Will setting “bind-address=127.0.0.1” in /etc/my.cnf cause any problems with Interworx working properly?
It seems that doing so might just be an additional way to help increase security, even if only a tiny bit, in situations where it is not necessary for the MySQL server to be accessible externally.
Will doing this cause any problems with Interworx?
It shouldn’t cause any issues. InterWorx uses the mysql socket to communicate with the MySQL server. If you’re worried about security and external access you can just turn off networking for MySQL altogether and use the socket for local access.
Chris
I tried turning networking off via “skip-networking” in my.cnf, but that seems to cause the service status monitoring in Interworx to report that MySQL is not running when it is. Maybe the iworx status monitoring requires access over port 3306? Setting bind-address=127.0.0.1 instead of skip-networking lets iworx continue reporting the status of MySQL properly.
Yep, I may have spoken too soon. If the 127.0.0.1 is working I’d leave it as is.
Chris
Can you not just block it in the firewall?
That alone would seem to work fine as well, but I did both. This way 3306 is blocked on the public IPs via the firewall in addition to MySQL not listening on those IPs.