Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-27 07:17:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2987f2fa923f40deded7c8ad00e2f940b9e005d4
containers/bitnami/mysql
History

README.md

Bitnami Secure Image for MySQL

MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications.

Overview of MySQL Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

docker run --name mysql -e ALLOW_EMPTY_PASSWORD=yes bitnami/mysql:latest

Why use Bitnami Secure Images?

Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?

  • Hardened secure images of popular open source software with Near-Zero Vulnerabilities
  • Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
  • Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
  • Software supply chain provenance attestation through in-toto
  • First class support for the internets favorite Helm charts

Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.

Alt text Alt text

If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.

How to deploy MySQL in Kubernetes?

Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami MySQL Chart GitHub repository.

Why use a non-root container?

Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.

Supported tags and respective Dockerfile links

Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.

Get this image

The recommended way to get the Bitnami MySQL Docker Image is to pull the prebuilt image from the Docker Hub Registry.

docker pull bitnami/mysql:latest

To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.

docker pull bitnami/mysql:[TAG]

If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.

git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t bitnami/APP:latest .

Using docker-compose.yaml

Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated Bitnami Helm chart.

Persisting your database

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/mysql/data path. If the mounted directory is empty, it will be initialized on the first run.

Note

As this is a non-root container, the mounted files and directories must have the proper permissions for the UID 1001.

Connecting to other containers

Using Docker container networking, a MySQL server running inside a container can easily be accessed by your application containers.

Containers attached to the same network can communicate with each other using the container name as the hostname.

Configuration

The following section describes the supported environment variables

Environment variables

The following tables list the main variables you can set.

Customizable environment variables

Name Description Default Value
ALLOW_EMPTY_PASSWORD Allow MySQL access without any password. no
MYSQL_AUTHENTICATION_PLUGIN MySQL authentication plugin to configure during the first initialization. nil
MYSQL_ROOT_USER MySQL database root user. root
MYSQL_ROOT_PASSWORD MySQL database root user password. nil
MYSQL_USER MySQL database user to create during the first initialization. nil
MYSQL_PASSWORD Password for the MySQL database user to create during the first initialization. nil
MYSQL_DATABASE MySQL database to create during the first initialization. nil
MYSQL_MASTER_HOST Address for the MySQL master node. nil
MYSQL_MASTER_PORT_NUMBER Port number for the MySQL master node. 3306
MYSQL_MASTER_ROOT_USER MySQL database root user of the master host. root
MYSQL_MASTER_ROOT_PASSWORD Password for the MySQL database root user of the the master host. nil
MYSQL_MASTER_DELAY MySQL database replication delay. 0
MYSQL_REPLICATION_USER MySQL replication database user. nil
MYSQL_REPLICATION_PASSWORD Password for the MySQL replication database user. nil
MYSQL_PORT_NUMBER Port number to use for the MySQL Server service. nil
MYSQL_REPLICATION_MODE MySQL replication mode. nil
MYSQL_REPLICATION_SLAVE_DUMP Make a dump on master and update slave MySQL database false
MYSQL_EXTRA_FLAGS Extra flags to be passed to start the MySQL Server. nil
MYSQL_INIT_SLEEP_TIME Sleep time when waiting for MySQL init configuration operations to finish. nil
MYSQL_CHARACTER_SET MySQL collation to use. nil
MYSQL_COLLATE MySQL collation to use. nil
MYSQL_BIND_ADDRESS MySQL bind address. nil
MYSQL_SQL_MODE MySQL Server SQL modes to enable. nil
MYSQL_UPGRADE MySQL upgrade option. AUTO
MYSQL_IS_DEDICATED_SERVER Whether the MySQL Server will run on a dedicated node. nil
MYSQL_CLIENT_ENABLE_SSL Whether to force SSL for connections to the MySQL database. no
MYSQL_CLIENT_SSL_CA_FILE Path to CA certificate to use for SSL connections to the MySQL database server. nil
MYSQL_CLIENT_SSL_CERT_FILE Path to client public key certificate to use for SSL connections to the MySQL database server. nil
MYSQL_CLIENT_SSL_KEY_FILE Path to client private key to use for SSL connections to the MySQL database server. nil
MYSQL_CLIENT_EXTRA_FLAGS Whether to force SSL connections with the "mysql" CLI tool. Useful for applications that rely on the CLI instead of APIs. no
MYSQL_STARTUP_WAIT_RETRIES Number of retries waiting for the database to be running. 300
MYSQL_STARTUP_WAIT_SLEEP_TIME Sleep time between retries waiting for the database to be running. 2
MYSQL_ENABLE_SLOW_QUERY Whether to enable slow query logs. 0
MYSQL_LONG_QUERY_TIME How much time, in seconds, defines a slow query. 10.0

Read-only environment variables

Name Description Value
DB_FLAVOR SQL database flavor. Valid values: mariadb or mysql. mysql
DB_BASE_DIR Base path for MySQL files. ${BITNAMI_ROOT_DIR}/mysql
DB_VOLUME_DIR MySQL directory for persisted files. ${BITNAMI_VOLUME_DIR}/mysql
DB_DATA_DIR MySQL directory for data files. ${DB_VOLUME_DIR}/data
DB_BIN_DIR MySQL directory where executable binary files are located. ${DB_BASE_DIR}/bin
DB_SBIN_DIR MySQL directory where service binary files are located. ${DB_BASE_DIR}/bin
DB_CONF_DIR MySQL configuration directory. ${DB_BASE_DIR}/conf
DB_DEFAULT_CONF_DIR MySQL default configuration directory. ${DB_BASE_DIR}/conf.default
DB_LOGS_DIR MySQL logs directory. ${DB_BASE_DIR}/logs
DB_TMP_DIR MySQL directory for temporary files. ${DB_BASE_DIR}/tmp
DB_CONF_FILE Main MySQL configuration file. ${DB_CONF_DIR}/my.cnf
DB_PID_FILE MySQL PID file. ${DB_TMP_DIR}/mysqld.pid
DB_SOCKET_FILE MySQL Server socket file. ${DB_TMP_DIR}/mysql.sock
DB_DAEMON_USER Users that will execute the MySQL Server process. mysql
DB_DAEMON_GROUP Group that will execute the MySQL Server process. mysql
MYSQL_DEFAULT_PORT_NUMBER Default port number to use for the MySQL Server service. 3306
MYSQL_DEFAULT_CHARACTER_SET Default MySQL character set. utf8mb4
MYSQL_DEFAULT_BIND_ADDRESS Default MySQL bind address. 0.0.0.0

Initializing a new instance

The container can execute custom files on the first start and on every start. Files with extensions .sh, .sql and .sql.gz are supported.

  • Files in /docker-entrypoint-initdb.d will only execute on the first container start.
  • Files in /docker-entrypoint-startdb.d will execute on every container start.

In order to have your custom files inside the docker image you can mount them as a volume.

Take into account those scripts are treated differently depending on the extension. While the .sh scripts are executed in all the nodes; the .sql and .sql.gz scripts are only executed in the master nodes. The reason behind this differentiation is that the .sh scripts allow adding conditions to determine what is the node running the script, while these conditions can't be set using .sql nor sql.gz files. This way it is possible to cover different use cases depending on their needs.

Note

If you are importing large databases, it is recommended to import them as .sql instead of .sql.gz, as the latter one needs to be decompressed on the fly and not allowing for additional optimizations to import large files.

Setting the root password on first run

The root user and password can easily be setup with the Bitnami MySQL Docker image using the following environment variables:

  • MYSQL_ROOT_USER: The database admin user. Defaults to root.
  • MYSQL_ROOT_PASSWORD: The database admin user password. No defaults.

Passing the MYSQL_ROOT_PASSWORD environment variable when running the image for the first time will set the password of the MYSQL_ROOT_USER user to the value of MYSQL_ROOT_PASSWORD.

Warning The MYSQL_ROOT_USER user is always created with remote access. It's suggested that the MYSQL_ROOT_PASSWORD env variable is always specified to set a password for the MYSQL_ROOT_USER user. In case you want to allow the MYSQL_ROOT_USER user to access the database without a password set the environment variable ALLOW_EMPTY_PASSWORD=yes. This is recommended only for development.

Allowing empty passwords

By default the MySQL image expects all the available passwords to be set. In order to allow empty passwords, it is necessary to set the ALLOW_EMPTY_PASSWORD=yes env variable. This env variable is only recommended for testing or development purposes. We strongly recommend specifying the MYSQL_ROOT_PASSWORD for any other scenario.

Setting character set and collation

It is possible to configure the character set and collation used by default by the database with the following environment variables:

  • MYSQL_CHARACTER_SET: The default character set to use. Default: utf8
  • MYSQL_COLLATE: The default collation to use. Default: utf8_general_ci

Creating a database on first run

By passing the MYSQL_DATABASE environment variable when running the image for the first time, a database will be created. This is useful if your application requires that a database already exists, saving you from having to manually create the database using the MySQL client.

Creating a database user on first run

You can create a restricted database user that only has permissions for the database created with the MYSQL_DATABASE environment variable. To do this, provide the MYSQL_USER environment variable and to set a password for the database user provide the MYSQL_PASSWORD variable. MySQL supports different authentication mechanisms, such as caching_sha2_password or mysql_native_password. To set it, use the MYSQL_AUTHENTICATION_PLUGIN variable.

Note! The root user will be created with remote access and without a password if ALLOW_EMPTY_PASSWORD is enabled. Please provide the MYSQL_ROOT_PASSWORD env variable instead if you want to set a password for the root user.

Setting up a replication cluster

A zero downtime MySQL master-slave replication cluster can easily be setup with the Bitnami MySQL Docker image using the following environment variables:

  • MYSQL_REPLICATION_MODE: The replication mode. Possible values master/slave. No defaults.
  • MYSQL_REPLICATION_USER: The replication user created on the master on first run. No defaults.
  • MYSQL_REPLICATION_PASSWORD: The replication users password. No defaults.
  • MYSQL_MASTER_HOST: Hostname/IP of replication master (slave parameter). No defaults.
  • MYSQL_MASTER_PORT_NUMBER: Server port of the replication master (slave parameter). Defaults to 3306.
  • MYSQL_MASTER_ROOT_USER: User on replication master with access to MYSQL_DATABASE (slave parameter). Defaults to root
  • MYSQL_MASTER_ROOT_PASSWORD: Password of user on replication master with access to MYSQL_DATABASE (slave parameter). No defaults.
  • MYSQL_MASTER_DELAY: The database replication delay (slave parameter). Defaults to 0.

In a replication cluster you can have one master and zero or more slaves. When replication is enabled the master node is in read-write mode, while the slaves are in read-only mode. For best performance its advisable to limit the reads to the slaves.

Configuration file

The image looks for user-defined configurations in /opt/bitnami/mysql/conf/my_custom.cnf. Create a file named my_custom.cnf and mount it at /opt/bitnami/mysql/conf/my_custom.cnf.

Refer to the MySQL server option and variable reference guide for the complete list of configuration options.

Overwrite the main Configuration file

It is also possible to use your custom my.cnf and overwrite the main configuration file.

FIPS configuration in Bitnami Secure Images

The Bitnami MySQL Docker image from the Bitnami Secure Images catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:

  • OPENSSL_FIPS: whether OpenSSL runs in FIPS mode or not. yes (default), no.

Customize this image

The Bitnami MySQL Docker image is designed to be extended so it can be used as the base image for your custom configuration.

Extend this image

Before extending this image, please note there are certain configuration settings you can modify using the original image:

  • Settings that can be adapted using environment variables. For instance, you can change the ports used by MySQL, by setting the environment variables MYSQL_PORT_NUMBER or the character set using MYSQL_CHARACTER_SET respectively.

If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below:

FROM bitnami/mysql
### Put your customizations below
...

Logging

The Bitnami MySQL Docker image sends the container logs to the stdout. To view the logs:

docker logs mysql

or using Docker Compose:

docker-compose logs mysql

To increase the verbosity on initialization or add extra debug information, you can assign the BITNAMI_DEBUG environment variable to true.

You can configure the containers logging driver using the --log-driver option if you wish to consume the container logs differently. In the default configuration docker uses the json-file driver.

Slow query logs

By default MySQL doesn't enable slow query log to record the SQL queries that take a long time to perform. You can modify these settings using the following environment variables:

  • MYSQL_ENABLE_SLOW_QUERY: Whether to enable slow query logs. Default: 0
  • MYSQL_LONG_QUERY_TIME: How much time, in seconds, defines a slow query. Default: 10.0

Slow queries information is logged to the <data-dir>/<hostname>-slow.log file by default, and you can easily check it with the mysqldumpslow tool (link to docs).

Slow filesystems

In some platforms, the filesystem used for persistence could be slow. That could cause the database to take extra time to be ready. If that's the case, you can configure the MYSQL_INIT_SLEEP_TIME environment variable to make the initialization script to wait extra time (in seconds) before proceeding with the configuration operations.

Notable Changes

8.0.37-debian-12-r6, 8.3.0-debian-12-r15, 8.4.0-debian-12-r7

  • Upgrade level can be set by MYSQL_UPGRADE env var. By default this variable is set to AUTO.

5.7.36-debian-10-r36, 8.0.27-debian-10-r35, 5.7.41-r10-debian-11 and 8.0.32-r10-debian-11

  • The command mysql_upgrade no longer includes the flag --force. Nonetheless, it can be enabled by using the [mysql_upgrade] option group in the MariaDB configuration.

5.7.30-debian-10-r32 and 8.0.20-debian-10-r29

  • This image has been adapted so it's easier to customize. See the Customize this image section for more information.

5.7.23-r52 and 8.0.12-r34

  • Decrease the size of the container. It is not necessary Node.js anymore. MySQL configuration moved to bash scripts in the rootfs/ folder.
  • The recommended mount point to persist data changes to /bitnami/mysql/data.
  • The MySQL configuration files are not persisted in a volume anymore. Now, they can be found at /opt/bitnami/mysql/conf.
  • Backwards compatibility is not guaranteed when data is persisted using docker-compose. You can use the workaround below to overcome it:
$ docker-compose down
## Change the mount point
sed -i -e 's#mysql_data:/bitnami#mysql_data:/bitnami/mysql/data#g' docker-compose.yml
## Pull the latest bitnami/mysql image
$ docker pull bitnami/mysql:latest
$ docker-compose up -d

5.7.22-r18 and 8.0.11-r16

  • The MySQL container has been migrated to a non-root user approach. Previously the container ran as the root user and the MySQL daemon was started as the mysql user. From now on, both the container and the MySQL daemon run as user 1001. As a consequence, the data directory must be writable by that user. You can revert this behavior by changing USER 1001 to USER root in the Dockerfile.

5.7.21-r6

  • The MySQL conf file is not in a persistent volume by default.

  • The user is able to specify a custom file in the default location '/opt/bitnami/mysql/conf/my.cnf'.

5.7.17-r4

  • MYSQL_MASTER_USER has been renamed to MYSQL_MASTER_ROOT_USER
  • MYSQL_MASTER_PASSWORD has been renamed to MYSQL_MASTER_ROOT_PASSWORD
  • MYSQL_ROOT_USER has been added to the available env variables. It can be used to specify the admin user.
  • ALLOW_EMPTY_PASSWORD has been added to the available env variables. It can be used to allow blank passwords for MySQL.
  • By default the MySQL image requires a root password to start. You can specify it using the MYSQL_ROOT_PASSWORD env variable or disable this requirement by setting the ALLOW_EMPTY_PASSWORD env variable to yes (testing or development scenarios).

License

Copyright © 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Reference in New Issue View Git Blame Copy Permalink