I have an AS6510T NAS running MySQL and phpMyAdmin through PortainerCE. Everything works perfectly on my local network - my applications can connect, read, write and modify data without issues.
The problem is I need to access this database from outside my home network. I want my apps to connect to the MySQL server when I’m traveling or working from different locations.
I’m looking for a way to make my NAS MySQL instance publicly accessible over the internet without paying for additional cloud database services. What’s the best approach to configure remote access while keeping things secure?
You’re probably missing Dynamic DNS. Home connections get new IP addresses all the time, so even with port forwarding set up right, your remote apps won’t know where to find your NAS once your ISP changes your IP. DuckDNS or No-IP fix this - they give you a domain name that updates automatically with your current IP. Most routers have DDNS built-in. If you’re worried about local network exposure, bind MySQL to a specific interface instead of 0.0.0.0. Also heads up - some ISPs block common database ports completely, so you might need a high-numbered port anyway.
Had the exact same issue with my Synology last year. The trick isn’t just exposing MySQL - you need reliable connections AND security. Here’s what actually worked: set up nginx as a reverse proxy right on the NAS. It handles SSL and forwards to your MySQL container, plus you get decent logging to see who’s trying to connect. Bonus - you can run multiple services through one forwarded port later. Key thing: bind MySQL to the docker network only, NOT the host network. Even if someone gets past the proxy, they can’t hit the database directly. Performance? Barely any overhead, but you get way better timeout and connection control than just forwarding ports.
for sure! port forwarding is key, but switch up that default port (3306) to something else. strong password is a must, and only let known IPs access it. if your NAS can handle it, a VPN adds another layer of safety.
SSL/TLS encryption first - don’t expose MySQL without it. Most people skip this step and regret it later since your data’s flying around unprotected. Create dedicated DB users with minimal privileges instead of using root for everything. Better yet, skip direct port forwarding entirely and use SSH tunneling. You only expose port 22 and get encryption built-in. I’ve run this setup for two years now - SSH tunnels with key-based auth beats direct MySQL exposure every time. Performance hit’s basically nothing and security’s way better.
Skip the port forwarding headache and use Cloudflare Tunnel instead. It’s free, much safer than exposing MySQL directly, and takes about 10 minutes to set up. No DDNS or firewall rules to mess with, and your ISP can’t block it since it only uses outbound connections.