How to allow/add static IP in Database?

September 19, 2024

To allow or add a static IP address to access your database, you need to configure the database server to accept connections from that IP address. This is often necessary when you’re allowing external access to your database from a specific IP (e.g., for remote administration or third-party applications). Below are the steps to allow a static IP to access a MySQL or MariaDB database via DirectAdmin.

Steps to Allow/Add a Static IP to Access a Database in DirectAdmin:

1. Log in to DirectAdmin

• Open your web browser and log in to your DirectAdmin control panel using your Admin/Reseller/User credentials.

2. Navigate to MySQL Management

• After logging in, go to the User Level section (you can also do this at the Reseller or Admin Level, depending on your access).
• Under Your Account, click on MySQL Management. This section allows you to manage databases, users, and access permissions.

3. Select the Database

• From the MySQL Management interface, you will see a list of databases associated with your account.
• Click the database name for which you want to allow access from a static IP.

4. Manage Database Users

• Under the database management screen, you’ll see a list of users who have access to the selected database.
• Find the User account for which you want to allow external access, or create a new user if needed by clicking Create New Database User.

5. Add/Allow Access for the Static IP

• By default, MySQL restricts database access to localhost or the server’s internal IP.
• To allow access from a specific static IP address:
  1. Click on the User you want to edit or, if adding a new user, fill in the username and password.
  2. In the Host field, replace localhost with the static IP address that you want to allow access from.
  3. Alternatively, you can set it to % (wildcard) to allow access from any IP address, but this is not recommended for security reasons.
  4. If you need to allow multiple static IPs, create separate entries for each IP.

6. Save Changes

• Once you’ve updated the host for the database user, click Save or Update to apply the changes.

7. Adjust Firewall Settings

• If your database is hosted on a server behind a firewall, ensure that the server’s firewall allows traffic from the static IP on the MySQL/MariaDB port (usually port 3306).
• This can typically be done through your server’s firewall settings, either in DirectAdmin or via SSH by configuring tools like CSF (ConfigServer Security & Firewall).
• To allow an IP in CSF (for example), you can run:bashCopy codecsf -a <static_IP>
• Ensure that MySQL is listening on all interfaces by checking the bind-address setting in your MySQL configuration file (my.cnf). This is usually found in /etc/mysql/my.cnf or /etc/my.cnf.

8. Test the Connection

• After allowing the IP, test the database connection using a database client such as MySQL Workbench, phpMyAdmin, or a command-line MySQL client.
• Use the following connection details:
  • Host: The IP or domain of the server where the database is hosted.
  • Port: 3306 (unless it’s configured to use a different port).
  • Username: The database user you created or modified.
  • Password: The password for the database user.
  • Database Name: The name of the database you’re trying to access.

9. Secure Your Database Connection (Optional but Recommended)

• If you’re allowing external connections, it’s essential to secure the connection using SSL/TLS to prevent data from being transmitted in plain text.
• Set up SSL certificates on your MySQL server and ensure that clients connecting remotely are required to use SSL.

Additional Tips:

• Restrict Access: Only allow the specific static IP(s) that need access and avoid using % to allow connections from any IP for security reasons.
• Monitor Database Logs: Regularly monitor the database logs to identify any suspicious activity or failed login attempts.
• Keep MySQL Up to Date: Ensure that your database server is regularly updated with security patches to prevent potential vulnerabilities.

By following these steps, you can allow a static IP to access your database securely in DirectAdmin, ensuring that only authorized connections are allowed.