1.MySql-Server 出于安全方面考虑只允许本机(localhost, 127.0.0.1)来连接访问.
这对于 Web-Server 与 MySql-Server 都在同一台服务器上的网站架构来说是没有问题的. 但随着网站流量的增加,
后期服务器架构可能会将 Web-Server 与 MySql-Server 分别放在独立的服务器上, 以便得到更大性能的提升, 此时
MySql-Server 就要修改成允许 Web-Server 进行远程连接.
我们可以按照下面的步骤修改:
1, 登录 Mysql-Server 连接本地 mysql (默认只允许本地连接) :
[root@stonex ~]# mysql -u root
-p
2, 修改 Mysql-Server 用户配置
mysql> USE mysql; -- 切换到 mysql
DB
Database changed
mysql> SELECT User, Password, Host FROM
user; -- 查看现有用户,密码及允许连接的主机
+------+----------+-----------+
| User | Password | Host
|
+------+----------+-----------+
| root |
| localhost
|
+------+----------+-----------+
1 row in set (0.00 sec)
mysql> -- 只有一个默认的 root 用户, 密码为空, 只允许
localhost 连接
12
mysql> -- 下面我们另外添加一个新的 root 用户, 密码为空, 只允许
192.168.1.100 连接
mysql> GRANT ALL PRIVILEGES ON *.* TO
'root'@'%' IDENTIFIED BY '密码' WITH GRANT OPTION;
mysql> --
@'192.168.1.100'可以替换为@‘%’就可任意ip访问,当然我们也可以直接用 UPDATE 更新 root 用户
Host, 但不推荐, SQL如下:
mysql> -- UPDATE user SET
Host='192.168.1.100' WHERE User='root' AND Host='localhost' LIMIT
1;
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
复制代码
修改root密码
mysql> use mysql
Database changed
mysql> update user set
password=PASSWORD('123456') where user='root';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 1 Changed: 0
Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
如果远程连接,提示:1045 access denied for user root ‘ip地址’
(using password:
YES)
是因为Centos 7 防火墙没有开启3306端口
防火墙开放3306端口
1、打开防火墙配置文件
vi /etc/sysconfig/iptables
2、增加下面一行
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306
-j ACCEPT
3、重启防火墙
service iptables restart
注意:增加的开放3306端口的语句一定要在icmp-host-prohibited之前
附:个人配置
# Firewall configuration written by
system-config-firewall
# Manual customization of this file is not
recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306
-j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j
ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with
icmp-host-prohibited
-A FORWARD -j REJECT --reject-with
icmp-host-prohibited
COMMIT
如果远程连接,提示:3118 access denied for user root
account is locked.
此时就需要使用ALTER USER … ACCOUNT UNLOCK语句进行解锁了:
mysql>ALTER USER '用户名'@'%' ACCOUNT
UNLOCK;
Query OK, 0 rows affected (0.00 sec)