MariaDB remote connection

[nixblick]

Hello,

I have 2 CentOS 8 systems:

System 1: httpd, php, php-mysqlnd and mysql

System 2: running mariadb with multiple databases

now i can run successfully on system1:

Code: Select all

mysql -h server2 -u wikiuser -p

it asks for the password and i am on server 2 in the database. great.

if i try the "same" now when installing a wiki via the browser, specifying server 2, database name, user, password - then i get an error:

Cannot access the database: :real_connect(): (HY000/2002): Permission denied.

I don't understand this, because it works on the console. The user has all the rights he needs. But something is different when installing the wiki through the browser. But what?

Thanks for helping!!

[TrevorH]

SELinux is set up by default to deny access to databases from a web server. You have to tell it that this is something you want to allow before it will let you do it. The idea is to stop a hacker from breaking in via some insecure web app and then using that as a bounce point to access your internal databases systems stuffed full of sensitive information. It's controlled by an selinux boolean and those can be toggled from on to off.

Run getsebool -a | grep http to see the full list of booleans that affect the things that a web server can do. The one you are interested in is httpd_can_network_connect_db and you need to use setsebool -P httpd_can_network_connect_db 1 to turn it on and allow the access. The -P flag means 'persist over reboot' and without it, it will reset next reboot.

[nixblick]

Thank you very much! I had seen the reference to selinux, but had only run it on one of the two servers. But I had to activate it on both. That was the error. Solved!

[TrevorH]

It's only required on the one that runs the web server.