Connecting to MySQL

Aptible Deploy MySQL Databases require authentication and SSL to connect.

Connecting with SSL

πŸ“˜

Note

If you get the following error, you're probably not connecting over SSL:

ERROR 1045 (28000): Access denied for user 'aptible'@'ip-[IP_ADDRESS].ec2.internal' (using password: YES)

Some tools may require additional configuration to connect with SSL to MySQL:

  • When connecting via the mysql command line client, add this option: --ssl-cipher=DHE-RSA-AES256-SHA.
  • When connecting via JetBrains DataGrip (through aptible db:tunnel), you'll need to set useSSL to true and verifyServerCertificate to false in the Advanced settings tab for the data source.

Most MySQL clients will not attempt verification of the server certificate by default, please consult your client's documentation to enable verify-identity, or your client's equivalent option. The relevant documentation for the MySQL command line utility is here.

By default, MySQL Databases on Aptible Deploy use a server certificate signed by Aptible for SSL / TLS termination. Databases that have been running since prior to Jan 15th, 2021 will only have a self-signed certificate. See Database Encryption in Transit for more details.

Connecting without SSL

❗

️ Warning

Never transmit sensitive or regulated information without SSL. Connecting without SSL should only be done for troubleshooting or debugging.

For debugging purposes, you can connect to MySQL without SSL using the aptible-nossl user. As the name implies, this user does not require SSL to connect.

Connecting as root

If needed, you can connect as root to your MySQL database. The password for root is the same as that of the aptible user.

Creating More Databases

Aptible Deploy provides you with full access to a MySQL instance. If you'd like to add more databases, you can do so by Connecting as root, then using SQL to create the database:

/* Substitute NAME for the actual name you'd like to use */
CREATE DATABASE NAME;
GRANT ALL ON NAME.* to 'aptible'@'%';

Replication

Source-replica replication is available for MySQL. Replicas can be created using the aptible db:replicate command.

Data Integrity and Durability

On Aptible Deploy, binary logging is enabled (i.e. MySQL is configured with sync-binlog = 1). Committed transactions are therefore guaranteed to be written to disk.

Configuration

We very strongly recommend against relying only on SET GLOBAL with Aptible Deploy MySQL Databases.

Indeed, any configuration parameters added using SET GLOBAL will be discarded if your Database is restarted (e.g. as a result of exceeding Memory Limits, the underlying hardware crashing, or simply as a result of a Database Scaling operation). In this scenario, unless your app automatically detects this condition and uses SET GLOBAL again, your custom configuration will no longer be present.

However, our support team is happy to accommodate reasonable configuration changes so that they can be persisted across restarts (by adding them to a configuration file). So, if you're contemplating using SET GLOBAL, please get in touch with Aptible Support to apply the setting persistently, as well.

MySQL Databases on Aptible Deploy autotune their buffer pool and chunk size based on the size of their container in order to improve performance. See the image's public git repo for details.

Connection Security

Aptible Deploy MySQL Databases support connections via the following protocols:

  • For MySQL versions 5.6, 5.7, and 8.0: TLSv1.0, TLSv1.1, TLSv1.2

Did this page help you?