I have an issue with a java BasicDataSource connection pool.
My ProxySql is correctly configured on all my DataProc Compute engine, if I try to connect to my CloudSql instance with sqlclient it works correctly.
When I try to connect to my CloudSql from my connection pool, configured with this connection string: pooljdbc:mysql://127.0.0.1/my_db?serverTimezone=UTC, I get this error:
Cannot create PoolableConnectionFactory (Access denied for user 'myuser'#'localhost' (using password: YES))
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Access denied for user 'myuser'#'localhost' (using password: YES))
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)
And is correct because the proxySQL tcp connection is on 127.0.0.1 and not on localhost (unix socket).
I don't understand why the BasicDataSource try to connect on localhost and not on 127.0.0.1 as I have configured in the connection string.
Any help is really appreciated.
The string 'myuser'#'localhost' is referring to your login identity, not the server connection string; if you ran your connection attempt from a machine called foo-instance, for example, even if you use a connection string specifying a remote IP address, your login would be 'myuser'#'foo-instance'. While direct connections using your sqlclient will resolve the source hostname differently based on the server hostname specified, this is a quirk that shouldn't be relied on. In particular, in your case the ProxySQL service will be acting on your behalf, so the source hostname will come from the ProxySQL instance, not from your connection string.
You may want to share more details on your ProxySQL configuration, but if you're using defaults, your PROXYSQL_HOSTNAME would be set to localhost; you could try ensuring your PROXYSQL_HOSTNAME is set to 127.0.0.1 instead.
Interestingly, based on cursory testing, it appears creating user grants identified by 127.0.0.1 is more restrictive to login host, while creating the grant for localhost allows both 127.0.0.1 and localhost for connection hostnames:
MariaDB [(none)]> create user 'dhuo'#'127.0.0.1' identified by 'dhuopass';
...
$ mysql -h localhost -pdhuopass
ERROR 1045 (28000): Access denied for user 'dhuo'#'localhost' (using password: YES)
$ mysql -h 127.0.0.1 -pdhuopass
Welcome to the MariaDB monitor. Commands end with ; or \g.
...
MariaDB [(none)]> drop user dhuo#127.0.0.1
MariaDB [(none)]> create user 'dhuo'#'localhost' identified by 'dhuopass';
...
$ mysql -h localhost -pdhuopass
Welcome to the MariaDB monitor. Commands end with ; or \g.
$ mysql -h 127.0.0.1 -pdhuopass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Generally it'd probably work best to configure your user grants to be identified as coming from localhost instead of 127.0.0.1 to have the best chance of supporting either inbound hostname.
Related
I have an express js client app and an express server app with almost the same istio configuration. Client cannot be accessed through its host URL while the server is working well. Curl client host URL just gives me infinite waiting. And I cannot find any related traffic log in the istio-proxy of client pod. This is very confusing. What could be the possible reason for this problem?
istioctl analyse on live cluster dose not give any helpful information
I'm new to this online server area, all I've done so far is create a server on Digital Ocean using Ubuntu 20.04 operating system with LAMP library (apache2) installed.
Currently I use Putty to access the server's command line (I use private key ssh authentication files).
When I put the domain URL or IP, enter port 22, and click "Open connection", the application automatically manages to connect to the server asking for login and password.
Pretty simple isn't it? My concern is that anyone who has the least knowledge can come across the gateway to my server, just that he has the login and password to access.
But when I try to connect with putty on sites like stackoverflow.com, google.com, facebook.com and among others, putty doesn't give me the opportunity to type the login.
Knowing this, how do I secure my server so that it can act in the same way as the aforementioned sites?
You could add some sort of VPN and whitelist a select amount of IP addresses able to access your server. This would add an extra layer of security.
I'm trying to connect to another database (project-B) that also uses Django. I would like to ask for help on how to resolve the following error?
Here's the error from Django debug:
could not connect to server: Connection refused Is the server running
on host "111.222.333.444" and accepting TCP/IP connections on port
5432?
Here's the firewall from project-B
Status: active Logging: on (low) Default: deny (incoming), allow
(outgoing), disabled (routed) New profiles: skip
To Action From 5432
ALLOW IN 111.222.333.444
I also put it in the allowed host
ALLOWED_HOSTS = [ '111.222.333.444']
Other than that, I have not modified anything from project-B.
The firewall allows requests from 111.222.333.444, which is effectively blocking all hosts other than same host connection.
I have been setting up a Django website using the development server, and it works fine if I access it using the following address in my browser:
localhost:8000
I now want to be able to access the website from another computer (on the same network). I still want to use the development server for now. If my computer's name on the network is myname, and the domain is mydomain.com, then how can I enable this? If I just type in:
myname.mydomain.com:8000
I get a Server not found error.
Thanks.
It's not possible to access your computer like they way you explained in a LAN. There are couple of ways you can let other computers use your dev server directly.
First, run your Django app like this -
$ ./manage.py runserver 0.0.0.0:8000
So that the server listens to all the network interfaces for anyone accessing your IP, not just localhost. Then -
Find out your IP in the network. In the other computer in the same network open the hosts file(In linux, it's at /etc/hosts) and enter a new line -
enter.your.ip.here intended.domainname.com
Then you can access your dev server from that computer by entering intended.domainname.com:8000 or enter.your.ip.here:8000 in the browser. Cons: You have to alter the hosts file in each of the computer you intend to use the domain name instead of IP from and they all have to be in the same network.
You could use localtunnel. Then you can just execute -
$ localtunnel 8000
And it'll give you an url like http://xyz.localtunnel.com which you can share to anybody using the Internet and they'll be able to use your dev server.
I'm trying to create a data source for my local sql server using the server name (local). But I keep getting the following error
Connection verification failed for data source: sqlserver
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]Error establishing socket. Unknown host: (local)
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]Error establishing socket. Unknown host: (local)
On the reporting services I'm using (local) as the server name and it is working fine,
Ted
Have you enabled external TCP connections on your sql server?
Try using localhost instead of local. (or add 127.0.0.1 local to your hosts file)
You can't use (local) this is a Microsoft ONLY term and won't be understood by anything external.
You need to specify the servername as the name of the server.
If the SQL Server is the same server as ColdFusion you can then use localhost
If not use the DNS or local IP name of the sever, ie sql.local or 192.168.1.22
If the server is external to your You will need TCP/IP configured and port 1433 open also. But by default this should be setup, you may just need to open your firewall to allow access through port 1433.
In a network environment, you would normally use local IP to get LAN access to your DB, but if database is really external you need a real IP / domain