Introduction #
Enabling MySQL remote access lets you connect to your cPanel-hosted databases from local tools (CLI, desktop clients, CI/CD, or application servers). This is important for secure operations, performance tuning, and compliance workflows that require controlled, auditable access from approved locations. This guide is for admins, developers, and operators managing apps or data on Remarkable Cloud cPanel hosting.
Prerequisites #
- cPanel access: A cPanel account on Remarkable Cloud with MySQL enabled.
- Permissions: Ability to create MySQL users and modify Remote MySQL settings.
- Network info: Your public IP address (static preferred) or a DNS hostname that resolves to your IP.
- Firewall rules: Outbound TCP allowed to port 3306; inbound rules managed by the hosting platform.
- Client tools: MySQL CLI or a database client (e.g., MySQL Workbench, DBeaver, HeidiSQL).
- Security: Strong MySQL user passwords; least-privilege role planning.
Related setup (optional):
Create a MySQL database and user in cPanel before enabling remote access.
If your IP changes frequently, consider a DDNS hostname and add that in Remote MySQL.
Step-by-step instructions #
- Find your cPanel hostname and database details
• Identify the server hostname you’ll use for remote MySQL connections (often your domain or server’s FQDN).
• Note your database name and MySQL username from cPanel > MySQL Databases.
• Why: You’ll need these to connect and verify permissions. - Create or confirm a dedicated MySQL user
• In cPanel, go to: MySQL Databases > MySQL Users.
• Create a new user with a strong password, or confirm the existing user.
• Assign the user to your target database with only necessary privileges (e.g., SELECT for read-only).
• Why: Least privilege reduces risk and supports compliance. - Add your IP or hostname in Remote MySQL
• In cPanel, go to: Databases > Remote MySQL.
• Add your public IP address, CIDR range, or DNS hostname you’ll connect from.
• Avoid wildcards like unless absolutely necessary.
• Why: This whitelists your source, enabling remote connections. - Optional: Set up an SSH tunnel for secure access
• Use an SSH account on the server or a bastion host. Example using OpenSSH:
ssh -N -L 3307:127.0.0.1:3306 your_ssh_user@your_server_hostname
• Connect your MySQL client to instead of the server’s port 3306.
• Why: Encrypts traffic end-to-end and bypasses ISP blocks on 3306
- Connect from the MySQL CLI
• Direct connection (no tunnel):
mysql -h your_server_hostname -P 3306 -u your_mysql_user -p
• Via SSH tunnel (step 4):
mysql -h 127.0.0.1 -P 3307 -u your_mysql_user -p
• Why: Validates network path, credentials, and whitelist.
- Verify privileges and database access• After logging in:
SHOW GRANTS FOR CURRENT_USER();
SHOW DATABASES;
USE your_database;
SHOW TABLES;
• Why: Confirms correct privilege scope and database visibility
- Set host, port, user, and DB:
• Host: your_server_hostname (or 127.0.0.1 if tunneling)
• Port: 3306 (or 3307 if tunneling)
• User: your_mysql_user
• Database: your_database
• Enable SSL if your hosting plan supports it; import CA certs if required.
• Why: Establishes a persistent and secure workflow