Question

Private connection to Managed DB not working from within same region droplet.

Posted October 14, 2019 1.6k views
DigitalOcean Managed MySQL Database

I have a droplet in the same region as my managed DB, like DO suggested. I have added my IP and droplet to the Restricted Access section of the managed database. I can connect via public connection from my computer. If I try connecting from within the droplet using private credentials, no error message, just timeout. Is there a step I’m missing? I even disabled the droplet’s firewall thinking the port was being blocked.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
14 answers

If you added private networking after your droplet was created, you have to enable it manually:

https://www.digitalocean.com/docs/networking/private-networking/how-to/enable/#network-configuration-by-operating-system

This fixed my issue.

Hello,

Can you double check that your droplet is added/allowed in the Trusted source under the Trusted sources of manage database?

Let me know how it goes.

Hello @alexdo , yes I have double checked. I have even deleted the managed db and recreated it. I have also spun up a new droplet temporarily in the same region with just mysql/mariadb on it, and still cannot connect via private credentials, but public works.

@daveprezzo @alexdo I have the same problem with MySQL Managed DB Cluster
With public connection everything works great, but when im trying switch into private connection have a timeout error:

PDOException: SQLSTATE[HY000] [2002] Connection timed out

Same problem here with MySQL Managed DB Cluster

Same here - I’m getting timeouts when connecting.

Same issue. MySQL managed DB in same region and Droplet has been added as a trusted source. External connection works via mysqlsh.

I’ve added the DB server port to cloud firewall, and allowed connections out on that port in UFW.

I attempted to disable restrictions by removing all entries from Trusted Sources, no dice.

We’re working on migrating all of our sites from Google Cloud Platform but this is holding up the process.

Just to test- I installed mysqlsh on the droplet and tried to connect to the mysql server. It failed when I tried to connect via private network, but it succeeded in connecting through the public network.

It appears that the issue is limited to private networking only.

Same here. Anyone find a solution?

Same issue - still searching for a solution - the public network works fine.

I’m having the same issue… solution is to use the public IP for now :/

Same issue here. The public host works but the private doesn’t.

Hi everyone, I believe that private networking access is also limited to droplets on the same region and account. If you try to connect from another Digital Ocean account, it will not work.

In case anyone is still having this issue here are some steps to take that will solve this for you.

A couple of things to keep in mind your droplets have to be in the same region as the managed DB to use the private connection.

Now, if that’s all set here’s the next steps. This makes the assumption that you are adding private networking after already having created your managed db.

Step 1 - If you’ve enabled Private Networking for your droplet and followed the instructions to add the private IP address you can SSH into your droplet and use the Connection String with Flags to make sure you’re managed DB knows to let your droplet traffic through.

Step 2(A) - It worked? Great! Your app is probably not configured correctly to use the private connection.

Step 2(B) - The connection is still timing out? No worries, copy the private IP address of the droplet and then navigate to your managed DB settings, then add the private IP address as under “Trusted sources”, make sure you specifically use the IP address, and then save.

Step 2© - Test your connection using Connection String > Flags again from your droplets ssh session. You should now be connecting!

For some reason, it appears that using the tags does not add the private IP to the managed DB’s trusted sources list, but adding it manually works. This isn’t very scalable though 🤔😡

Submit an Answer