I have been trying to find the issue but failed to spot so far in my RHEL Server 7.5(Maipo). I have a remote database instance (RDS instance) on my AWS. Which is in the same public subnet. And can be accessed and connected if I run mysql -h <remote-db-hostname> -u <username> -p in my above mentioned instance terminal.
Moreover, if I try to run sudo telnet <remote-db-hostname> 3306 it returns success, and says: "connected to xxxx.xxx. host".
Installed yum packages:
php-mysql.x86_64(5.4.16-45.el7)mariadb.x86_64(1:5.5.56-2.el7)mariadb-libs.x86_64(1:5.5.56-2.el7)httpd.x86_64(2.4.6-80.el7_5.1)httpd-tools.x86_64(2.4.6-80.el7_5.1)
PHP connection doesn't work
But when I try to connect to connect via simple PHP code, it doesn't work. It says: Database connection error (2): Could not connect to MySQL. or Could not connect host: Can't connect to MySQL server on 'xxxx.eu-west-2.rds.amazonaws.com' (13)
I have tried to use host name both ways, with Port and without Port but no success.
Test Connection File:
$host = 'remote-db-hostname:3306'; // ofcourse using correct hostname
$user = 'xxxxx';
$pswd = 'xxxxx';
$link = mysql_connect($host, $user, $pswd);
if (!$link) {
die('Could not connect host: ' . mysql_error());
}
mysql_select_db('my-db-name', $link) or die('could not connect to the specified database');
mysql_close($link);
Here is my /etc/my.cnf file:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
Note: There are two files in /etc/my.cnf.d; 1) client.cnf 2) mysql-clients.cnf
client.cnf
# These two groups are read by the client library
# Use it for options that affect all clients, but not the server
[client]
# This group is not read by mysql client library,
# If you use the same .cnf file for MySQL and MariaDB,
# use it for MariaDB-only client options
[client-mariadb]
mysql-clients.cnf
# These groups are read by MariaDB command-line tools
# Use it for options that affect only one utility
#
[mysql]
[mysql_upgrade]
[mysqladmin]
[mysqlbinlog]
[mysqlcheck]
[mysqldump]
[mysqlimport]
[mysqlshow]
[mysqlslap]
/etc/selinux/config:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
/etc/my.cnf.d?setsebool -P httpd_can_network_connect=1and it worked like a charm. One last clarification; isn't it better to usesetsebool -P httpd_can_network_connect_db oninstead? So we are only allowing to connect to DB and not any other way to any other machine?