Install MariaDB Install MariaDB on a HolyCloud VPS, secure the installation, create users and databases, and configure local access for your applications. ~12 min read Intermediate #mariadb #mysql #database #security Install MariaDB MariaDB is a MySQL-compatible relational engine, ideal for WordPress, PrestaShop, or PHP apps on a HolyCloud Linux VPS. This guide installs MariaDB from official repositories, runs the hardening script, creates an application user, and limits network exposure. Prerequisites HolyCloud VPS Ubuntu 22.04/24.04 or Debian 12 At least 1 GB RAM (2 GB recommended in production with traffic) sudo access HolyCloud snapshot before changing bind-address or opening port 3306 Tip: in production, keep MariaDB listening on 127.0.0.1 only; expose 3306 only via VPN or allowed IPs. Step 1: installation sudo apt update sudo apt install -y mariadb-server mariadb-client sudo systemctl enable --now mariadb sudo systemctl status mariadb Installed version: mariadb --version Step 2: interactive hardening sudo mariadb-secure-installation Recommended answers: Enable password validation plugin if offered (MEDIUM or STRONG) Set a strong password for root Remove anonymous users: Y Disallow remote root login: Y Remove test database: Y Reload privilege tables: Y Step 3: local administrator login sudo mariadb -u root -p In the SQL client: SELECT VERSION(); SHOW DATABASES; EXIT; On some Debian installs, root uses the Unix socket without a password: sudo mariadb Step 4: create a database and application user Replace monapp, monapp_user, and the password: sudo mariadb <<'EOF' CREATE DATABASE monapp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE USER 'monapp_user'@'localhost' IDENTIFIED BY 'MotDePasseFortIci!'; GRANT ALL PRIVILEGES ON monapp.* TO 'monapp_user'@'localhost'; FLUSH PRIVILEGES; EOF Test: mariadb -u monapp_user -p -h 127.0.0.1 monapp -e "SELECT 1 AS ok;" Step 5: network configuration (bind-address) Main config file (path varies by version): sudo mariadb -e "SELECT @@datadir;" ls /etc/mysql/mariadb.conf.d/ Edit: sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf [mysqld] section: bind-address = 127.0.0.1 skip-name-resolve To allow a remote application IP (discouraged without strict firewall): CREATE USER 'monapp_user'@'10.0.0.5' IDENTIFIED BY 'MotDePasseFortIci!'; GRANT ALL PRIVILEGES ON monapp.* TO 'monapp_user'@'10.0.0.5'; sudo systemctl restart mariadb Step 6: basic memory settings (small VPS) sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf Example for 2 GB RAM: [mysqld] innodb_buffer_pool_size = 512M max_connections = 100 sudo systemctl restart mariadb Step 7: quick logical backup mysqldump -u monapp_user -p -h 127.0.0.1 monapp > /var/backups/monapp-$(date +%F).sql gzip /var/backups/monapp-$(date +%F).sql Automate with cron (see « Scheduled tasks with cron »). Verification sudo systemctl is-active mariadb sudo ss -tlnp | grep 3306 mariadb -u monapp_user -p -h 127.0.0.1 -e "SHOW TABLES FROM monapp;" sudo mariadb -e "SELECT user, host FROM mysql.user WHERE user='monapp_user';" ss should show 127.0.0.1:3306 if you restricted bind-address. Need help? Access denied: user/host mismatch ('user'@'localhost' vs 'user'@'127.0.0.1') — recreate with the correct host MariaDB won't start: sudo journalctl -u mariadb -n 50 --no-pager Performance: free -h, tune innodb_buffer_pool_size (max ~70% RAM if MySQL is the only heavy service) HolyCloud support: mariadb --version, df -h, log excerpt after startup failure Continue reading Previous article Install K3s (lightweight Kubernetes) Read Next article Install MongoDB Community Read
FR