0

I'm hosting mysql server on a Digital Ocean droplet, and I am trying to figure out how to grant a Spring Boot web application access to the droplet, so that it can connect to the database. I configured the droplet so that it can only be reached via an ssh tunnel (i.e.: I disabled password authentication), but the database server itself can be connected with a username and password.

I know how to connect to the database using Connector/J, configuring datasources, and so forth. However, the extra security layer of Digital Ocean is new to me, and I'm not sure how to approach this problem.

EDIT: When I run the application and try to hit an endpoint, I get the following error:

The error occurred while executing a query
### Cause: org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is java.sql.SQLException: null,  message from server: "Host '<my network hostname>' is not allowed to connect to this MySQL server"] with root cause
Aluthren
  • 416
  • 6
  • 18
  • Is mysql binding to the public droplet IP or just 127.0.0.1? – rodrigoap Jul 28 '18 at 00:05
  • Where is the Spring Boot web application hosted? In your local machine? Another droplet? – rodrigoap Jul 28 '18 at 00:10
  • The Spring Boot web app is currently hosted on a local machine. – Aluthren Jul 28 '18 at 11:21
  • How would I verify which IP the mysql server is bound to? – Aluthren Jul 28 '18 at 11:22
  • mysql is binding to 127.0.0.1 (I figured out how to get the ip address of the server's hostname) – Aluthren Jul 28 '18 at 11:30
  • For the sake of completeness, I found a good explanation of the purpose of binding an IP address in a mysql server here (for anyone who might not already know what it's for [like me, just a couple of minutes ago]): https://stackoverflow.com/questions/3552680/bind-address-and-mysql-server – Aluthren Jul 28 '18 at 11:48

1 Answers1

0

So, I was mistaken in thinking that the authentication issue was with the Digital Ocean droplet. As the error message (see question above) indicates, the Spring Boot application was able to get to the remote mysql server, and the authentication issue occurred there. It turns out that the mysql user I was attempting to connect with could only be used on localhost.

So, I created a new mysql user and tied it to my local machine's public IP address, and that solved the issue. For details on how to accomplish this, please read the following answer:

Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server

Aluthren
  • 416
  • 6
  • 18
  • 1
    Please note that binding to a public IP is not a good idea in general. Be sure to configure all the security constraints available (user/pass, firewall, etc) – rodrigoap Jul 28 '18 at 12:54
  • What would be a more secure alternative? – Aluthren Jul 28 '18 at 15:22
  • 1
    Set up a firewall that blocks everything except connections from your app server IP to the mysql server on that specific port. – rodrigoap Jul 28 '18 at 15:29
  • So I would still need to have a mysql user tied to the server IP (as I have already done), and follow that up with the firewall configuration that you described. Is that correct? – Aluthren Jul 28 '18 at 15:44
  • 1
    Right, so the firewall will block all unknown IPs and mysql will add another layer of security with user/IP grants. – rodrigoap Jul 28 '18 at 16:35