2

Since 2 hours I've got the problem that my MySQL container doesnt' allow connections from my laravel application (order). Every time I try to connect I get the following message (from laravel logs):

[2019-08-08 15:20:18] production.ERROR: SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.21.0.3' (using password: YES) {"exception":"[object] (Doctrine\DBAL\Driver\PDOException(code: 1045): SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.21.0.3' (using password: YES) at /var/www/laravel/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:31, PDOException(code: 1045): SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.21.0.3' (using password: YES) at /var/www/laravel/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:27)

I've changed nothing in the configs or the DB. I just restarted all container with 'docker-compose restart'.

Here's my docker-compose file:

version: "2"

services:

  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: always
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy_le
    volumes_from:
      - nginx-proxy
    volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - webgateway

  order:
    container_name: order
    image: e-order:latest
    restart: always
    volumes:
      - /var/e-order/storage:/var/www/laravel/storage/app
      - /var/e-order/logs:/var/www/laravel/storage/logs
    networks:
      - webgateway
      - order_net
    environment:
      - VIRTUAL_HOST={URL}
      - LETSENCRYPT_HOST={URL}
      - LETSENCRYPT_EMAIL={MAIL}
      - DB_HOST=order-db
      - DB_USERNAME=root
      - DB_PASSWORD={ROOT_PW}
      - DB_DATABASE=e-order
      - PHP_MEM_LIMIT=2048
    env_file:
      - /var/e-order/config/production.env

  order-db:
    image: mysql
    container_name: order-db
    restart: always
    volumes:
      - /var/e-order/database:/var/lib/mysql
    networks:
      - order_net
    environment:
      - MYSQL_DATABASE=e-order
      - MYSQL_USER={USER}
      - MYSQL_PASSWORD={PW}
      - MYSQL_ROOT_PASSWORD={ROOT_PW}

networks:
  webgateway:
  order_net:

volumes:
  conf:
  vhost:
  html:
  dhparam:
  certs:

An my production config file (linked with 'env_file'):

APP_NAME=e-order
APP_ENV=production
APP_DEBUG=false
APP_URL={URL}

MIX_ENV_MODE=production

DB_CONNECTION=mysql

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=database
SESSION_DRIVER=database
SESSION_LIFETIME=120

TELESCOPE_HARDCORE=true

I've checked the configuration in the application the password which will be used to create the connection is correct and exactly as in the docker-compose file stated.

I'm able to connect directly on the mysql container when I connect to it with 'docker container exec -it order-db bash' and use the comment 'mysql -u root -p' and enter the root password as in the docker-compose file stated.

The host for the root user is set correctly. This is the way I've already checked that:

mysql> select user, host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| root             | %         |
| mysql.infoschema | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+
7 rows in set (0.00 sec)

Privileges are also correct (I mean its the root use).

I've also checked the ip addresses. The appliaction was '172.21.0.3' and the db was '172.21.0.2' so they are in the same subnet the connection should be possible in my opinion.

Is there something locked in the mysql config? Or why isn't it working after just a quick restart.

thmspl
  • 2,437
  • 3
  • 22
  • 48
  • 1
    The network approach in the container is a bit complicated. Better see this https://stackoverflow.com/questions/35429920/access-to-mysql-container-from-other-container . you can use --link and should work out of the box. – Morpheus_ro Aug 08 '19 at 13:44
  • @Morpheus_ro Thank you for your answer. I've added 'links' to the 'order' container and linked the 'order-db' container but it's still not working. – thmspl Aug 08 '19 at 13:49
  • 1
    I do not see anything obviously wrong. Maybe post the code you are suing to connect in laravel ? If it help in my node app, I use this to connect to mysql var pool = mysql.createPool({ connectionLimit : 10, host: 'nodemysql', port: '3306', user: 'root', password: 'XXXXX', database: 'testDB' }); where nodemysql is the name of my db service in my docker-compose file (order-db in your case). Also I did not explicitly define networks in my docker-compose file since docker takes care of automatically link all the services in the same network. Hope it helps. – camba1 Aug 08 '19 at 13:50
  • @camba1 I'm using the normal connection process of the laravel eloquent orm. All variables for laravel are set correctly and this should work. I'm doing it like this on another project which is also laravel and on docker. – thmspl Aug 08 '19 at 13:59
  • @camba1 Ok now I've added a little script to check the connection. Thats the script: "mysqli_connect('order-db', 'root', {PW}, 'e-order');" but I still get the same error (Access denied for use 'root'.....). – thmspl Aug 08 '19 at 14:08
  • maybe this will help -> https://www.youtube.com/watch?v=w_aVnMmrASE – Morpheus_ro Aug 08 '19 at 20:52

1 Answers1

0

I've downgraded the mysql version from 8.0 to 5.7 and now it's working like a charm. Not sure why but I'm in contact with the guy's from mysql to find a reason/solution.

Edit 18.05.2020:

A little edit after some time. I'm using the Maria DB Image since then and never had such problems.

thmspl
  • 2,437
  • 3
  • 22
  • 48
  • Maybe it was the authentication plugin. As I recall, since MySQL 8.0 it changed to 'caching_sha2_password'. I guess your client was not able to authenticate with the new plugin. – Bojan Hrnkas Mar 16 '22 at 14:42