tencent cloud

Feedback

Public Network Connection

Last updated: 2024-06-20 10:50:03
    This document delineates the procedure for connecting to the database via the public network address of TencentDB for MySQL, using a CVM instance or any third-party application.

    Background

    In scenarios where the private network is inaccessible, a public network connection can be employed, provided that the TencentDB instance has enabled public network access. We advise utilizing public network connections exclusively for development purposes or auxiliary database management.
    Note:
    The capability to enable public network addresses is currently supported for primary instances in regions including Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Virginia, and Frankfurt. For the most up-to-date information about which regions support enabling public network addresses for read-only instances, please refer to the console.
    To enhance the security and reliability of the public network link for databases, starting from May 2024, TencentDB for MySQL will use CLB as its underlying architecture for public networks. Once the public network is enabled, a new CLB instance will be added to your resources (this CLB instance is automatically created due to the activation of the public network address and you can Try for free). When the public network address is disabled, this CLB instance will be automatically deleted. You can also configure monitoring and alerting items for this CLB instance. For more information, please see Enable Public Network Connection Address.
    Connection Methods
    Application Scenario
    Description
    Billing Status
    The CVM and TencentDB for MySQL instances are in the same VPC in the same region under the same Tencent Cloud root account. For specifics, please refer to Scenario 1.
    The private network provides high-speed connectivity and low latency.
    No charge at the present time.
    Public Network Connection
    In scenarios where private network connections are unavailable, you can use public network connections. For more details, please see Scenario 2.
    Note:
    Public network connections may be susceptible to network issues. If you have high network requirements, we recommend using private network connections or CCN Connections.
    
    
    Third-party application connection services are supported.
    The public network address must be manually enabled.
    Enabling the public network address will expose your database services to the public network, which may lead to database intrusions or attacks.
    Public network connection to TencentDB is suitable for development or auxiliary management of databases but not recommended for business access in the production environment, owing to potentially uncontrollable factors that may lead to unavailability of the public network connection, such as DDoS attacks and bursts of high-traffic access.
    No charge at the present time.
    In the instance where the CVM and MySQL are located in different VPCs or if the LIGHTHOUSE is used for establishing the connection with MySQL, please refer to Scenario 3 for more specific details.
    Public and private network interconnection.
    Low latency, high-speed transmission.

    Preparations

    Ensure that the MySQL instance is well-prepared. For detailed guidance, please refer to Creating MySQL Instance.
    Ensure that the CVM is ready. For further instructions, refer to Customizing Configuration of Linux CVM.
    Enable public access for the MySQL instance.
    
    DFW Settings: Open the private network ports.
    
    Note:
    After enabling public network access, the instance is subjected to the rules of the DFW network access policies. While configuring security policies, you must open the private network access port 3306. If unsure about the private network port number, you can check it on the instance details page in the console. For detailed steps, please refer to Manage TencentDB DFW.

    Operation Guide

    Connecting to a CDB from a CVM over a Public Network

    Step 1: Log in to CVM

    1. Log in to the CVM Console, find the target CVM in the instance list and click Log In in the actions column on the right.
    
    2. In the Login window, choose password login, enter the username and password of the CVM, and click Log In to successfully access. As illustrated below:
    
    3. Upon successful login, the interface appears as illustrated below:
    

    Step 2: Install MySQL Client (Skip step if previously installed on this CVM)

    Run the following command to install MySQL Client:
    yum install mysql
    If Complete! is displayed, the MySQL client is installed successfully.

    Step 3: Connect to TencentDB using CVM

    1. Execute the following command in the CVM to log in to the MySQL database instance.
    mysql -h <public IP address> -u <username, default is root> -P <public port number> -p
    <public IP address>: Replace it with the public network address of the target MySQL database instance, which can be viewed on the instance details page in the MySQL console. If the public network address is not enabled, please refer to Enabling Public Network Address.
    
    <Username, default is root>: Replace with the account name of your target MySQL database instance. The default account name is 'root'.
    
    <public port number>: Replace it with the public port number of the target MySQL database instance, which can be viewed on the instance details page in the MySQL console.
    
    2. Enter the password corresponding to the MySQL instance's account after the prompt Enter password:. If you forgot the password, you can modify it as per Resetting Password.
    If mysql> is displayed, it signifies a successful login to MySQL.
    

    Connecting to CDB from a Third-party Application Over the Public Network

    1. Download MySQL Workbench from the MySQL Workbench official download page and install it.
    2. Navigate to the download page and select MySQL Workbench.
    3. Once redirected, under Windows (x86, 64-bit), MSI Installer, click Download.
    4. Click No thanks, just start my download.
    5. Upon finishing the installation, open MySQL Workbench. In the MySQL Connections section, click the plus sign to add the instance to be connected.
    
    
    6. In the pop-up window, configure the following items and click OK.
    
    
    Parameter
    Description
    Connection name
    Assign a name to this connection.
    Connection Method
    Connection method, select Standard(TCP/IP).
    Hostname
    Enter the public network address of the CDB instance. The public network address can be found on the instance detail page.
    Port
    Enter the public network port number of the CDB Instance. The port number can be found on the Instance Details page.
    Username
    Enter the username of the MySQL instance to be connected.
    Store in Vault...
    Enter and save the password for the MySQL instance you wish to connect.
    7. Navigate back to the MySQL Workbench homepage and select the newly created instance information to establish a connection to the MySQL instance.
    
    
    8. The UI after successful connection is as follows:
    
    

    FAQs

    Does it cost to connect to the public network?

    Connection to the public network is currently available free of charge.

    Why is it necessary to open the MySQL private port for a public network connection?

    When the TencentDB instance enables a public network address, it is accessed via Tencent Cloud's backend cluster that connects to the database's private network port. This connection requires port mapping and forwarding to facilitate public network access. Therefore, after enabling the public network address, the MySQL private port needs to be opened in the DFW for backend cluster connections.

    Is it possible to change the public network port?

    Modifications are not supported.

    How secure is the public network connection?

    Enabling public network access will expose your database services to the open internet, which may pave the way for database intrusions or attacks. It is generally advised to use the private network for database connection. Public network connection to TencentDB is primarily used for development or auxiliary database management and is not recommended for mainstream business access, as potential uncontrollable factors may render the connection unavailable, including DDoS attacks and unexpected high-volume traffic.

    After enabling a public network address, how can I limit connections to specific IPs and restrict access from all other IPs?

    By imposing restrictions on host permissions, you can modify the authorized host addresses for your database account through the TencentDB console, thus limiting database access. For more information, please refer to Modifying Host Addresses with Access Permissions.
    Alternatively, you might consider using a public CLB for traffic forwarding to enable public network access. Access restrictions can be imposed by using DFW policies in CLB. For more information, please refer to Enabling Public Network Access Through CLB.

    Why am I unable to enable public network access?

    Public network access can be enabled for main instances deployed in Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Virginia, and Frankfurt. For the latest information about the regions where public network access can be enabled for read-only instances, please refer to the console. If your instance is deployed in a region where public network access is not supported, public network access cannot be enabled.
    

    How can I troubleshoot public network connectivity errors by myself?

    Possible causes for failing to connect to a database through a public network address often involve scenarios related to account passwords, ports, DFW, networks, and instance issues. The following content provides methods for self-diagnostics in various scenarios.
    1. After logging into the CVM instance, if you repeatedly fail to log in to the cloud database via command, it's suggested to check if there are any errors in the database login account and password.
    In the command line: mysql -h <public IP address> -u <username, default: root> -P <public port number> -p, the account and password used for login must correspond correctly. If you are logging in with a non-root account, you also need to input the password for the corresponding non-root account. The password will not be displayed as you type it in the CVM interface. You must enter it correctly in one go and press the enter key. If you forget your password, you can reset your password and try again.
    2. Review whether the DFW configuration is reasonable and whether the IP is restricted.
    Configure outbound rules in the CVM DFW. When the outbound rule is not set to 0.0.0.0/0 and the protocol port is not set to ALL in the target configuration of outbound rules, you need to add the external IP and port of MySQL to the outbound rules.
    Configure inbound rules in the DFW of MySQL. When the source configuration of the inbound rule is not set to 0.0.0.0/0 and the protocol port is not set to ALL in the inbound rules, you need to open the internal port of the MySQL instance in the inbound rules. The default is 3306.
    For instructions, please see the DFW Configuration Problem Resolution.
    3. Evaluate if the issue is network-related.
    Connecting to the database over the public internet could fail due to various reasons such as unstable network, local network restrictions, or VPCs bound with ACL policies. In this case, switch your local network, remove relevant restrictions, and try again. We recommend using private network to connect to the database for a more reliable and low-latency experience.
    4. Examine whether there is an instance-related issue.
    If the MySQL instance disk is full, it may affect database connectivity. It's recommended to scale the disk capacity. Refer to Adjusting Database Instance Specification for the procedure.
    When the error message "ERROR 1040(00000): Too many connections" appears, this indicates that the maximum number of connections for the current Cloud database instance has been exceeded. Common causes and solutions include: i. If there are too many sleep threads, it's advised to decrease the values of the wait_timeout and interactive_timeout parameters via the console. Refer to Setting Instance Parameters for this action. ii. If there are few sleep threads and no slow query accumulation, it's suggested to increase the max_connections parameter value via the console. Refer to Setting Instance Parameters for this action.
    Verify if the MySQL instance is in a "master-slave switch state", as connection attempts can fail if the MySQL instance is in the middle of a master-slave switch. After the switch has completed, resume connection attempts using the command.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support