I have a server running Apache and MySQL. Connections to MySQL work fine when using localhost in the connection settings.
Now I'd like to force our developers to use a FQDN instead of localhost. This is because we're planning to move the MySQL servers from the application servers to a MySQL cluster. Then we can transparantly move things without the developers having to modify connection settings.
So I created a CNAME DNS record mysql.company.com pointing to the server that is running MySQL. Later on we can point this to the MySQL cluster.
I opened port 3306 on the server, allowed the MySQL users to connect from any host (%) and added the bind-address = mysql.company.com setting to the my.cnf (I also tried with the actual IP of the server, didn't work either). Also omitting the bind-address setting didn't work.
From the server mysql --host=mysql.company.com --user=root --password works fine.
When testing with a simple PHP script (see below) that's running on the same server, I always get a Permission denied error for the FQDN as server name. Using localhost as the server name works fine.
<?php
$servername = "mysql.company.com";
//$servername = "localhost";
$username = "tester";
$password = "my_awesome_pass";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
What am I doing wrong to achieve what I need? And how can I disable MySQL connections to localhost (maybe with the firewall?).
Best Answer
As always, a few minutes after posting a question, I found the answer myself. The issue was SELinux. It was set on enforced; permissive made it work instantly. Now I'll have to figure out a way to make it work with the enforced mode.
The following appeared in the audit.log: