VPC. To modify the network settings of the MySQL instance, see Switching Network.
      The VPC of the CVM can be checked under Instance Details > Basic Info > Network Info:
      
      The VPC of the MySQL can be checked under Instance Details > Instance Info > Network:
      

      Operation Guide

      Step 1: Log in to CVM.

      1. Log in to the CVM Console, find the target CVM in the instance list and click Log In in the actions column on the right.
      
      2. In the Login window, choose password login, enter the username and password of the CVM, and click Log In to successfully access. As illustrated below:
      
      3. Upon successful login, the interface appears as illustrated below:
      

      Step 2: Install MySQL client. (If it's already been installed on this CVM, you can skip this step.)

      Run the following command to install MySQL client:
      yum install mysql
      If Complete! is displayed, the MySQL client is installed successfully.

      Step 3: Connect to MySQL by using CVM.

      1. Run the following command in the CVM to log in to the MySQL database instance.
      mysql -h <internal IP address> -u <username, default is root> -P <port number, default is 3306> -p
      <Private network IP address>: Replace it with the private network address of your target MySQL instance, which can be viewed on the instance details page in the TencentDB for MySQL console.
      
      <Username, default is root>: Replace it with the account name of your target MySQL instance. The default account name is 'root'.
      
      <Private network port number>: Replace it with the private network port number of the target MySQL database instance. The default is 3306. If the port number has been changed, the new port number can be viewed on the instance details page in the TencentDB for MySQL console.
      
      2. After being prompted with Enter password:, input the password corresponding to the MySQL instance's account. If you have forgotten your password, please refer to Resetting Password to make changes. If mysql> is displayed, it means you have successfully logged into MySQL.
      

      FAQs

      Are there any charges for private network connection?

      Private network connections are currently free of charge.

      Can the private network port be modified?

      Yes, it can be modified. You can log in to the TencentDB for MySQL console, navigate to the details page of the target instance, and click the edit icon following the private network address to make changes.
      

      How can I check private network connection errors?

      The potential causes for the failure to connect to a database via a private network address could be typically related to the type of CVM, account password, port, DFW, the network, and instance issues. The following provides self-check methods in various scenarios. For more self-check procedures, please refer to Private Network Connection Failure.
      1. Check whether the server you are using is a CVM.
      For private network connections, the server in use needs to be a Tencent CVM. If you are using a Lighthouse Server or another non-Tencent server, connecting through a private network address is not currently supported. You can refer to Customizing a Linux CVM to recreate a CVM and then connect to the database using the private network address.
      2. After logging into the CVM instance, if you repeatedly fail to log in to the cloud database via command, it's suggested to check if there are any errors in the database login account and password.
      When entering the command: mysql -h <private IP address> -u <username, default is root> -P <port number, default is 3306> -p, the account username and password used for login must be paired correctly. If you are using a non-root account to log in, you need to enter the password of the corresponding non-root account. The password will not be displayed as you input it on the CVM interface; it needs to be entered correctly in one go and confirmed with the Enter key. If you have forgotten the password, you can reset the password and then try again.
      3. Review whether the DFW configuration is correct and whether the IP is restricted.
      Configure outbound rules in the CVM DFW. When the target configuration of the outbound rule is not set to 0.0.0.0/0 and the protocol port is not set to ALL, the private IP and port of TencentDB for MySQL needs to be added to the outbound rule.
      Configure inbound rules in the MySQL security group.When the source configuration of the inbound rule is not 0.0.0.0/0 and the protocol port is not All, the IP and port of CVM need to be added to the inbound rule.
      For instructions, please see the Security Group Configuration Problem Resolution.
      4. Evaluate if the issue is network-related.
      The CVM and MySQL must be in the same region and VPC network. Go to the CVM Console and TencentDB for MySQL console to verify. If they are not in the same VPC network, use Switch Networks to change the network of the MySQL instance to be the same as the CVM. If the CVM and MySQL are confirmed to be in the same region and VPC network and there are still reported network errors, please check whether there are restrictions on your local network.
      5. Check whether there is an instance-related issue.
      If the MySQL instance disk is full, it may affect database connectivity. It's recommended to expand the disk capacity. For the procedure, please refer to Adjusting Database Instance Specification.
      When the error message "ERROR 1040(00000): Too many connections" is displayed, it indicates that the maximum number of connections for the current CDB instance has been reached. Common causes and solutions are as follows: i. If there are too many sleep threads, it's advised to decrease the values of the wait_timeout and interactive_timeout parameters via the console. For details, please refer to Setting Instance Parameters. ii. If there are few sleep threads and no slow query accumulation, it's suggested to increase the value of the max_connections parameter via the console. For details, please refer to Setting Instance Parameters.
      Check whether the MySQL instance is in a "master-slave switch state", as connection attempts will fail if the MySQL instance is in the middle of a master-slave switch. After the switch has completed, connect using the command again.
      
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy