A futuristic server room with a glowing MySQL database icon floating above a sleek Debian-based Linux terminal. The terminal screen displays MySQL installation commands in a cyberpunk-style blue and green glow. The background features softly illuminated circuit patterns, symbolizing database connectivity and open-source technology. The atmosphere is clean, professional, and slightly futuristic.

How to Install MySQL on Debian – A Step-by-Step Guide

Author:
Željko Jagušt
Publish Date:
March 21, 2025
Estimated Reading Time:
12 minutes

MySQL is one of the most popular open-source relational database management systems, commonly used for web applications and data-driven projects. If you are using a Debian-based Linux distribution, setting up MySQL on Debian is a straightforward process. This guide will walk you through each step of installing a standalone MySQL server on Debian, ensuring a smooth and efficient setup. Whether you are a beginner or an experienced administrator, this step-by-step tutorial will help you get MySQL up and running quickly.

Introduction

As one of the most powerful and widely used relational database management systems, MySQL offers a reliable foundation for web applications, data storage, and enterprise solutions. Whether setting up a new server or reinstalling MySQL, following the proper installation steps will ensure a smooth and secure deployment.

In this guide, we’ll walk you through the entire process of installing MySQL on Debian, from updating your system to configuring the database for first-time use. Whether you’re a beginner or an experienced user, this step-by-step tutorial will help you get MySQL up and running quickly. By the end, you’ll have a fully functional MySQL standalone instance ready to handle your data needs. Let’s get started!

Prerequisites

In this guide, I will show you how to install MySQL on Debian Linux operating system, but you can use any Debian-based Linux distribution to do the same. If you would like to learn how to install and configure a minimal Debian system that would satisfy this guide, then please check our articles that cover the topic:

Debian 11 Server – Minimal Installation Guide

Follow this guide for a Debian 11 Server minimal installation, providing a solid foundation for any server setup or project you want to build.

Debian 11 Server – Initial Customization Guide

Discover introductory steps to streamline performance, security, and administration in our Debian Server Initial Customization guide.

I will be using Percona Server for MySQL as my database solution. It is an alternative to MySQL’s community version, offering enhanced performance, scalability, and security. I have relied on it for both my personal and professional projects for many years, and it has consistently delivered excellent results. Additionally, I know that it powers one of the top five most visited websites in the world.

MySQL on Debian – Percona Repository

Percona has a dedicated APT repository suitable for any DEB-based Linux distribution. To set it up, Percona also provides a CLI tool, percona-release, which must be installed first.

To install the percona-release CLI tool, please execute the following in the console:

cd /tmp
curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb

Execute the following to install the DEB package:

apt install ./percona-release_latest.generic_all.deb

Once the installation is complete, you will see a message telling you that no repositories containing Percona products or distributions are enabled. You have the option to enable Percona distribution repositories or individual product repositories. Since we only want Percona MySQL server version 8.0, the following command will enable just that:

percona-release setup ps80

The command above will set the repository configuration file at /etc/apt/sources.list.d/percona-ps-80-release.list and update the APT catalog.

MySQL on Debian – Percona Server Installation

With the repository configured in the previous step, you can now install the Percona MySQL Server by executing the following command in the console:

apt install -y percona-server-server

During the installation process, you will be prompted to enter the MySQL root user password. Please choose a strong password. You will also need to select a default authentication plugin. The default option is generally good, but please be sure to read the installer message carefully. If you have an application that uses a “legacy” MySQL client or connector, you must choose the legacy authentication method.

Once the installation is complete, you will notice the following message:

 * Percona Server is distributed with several useful UDF (User Defined Function) from Percona Toolkit.
 * Run the following commands to create these functions:

        mysql -e "CREATE FUNCTION fnv1a_64 RETURNS INTEGER SONAME 'libfnv1a_udf.so'"
        mysql -e "CREATE FUNCTION fnv_64 RETURNS INTEGER SONAME 'libfnv_udf.so'"
        mysql -e "CREATE FUNCTION murmur_hash RETURNS INTEGER SONAME 'libmurmur_udf.so'"

This is optional. The UDFs listed will provide faster checksums, but it is up to you whether to install them or not. Not installing them will not affect MySQL server operations in any way.

MySQL on Debian – Post-installation Steps

If you try to access MySQL CLI now, you will have to supply parameters for user and password:

mysql -u root -p

For the remote connection, you will also have to supply the host parameter (-h) and the IP address of the host where MySQL is running:

mysql -h 192.168.100.1 -u root -p

Now, if you are the server administrator (root), you can set a special environment file .my.cnf in your home directory and set the connection parameters there. First, open the file:

vi /root/.my.cnf

And populate it with the following content:

[mysql]
prompt="[\\R:\\m:\\s] {$SERVER_NAME} \\u@\\d> "

[client]
user=root
password=$PASSWD

Please replace $SERVER_NAME with your server’s hostname and $PASSWD with the MySQL root password you set during the MySQL installation. Now you can access MySQL CLI by executing the mysql command without any parameters, and your prompt will look similar to the one below:

mysql
...
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.41-32 Percona Server (GPL), Release '32', Revision 'b8e378ec'

Copyright (c) 2009-2025 Percona LLC and/or its affiliates
Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

[08:51:34] {debian-server-test} root@(none)>

MySQL on Debian – Basic Security Guidelines

As with any other “background/backend” service, you should never “expose” MySQL to listen on any public network. If you are doing so, I am sorry, but you are doing it wrong! Access to the MySQL service should be restricted in the firewall, and grants (database access) should be set using “common sense”; GRANT ALL PRIVILEGES is not a solution! In the following subsections, I will provide some basic pointers on restricting access to your MySQL server.

Bind Address

Once installed, MySQL service will “listen” on port 3306 and all interfaces by default. As mentioned above, that is something we don’t want. Also, since the MySQL version 5.7.12, MySQL includes the X plugin, but it also includes X protocol and X DevApi. The X protocol opens an additional port, 33060. The “X” stands for the eXtended MySQL protocol and has a specific purpose. If you are absolutely positive you require that, you can leave it on; otherwise, it can be disabled.

In this guide, I will show you how to restrict MySQL service to accept requests only from the local network (my local network is 192.168.100.0/24). To do it, open the file /etc/mysql/conf.d/mysql.cnf and populate it with the following content:

[mysqld]

# Disable MySQL-X protocol
mysqlx = 0

bind-address = 192.168.100.1

192.168.100.1 is the IP address for the local network on my server, so please replace it with yours. Once complete, save and close the file and restart the MySQL service:

systemctl restart mysql.service

To verify the change, please execute netstat -lntp | grep 3306 in the console and you should see the similar output as the one below:

netstat -lntp | grep 3306
...
tcp        0      0 192.168.100.1:3306      0.0.0.0:*               LISTEN      9326/mysqld

As you can see, the mysqld protocol is now listening only on my local IP address, 192.168.100.1, and on port 3306.

Firewall

With the bind (listen) address set in the previous section, only the clients from the local network (192.168.100.0/24) can access the MySQL server. Ideally, access to the MySQL server should be allowed only for the clients (servers/computers) that require it.

For the purpose of this guide, let’s assume I have two servers on my network. One is running WordPress, and the other is running my local Wiki instance. They both need access to a MySQL server. The WordPress server has the IP address 192.168.100.20, and the Wiki server has 192.168.100.30. To allow MySQL access only for those two servers, the following firewall rules should be put in place:

iptables -A INPUT -m tcp -p tcp --dport 3306 -s 192.168.100.20 -d 192.168.100.1 -m comment --comment "WP Server MySQL Access" -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 3306 -s 192.168.100.30 -d 192.168.100.1 -m comment --comment "Wiki Server MySQL Access" -j ACCEPT

To restrict access to MySQL from any other computer on your local network, set the following rule:

iptables -A INPUT -m tcp -p tcp --dport 3306 -s 192.168.100.0/24 -d 192.168.100.1 -m comment --comment "Restrict MySQL Access" -j DROP

Last, you should also allow localhost MySQL access:

iptables -I INPUT -i lo -m tcp -p tcp --dport 3306 -m comment --comment "Local MySQL Access" -j ACCEPT

With all the rules in place, you should save them now, so they get applied on the reboot:

iptables-save > /etc/iptables/rules.v4

MySQL Users & Grants

Let’s also consider my WordPress and Wiki servers/clients here. With the firewall rules I created above, those servers will be able to “contact” MySQL server/service. However, they will still be rejected from accessing databases because no grants (MySQL privileges) are set for them.

Let’s consider that I have two databases created in MySQL; wordpress and wiki. I need to define the user first to allow my clients access to those databases. To do so, I need to execute mysql and create the required users:

CREATE USER 'wordpress_user'@'192.168.100.20' IDENTIFIED BY 'new_password';
CREATE USER 'wiki_user'@'192.168.100.30' IDENTIFIED BY 'new_password';

This will create wordpress_user and wiki_user accounts that use the default authentication plugin and the given password. The default authentication plugin for MySQL 8.0 and above is caching_sha2_password, and if you have the “legacy” clients, you can specify the legacy authentication plugin when creating those accounts:

CREATE USER 'wordpress_user'@'192.168.100.20' IDENTIFIED WITH mysql_native_password BY 'new_password';
CREATE USER 'wiki_user'@'192.168.100.30' IDENTIFIED WITH mysql_native_password BY 'new_password';

With users in place, database grants can be defined. Let’s again assume that both users require the same privileges. To create them, I executed the following in the MySQL CLI:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX ON wordpress.* TO 'wordpress_user'@'192.168.100.20';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX ON wiki.* TO 'wiki_user'@'192.168.100.30';

Setting the correct grants will depend on the client (application), so it is best to consult the documentation for the client that needs MySQL access. You should also check the official MySQL GRANTS documentation and familiarize yourself with the grants/privileges/roles specifics.

MySQL on Debian – Conclusion

Setting up MySQL on Debian using the Percona version of MySQL ensures a stable and optimized database environment tailored for performance and reliability. By following the installation steps and implementing essential security measures, you’ve successfully deployed a standalone MySQL server. Configuring the bind address, managing the firewall, and properly setting up users and grants are crucial steps that enhance both accessibility and security, preventing unauthorized access while maintaining efficient database operations.

With MySQL now running on your Debian system, you’re ready to start managing databases, optimizing queries, and ensuring smooth application performance. Whether you’re setting up MySQL for a personal project or a production server, staying up to date with best practices and security enhancements will help maintain a robust and secure database environment.


Spread The Word


Leave a Comment

MONTHLY POLL

What are your preferred resources for learning about system administration?

View Results

Loading ... Loading ...