>>>>> chrooted daemons and MariaDB socket
>>>>> ===================================
>>>>>
>>>>> For external program running under a chroot(8) to be able to
>>>>> access the
>>>>> MariaDB server without using a network connection, the socket must be
>>>>> placed inside the chroot.
>>>>>
>>>>> e.g. httpd(8) or nginx(8): connecting to MariaDB from PHP
>>>>> ---------------------------------------------------------
>>>>> Create a directory for the MariaDB socket:
>>>>>
>>>>> # install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql
>>>>>
>>>>> Adjust /etc/my.cnf to use the socket in the chroot - this
>>>>> applies to both client and server processes:
>>>>>
>>>>> [client-server]
>>>>> socket = /var/www/var/run/mysql/mysql.sock
>>>> You have three progressively less restrictive ways of providing access
>>>> to your database server:
>>>>
>>>> * A Unix socket:
>>>> If all the database consumers will be running locally, you can use a
>>>> socket. If any of the consumers will be running chrooted to /var/www,
>>>> then you'll need to put the socket in the chroot, as described on the
>>>> pkg-readme (and remember not to use the full path when configuring the
>>>> chrooted clients).
>>>>
>>>> * TCP, listening on 127.0.0.1:
>>>> If all consumers will be running on the same host, and if you don't
>>>> want
>>>> the hassle of setting up the socket -- the tradeoff being having the
>>>> socket available for every process that can use inet -- then you can
>>>> just configure mariadb to listen on the loopback interface. If you
>>>> have
>>>> "set skip on lo0" on pf.conf (it's there by default), then you won't
>>>> need to add anything else to that file.
>>>>
>>>> * TCP, listening on other interfaces:
>>>> You'll need this if the database is to be accessible to other hosts.
>>>> Using this option might require adjusting your filtering rules on
>>>> pf.conf.
>>>>
>>>>
>>>> You can use any combination of the above methods (socket only,
>>>> loopback
>>>> only, socket+loopback, socket+other interfaces, etc). See the
>>>> "port",
>>>> "socket", "skip-networking" and "bind-address" options on the [mysqld]
>>>> section of /etc/my.cnf, and remember to setup the [client] section
>>>> accordingly (i.e., if you skip-networking, don't configure the
>>>> client to
>>>> use TCP/IP, and if you don't setup a server socket, don't configure
>>>> the
>>>> client to use it).
I have several concerns with /etc/my.cnf
The instructions I found here are somewhat generic
https://mariadb.com/kb/en/configuring-mariadb-with-option-files/
Am I understanding them, correctly, please?
1. I need to uncomment both the socket and port lines?
#socket=/var/run/mysql/mysql.sock
#port=3306
2. I need to provide a password for MariaDB (or, does it want the user
password)?
#password=my_password
3. Is this address the same as for the machine?
e.g. "bind-address=192.168.50.xxx"?
4. I do want to uncomment all of the following?
#data=/var/mysql
#log-basename=mysqld
#general-log
#slow_query_log
Thanks!
-------------------------------------------------------------------------
[client-server]
#socket=/var/run/mysql/mysql.sock
#port=3306
# This will be passed to all MariaDB clients
[client]
#password=my_password
# The MariaDB server
[mysqld]
# To listen to all network addresses, use "bind-address = *"
bind-address=localhost
# Directory where you want to put your data
#data=/var/mysql
# This is the prefix name to be used for all log, error and replication
files
#log-basename=mysqld
# Logging
#general-log
#slow_query_log
No comments:
Post a Comment