MariaDB is an open source database server that is derived from MySQL. Together with Apache and PHP, MariaDB forms the so-called LAMP stack (Linux Apache Mariadb PHP) which is used to host dynamic websites (e.g., WordPress).
MariaDB is the most used database software in Linux and almost completely corresponds to MySQL. In this article, we show you how to install MariaDB 10.4 on a VPS with CentOS 7.
Installing and configuring MariaDB
Step 1
Connect to your VPS via SSH or use the VPS console and update your server first:
yum -y update
Step 2
Next, create a repository for MariaDB 10.4:
nano /etc/yum.repos.d/MariaDB.repoAnd give the file the following content:
[mariadb]
name = MariaDB
baseurl=http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1Finally, save the changes and close the file with ctrl + x> y> enter.
Step 3
Now, install MariaDB with the command:
yum -y install MariaDB-server MariaDB-client
Step 4
MariaDB is disabled after the installation. Enable it with the command:
systemctl start mariadb
systemctl enable mariadb(The enable command is a precaution: not every version of MariaDB is configured to start automatically after a restart of your VPS)
Step 5
Before you use MariaDB, you must configure several security options. For this, you use the command:
mysql_secure_installationIt is important for the safety of your VPS to carefully follow the instructions. We recommend making the following choices in this process (highlighted in bold and italic):
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!Firewall and external connections
SQL port 3306 is not automatically open in your Firewall (by default, this is Firewalld in CentOS 7). For most cases this is certainly not necessary: For example, if you host a WordPress website on your VPS, then, your Apache (or Nginx) server will connect to MariaDB locally via the localhost and there is no need to open the SQL port to the outside world.
If you still have a use case for which you have to make the SQL port available to another server, then depending on your use case, only open the SQL port for your private network, or only allow specific access to the SQL port per IP in Firewalld with the syntax:
firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="123.123.123.123"
port protocol="tcp" port="3306" accept'Replace 123.123.123.123 with the IP address that you want to give access and reload your firewall afterwards with:
firewall-cmd --reloadIn addition, MariaDB 'ties' to the localhost (127.0.0.1) by default and is therefore not accessible externally. To make MariaDB externally accessible, you need to adjust the bind address. To do this, open the MariaDB configuration:
nano /etc/my.cnf.d/server.cnfReplace the line:
#bind-address=0.0.0.0By the rule:
bind-address=123.123.123.123
Replace 123.123.123.123 here with the IP address of your VPS to which you want MariaDB to bind. Then restart MariaDB with the command:
systemctl restart mariadbManaging MariaDB
There are two common options for managing MariaDB: commandline or phpMyAdmin.
phpMyAdmin: For installing and configuring phpMyAdmin, see this tutorial.
Command-line: In this article we explain how to manage MariaDB using an SQL shell via commandline.
For managing databases via PHP we recommend consulting w3schools.com's documentation.
Your MariaDB server is now ready for usage! Would you like to know how you can configure a redundant MariaDB server environment? Then take a look in our redundancy series.
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.