6.2.5 使用类似 URI 的字符串或键值对连接到服务器
This section describes use of URI-like connection strings or key-value pairs to specify how to establish connections to the MySQL server, for clients such as MySQL Shell. For information on establishing connections using command-line options, for clients such as mysql or mysqldump, see Section 6.2.4, “Connecting to the MySQL Server Using Command Options”. For additional information if you are unable to connect, see Section 8.2.22, “Troubleshooting Problems Connecting to MySQL”.
The term “URI-like” signifies connection-string syntax that is similar to but not identical to the URI (uniform resource identifier) syntax defined by RFC 3986.
The following MySQL clients support connecting to a MySQL server using a URI-like connection string or key-value pairs:
-
MySQL Shell
-
MySQL Connectors which implement X DevAPI
This section documents all valid URI-like string and key-value pair connection parameters, many of which are similar to those specified with command-line options:
-
Parameters specified with a URI-like string use a syntax such as
myuser@example.com:3306/main-schema
. For the full syntax, see Connecting Using URI-Like Connection Strings. -
Parameters specified with key-value pairs use a syntax such as
{user:'myuser', host:'example.com', port:3306, schema:'main-schema'}
. For the full syntax, see Connecting Using Key-Value Pairs.
Connection parameters are not case-sensitive. Each parameter, if specified, can be given only once. If a parameter is specified more than once, an error occurs.
This section covers the following topics:
The following discussion describes the parameters available when specifying a connection to MySQL. These parameters can be provided using either a string that conforms to the base URI-like syntax (see Connecting Using URI-Like Connection Strings), or as key-value pairs (see Connecting Using Key-Value Pairs).
-
scheme
: The transport protocol to use. Usemysqlx
for X Protocol connections andmysql
for classic MySQL protocol connections. If no protocol is specified, the server attempts to guess the protocol. Connectors that support DNS SRV can use themysqlx+srv
scheme (see Connections Using DNS SRV Records). -
user
: The MySQL user account to provide for the authentication process. -
password
: The password to use for the authentication process.WarningSpecifying an explicit password in the connection specification is insecure and not recommended. Later discussion shows how to cause an interactive prompt for the password to occur.
-
host
: The host on which the server instance is running. The value can be a host name, IPv4 address, or IPv6 address. If no host is specified, the default islocalhost
. -
port
: The TCP/IP network port on which the target MySQL server is listening for connections. If no port is specified, the default is 33060 for X Protocol connections and 3306 for classic MySQL protocol connections. -
socket
: The path to a Unix socket file or the name of a Windows named pipe. Values are local file paths. In URI-like strings, they must be encoded, using either percent encoding or by surrounding the path with parentheses. Parentheses eliminate the need to percent encode characters such as the/
directory separator character. For example, to connect asroot@localhost
using the Unix socket/tmp/mysql.sock
, specify the path using percent encoding asroot@localhost?socket=%2Ftmp%2Fmysql.sock
, or using parentheses asroot@localhost?socket=(/tmp/mysql.sock)
. -
schema
: The default database for the connection. If no database is specified, the connection has no default database.
The handling of localhost
on Unix depends on the type of transport protocol. Connections using classic MySQL protocol handle localhost
the same way as other MySQL clients, which means that localhost
is assumed to be for socket-based connections. For connections using X Protocol, the behavior of localhost
differs in that it is assumed to represent the loopback address, for example, IPv4 address 127.0.0.1.
You can specify options for the connection, either as attributes in a URI-like string by appending ?
, or as key-value pairs. The following options are available:attribute=value
-
ssl-mode
: The desired security state for the connection. The following modes are permissible:-
DISABLED
-
PREFERRED
-
REQUIRED
-
VERIFY_CA
-
VERIFY_IDENTITY
ImportantVERIFY_CA
andVERIFY_IDENTITY
are better choices than the defaultPREFERRED
, because they help prevent man-in-the-middle attacks.For information about these modes, see the
--ssl-mode
option description in Command Options for Encrypted Connections. -
-
ssl-ca
: The path to the X.509 certificate authority file in PEM format. -
ssl-capath
: The path to the directory that contains the X.509 certificates authority files in PEM format. -
ssl-cert
: The path to the X.509 certificate file in PEM format. -
ssl-cipher
: The encryption cipher to use for connections that use TLS protocols up through TLSv1.2. -
ssl-crl
: The path to the file that contains certificate revocation lists in PEM format. -
ssl-crlpath
: The path to the directory that contains certificate revocation-list files in PEM format. -
ssl-key
: The path to the X.509 key file in PEM format. -
tls-version
: The TLS protocols permitted for classic MySQL protocol encrypted connections. This option is supported by MySQL Shell only. The value oftls-version
(singular) is a comma separated list, for exampleTLSv1.2,TLSv1.3
. For details, see Section 8.3.2, “Encrypted Connection TLS Protocols and Ciphers”. This option depends on thessl-mode
option not being set toDISABLED
. -
tls-versions
: The permissible TLS protocols for encrypted X Protocol connections. The value oftls-versions
(plural) is an array such as[TLSv1.2,TLSv1.3]
. For details, see Section 8.3.2, “Encrypted Connection TLS Protocols and Ciphers”. This option depends on thessl-mode
option not being set toDISABLED
. -
tls-ciphersuites
: The permitted TLS cipher suites. The value oftls-ciphersuites
is a list of IANA cipher suite names as listed at TLS Ciphersuites. For details, see Section 8.3.2, “Encrypted Connection TLS Protocols and Ciphers”. This option depends on thessl-mode
option not being set toDISABLED
. -
auth-method
: The authentication method to use for the connection. The default isAUTO
, meaning that the server attempts to guess. The following methods are permissible:-
AUTO
-
MYSQL41
-
SHA256_MEMORY
-
FROM_CAPABILITIES
-
FALLBACK
-
PLAIN
For X Protocol connections, any configured
auth-method
is overridden to this sequence of authentication methods:MYSQL41
,SHA256_MEMORY
,PLAIN
. -
-
get-server-public-key
: Request from the server the public key required for RSA key pair-based password exchange. Use when connecting to MySQL 8+ servers over classic MySQL protocol with SSL modeDISABLED
. You must specify the protocol in this case. For example:mysql://user@localhost:3306?get-server-public-key=true
This option applies to clients that authenticate with the
caching_sha2_password
authentication plugin. For that plugin, the server does not send the public key unless requested. This option is ignored for accounts that do not authenticate with that plugin. It is also ignored if RSA-based password exchange is not used, as is the case when the client connects to the server using a secure connection.If
server-public-key-path=
is given and specifies a valid public key file, it takes precedence overfile_name
get-server-public-key
.For information about the
caching_sha2_password
plugin, see Section 8.4.1.2, “Caching SHA-2 Pluggable Authentication”. -
server-public-key-path
: The path name to a file in PEM format containing a client-side copy of the public key required by the server for RSA key pair-based password exchange. Use when connecting to MySQL 8+ servers over classic MySQL protocol with SSL modeDISABLED
.This option applies to clients that authenticate with the
sha256_password
orcaching_sha2_password
authentication plugin. This option is ignored for accounts that do not authenticate with one of those plugins. It is also ignored if RSA-based password exchange is not used, as is the case when the client connects to the server using a secure connection.If
server-public-key-path=
is given and specifies a valid public key file, it takes precedence overfile_name
get-server-public-key
.For information about the
sha256_password
andcaching_sha2_password
plugins, see Section 8.4.1.3, “SHA-256 Pluggable Authentication”, and Section 8.4.1.2, “Caching SHA-2 Pluggable Authentication”. -
ssh
: The URI for connection to an SSH server to access a MySQL server instance using SSH tunneling. The URI format is[user@]host[:port]
. Use theuri
option to specify the URI of the target MySQL server instance. For information on SSH tunnel connections from MySQL Shell, see Using an SSH Tunnel. -
uri
: The URI for a MySQL server instance that is to be accessed through an SSH tunnel from the server specified by thessh
option. The URI format is[scheme://][user@]host[:port]
. Do not use the base connection parameters (scheme
,user
,host
,port
) to specify the MySQL server connection for SSH tunneling, just use theuri
option. -
ssh-password
: The password for the connection to the SSH server.WarningSpecifying an explicit password in the connection specification is insecure and not recommended. MySQL Shell prompts for a password interactively when one is required.
-
ssh-config-file
: The SSH configuration file for the connection to the SSH server. You can use the MySQL Shell configuration optionssh.configFile
to set a custom file as the default if this option is not specified. Ifssh.configFile
has not been set, the default is the standard SSH configuration file~/.ssh/config
. -
ssh-identity-file
: The identity file to use for the connection to the SSH server. The default if this option is not specified is any identity file configured in an SSH agent (if used), or in the SSH configuration file, or the standard private key file in the SSH configuration folder (~/.ssh/id_rsa
). -
ssh-identity-pass
: The passphrase for the identity file specified by thessh-identity-file
option.WarningSpecifying an explicit password in the connection specification is insecure and not recommended. MySQL Shell prompts for a password interactively when one is required.
-
connect-timeout
: An integer value used to configure the number of seconds that clients, such as MySQL Shell, wait until they stop trying to connect to an unresponsive MySQL server. -
compression
: This option requests or disables compression for the connection.The values available for this option are:
required
, which requests compression and fails if the server does not support it;preferred
, which requests compression and falls back to an uncompressed connection; anddisabled
, which requests an uncompressed connection and fails if the server does not permit those.preferred
is the default for X Protocol connections, anddisabled
is the default for classic MySQL protocol connections. For information on X Plugin connection compression control, see Section 22.5.5, “Connection Compression with X Plugin”.NoteDifferent MySQL clients implement their support for connection compression differently. Consult your client's documentation for details.
-
compression-algorithms
andcompression-level
: These options are available in MySQL Shell for more control over connection compression. You can specify them to select the compression algorithm used for the connection, and the numeric compression level used with that algorithm. You can also usecompression-algorithms
in place ofcompression
to request compression for the connection. For information on MySQL Shell's connection compression control, see Using Compressed Connections. -
connection-attributes
: Controls the key-value pairs that application programs pass to the server at connect time. For general information about connection attributes, see Section 29.12.9, “Performance Schema Connection Attribute Tables”. Clients usually define a default set of attributes, which can be disabled or enabled. For example:mysqlx://user@host?connection-attributes mysqlx://user@host?connection-attributes=true mysqlx://user@host?connection-attributes=false
The default behavior is to send the default attribute set. Applications can specify attributes to be passed in addition to the default attributes. You specify additional connection attributes as a
connection-attributes
parameter in a connection string. Theconnection-attributes
parameter value must be empty (the same as specifyingtrue
), aBoolean
value (true
orfalse
to enable or disable the default attribute set), or a list or zero or morekey=value
specifiers separated by commas (to be sent in addition to the default attribute set). Within a list, a missing key value evaluates as an empty string. Further examples:mysqlx://user@host?connection-attributes=[attr1=val1,attr2,attr3=] mysqlx://user@host?connection-attributes=[]
Application-defined attribute names cannot begin with
_
because such names are reserved for internal attributes.
连接 Using URI-Like Connection Strings
You can specify a connection to MySQL Server using a URI-like string. Such strings can be used with the MySQL Shell with the --uri
command option, the MySQL Shell \connect
command, and MySQL Connectors which implement X DevAPI.
The term “URI-like” signifies connection-string syntax that is similar to but not identical to the URI (uniform resource identifier) syntax defined by RFC 3986.
A URI-like connection string has the following syntax:
[scheme://][user[:[password]]@]host[:port][/schema][?attribute1=value1&attribute2=value2...
Percent encoding must be used for reserved characters in the elements of the URI-like string. For example, if you specify a string that includes the @
character, the character must be replaced by %40
. If you include a zone ID in an IPv6 address, the %
character used as the separator must be replaced with %25
.
The parameters you can use in a URI-like connection string are described at Base Connection Parameters.
MySQL Shell's shell.parseUri()
and shell.unparseUri()
methods can be used to deconstruct and assemble a URI-like connection string. Given a URI-like connection string, shell.parseUri()
returns a dictionary containing each element found in the string. shell.unparseUri()
converts a dictionary of URI components and connection options into a valid URI-like connection string for connecting to MySQL, which can be used in MySQL Shell or by MySQL Connectors which implement X DevAPI.
If no password is specified in the URI-like string, which is recommended, interactive clients prompt for the password. The following examples show how to specify URI-like strings with the user name user_name
. In each case, the password is prompted for.
-
An X Protocol connection to a local server instance listening at port 33065.
mysqlx://user_name@localhost:33065
-
A classic MySQL protocol connection to a local server instance listening at port 3333.
mysql://user_name@localhost:3333
-
An X Protocol connection to a remote server instance, using a host name, an IPv4 address, and an IPv6 address.
mysqlx://user_name@server.example.com/ mysqlx://user_name@198.51.100.14:123 mysqlx://user_name@[2001:db8:85a3:8d3:1319:8a2e:370:7348]
-
An X Protocol connection using a socket, with the path provided using either percent encoding or parentheses.
mysqlx://user_name@/path%2Fto%2Fsocket.sock mysqlx://user_name@(/path/to/socket.sock)
-
An optional path can be specified, which represents a database.
# use 'world' as the default database mysqlx://user_name@198.51.100.1/world # use 'world_x' as the default database, encoding _ as %5F mysqlx://user_name@198.51.100.2:33060/world%5Fx
-
An optional query can be specified, consisting of values each given as a
pair or as a singlekey
=value
key
. To specify multiple values, separate them by,
characters. A mix of
andkey
=value
key
values is permissible. Values can be of type list, with list values ordered by appearance. Strings must be either percent encoded or surrounded by parentheses. The following are equivalent.ssluser@127.0.0.1?ssl-ca=%2Froot%2Fclientcert%2Fca-cert.pem\ &ssl-cert=%2Froot%2Fclientcert%2Fclient-cert.pem\ &ssl-key=%2Froot%2Fclientcert%2Fclient-key ssluser@127.0.0.1?ssl-ca=(/root/clientcert/ca-cert.pem)\ &ssl-cert=(/root/clientcert/client-cert.pem)\ &ssl-key=(/root/clientcert/client-key)
-
To specify a TLS version and ciphersuite to use for encrypted connections:
mysql://user_name@198.51.100.2:3306/world%5Fx?\ tls-versions=[TLSv1.2,TLSv1.3]&tls-ciphersuites=[TLS_DHE_PSK_WITH_AES_128_\ GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]
The previous examples assume that connections require a password. With interactive clients, the specified user's password is requested at the login prompt. If the user account has no password (which is insecure and not recommended), or if socket peer-credential authentication is in use (for example, with Unix socket connections), you must explicitly specify in the connection string that no password is being provided and the password prompt is not required. To do this, place a :
after the user_name
in the string but do not specify a password after it. For example:
mysqlx://user_name:@localhost
连接 Using Key-Value Pairs
In MySQL Shell and some MySQL Connectors which implement X DevAPI, you can specify a connection to MySQL Server using key-value pairs, supplied in language-natural constructs for the implementation. For example, you can supply connection parameters using key-value pairs as a JSON object in JavaScript, or as a dictionary in Python. Regardless of the way the key-value pairs are supplied, the concept remains the same: the keys as described in this section can be assigned values that are used to specify a connection. You can specify connections using key-value pairs in MySQL Shell's shell.connect()
method or InnoDB Cluster's dba.createCluster()
method, and with some of the MySQL Connectors which implement X DevAPI.
Generally, key-value pairs are surrounded by {
and }
characters and the ,
character is used as a separator between key-value pairs. The :
character is used between keys and values, and strings must be delimited (for example, using the '
character). It is not necessary to percent encode strings, unlike URI-like connection strings.
A connection specified as key-value pairs has the following format:
{ key: value, key: value, ...}
The parameters you can use as keys for a connection are described at Base Connection Parameters.
If no password is specified in the key-value pairs, which is recommended, interactive clients prompt for the password. The following examples show how to specify connections using key-value pairs with the user name '
. In each case, the password is prompted for.user_name
'
-
An X Protocol connection to a local server instance listening at port 33065.
{user:'user_name', host:'localhost', port:33065}
-
A classic MySQL protocol connection to a local server instance listening at port 3333.
{user:'user_name', host:'localhost', port:3333}
-
An X Protocol connection to a remote server instance, using a host name, an IPv4 address, and an IPv6 address.
{user:'user_name', host:'server.example.com'} {user:'user_name', host:198.51.100.14:123} {user:'user_name', host:[2001:db8:85a3:8d3:1319:8a2e:370:7348]}
-
An X Protocol connection using a socket.
{user:'user_name', socket:'/path/to/socket/file'}
-
An optional schema can be specified, which represents a database.
{user:'user_name', host:'localhost', schema:'world'}
The previous examples assume that connections require a password. With interactive clients, the specified user's password is requested at the login prompt. If the user account has no password (which is insecure and not recommended), or if socket peer-credential authentication is in use (for example, with Unix socket connections), you must explicitly specify that no password is being provided and the password prompt is not required. To do this, provide an empty string using ''
after the password
key. For example:
{user:'user_name', password:'', host:'localhost'}