Compose for MySQL deployments come standard with two HAProxy portals providing a connection over HTTPS and are TLS/SSL secured with a self-signed certificate. Compose provides two portals to allow for applications to maintain connectivity should one of the portals become unreachable. Most MySQL drivers do not handle multiple connection strings and graceful failover automatically, so you will have to design your applications to take advantage of multiple connection points.
If you want to use a particular language, you can go directly to its dedicated page:
You can find your credentials, connection strings, and the self-signed certificate in the deployment’s Connection Info panel.
Example Connection Info panel.
In the Credentials panel, clicking on the Show/Change link will reveal the admin password. It will also auto-fill the credentials into the connection strings.
The admin user
The admin user is a fully privileged user who has administrative access to all databases. However, for security reasons, the admin account should only be used to create users and grant them privileges, and not to connect to applications.
Some drivers will be able to make a connection to your database directly from the connection string URL. Other drivers will use the component parts of the connection URI – the hostname and port – for their connection parameters. The last part of the connection string is the MySQL database you wish to connect to. Every Compose deployment automatically has a database with the name "compose" created in it to ensure at least one database exists and can be connected to with the default connection string.
If you don't designate a database to connect to, you need the
USE my_database command to select a database; a MySQL connection doesn't have to specify a database to connect.
Compose deployments offer a self-signed certificate, which can be used to validate the host being talked to. To use it, click the Show certificate button. You may have to re-authenticate in order to proceed. Copy and paste the text from
-----BEGIN CERTIFICATE----- to
-----END CERTIFICATE----- into a file with the extension
.pem, depending on which the connection driver requires. Save the file to a accessible location so it's path can be provided to a driver.
All MySQL deployments have SSL enabled by default; however, MySQL will still accept non-TLS/SSL connections. This means that, when configuring your application's MySQL driver, you need to ensure that it creates a secure connection. With the MySQL command line, you can do this by adding
--ssl-mode=REQUIRED to the connection command. For application drivers, the settings are specific to the driver, but should be a similar parameter.
To directly connect to and administrate your Compose for MySQL deployment, you may use the command line. To do so, you have to install MySQL on your local machine. Each platform has its own installation packages, so choose the one that works best for you. You can find Oracle community packages at http://dev.mysql.com/downloads/. Before you download from there, be aware that on Linux you will usually find MySQL in your distributions repository. If you're using a Mac, you can install MySQL with Homebrew, which compiles and installs the latest version.
To access your deployment via the terminal, copy and paste one of the command line strings provided in the Connection info panel into your terminal to connect to your deployment. A connection can be made through either portal on your deployment.
mysql -u [username] -p[password] --host aws-us-east-1-portal.5.dblayer.com --port 16967 --ssl-mode=REQUIRED
To enable TLS/SSL when connecting, use
--ssl-mode=REQUIRED. The default user is named "admin" which you use as the username in the
-u parameter. The admin user's password you can get from the credentials section of the Connection info panel.
If you prefer, you can use the self-signed certificate to verify the server. Change the
--ssl-mode parameter to
--ssl-mode=VERIFY_CA and add
--ssl-ca with the path and name of your .pem file:
mysql -u [username] -p[password] --host aws-us-east-1-portal.5.dblayer.com --port 16967 --ssl-mode=VERIFY_CA --ssl-ca=<your_file>.pem
If this article didn't solve things, summon a human and get some help!