EIVUS

MySQL and MariaDB on Your Server

Install, tune, and secure MySQL or MariaDB for production.

Back to blog

Both are compatible for most apps; MariaDB often has newer features. Tune buffer pool, connections, and query cache. Use dedicated storage and backups. Restrict network access and use strong passwords and encryption.

Compatibility and choice

  • Compatibility: MariaDB is a fork of MySQL; for most apps they are drop-in compatible. Check your app's docs and any MySQL-specific features (e.g. plugins, auth). For new projects, MariaDB often has newer features and active development.
  • Versions: Use a supported major version (e.g. MySQL 8, MariaDB 10.6+). Stay on the same major across environments (dev/staging/prod) to avoid surprises.
  • Install: Use distro packages or official repos. Prefer the vendor's repo for latest stable and security updates.

Tuning

  • Buffer pool (InnoDB): innodb_buffer_pool_size — main memory for data and indexes. Often 50–70% of RAM on a dedicated DB server. Don't over-allocate or the OS will swap.
  • Connections: max_connections — set to what your app needs plus headroom. Each connection uses memory. Use connection pooling in the app to avoid exhausting connections.
  • Query cache (MySQL 5.x): Deprecated in MySQL 8; if on older MySQL, can help read-heavy workloads. MariaDB has different caching. Prefer application-level caching (Redis, Memcached) for scale.
  • Storage: Use SSD or fast NVMe for data dir. Separate disk for binlogs if you have heavy write load. RAID and backups on separate storage.

Security

  • Network: Bind to private IP only; do not expose 3306 to the internet. Restrict with firewall (allow only app servers). Use TLS for client connections if they cross untrusted networks.
  • Users: Create dedicated users per app with minimal privileges (e.g. SELECT/INSERT/UPDATE on specific DBs). No root from remote. Strong passwords; consider password policy plugin.
  • Encryption: Encrypt data at rest if required (disk or tablespace encryption). Encrypt replication and client connections (TLS).

Backups and recovery

  • Logical backups: mysqldump or mariabackup for full or per-DB dumps. Schedule daily; retain off-site. Test restore regularly.
  • Physical / snapshot: Filesystem snapshots or provider snapshots while DB is consistent (flush tables or use backup tool that coordinates). Faster restore for large DBs.
  • Replication: Use replica for read scaling or as backup source. Secure replication user and channel (TLS). Monitor lag.

Summary

MySQL and MariaDB are compatible for most apps; MariaDB often has newer features. Tune buffer pool, connections, and storage. Use dedicated storage and backups; restrict network access; strong passwords and encryption.

Clients who trust us