Knowledge

How to install MySQL on Ubuntu

#Databases

Install the latest MySQL on Ubuntu, secure it, and create your first database and user — the right way, from the official MySQL repository.

Published by Mark van Eijk on June 30, 2026 · 2 minute read

  1. Add the official MySQL repository
  2. Install MySQL
  3. Secure the installation
  4. Create a database and user
  5. Allow remote connections (only if you need them)
  6. Next steps
  7. Let Rocketeers handle it

Ubuntu ships MySQL in its repositories, but it's often an older release. To run a current, supported MySQL, install it from MySQL's own apt repository. Here's the full path from a fresh server to a database your application can connect to.

Add the official MySQL repository

Import MySQL's signing key and add the repository for the current LTS release:

sudo apt-get install -y dirmngr gnupg
echo "deb http://repo.mysql.com/apt/ubuntu $(lsb_release -sc) mysql-8.0-lts" \
  | sudo tee /etc/apt/sources.list.d/mysql.list

Pin it so apt prefers MySQL's packages over Ubuntu's:

printf 'Package: mysql*\nPin: origin repo.mysql.com\nPin-Priority: 1001\n' \
  | sudo tee /etc/apt/preferences.d/mysql

Install MySQL

DEBIAN_FRONTEND=noninteractive sudo apt-get update
DEBIAN_FRONTEND=noninteractive sudo apt-get install -y mysql-server mysql-client

Start it and enable it on boot:

sudo systemctl enable --now mysql

Secure the installation

A fresh MySQL has test databases, anonymous access, and a passwordless root. Lock it down:

sudo mysql_secure_installation

Set a strong root password, remove the anonymous users, disallow remote root login, and drop the test database when prompted.

Create a database and user

Never let your application connect as root. Open a MySQL prompt:

sudo mysql

Then create a dedicated database and user with privileges only on that database:

CREATE DATABASE myapp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'a-strong-password';
GRANT ALL PRIVILEGES ON `myapp`.* TO 'myapp'@'localhost';
FLUSH PRIVILEGES;

If you hit ERROR 1045 Access denied, the username, password, or host doesn't match what you granted — see access denied for user.

Allow remote connections (only if you need them)

By default MySQL listens on localhost only, which is the safest setting when the database and app share a server. If a separate application server needs access, bind to all interfaces in a config file:

# /etc/mysql/conf.d/networking.cnf
[mysqld]
bind-address = 0.0.0.0

Then create the user with the '%' host and restart MySQL:

CREATE USER 'myapp'@'%' IDENTIFIED BY 'a-strong-password';
GRANT ALL PRIVILEGES ON `myapp`.* TO 'myapp'@'%';
FLUSH PRIVILEGES;

Only do this behind a firewall that restricts which IPs can reach port 3306. An open MySQL port is one of the fastest ways to get a server compromised.

Next steps

Now you can import a database from the command line, export one, and start thinking about backups and performance tuning. On a busy server you'll eventually meet too many connections — worth knowing about before it happens. Prefer Postgres? See installing PostgreSQL with pgvector.

Let Rocketeers handle it

Adding the right repository, pinning packages, securing the defaults, raising file-descriptor limits, and creating databases and scoped users by hand is a lot of careful steps to get exactly right — and easy to leave half-done. Rocketeers installs and secures MySQL during provisioning and creates databases and users on demand, with credentials stored safely, so you skip straight to using the database.

Subscribe to our newsletter

Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now!