VOOZH about

URL: https://computingforgeeks.com/install-mysql-ubuntu-debian/

⇱ Install MySQL 8.4 LTS on Ubuntu / Debian [Guide]

Skip to content

MySQL 8.4 LTS is the current long-term support release of the most widely used open-source relational database. It ships with improved InnoDB defaults, stricter TLS requirements, tagged GTIDs for replication, and drops legacy features like the mysql_native_password plugin (now disabled by default). Full details are in the MySQL 8.4 Reference Manual.

Original content from computingforgeeks.com - post 71700

This guide walks through installing MySQL 8.4 LTS on Ubuntu 24.04 LTS and Debian 13 using the official MySQL APT repository. We cover the repository setup, secure installation, database and user creation, remote access configuration, and firewall rules.

Prerequisites

  • A server running Ubuntu 24.04 LTS or Debian 13
  • Root or sudo access
  • At least 1 GB RAM (2 GB recommended for production)
  • Port 3306/TCP open if remote clients need access

Step 1: Add the Official MySQL APT Repository

The default Ubuntu and Debian repositories carry MySQL packages, but they may not have the latest 8.4 LTS release. The official MySQL APT repository always ships the newest point release. Download the repository configuration package first.

sudo apt update
sudo apt install -y wget gnupg

Download the MySQL APT repository configuration package from the official MySQL downloads page:

wget https://dev.mysql.com/get/mysql-apt-config_0.8.36-1_all.deb

Install the downloaded package to configure the repository:

sudo dpkg -i mysql-apt-config_0.8.36-1_all.deb

A dialog appears asking which MySQL product to configure. Make sure MySQL Server & Cluster shows mysql-8.4-lts, then select Ok and press Enter. If you need to change it, select that line first, choose mysql-8.4-lts from the list, then confirm with Ok.

After configuring the repo, update the package index so APT picks up the new MySQL packages:

sudo apt update

Step 2: Install MySQL 8.4 LTS on Ubuntu 24.04 / Debian 13

Install the MySQL server and client packages:

sudo apt install -y mysql-server mysql-client

During installation, you may be prompted to set the root password. Choose a strong password and confirm it. If no prompt appears, the installer creates the root account with auth_socket authentication – you connect as root by running sudo mysql without a password.

On Ubuntu 24.04, AppArmor manages the MySQL profile automatically. The package installs an AppArmor profile at /etc/apparmor.d/usr.sbin.mysqld that restricts MySQL to its data and log directories. No manual AppArmor configuration is needed unless you move the data directory to a non-default path.

Step 3: Start and Enable MySQL Service

Enable MySQL to start on boot and start the service now:

sudo systemctl enable --now mysql

Verify the service is running:

sudo systemctl status mysql

The output should show MySQL as active (running):

● mysql.service - MySQL Community Server
 Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
 Active: active (running) since Sat 2026-03-21 10:15:32 UTC; 5s ago
 Docs: man:mysqld(8)
 http://dev.mysql.com/doc/refman/en/using-systemd.html
 Process: 12345 ExecStartPre=/usr/share/mysql-8.4/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
 Main PID: 12400 (mysqld)
 Status: "Server is operational"
 Tasks: 38 (limit: 4654)
 Memory: 380.2M
 CPU: 1.523s
 CGroup: /system.slice/mysql.service
 └─12400 /usr/sbin/mysqld

Confirm the installed version:

mysql --version

You should see MySQL 8.4.x confirmed in the output:

mysql Ver 8.4.8 for Linux on x86_64 (MySQL Community Server - GPL)

Step 4: Secure MySQL Installation

Run the built-in security script to set the root password (if not set during install), remove anonymous users, disable remote root login, and drop the test database:

sudo mysql_secure_installation

The script walks through several prompts. Here are the recommended answers for a production setup:

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM, 2 = STRONG: 2

Please set the password for root here.

New password: ********
Re-enter new password: ********

Remove anonymous users? (Press y|Y for Yes) : Y
Disallow root login remotely? (Press y|Y for Yes) : Y
Remove test database and access to it? (Press y|Y for Yes) : Y
Reload privilege tables now? (Press y|Y for Yes) : Y

All done!

After running the security script, test the root login. If the root user was configured with auth_socket (the default on Ubuntu), connect with sudo:

sudo mysql

If you set a password during the secure installation, connect with:

mysql -u root -p

A successful login drops you into the MySQL shell:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.4.8 MySQL Community Server - GPL

mysql>

Step 5: Create a Database and User in MySQL 8.4

Create a new database for your application. Replace appdb with your actual database name:

CREATE DATABASE appdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Create a dedicated user and grant privileges on the database. In MySQL 8.4, the default authentication plugin is caching_sha2_password – this is the recommended plugin for better security. Replace the password with a strong one:

CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'Strong_P@ssw0rd!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;

If your application connects from a remote host, create the user with the remote IP or % wildcard instead of localhost:

CREATE USER 'appuser'@'10.0.1.50' IDENTIFIED BY 'Strong_P@ssw0rd!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'10.0.1.50';
FLUSH PRIVILEGES;

Verify the database and user were created successfully:

SHOW DATABASES;
SELECT user, host, plugin FROM mysql.user WHERE user='appuser';

The query output confirms the user exists with the caching_sha2_password authentication plugin:

+---------+-----------+-----------------------+
| user | host | plugin |
+---------+-----------+-----------------------+
| appuser | localhost | caching_sha2_password |
+---------+-----------+-----------------------+

Exit the MySQL shell:

EXIT;

For managing MySQL databases through a web interface, consider setting up phpMyAdmin on Ubuntu / Debian.

Step 6: Configure MySQL for Remote Access

By default, MySQL listens only on 127.0.0.1. To allow connections from other servers, edit the MySQL configuration file.

sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf

Find the bind-address line and change it from 127.0.0.1 to 0.0.0.0 to listen on all interfaces, or set it to the server’s private IP for tighter control:

[mysqld]
# Listen on all interfaces (or use specific IP like 10.0.1.10)
bind-address = 0.0.0.0

# Optional: also set mysqlx bind address if using X Protocol
mysqlx-bind-address = 0.0.0.0

Restart MySQL for the configuration change to take effect:

sudo systemctl restart mysql

Verify that MySQL is now listening on all interfaces by checking port 3306:

ss -tlnp | grep 3306

The output should show MySQL bound to 0.0.0.0:3306 instead of 127.0.0.1:3306:

LISTEN 0 151 0.0.0.0:3306 0.0.0.0:* users:(("mysqld",pid=12400,fd=24))

For production deployments, always secure MySQL with TLS/SSL certificates when enabling remote access.

Step 7: Configure Firewall Rules for MySQL

If UFW is active on your Ubuntu server, open port 3306/TCP for MySQL connections. You can restrict access to a specific subnet or IP for better security.

Allow MySQL from a specific subnet:

sudo ufw allow from 10.0.1.0/24 to any port 3306 proto tcp

Or allow MySQL from any source (less secure, use only if required):

sudo ufw allow 3306/tcp

Verify the firewall rule was added:

sudo ufw status numbered

The rule list should include port 3306:

Status: active

 To Action From
 -- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 3306/tcp ALLOW IN 10.0.1.0/24

On Debian 13, if you use firewalld instead of UFW, open the port with:

sudo firewall-cmd --permanent --add-port=3306/tcp
sudo firewall-cmd --reload

Step 8: Test Remote MySQL Connection

From a remote machine, test the connection using the MySQL client. Replace 10.0.1.10 with your MySQL server IP:

mysql -u appuser -p -h 10.0.1.10

A successful connection confirms that the firewall, bind-address, and user grants are all configured correctly.

MySQL 8.4 Key Configuration Defaults

MySQL 8.4 LTS ships with significantly different InnoDB defaults compared to MySQL 8.0. These are tuned for modern hardware and should not need adjustment in most cases:

VariableMySQL 8.4 DefaultMySQL 8.0 Default
innodb_io_capacity10000200
innodb_flush_methodO_DIRECTfsync
innodb_log_buffer_size64 MB16 MB
innodb_adaptive_hash_indexOFFON
innodb_change_bufferingnoneall

The authentication plugin mysql_native_password is disabled by default in MySQL 8.4. If older applications require it, you can re-enable it in /etc/mysql/mysql.conf.d/mysqld.cnf:

[mysqld]
mysql_native_password=ON

The recommended approach is to update your applications to support caching_sha2_password instead of relying on the legacy plugin.

Set Up MySQL Replication (Optional)

For high availability setups, MySQL 8.4 supports source-replica replication with tagged GTIDs. The old CHANGE MASTER TO and SHOW SLAVE STATUS syntax has been removed – you must use CHANGE REPLICATION SOURCE TO and SHOW REPLICA STATUS instead. See our guide on configuring MySQL replication on Ubuntu for the full setup process.

To monitor MySQL performance metrics in production, deploy Prometheus with the MySQL exporter for real-time dashboards and alerting.

Conclusion

MySQL 8.4 LTS is running on your Ubuntu 24.04 or Debian 13 server with the official APT repository, secured with mysql_secure_installation, and ready for application connections. The LTS release cycle means this version receives security fixes and bug patches without breaking changes until April 2032.

For production environments, enable TLS encryption for client connections, set up automated backups with mysqldump or MySQL Enterprise Backup, and configure monitoring to track query performance and replication lag. If you prefer MariaDB as an alternative, check our guide on installing MariaDB on Ubuntu.

👁 Image
Josphat Mutai

Founder of Computingforgeeks. Senior Systems Engineer with over a decade of hands-on experience building and managing production infrastructure. Core expertise in Linux/UNIX administration, cloud platforms (AWS, GCP, Azure), and Kubernetes ecosystems (EKS, GKE, OpenShift). Deep experience with virtualization (KVM, Proxmox, OpenStack), infrastructure as code (Terraform, Terragrunt, Ansible, Crossplane), GitOps workflows (ArgoCD, FluxCD), Nix/NixOS, and container orchestration at scale. Currently focused on integrating AI and LLMs into DevOps and platform engineering workflows. Every guide on this site is tested on real systems before publishing.

Keep reading

👁 Upgrade Ubuntu 24.04 to Ubuntu 26.04 LTS (Step by Step) 1
Ubuntu Upgrade Ubuntu 24.04 to Ubuntu 26.04 LTS (Step by Step) 👁 UFW Firewall Commands with Examples on Ubuntu 24.04 / 22.04 2
Security UFW Firewall Commands with Examples on Ubuntu 24.04 / 22.04 👁 Ubuntu 26.04 LTS (Resolute Raccoon): New Features, Changes, and What to Know 3
Ubuntu Ubuntu 26.04 LTS (Resolute Raccoon): New Features, Changes, and What to Know 👁 Install PostgreSQL 19 on Ubuntu, Debian, Rocky Linux & AlmaLinux 4
AlmaLinux Install PostgreSQL 19 on Ubuntu, Debian, Rocky Linux & AlmaLinux 👁 MariaDB High Availability Cluster: Galera, HAProxy, Keepalived 5
Databases MariaDB High Availability Cluster: Galera, HAProxy, Keepalived 👁 Install SIPp SIP Testing Tool on Ubuntu 24.04 / Debian 13 6
VOIP Install SIPp SIP Testing Tool on Ubuntu 24.04 / Debian 13

29 thoughts on “Install MySQL 8.4 LTS on Ubuntu 24.04 / Debian 13”

  2. What’s the issue Daniel?

    Reply

  3. i have this problem !

    sudo apt install -f mysql-client=5.7.32-1ubuntu18.04 mysql-community-server=5.7.32-1ubuntu18.04 mysql-server=5.7.32-1ubuntu18.04
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    E: Version ‘5.7.32-1ubuntu18.04’ for ‘mysql-client’ was not found
    E: Version ‘5.7.32-1ubuntu18.04’ for ‘mysql-community-server’ was not found
    E: Version ‘5.7.32-1ubuntu18.04’ for ‘mysql-server’ was not found

    Reply

      • Hi,

        Article updated to use the following command:

        sudo apt install -f mysql-client=5.7* mysql-community-server=5.7* mysql-server=5.7*

        Reply

  4. Y mast use THE “5.7.33”

    Reply

    • Thanks for the pointer Woltis. We’ve updated the article.

      Reply

  5. Totally works. i just had to replace with version 57.33 as Woltis noted. Also, listed some dependency challenges with needing mysql-community-client as well as mysql-client. thanks so much for this!.

    Reply

  6. Use sudo apt install -f mysql-client=5.7.33-1ubuntu18.04 mysql-community-client=5.7.33-1ubuntu18.04 mysql-community-server=5.7.33-1ubuntu18.04 mysql-server=5.7.33-1ubuntu18.04

    Reply

  7. It worked for me on ubuntu 20.04.
    Thanks

    Reply

  8. I did try to run this today did not work
    sudo apt install -f mysql-client=5.7.33 mysql-community-client=5.7.33 mysql-community-server=5.7.33 mysql-server=5.7.33
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    E: Version ‘5.7.33’ for ‘mysql-client’ was not found
    E: Version ‘5.7.33’ for ‘mysql-community-client’ was not found
    E: Version ‘5.7.33’ for ‘mysql-community-server’ was not found
    E: Version ‘5.7.33’ for ‘mysql-server’ was not found

    Reply

    • What’s your output for sudo apt-cache policy mysql-server?

      Reply

      • sudo dpkg-reconfigure mysql-apt-config

        try this and select 5.7

        Reply

        • only available:
          mysql-8.0 │
          mysql-cluster-8.0 │
          │None

          Why?

          Reply

  9. Could you make the images smaller? So I can have even more difficulty reading the text? Thanks

    Reply

    • Of course, because you are paying him for the info!
      Next time find the solution yourself.

      Reply

  10. i was having a hard time to install this version, after watching many videos and visiting many websites you saved my day!! thank yoy

    Reply

    • Happy to know our article helped you. Welcome!

      Reply

  11. I accidentally selected abort in the first step of the purple and gray prompt, and after following many tutorials, I haven’t been able to get the first step to show up again so I can choose bionic (only subsequent steps show up). Do you have any suggestions?

    Reply

  12. It does not work, unfortunately. When I run “sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb”
    it just says:

    (Reading database … 250838 files and directories currently installed.)
    Preparing to unpack mysql-apt-config_0.8.12-1_all.deb …
    Unpacking mysql-apt-config (0.8.12-1) over (0.8.12-1) …
    Setting up mysql-apt-config (0.8.12-1) …
    Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package mysql-apt-config)
    OK

    No prompt, so unable to install it. And on 20.04 it automatically installs 8 version…

    Reply

  13. It does not work. I run “sudo apt install -f mysql-client=5.7* mysql-community-server=5.7* mysql-server=5.7*
    ” and it just gives errors that it is not compatible with 20.04:

    The following packages have unmet dependencies:
    mysql-client : Depends: mysql-community-client (= 5.7.35-1ubuntu18.04) but it is not going to be installed
    E: Unable to correct problems, you have held broken packages.

    Reply

    • Hi,

      Please follow all steps from start, it should work. Just tested on a new installation of Ubuntu 20.04 and it works.

      Reply

      • I had the same problem, but I installed “regular” mysql-server and uninstalled it with apt. This left a lot of packages that gave problems, for me it worked to execute “apt autoremove”.

        Reply

  14. Seems only this specific version of mysql-apt-config_0.8.12-1_all.deb allows to choose 5.7. The newest did not offer 5.7 at all.

    Reply

  15. Worked for me. I just had to add one dependency so the install looks like this:
    sudo apt install -f mysql-client=5.7* mysql-community-server=5.7* mysql-server=5.7* mysql-community-client=5.7*

    I apparently needed the mysql-community-client.

    Thanks for the excellent help.

    Reply

  16. When I upgraded my Ubuntu system to 20.04, MySQL 8.0 was automatically upgraded. Can I downgrade to MySQL 5.7 directly? Is there any influences

    Reply

  17. Hi how to work around the key depreciation of apt-key?
    See:
    Warning: apt-key should not be used in scripts (called from postinst maintainers cript of the package mysql-apt-config)
    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (s ee apt-key(8)).

    Reply

Leave a Comment Cancel reply

Press to close