How to Install MySQL on Debian 11

Debian 11 (Bullseye) is a widely respected Linux distribution known for its stability and commitment to free software, making it a solid choice for deploying MySQL database servers. This tutorial will provide a comprehensive walkthrough for installing MySQL Community Server on a Debian 11 system. We will cover updating your system’s package sources, installing the MySQL server packages, performing the essential security hardening steps, and managing the MySQL service. For organizations seeking advanced server management, optimization, or robust Linux Server Support, professional services can offer valuable expertise.

MySQL is a leading open-source relational database management system (RDBMS), forming the critical data persistence layer for a vast array of web applications and software services. By following this guide, you will establish a secure, functional, and correctly configured MySQL installation on your Debian 11 server.

Prerequisites

• A server running Debian 11 (Bullseye).
• A non-root user account with sudo privileges.
• Access to a terminal or command-line interface (CLI).

Before you begin, ensure your Debian 11 system is fully up-to-date and that you have a sudo-enabled user. Standard Debian initial server setup guides can provide instructions on these preliminary configurations if necessary.

Step 1 — Updating Package Index

Keeping your system’s package list current is a fundamental first step before installing any new software. This ensures that your system is aware of the latest available package versions and their dependencies, which helps prevent potential conflicts and ensures you install the most recent security updates.

sudo apt update

Optionally, you can also upgrade your currently installed packages, though this is not strictly required before installing MySQL if you have just updated the package index:

sudo apt upgrade

Step 2 — Installing MySQL

MySQL server packages are available directly from Debian 11’s default APT repositories. You can install the mysql-server package, which typically includes mysql-community-server (often MySQL 8.0 or a similar stable version) and all its necessary dependencies for a standard installation.

sudo apt install mysql-server

During the installation process on Debian 11, MySQL is usually configured to use the auth_socket authentication plugin for the root MySQL user by default. This plugin enhances security by allowing authentication based on the operating system user connecting via a local Unix socket. This means you can initially connect as the MySQL root user by prefixing your command with sudo (e.g., sudo mysql) without needing a separate MySQL root password.

Once the installation is successfully completed, the MySQL service should start automatically. You can verify its operational status using systemctl:

sudo systemctl status mysql

The output should clearly indicate that the service is active (running).

Step 3 — Securing MySQL

MySQL provides an essential security script named mysql_secure_installation. Running this script immediately after installation is critical for hardening your MySQL server. It guides you through several important security configurations, including setting up the VALIDATE PASSWORD component (to enforce strong password policies), changing the root password (particularly if you plan to switch from auth_socket to traditional password-based authentication for the root user), removing anonymous user accounts, disallowing remote root logins, and removing the default test database.

Execute the script with sudo privileges:

sudo mysql_secure_installation

The script will interactively prompt you for the following configurations:

1. VALIDATE PASSWORD COMPONENT: The script will first ask if you wish to enable the VALIDATE PASSWORD component. Enabling this feature is highly recommended for production environments as it enforces password complexity rules, making your database more resilient against brute-force attacks. If you choose to enable it, you will be prompted to select a password validation policy level: 0 (LOW), 1 (MEDIUM), or 2 (STRONG).
2. Set Root Password: You will then be prompted to set a password for the MySQL root user.
   • Important Note on auth_socket: If you intend to continue using the auth_socket plugin for the root user (which allows passwordless access for the system root user via sudo mysql), setting a password here might seem unnecessary for local sudo access. However, it is still a good security practice to set a strong password. If you later decide to enable traditional password authentication for the MySQL root user, you would need to alter the user within the MySQL monitor: ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY 'your_new_strong_password'; FLUSH PRIVILEGES;
3. Remove anonymous users? (Strongly Recommended: Yes) Anonymous users can pose a security risk and should be removed from production servers.
4. Disallow root login remotely? (Strongly Recommended: Yes) This is a critical security measure that restricts the MySQL root user from connecting from any host other than localhost, significantly reducing the attack surface.
5. Remove test database and access to it? (Strongly Recommended: Yes) The test database is provided for development and testing purposes only and should be removed from any production MySQL server.
6. Reload privilege tables now? (Strongly Recommended: Yes) This action ensures that all the security changes you have made are applied immediately and take effect.

Successfully completing these steps is fundamental for establishing a secure MySQL deployment. For organizations with stringent security requirements or those needing ongoing database administration, consider engaging with professional MySQL support services for expert guidance.

Step 4 — Testing MySQL

After executing mysql_secure_installation, it is essential to test your ability to connect to the MySQL server. If the auth_socket plugin is still active for the root user (which is the default behavior on Debian 11), you can connect to MySQL using the following command:

sudo mysql

If you have reconfigured the root user to use password-based authentication (e.g., with mysql_native_password), you would connect using:

mysql -u root -p

You will then be prompted to enter the root password you set.

Once successfully connected, you will be greeted by the MySQL monitor prompt (mysql>). You can execute a simple test query, such as checking the server version or listing the available databases:

SELECT VERSION();
SHOW DATABASES;

To exit the MySQL monitor, type:

EXIT;

Step 5 — Managing the MySQL Service

The MySQL service on Debian 11 is managed using the systemctl command-line utility.

• Start MySQL Service:
  bash
sudo systemctl start mysql
• Stop MySQL Service:
  bash
sudo systemctl stop mysql
• Restart MySQL Service:
  bash
sudo systemctl restart mysql
• Check MySQL Service Status:
  bash
sudo systemctl status mysql
• Enable MySQL Service on Boot: (This is typically configured automatically during the installation process)
  bash
sudo systemctl enable mysql
• Disable MySQL Service on Boot:
  bash
sudo systemctl disable mysql

Conclusion

You have now successfully installed and secured MySQL on your Debian 11 (Bullseye) server. Your database system is primed and ready to support your applications with a reliable and robust data storage solution. It is crucial to remember the importance of implementing regular data backup strategies and consistently keeping your operating system and MySQL packages updated to maintain optimal security and performance.

For further information, advanced configurations, and related guides, you may find the following resources particularly helpful:

• How to Install MySQL on Debian 12
• How to Install MySQL on Ubuntu 22.04 LTS
• How to Install MySQL on Rocky Linux 8
• Return to the main How to Install MySQL series overview.

Effective and proactive database administration is paramount for ensuring application reliability, data integrity, and robust security. If your organization requires specialized assistance with database management, performance tuning, or is considering comprehensive Managed IT Services, Medha Cloud offers a diverse range of solutions tailored to support your infrastructure needs. Additionally, for Managed Service Providers (MSPs) seeking to expand their service portfolio, Medha Cloud provides white-label managed IT services, enabling you to enhance your offerings under your own distinct brand.