Database
We use MariaDB on our servers, which is a drop-in replacement with API/ABI compatibility to MySQL.
Note
Wherever on this page you see mysql in a configuration option or CLI command, it’s correct and in the background configures or executes MariaDB. As MariaDB is a drop-in replacement, most config option names + commands remain unchanged.
MariaDB: Default Database per Website
Our website application types already offer the possibility to create a default database per website without any additional configuration. They will
create a MariaDB database dedicated for this website
create a dedicated user for this database
grant full permissions for that user to the corresponding database
The default database per website can be fine-tuned using the Custom JSON Website Level Configuration:
{
"db_charset": "utf8mb4",
"db_collate": "utf8mb4_unicode_ci"
}
The example above shows the default values for the specified configuration options.
Tip
The default databases per website only allow to customize the charset and collation but no other options via Custom JSON Website Level Configuration!
For most setups this will fulfill all requirements. If you really need a customized setup, see MariaDB: Custom Databases for details.
MariaDB: General Information
Access
phpMyAdmin
We provide a central phpMyAdmin installation to access your databases.
Note
To access phpMyAdmin, an Ops One ID is required. For everyone that has access to our Cockpit that is no restriction.
Therefore it’s not intended to let other users interact with your databases via phpMyAdmin by just giving them the link and DB credentials.
SSH tunnel
To access the database with common database tools like MySQL Workbench, create a SSH tunnel to the server and forward the MySQL port. After that, configure your favorite MySQL tool to connect to the forwarded localhost.
ssh -L 3306:localhost:3306 user@remotehost
local
Logged in as the website’s SSH user, simply access your database over the shell:
mysql
TLS
You can connect to all MariaDB databases with TLS enabled. Each server does generate it’s own, self-signed certificate.
To verify the servers identity, you can fetch the corresponding certificate from /etc/mysql/tls.crt by using the devop user (see Generic Admin User).
Backup
The database backups are included in our server Backup and can be restored as described under Restore.
Restore
You can restore MariaDB databases from snapshots with the mysqlrestore command.
mysqlrestore starts a second and temporary MariaDB instance from which data can be restored
the temporary instance runs on a separate port, further details on how to connect are displayed directly on the console
mysqlrestore must be running to work with it - so you need to use a second SSH connection to perform the actual restore operation
MariaDB: Custom Databases
For setups that require additional separate databases or databases with multiple users with different permission levels, you can configure those through the database::databases hash within the Custom JSON Server Level Configuration.
Warning
These configurations are for custom setups only. Usually, it is sufficient to select your desired database within the Website configuration in the Cockpit.
Configuring custom databases and permissions is flexible, but also comes with the risk of sharp edges. So make sure if you really need this.
Available Options
hash name: name of the database to create/configuretype: database type, usemysqluser_password: adds a user with the same name as the database with the given password, granting it all privileges to the created database
Examples
Configure databases through the database::databases hash
within the Custom JSON Server Level Configuration:
{
"database::databases": {
"<database-name-without-user>": {
"type": "mysql"
},
"<database-name-with-user>": {
"type": "mysql",
"user_password": "<cleartext-password>"
}
}
}
Tip
If you add a database without user_password option, you have to configure the desired users and grants by yourself (see below).
For special configurations like external access, you have to configure the desired users and grants by yourself (see below).
Users
You can configure MariaDB users through the database::users hash
within the Custom JSON Server Level Configuration:
{
"database::users": {
"<username>@localhost": {
"password": "<cleartext-password>"
},
"<username>@<remote-hostname>": {
"password": "<cleartext-password>"
}
}
}
Tip
If you add users for remote hosts, also add corresponding Firewall Rules.
Grants
You can configure MariaDB grants through the database::grants hash
within the Custom JSON Server Level Configuration:
{
"database::grants": {
"<username>@localhost": {
"user": "<username>@localhost",
"database": "<database-name>",
"table": "*"
},
"<username>@<remote-hostname>": {
"user": "<username>@<remote-hostname>",
"database": "<database-name>",
"table": "*"
},
"<username-for-specific-table>@<remote-hostname>": {
"user": "<username-for-specific-table>@<remote-hostname>",
"database": "<database-name>",
"table": "<specific-table-name>"
},
"<username-for-specific-table-with-privileges>@<remote-hostname>": {
"user": "<username-for-specific-table>@<remote-hostname>",
"database": "<database-name>",
"table": "<specific-table-name>",
"privileges": [
"SELECT",
"INSERT"
]
}
}
}
Warning
If you want to limit a user’s priviledges to a table specifically, make sure to create that table before adding the grant!
Charsets and Collations
Custom Databases also allow for configuration of the used charset and collation on a per-database level:
{
"database::databases": {
"<database-name>": {
"type": "mysql",
"charset": "utf8mb4",
"collate": "utf8mb4_unicode_ci",
}
}
}
MariaDB: Global Service Configuration
In addition to configuring additional databases, users and grants, you can also influence the configuration of the MariaDB service on your server.
Warning
This will directly affect the MariaDB server configuration. We have no means to validate your configuration and therefore cannot guarantee anything if you change the configuration.
Please make sure that you know what you’re doing and contact us beforehand if you have any questions.
Configuration Options
You can set custom MariaDB configuration options through the
database::wrapper::mysql::options hash
within the Custom JSON Server Level Configuration:
{
"database::wrapper::mysql::options": {
"ft_min_word_len": 1
}
}
Slow Query Log
The MariaDB slow query log is disabled by default.
You can activate the slow query log in the Custom JSON Server Level Configuration:
{
"database::wrapper::mysql::options": {
"slow_query_log": "1",
"long_query_time": "5",
"slow_query_log_file": "/var/log/mysql/slow.log"
}
}
In this example, all queries longer than 5 seconds are logged to /var/log/mysql/slow.log.
You can now access the log with the devop user (see Generic Admin User).
Keep in mind that if you name the log differently, you may not be able to read the log.
Binary Logging
The MariaDB binary log is disabled by default.
You can activate the binary log in the Custom JSON Server Level Configuration:
{
"database::wrapper::mysql::logbin": true
}
Keep in mind that binary logging can take up a lot of diskspace.
Rollback with binary logging is possible by using mariadb-binlog:
start-datetime: time of the last nightly dumpstop-datetime: required restore point
mariadb-binlog --start-datetime="2025-07-03 14:00:00" --stop-datetime="2025-07-03 14:15:00" /var/log/mysql/mysql-bin.* | mysql database
Tip
The binary logs belong to mysql. To ensure that you can read binary logs, you must use the Generic Admin User and execute puppet-agent which, if necessary, corrects the permissions.
Solr
We provide Solr as Managed Service. Setup is individual according to your needs.
Get in touch with us for further details.
PostgreSQL
We provide PostgreSQL as Managed Service. Setup is individual according to your needs.
Get in touch with us for further details.
Elasticsearch
We provide Elasticsearch as Managed Service. Setup is individual according to your needs.
Get in touch with us for further details.