I’m working with a containerized Laravel app that is supposed to be connecting to a remote rds database, here is a sample .env
DB_HOST=xxxxxx.rds.amazonaws.com
DB_DATABASE=sample
DB_USERNAME=sample
DB_PASSWORD=sample
DB_PORT=3306
DATABASE_DRIVER=mysql
The container works as it should but the problem is, it cannot connect to the remote rds database, when I try running composer ie:
$ docker exec -ti laravel-php bash
$ composer install
I get this error:
[PDOException]
SQLSTATE[HY000] [1045] Access denied for user 'sample'@'192.168.66.1' (using password: YES)
Script php artisan clear-compiled handling the post-install-cmd event returned with error code 1
192.168.66.1 as my docker container’s ip, I suspect that the db policy is open via @localhost access since my dev ops confirmed that it’s open for public connections.
I’m using docker-compose version 2 btw, here’s a sample docker-compose:
version: '2'
services:
sample-server:
build:
context: ./
dockerfile: sample.server.docker
volumes:
- ../backend:/var/www
ports:
- "8081:80"
environment:
- VIRTUAL_HOST=sample.local
links:
- sample-php
depends_on:
- sample-php
sample-php:
build:
context: ./
dockerfile: sample.php.docker
volumes:
- .:/var/www
links:
- sample-database
environment:
- "DB_PORT=3306"
- "DB_HOST=sample-database"
sample-database:
image: mysql:5.7
environment:
- "MYSQL_ROOT_PASSWORD=samplepassword"
- "MYSQL_DATABASE=sample"
ports:
- "33081:3306"
sample-nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
default:
external:
name: sample-nginx-proxy
How can I fix this?
2
Answers
I guess that’s a MySql issue, how did you create the user?
If you want to allow access from everywhere just put
%
:Check the following:
Database is publicly accessible:
Connecting outside the VPC that the database resides, more specifically accessed over the internet, requires that the database is configured for Public Accessibility. Which you said is already done. As you have an internal IP, and the database does not have a public IP, this is not really required.
Basic Configuration:
Check that the database name, and port is set correctly, which I am sure you have done.
Security Group Inbound Rules:
This is most likely the case, the database will have one or more security groups. Ensure that the security group is configured to allow inbound access from the client in your case: 192.168.66.1
Confirm the IP address of the client:
192.168.66.1 is a strange IP for the container, the first 4 IP Addresses of a VPC Subnet are reserved.
Confirm the network routing:
Confirm that the VPC that contains the client can connect to the database. As the client is running within a docker container ensure that the container can access the database. Easy way to do this is enable ICMP packets on an EC2 instance in the database subnet, and check you can Ping it or use the VPC route analyser.
Check the database user rights:
Can the database user connect for any address not localhost.
Security on the VPC:
Check the ACLs of the subnets for both inbound and outbound
UPDATE:
Here is a link from AWS: Troubleshooting for Amazon RDS.