Remote MySQL Configuration Guide (cPanel + External Web Server)

CPANEL
1

ICTN60
ICTN601536×1024 308 KB

Remote MySQL Configuration Guide (cPanel + External Web Server)

This document provides a complete, production-ready guide for configuring remote MySQL/MariaDB access on a cPanel/WHM server, based on a real-world troubleshooting case involving PHPNuxBilling, Imunify360, IPv6/IPv4 conflicts, and MariaDB bind-address restrictions.

1. Architecture Overview

Scenario

  • Web/Application Server: External VPS (Contabo)

  • Hostname: <WEB_SERVER_HOSTNAME>

  • IPv4: <WEB_SERVER_IP>

  • Application: PHPNuxBilling

  • Database Server: cPanel / WHM server

  • Database IP: <DB_SERVER_IP>

  • Database Engine: MariaDB

  • Security Stack: CSF + Imunify360

[Web Server – PHP App]
        |
        | TCP 3306 (MySQL)
        v
[cPanel Server – MariaDB]

2. Common Symptoms

Errors Seen

  • Browser:

    ERR_TOO_MANY_REDIRECTS

  • PHP / CLI:

    mysqli_sql_exception: Connection refused
ERROR 2003 (HY000): Can't connect to MySQL server (111)

Key Insight

Redirect loops are NOT caused by database failures.

They are usually a secondary effect of sessions failing when the database is unreachable.

3. Step 1 – Identify Correct Client IP (IPv4 vs IPv6)

On the web server, run:

curl ifconfig.me

This may return an IPv6 address, which is NOT suitable for most MySQL remote access setups.

Force IPv4

curl -4 ifconfig.me

Example:

<WEB_SERVER_IP>

:warning: Always whitelist the IPv4 address, not IPv6.

4. Step 2 – Configure WHM (Server-Wide Permission)

On the database server:

WHM → Database Services → Manage Database Access Hosts

Add ONLY:

<WEB_SERVER_IP>

:cross_mark: Do NOT add:

  • <DB_SERVER_IP> (DB server itself)
  • localhost
  • domain names
  • IPv6 addresses

5. Step 3 – Configure cPanel (Account-Level Permission)

In the database account cPanel:

Databases → Remote MySQL

Add:

<WEB_SERVER_IP>

Ensure the database user is:

  • Added to the database
  • Granted ALL PRIVILEGES

6. Step 4 – Imunify360 Configuration (Critical)

Imunify360 can silently block MySQL even when WHM and cPanel are correct.

6.1 Whitelist Client IP

WHM → Imunify360 → Firewall → IP Management

Whitelist:

<WEB_SERVER_IP>

6.2 Allow MySQL Port

Imunify360 → Firewall → Port Management

Ensure:

TCP 3306 → Allowed (Inbound)

7. Step 5 – Verify MariaDB Bind Address (ROOT CAUSE)

On the DB server, check listening address:

ss -tlnp | grep 3306

:cross_mark: Incorrect (default on many servers)

127.0.0.1:3306

This configuration completely blocks all remote access, regardless of firewall or MySQL grants.

8. Step 6 – Fix MariaDB Bind Address

Edit MariaDB configuration:

nano /etc/my.cnf

Or:

nano /etc/my.cnf.d/server.cnf

Change:

bind-address = 127.0.0.1

To:

bind-address = 0.0.0.0

Restart MariaDB:

systemctl restart mariadb

Verify:

ss -tlnp | grep 3306

:white_check_mark: Correct Output

0.0.0.0:3306

9. Step 7 – Final Connectivity Test (Decisive)

From the web server:

mysql -h <DB_SERVER_IP> -u <DB_NAME_OR_USER> -p <DB_NAME_OR_USER>

:white_check_mark: Success

Welcome to the MySQL monitor

If this works, PHP will also work.

10. PHP Test Script

Temporary file:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

$conn = new mysqli('<DB_SERVER_IP>', '<DB_USERNAME>', '<DB_PASSWORD>', 'DBNAME');
if ($conn->connect_error) {
    die($conn->connect_error);
}
echo 'REMOTE DB OK';

After confirmation, DELETE THIS FILE.

11. PHPNuxBilling-Specific Notes

Database Config

$db_host = '<DB_SERVER_IP>';

Important

Ensure the following values match exactly:

  • APP_URL (config file)
  • CompanyURL (database tbl_appconfig)

Mismatch causes login redirect loops.

12. Security Considerations

Enabling bind-address = 0.0.0.0 is safe IF:

:check_mark: Firewall is active :check_mark: Remote MySQL hosts are restricted :check_mark: No % wildcard in production :check_mark: Strong passwords are used

Recommended MySQL Grant Restriction

GRANT ALL PRIVILEGES ON dbname.* TO 'user'@'<WEB_SERVER_IP>';
FLUSH PRIVILEGES;

13. Final Checklist

  • MariaDB listening on 0.0.0.0
  • WHM access host added
  • cPanel Remote MySQL added
  • Imunify360 IP whitelisted
  • Port 3306 allowed
  • IPv4 used
  • Test script deleted

14. Conclusion

Remote MySQL on cPanel is fully supported, but requires alignment between:

  • MariaDB bind address
  • WHM permissions
  • cPanel permissions
  • Firewall rules
  • Security software (Imunify360)

When all layers agree, remote database connections are stable, secure, and production-ready.

2

New config file

<?php

    define('APP_URL', 'https://www.DEVISP.nestict.net');
    $_app_stage = 'Live';

    // Database PHPNuxBill
    $db_host	    = 'REMOTE_SERVER_IP';
    $db_user        = 'REMOTE_USER';
    $db_password	= 'REMOTE_USER_PASSWORD';
    $db_name	    = 'REMOTE_DB';

    if($_app_stage!='Live'){
        error_reporting(E_ERROR);
        ini_set('display_errors', 1);
        ini_set('display_startup_errors', 1);
    }else{
        error_reporting(E_ERROR);
        ini_set('display_errors', 0);
        ini_set('display_startup_errors', 0);
    }