To install MySQL on a Linux server, update your package index, install the MySQL Server package, start and enable the service, run mysql_secure_installation to harden security, and create a database and user. On Ubuntu/Debian, use apt; on RHEL/CentOS/Rocky/AlmaLinux, use dnf/yum or the official MySQL repository for the latest version.
Installing MySQL on a Linux server is straightforward when you follow the right steps. In this guide, you’ll learn how to install MySQL on Ubuntu/Debian and RHEL-based distributions, secure it for production, enable remote access, tune basic performance, and verify everything works—using commands you can copy and run safely. This tutorial reflects hands-on, real-world practices used on client servers at YouStable.
Prerequisites and System Requirements
Before you begin, ensure your Linux server meets basic requirements and you have the right access.
- Root or sudo privileges on the server.
- Supported distribution: Ubuntu 20.04/22.04/24.04; Debian 11/12; RHEL/CentOS 7/8/9; Rocky/AlmaLinux 8/9.
- Network access to package repositories and port 3306 (if remote clients will connect).
- At least 1 GB RAM for small workloads; 2 GB+ recommended for production.
- Accurate server time (NTP) to avoid replication/TLS issues.
Choose the Right MySQL Edition and Repository
Most Linux repositories provide either MySQL or MariaDB. For the latest MySQL 8 features, consider the official MySQL repository. If stability with distro integration is preferred, use the default repositories. Decide based on application requirements, driver compatibility, and long-term maintenance goals.
MySQL vs. MariaDB (Quick Callout)
- MySQL 8.0: Strong JSON, window functions, roles, default caching_sha2_password authentication, InnoDB-centric.
- MariaDB: Community-driven fork, often ships by default in RHEL-like distros, slightly different features and system variables.
- Tip: Match your choice with app requirements. Not all features and replication behaviors are interchangeable.
Install MySQL on Ubuntu/Debian
On Debian-based distributions, you can install the repository default MySQL server (often MySQL 8 on newer Ubuntu) or use Oracle’s APT repo for the latest GA release.
Option A: Install MySQL from Ubuntu/Debian Repositories
sudo apt update
sudo apt install -y mysql-server
sudo systemctl enable --now mysql
sudo systemctl status mysql --no-pagerRun the secure installation script to set a root password, remove test databases, and disallow anonymous users:
sudo mysql_secure_installationDepending on the distribution, the MySQL root user may authenticate via socket (no password) or via a password. If you need password authentication, set it explicitly after logging in with sudo:
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'StrongRootPass#2025';
FLUSH PRIVILEGES;
EXIT;Option B: Install Latest MySQL 8 via Official APT Repository
For the most recent MySQL GA release and tools like MySQL Shell, use the Oracle APT repo:
wget https://dev.mysql.com/get/mysql-apt-config_0.8.29-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.29-1_all.deb # Select MySQL Server & Tools
sudo apt update
sudo apt install -y mysql-server
sudo systemctl enable --now mysqlReplace the version of the APT config package with the latest from dev.mysql.com. Then run the secure installation as shown earlier.
Install MySQL on RHEL/CentOS/Rocky/AlmaLinux
RHEL-like systems may ship MariaDB by default. To ensure you’re installing MySQL, use the MySQL Yum repository or the AppStream module if available.
Option A: Use Official MySQL Yum/DNF Repository
# Download and install the MySQL repo package (example for EL8/EL9)
sudo dnf install -y https://dev.mysql.com/get/mysql80-community-release-el9-1.noarch.rpm
sudo dnf module disable -y mysql mariadb || true
sudo dnf clean all
sudo dnf install -y mysql-community-server
sudo systemctl enable --now mysqld
sudo systemctl status mysqld --no-pagerOn first start, MySQL may generate a temporary root password in the log. Retrieve it and then run the secure installation:
sudo grep 'temporary password' /var/log/mysqld.log
sudo mysql_secure_installationOption B: Use AppStream Module (If MySQL 8 Is Available)
sudo dnf module list mysql
sudo dnf module enable -y mysql:8.0
sudo dnf install -y @mysql
sudo systemctl enable --now mysqldConfirm the service is running and secure it as above.
Initial Configuration and Best Practices
Create a Database and a Least-Privilege User
Use a dedicated user per application with minimal privileges. Replace placeholders with your values.
sudo mysql -u root -p
-- Inside MySQL shell:
CREATE DATABASE appdb CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongAppPass#2025';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Authentication Plugin Considerations
MySQL 8 defaults to caching_sha2_password. Some older clients only support mysql_native_password. If needed, set it per user (not globally) to avoid weakening security for all accounts:
ALTER USER 'appuser'@'localhost'
IDENTIFIED WITH mysql_native_password BY 'StrongAppPass#2025';
FLUSH PRIVILEGES;Enable Remote Access (Optional)
Allow remote access only when necessary and restrict by IP. Update bind-address and firewall accordingly.
- Ubuntu/Debian config file: /etc/mysql/mysql.conf.d/mysqld.cnf
- RHEL-like config file: /etc/my.cnf or /etc/my.cnf.d/mysqld.cnf
# In the [mysqld] section:
bind-address = 0.0.0.0
# or comment the bind-address line to listen on all interfacesRestart MySQL and create a user restricted to your application server’s IP:
sudo systemctl restart mysql # Ubuntu/Debian
# or
sudo systemctl restart mysqld # RHEL-like
sudo mysql -u root -p
CREATE USER 'appuser'@'203.0.113.10' IDENTIFIED BY 'StrongAppPass#2025';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'203.0.113.10';
FLUSH PRIVILEGES;
EXIT;Open Firewall Port 3306 (If Remote Access Needed)
# UFW (Ubuntu):
sudo ufw allow from 203.0.113.10 to any port 3306 proto tcp
# firewalld (RHEL-like):
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="203.0.113.10" port protocol="tcp" port="3306" accept' --permanent
sudo firewall-cmd --reloadUse IP allowlisting instead of opening 3306 to the world. If SELinux is enforcing, allow MySQL to connect over the network where relevant:
# Example SELinux adjustment (if needed for network access):
sudo setsebool -P mysql_connect_any 1Verify Installation and Troubleshoot Quickly
Check Version and Service Health
mysql --version
systemctl status mysql # Ubuntu/Debian
systemctl status mysqld # RHEL-like
# Connect and show databases
mysql -u root -p -e "SHOW DATABASES;"Logs and Common Issues
- Log files: /var/log/mysql/error.log (Ubuntu/Debian), /var/log/mysqld.log (RHEL-like).
- Port in use: Ensure no other service is bound to 3306 (use ss -lntp | grep 3306).
- Auth errors: Confirm the correct plugin, host (e.g., localhost vs %), and password.
- Memory: For small servers, reduce buffer sizes to avoid OOM kills.
Basic Performance Tuning (Safe Defaults)
Start conservatively on small servers and adjust based on workload and the slow query log.
# Add to mysqld section (paths differ by distro)
innodb_buffer_pool_size = 512M
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1
max_connections = 200
thread_cache_size = 50
query_cache_type = 0 # MySQL 8 ignores query cache; ensure disabled
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 1After changes, restart MySQL and monitor performance using SHOW GLOBAL STATUS, slow logs, and application response times.
Backups and Maintenance
Logical Backups (mysqldump/mysqlpump)
# Backup one database
mysqldump -u root -p --routines --triggers --single-transaction appdb > appdb_$(date +%F).sql
# Restore
mysql -u root -p appdb < appdb_YYYY-MM-DD.sqlFor large datasets or point-in-time recovery, consider MySQL Enterprise Backup or Percona XtraBackup (physical backups). Always test restores.
Updates and Patching
- Schedule maintenance windows for minor version upgrades.
- Back up before patching.
- Ubuntu/Debian: sudo apt update && sudo apt upgrade.
- RHEL-like: sudo dnf update or sudo yum update.
- Review release notes for authentication or replication changes.
Secure MySQL for Production
- Run mysql_secure_installation and set strong, unique passwords.
- Disable remote root login; create admin users restricted by IP.
- Use TLS for client connections (configure ssl_cert, ssl_key, ssl_ca in mysqld).
- Grant least privileges; avoid GRANT ALL on *.* for app users.
- Rotate credentials and remove unused accounts/databases.
- Enable slow query log and review regularly.
Real-World Example: App + DB on Separate Servers
- Create app user restricted to the app server’s IP.
- Open port 3306 only for that IP (UFW or firewalld).
- Bind MySQL to 0.0.0.0 and enforce TLS for production traffic.
- Monitor connections with performance_schema and logins in error logs.
- Set consistent server time (NTP) for accurate logs and backups.
When to Choose Managed Hosting or Expert Help
If you’d rather focus on your application than database upkeep, consider managed servers or optimized hosting. YouStable’s hosting plans are tuned for MySQL-based apps and include guidance on secure configuration, performance tuning, and backup strategy—ideal for WordPress, LAMP/LEMP stacks, and SaaS workloads.
Complete Command Cheat Sheet
# Ubuntu/Debian quick install
sudo apt update && sudo apt install -y mysql-server
sudo systemctl enable --now mysql
sudo mysql_secure_installation
# RHEL/CentOS/Rocky/Alma quick install (MySQL repo)
sudo dnf install -y https://dev.mysql.com/get/mysql80-community-release-el9-1.noarch.rpm
sudo dnf module disable -y mysql mariadb || true
sudo dnf install -y mysql-community-server
sudo systemctl enable --now mysqld
sudo mysql_secure_installation
# Create DB and user
sudo mysql -u root -p -e "
CREATE DATABASE appdb;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongAppPass#2025';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;"
# Open firewall for one host (examples)
sudo ufw allow from 203.0.113.10 to any port 3306 proto tcp
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="203.0.113.10" port protocol="tcp" port="3306" accept' --permanent
sudo firewall-cmd --reloadFAQs: Install MySQL on Linux Server
How do I install MySQL on Ubuntu?
Run sudo apt update, then sudo apt install -y mysql-server. Enable and start the service with sudo systemctl enable –now mysql. Finally, secure it with sudo mysql_secure_installation. For the newest MySQL 8, add Oracle’s APT repo from dev.mysql.com before installing.
What is the default MySQL root password on Linux?
On Ubuntu/Debian, root may authenticate via socket (no password) or prompt you to set one during mysql_secure_installation. On RHEL-like systems using the MySQL repo, a temporary root password is logged in /var/log/mysqld.log after first start.
How do I enable remote connections to MySQL?
Edit MySQL config to listen on 0.0.0.0 (bind-address), add a user restricted to your client’s IP, and open port 3306 on the firewall only for that IP. Restart MySQL and test with mysql -h DB_HOST -u USER -p. Always avoid exposing 3306 publicly.
Is MySQL or MariaDB better for Linux servers?
Both are solid. Choose MySQL 8 for the latest Oracle-supported features and broad ecosystem compatibility. Choose MariaDB if you prefer community-driven development or it’s the default in your distro. Verify your application’s driver support before switching.
How can I completely remove MySQL from Linux?
On Ubuntu/Debian: sudo apt purge -y mysql-server mysql-common; then sudo apt autoremove -y and remove residual data in /var/lib/mysql (after backups). On RHEL-like: sudo dnf remove -y mysql* and clean any remaining config files, then delete /var/lib/mysql if appropriate.
How do I reset a lost MySQL root password?
Stop MySQL, start it with –skip-grant-tables, connect without a password, update the root user’s password, then restart normally. Follow official MySQL 8 documentation for exact steps on your distro. Ensure you restrict server access during the process.
What port does MySQL use, and should I change it?
MySQL uses TCP port 3306. You can change it, but security should rely on strong authentication, TLS, firewalls, and IP allowlisting. If you change the port, update firewalls, SELinux, and application connection strings accordingly.
With these steps, you can confidently install MySQL on a Linux server, secure it, and prepare it for production workloads. If you want expert-backed hosting that’s tuned for MySQL and WordPress, YouStable can help you deploy, optimize, and maintain your stack with best practices from day one.
