Querying a MySQL database on a remote webserver through SSH - php

We have an internal MySQL database that our customer service department uses to do quotes, and an external MySQL database on our website that our customers use to do quotes. I have a PHP report that I've written that gives me the information from the internal database. Now I'd like to modify the report to include the data from the external database as well. I need to connect to the external database by using a SSH connection. I've been looking into using cURL or SSH2, but I'm not sure if either are the right way to do this. Has anyone out there queried a SSH MySQL database on a webserver before, or does anyone know what I'd need to do to make this work? Thanks for any help you can give!

I actually use a MySQL GUI client called "Sequel Pro", which does offer the option to connect to MySQL through a SSH connection. This is totally doable, though if you have the option to connect to the DB without it (e.g. you can connect to it from "outside" the host), you should prefer this.
the easiest way I conceive you could query your DB through SSH is to use SSH port-forwarding, so you'd spawn a process that would do ssh user#host-that-has-the-db -L3306:localhost:3306, and then you'd have your MySQL connector connect on localhost.
The -L argument to SSH instructs it to do local port forwarding, so SSH will listen on a local port and forward what it receives there directly to the specified remote host/port from the other end. obviously my example uses port 3306 on both ends, but that can be changed as appropriate (RTM to have more about this)

Yes you can query mysql from bash over SSH but this is not the best and scalable way to go. The best solution would be to create a REST Web Service on the production servers. Then your internal system will query that remote service with authentication.

You set up a tunnel from some available port on the local server to the mysql port on the remote server:
ssh -L 3307:localhost:3306 someuser#remoteserver
That creates a tunnel listening on port 3307 on the local system, which connects to port 3306 (MySQL) on the remoteserver.
Then point your PHP code to connect to port 3307 instead of 3306 , and it'll get tunneled to mysql on the remoteserver.

Related

Connection Firebird DB via SSH

I am creating an application with Laravel and Firebird 2.5 and wants to run it on a DigitalOcean server structure. We have 2 servers for the application, one for the web services (lets call it www) and one for the database services. I did a successful setup with Mysql and it works well but we all know Firebird is a rough one. So this is what we did so far:
Install a LEMP stack in www and Firebird 2.5 SuperServer. As I said these are digital ocean servers, both runs Ubuntu 14.04.
We created an SSH tunnel between the two server with the following structure:
ssh -L 9500:127.0.0.1:3050 username#db_server_ip_address (Private address)
But when we tried to hook up the application on www with the database server got the following error:
unavailable database
In the Laravel Configuration file used the following set up:
DB_HOST=127.0.0.1
DB_DATABASE=/home/username/database.gdb
DB_USERNAME=username
DB_PASSWORD=password
The credentials are correct, we can use it on the remote (db) server.
What do you think what could be the problem? Is it the SSH tunneling?
Warning: I don't use SSH that much, and have never used SSH tunneling, my answer is based on looking at documentation.
The ssh -L 9500:127.0.0.1:3050 does not do what you think it does:
Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be forwarded to the given host and port, or Unix socket, on the remote side. This works by allocating a socket to listen to either a TCP port on the local side, optionally bound to the specified bind_address, or to a Unix socket. Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either host port hostport, or the Unix socket remote_socket, from the remote machine.
(from ssh(1))
In other words, as far as I can tell the proper command would be:
ssh -L 9500:<ip-address of the Firebird server>:3050
The second problem seems to be that your Laravel config does not specify a port, so it is likely still trying to connect to port 3050 (the Firebird default port), instead of port 9500 that you configure. I don't know Laravel, but a property DB_PORT=9500 seems logical (but maybe these properties are specific to your own deployment, in which case you may need to do some more work).

Phpcloud and Mysql Workbench connection

I have been struggling how to connect Mysql Workbench with Phpcloud.com Mysql instance since friday ? Below there is error which I get image
Anyone has did it working properly ?
The error message about the initial package usually indicates there was no server found at that address and port. Keep in mind that due to the SSH tunnel the remote server appears like it is a local one. The remote end of the tunnel sees the server locally too, since it is on the same machine as the MySQL server (I assume). So what you need is the localhost address for the MySQL server. The other thing to check are the ports: 1) Does the SSH connection really work with port 22? 2) Is your firewall blocking this port? 3) Is the remote MySQL server really listening on port 3306?
As a side node: on Windows you can usually just press Ctrl+C in error messages to copy the message to the clipboard.
Please look at the second section "Managing your Database Instance" at http://www.phpcloud.com/help/accessing-the-db
You need to establish a tunnel using SSH client (putty will be best in your case) and then access the server on port 13306 (local).
I don't use Workbench but I assume it tries to establish a regular SSH connection and not a tunnel and this will not work.

Is it possible to connect to a remote database on an ec2 instance with php pdo?

I'm using the following to connect to a mysql database from the localhost
<?php
function testdb_connect ()
{
$dbh = new PDO("mysql:host=localhost;dbname=test", "testuser", "testpass");
return ($dbh);
}
?>
However when I tried to connect to this database (database is running on ec2-12-34-56-78.compute-1.amazonaws.com) from a different server, using the following code
$dbh = new PDO("mysql:host=ec2-12-34-56-78.compute-1.amazonaws.com;dbname=test", "testuser", "testpass");
I'm unable to connect.
Is it possible to connect to a remote database on an ec2 instance with php pdo?
How would I pass an authentication parameter (ex. private key)
You should probably consider using RDS for your database rather than implementing on EC2 unless you have a very unique database that requires a high degree of customization (i.e. clustered configurations, etc.). Running on EBS-backed volume (which you would need to do to be able to persist the physical data files), will subject you to slow disk I/O. If you are not running on EBS-backed EC2, then your data is transient and can not be considered as being on reliable physical storage. If this is OK for your design (you just need transient info in your database), then you would probably be even better served but just putting your information into Elasticache or some form of in-memory cache.
RDS uses MySQL (well, you can also opt to use Oracle). You would access it EXACTLY like you would access your own MySQL server (same PHP abstraction, same SQL, same almost everything (you don't get root access, but rather a form of super-user access). RDS also provide you easy to implement (i.e. push button) configuration for multi-az (high-availability, synchronously-updated standby), replication slaves, DB instance re-sizing, and data snapshots.
In either case (for RDS or EC2), you would need to make sure that your EC2 or RDS security groups allows access from the EC2 instances (or other servers) that host your application. In case of EC2 only you could either place the servers in the same security group, and provide port 3306 access on that group, or better would be to create two security groups (one for app and one for db). In the db security group provide port 3306 (or whatever port you are using) to the security group(s) to which the app server(s) belong.
For an RDS, you would need EC2 security group for app server(s) and a DB security group for the RDS instance). You would need to provide access to the app server security group in the RDS security config.
I don't know the specifics of how this might work with AWS but the first thing I would do is get an SSH tunnel running between the machines.
Then PHP/PDO would basically just think that you're connecting to a local database. In my experience it also makes the connection faster to establish as it doesn't have to do a DNS lookup to find the remote server... quite a big deal when you think that every PHP page load might have to connect to the remote DB.
I use this on intranets when an application needs to manage data stored on a remote database and it works like a champ.
I find SSH tunnels perfectly stable but I use a program called autossh to attempt to reconnect SSH tunnels when they go down.
For completeness here's the command I use to start autossh so it establishes and maintains a particular SSH tunnel. Added here because I found the autossh docs pretty confusing to work out what options I wanted.
autossh -M 0 -f -L3307:127.0.0.1:3306 -p 22 -N -f username#xxx.xxx.xxx.xxx
This forwards port 3307 on your web server to 3306 on the remote DB server. So in PHP you would connect to 3307. You could choose 3306 if you wanted, I chose local port 3307 just in case you had a local MySQL as well as a remote. The -p switch is the port that SSH is running on on the remote machine.
You can add this command to /etc/rc.local (on CentOS at least) to establish the SSH tunnel on server start.
Hope this helps!

Connect to remote MySQL database with PHP using SSH

I have a remote database I'd like to connect to from PHP running locally. The database doesn't allow remote connections so ordinarily I SSH into the box and use it from the command line, but that's not really a long term solutions.
I have SSH access, I have MySQL access once I SSH in, but I don't know how to get PHP into that workflow. If I could make this work within MAMP, that would be great, too.
For developing or testing, you can use ssh command to setup tunnel first and then access the remote database as a local one. The steps are:
1) setup tunnel with ssh command. command format: ssh -L [local port]:127.0.0.1:[remote mysql port, by default, it is 3306] [user]#[remote mysql server ip]. sample:
ssh -L 3307:127.0.0.1:3306 ford#134.11.21.89
2) keep the command window alive
3) You can access the remote database by mysql string: mysqli://[user]:[password]#127.0.0.1:3307/[database name]
Connect to a MySQL server over SSH in PHP
You could set up a SSH tunnel and then point your php connection code to a local port which is forwarded through the tunnel. Under Windows you might use putty; for Mac there will be similar solutions.
If this is for development, the suggested solution by alex is the way to go; set up a ssh-tunnel.
The tunnel will redirect your 127.0.0.1:3306-requests to the remote machine. The remote machine will also belive the requests will come from 127.0.0.1 (locally).
However, you may encounter problems if your server (shared host? please specify) doesn't allow mysql-connections from 127.0.0.1 (quite commonly only localhost are allowed). There's a tiny difference in those, and it will inhibit your tunnel from reaching the remote mysqld.
Just google tunneling, set it up, and use 127.0.0.1 from your php-connection strings.
regards,
//t

How does PHP communicate with MySQL on the same server

Does anyone know how php requests data from mysql?
If I have mysql in the same machine as php, does it open a tcp connection to the localhost on port 3306 or does it have some other way of getting the data?
Is it the same in linux and windows?
Thanks
if available it uses a unix socket, otherwise localhost.
Note that even if you specify localhost in the connection string it will try to use the faster "unix socket" if available
Usually PHP opens up a local pipe found at /tmp/mysql.sock to connect to a local version of the server, unless you use an IP address in your connection string.
PHP opens a connection to port 3306 is the server via TCP to allow data communication. Hence, you can specify which port to connect to in mysql(i)_connect etc, and why, you need to have firewall rules for mysql.
It is the same in Windows as Linux
So yes, TCP :)
EDIT: Revision, In linux, php looks to connect to mysql via /tmp/mysql.sock the tmp directory needs to have correct permissions.

Categories