WordPress can’t access azure mysql

  • Resolved federicos94

    (@federicos94)


    1 year, 9 months ago

    Hi everyone! I need help with a WordPress running on AKS that needs to access an Azure Database for MySQL flexible server. I’m getting the following error:

    Warning: mysqli_real_connect(): (HY000/1045): Access denied for user ‘[userdb]’@'[ip]’ (using password: YES) in /var/www/html/wp-includes/class-wpdb.php on line 2019

    Access denied for user ‘[userdb]’@'[ip]’ (using password: YES)

    I have already tried defining the environment variables WORDPRESS_DB_USER and WORDPRESS_DB_PASSWORD in many ways (from_literal, Kubernetes secret, Azure Key Vault, etc.), but no configuration works.

    If I try to access the database with the same credentials from a Workbench or a PHP script, I can connect to the database correctly. The problem is not related to user privileges in the database, incorrect password, or the database’s state. The issue lies within the WordPress container.

    I also tried running the container in a Docker Compose, but I get the same result.

    WordPress image: wordpress:php7.4-fpm-alpine

Viewing 8 replies - 1 through 8 (of 8 total)

  • Hi @federicos94

    If you can access to the MySQL server from an external network using a PHP script or MySQL Workbench, maybe it is a network problem between your container and the database.

    Can you run the PHP script from the container, to check if it is a network problem or a WordPress problem?

    Thread Starter federicos94

    (@federicos94)

    Hi @amieiro ! Thank you for your response.

    Yes! I executed inside the container, and it can access the database without any problems. This is my script, it’s very simple and prints only “OK” if there are no errors.

    <?php

$servername = "[host]";

$username = "[user]";

$password = "[password]";

$database = "wordpress";

$caCertPath = "/path/to/pem";

$conn = mysqli_init();

mysqli_ssl_set($conn, NULL, NULL, $caCertPath, NULL, NULL);

mysqli_real_connect($conn, $servername, $username, $password, $database, 3306);

if (!$conn) {

? ? echo "ERROR";

? ? exit();

}

echo "OK";

mysqli_close($conn);

?>

    Hi @federicos94

    Taking a look at your PHP code, I see you are using a certificate. Maybe this is the problem.

    Please, take a look at next resources:

    Thread Starter federicos94

    (@federicos94)

    @amieiro I already tried that, adding these lines in the wp-config.php file:

    define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

    define('MYSQL_SSL_CA', '/path/to/pem');

    But give me some time to check two things:

    1. In the first link says “The file name of the certificate must only end with a crt extension“. Azure provides the file as “.crt.pem” so I need to search more info about this. BUT if I use it in the script as it is (PHP), the connection is successful. ˉ\_(ツ)_/ˉ
    2. I had to build an image based on wordpress:php7.4-fpm-alpine in which I copied the certificate in /usr/local/share/ca-certificates and the run update-ca-certificates. I’m getting this warning message:

      WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
      WARNING: Skipping duplicate certificate in file ca-cert-DigiCert_Global_Root_CA.pem

    To resume, the problem is not solved yet.

    PD: The container image doesn’t have OpenSSL installed. Is it relevant?

    • This reply was modified 1 year, 9 months ago by federicos94.

    Hi @federicos94

    Do you update this line

    define('MYSQL_SSL_CA', '/path/to/pem');

    with the correct path? Something like this

    define('MYSQL_SSL_CA', '/usr/local/share/ca-certificates/my-certificate.crt.pem');

    If you need to use a .crt file and Azure only provides you a .pem file, you need to convert it.

    Thread Starter federicos94

    (@federicos94)

    Hi @amieiro !

    Yes, I updated that line correctly.

    To update about the last reply:

    1. I converted the .pem file to a .crt with OpenSSL and built another image of the WordPress container with that certificate. Still doesn’t work.
    2. I understand that the updated ca-certificates.crt store serves this line alone in the wp-config.php:

      define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

      So I defined these lines in the config to try something else:

      define('MYSQL_SSL_CA', '/usr/local/share/ca-certificates/DigiCertGlobalRootCA.crt');
      define('MYSQL_SSL_CA_PATH', '/usr/local/share/ca-certificates');
      define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

      But still got the error.

    To try another thing, I changed this line in the /var/www/html/wp-includes/class-wpdb.php file:

    $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : 0;

    To:

    $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : MYSQL_CLIENT_SSL;

    I know that I shouldn’t edit core files, but I wanted to somehow force SSL and at least the error now is different:

    Warning: Use of undefined constant MYSQL_CLIENT_SSL – assumed ‘MYSQL_CLIENT_SSL’ (this will throw an Error in a future version of PHP) in?/var/www/html/wp-includes/class-wpdb.php?on line?1987

    Warning: mysqli_real_connect() expects parameter 8 to be int, string given in?/var/www/html/wp-includes/class-wpdb.php?on line?2019

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_get_server_info(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?4120

    Warning: mysqli_query(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?971

    Warning: mysqli_select_db(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?1233

    Warning: mysqli_error(): invalid object or resource mysqli in?/var/www/html/wp-includes/class-wpdb.php?on line?3902

    Cannot select database

    The database server might be connected (meaning your username and password are fine) but the database?wordpresscannot be selected.

    • Are you sure it exists?
    • Does the user have?userdbpermissions to use the database?wordpress?
    • On some systems your database name is prefixed with your username, so it would be something like?username_wordpress.?Could that be the problem?

    It looks like you are connected to the server, but some connection parameter is incorrect :/ . Can you double-check them?

    Thread Starter federicos94

    (@federicos94)

    @amieiro That’s the first step I took. Then I tried to pass the values to the environment variables as string and not by config/secret, no changes.

    BUT

    I defined this line incorrectly:

    $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : MYSQL_CLIENT_SSL;

    When it should have been:

    $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : MYSQLI_CLIENT_SSL;

    Now that I passed the correct constant, IT WORKS! Nevertheless, it should have been solved when I defined the define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL); in the wp-config.php file.

    PD: WordPress is working, and the DEBUG flag is ON. This warning shows up:

    Warning: include(/93038): Failed to open stream: No such file or directory in /var/www/html/wp-includes/class-wp.php on line 787

    Should I be worried? If I should, I can open another Topic. Otherwise, I’ll mark this reply as solved.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WordPress can’t access azure mysql’ is closed to new replies.