– clean install of Ubuntu server
– installed Virtualmin (minimal)
– created 3 virtual servers w/only Apache as “features”
– installed phpmyadmin via script on one (thank you)
– installed docker
– installed portainer (forwarded second virtual server to it)
– installed Metabase (forwarded third virtual server to it)
Everything is working fine until… tried to connect Metabase to the MariaDB server.
In the logs Metabase says “connection refused”. I disabled the firewall; was unable to connect to Metabase at all (which I do not understand, but not my immediate problem.)
I suspect the issue is the firewall is denying access from the docker container.
I know that I DON’T need to open port 3306 in the public zone. But I also don’t know the correct procedure to rectify the situation. My machine now has 10 zones and 8 interfaces. Any guidance would be much appreciated.
FWIW: this is not a commercial enterprise. I make FOIA requests and then use Metabase to analyze millions of rows of data on everything from county taxes to police response time. (I’m disabled and this is how I kill my time.) I was originally using YUNOHOST… then moved to docker containers – but backing up was complicated. Virtualmin – with its ability to backup directly to S3 – is a vastly superior solution (if I can get it to work.) Many thanks in advance.
I have searched/reviewed and found nothing on point.
This deals with connecting from the outside:
This could have been headed in the right direction, dunno:
But my docker does not seem to care about firewalld.
However if you are running metabase inside a container and you are connecting to virtualmin mariadb install, consider that you cannot use localhost I assume? because you will need to connect OUTSIDE of the container.
so you would need to use the real IP of the mariadb server? you might have to change the config so mariadb can accept remote connections.
Or maybe docker also has a bridge adapter where you can use that IP?
Yes:
– MariaDB is the native virtualmin installation, and
– Metabase is running inside a docker container.
The MariaDB user is set up for any host using “%”.
Metabase is looking for the DB at 127.0.0.1, port 3306.
Probably worth mentioning that the virtualmin installation of PHPMyAdmin connects to the DB without issue.
I like the way you’re thinking. I suspect the firewall is blocking access from within docker containers. I have a “docker0” interface in the firewall. I suspect I need to somehow open port 3306 on that interface. Need a little guidance in how to do so.
For Metabase 127.0.0.1 will be the container localhost and not the virtualmin mariadb install.
You will have to enable miaradb to listen on 0.0.0.0 for example so that the container is also allowed to connect. Or maybe it can also be made to listen on the docker IP.
So:
– within Webmin went to Servers->MySQL Database->MariaDB Server Configuration set MariaDB server listening address to “any” and restart the server;
– inside Metabase set the server IP to the docker container gateway IP.
– Did NOT have to open port 3306 in the firewall (so I assume it’s not really a firewall problem.)
New Question: what – if any – are the security implications now that the MariaDB server is listening on all IP’s? Because yes, my machine has a public IP.
Yes I think it would be a good idea to activate the mysql-auth Jail for fail2ban. fail2ban ships with virtualmin. It should work with mariadb too. Depending on the setup it might work by just enabling it, or you need to activate seperate logging.