Help Center/ TaurusDB/ User Guide/ Connecting to a DB Instance/ Connecting to a DB Instance Through the mysql Client/ Connecting to a DB Instance over a Private Network
Updated on 2025-02-26 GMT+08:00
View PDF
Share

Connecting to a DB Instance over a Private Network

If your applications are deployed on an ECS that is in the same region and VPC as your DB instance, connect the ECS to the DB instance through a private IP address.

This section describes how to connect a Linux ECS to a DB instance with SSL enabled through a private IP address. SSL encrypts connections to the DB instance, making data more secure.

Procedure

Step 1: Buy an ECS

  1. Log in to the management console and check whether there is an ECS available.
    Figure 1 ECS
  2. Buy an ECS and select Linux (for example, CentOS) as its OS.

    To download the mysql client to the ECS, bind an EIP to the ECS. The ECS must be in the same region, VPC, and security group as the DB instance for mutual communications.

    For details about how to purchase a Linux ECS, see Purchasing an ECS in Elastic Cloud Server Getting Started.

  3. On the ECS Information page, view the region and VPC of the ECS.
    Figure 2 ECS information
  4. On the Basic Information page of the DB instance, view the region and VPC of the DB instance.
  5. Check whether the ECS and DB instance are in the same region and VPC.
    • If they are in the same region and VPC, go to Step 2: Test Connectivity and Install the mysql Client.
    • If they are in different regions, buy another instance. The ECS and DB instance in different regions cannot communicate with each other. To reduce network latency, deploy your DB instance in the region nearest to your workloads.
    • If they are in different VPCs, change the VPC of the ECS to that of the DB instance. For details, see Changing a VPC.

Step 2: Test Connectivity and Install the mysql Client

  1. Log in to the ECS. For details, see Logging In to a Linux ECS Using an SSH Password in Elastic Cloud Server User Guide.
  2. On the Instances page of the TaurusDB console, click the instance name to go to the Basic Information page.
  3. In the Network Information area, obtain the private IP address and database port.
    Figure 3 Viewing the private IP address and database port
  4. On the ECS, check whether the private IP address and database port of the DB instance can be connected.

    telnet 192.168.6.144 3306

    • If yes, network connectivity is normal.
    • If no, check the security group rules.
      • If in the security group associated with the ECS, there is no outbound rule with Destination set to 0.0.0.0/0 and Protocol & Port set to All, add the private IP address and port of the DB instance to the outbound rules.
      • If in the security group of the DB instance, there is no inbound rule with Source set to 0.0.0.0/0 and Protocol & Port set to All, add the private IP address and port of the ECS to the inbound rules. For details, see Configuring Security Group Rules.
        Figure 4 Security group of a DB instance

  5. Download the mysql client installation package for Linux locally.

    Find the corresponding version, for example, mysql-community-client-8.0.21-1.el6.x86_64.rpm, and download the installation package. You are advised to use a mysql client running a version later than that of the DB instance.

  6. Upload the installation package to the ECS.

    You can use any terminal connection tool, such as WinSCP and PuTTY, to upload the installation package to the ECS.

  7. Run the following command on the ECS to install the mysql client:

    rpm -ivh --nodeps mysql-community-client-8.0.21-1.el6.x86_64.rpm

    • If any conflicts occur during the installation, add the replacefiles parameter to the command and try to install the client again.

      rpm -ivh --replacefiles mysql-community-client-8.0.21-1.el6.x86_64.rpm

    • If a message is displayed prompting you to install a dependency package during the installation, add the nodeps parameter to the command and install the client again.

      rpm -ivh --nodeps mysql-community-client-8.0.21-1.el6.x86_64.rpm

Step 3: Connect to the DB Instance Using Commands (SSL Connection)

  1. On the Instances page of the TaurusDB console, click the instance name to go to the Basic Information page.
  2. In the Instance Information area, check whether SSL is enabled.
    • If yes, go to 3.
    • If no, click . In the displayed dialog box, click Yes to enable SSL. Then, go to 3.
  3. Click under SSL to download Certificate Download.zip, and obtain the root certificate ca.pem and bundle ca-bundle.pem from the package.
  4. Upload ca.pem to the ECS.
  5. Run the following command on the ECS to connect to the DB instance:

    mysql -h <host> -P <port> -u <userName> -p --ssl-ca=<caName>

    Example:

    mysql -h 192.168.0.79 -P 3306 -u root -p --ssl-ca=ca.pem

    Table 1 Parameter description

    Parameter

    Description

    <host>

    Private IP address of the DB instance.

    <port>

    Database port of the DB instance. The default value is 3306.

    <userName>

    Administrator account root.

    <caName>

    Name of the CA certificate. The certificate should be stored in the directory where the command is executed.
  6. Enter the password of the database account if the following information is displayed: 
    Enter password:

FAQs

What Should I Do If I Can't Connect to My TaurusDB Instance?

Parent Topic: Connecting to a DB Instance Through the mysql Client