Databases

How To Install MySQL 8.4 LTS on Debian 13/12

Josphat Mutai Updated Mar 21, 2026 · 5 min read

MySQL is an open-source relational database management system developed by Oracle. It handles everything from small application backends to large-scale enterprise workloads. MySQL 8.4 is the current Long-Term Support (LTS) release, offering stability-focused updates and extended support through 2032.

This guide walks through installing MySQL 8.4 LTS on Debian 13 (Trixie) and Debian 12 (Bookworm) using the official MySQL APT repository. We cover repository setup, installation, security hardening with mysql_secure_installation, database and user creation, and firewall configuration with ufw.

Prerequisites

  • A server or VM running Debian 13 or Debian 12
  • Root or sudo access
  • At least 1 GB RAM (2 GB recommended for production)
  • Port 3306/TCP open if remote clients need access

Step 1: Add the Official MySQL APT Repository on Debian

Oracle provides an APT configuration package that adds the MySQL repository and signing keys to your system. Download it first.

wget https://dev.mysql.com/get/mysql-apt-config_0.8.33-1_all.deb

Install the repository configuration package.

sudo dpkg -i mysql-apt-config_0.8.33-1_all.deb

A dialog appears asking which MySQL product to configure. Select MySQL Server & Cluster, then choose mysql-8.4-lts. After that, select Ok to apply the configuration.

Update the package index to pull metadata from the new repository.

sudo apt update

Step 2: Install MySQL 8.4 LTS on Debian 13/12

Install the MySQL server package from the official repository.

sudo apt install -y mysql-community-server

During installation, you are prompted to set the root password. Choose a strong password and confirm it. The installer also asks about the authentication plugin – keep the default caching_sha2_password unless you have legacy applications that require the older mysql_native_password plugin.

Verify the installed version.

$ mysql --version
mysql  Ver 8.4.8 for Linux on x86_64 (MySQL Community Server - GPL)

Step 3: Start and Enable MySQL Service

The installer typically starts MySQL automatically, but confirm this and enable the service to survive reboots.

sudo systemctl enable --now mysql

Check the service status.

$ systemctl status mysql
 mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; preset: enabled)
     Active: active (running)
   Main PID: 2845 (mysqld)
     Status: "Server is operational"
      Tasks: 38 (limit: 4567)
     Memory: 420.5M
        CPU: 1.2s
     CGroup: /system.slice/mysql.service
             └─2845 /usr/sbin/mysqld

Step 4: Secure MySQL Installation

Run the included security script to remove anonymous users, disable remote root login, drop the test database, and reload privilege tables. If you need to reset the MySQL root password later, a separate procedure is available.

sudo mysql_secure_installation

Answer the prompts as follows for a production-hardened setup.

$ sudo mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.

Estimated strength of the password: 50
Change the password for root ? (Press y|Y for Yes, any other key for No) : n

 ... skipping.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done!

Step 5: Connect to MySQL and Create a Database

Log in to the MySQL shell using the root password set during installation.

$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.4.8 MySQL Community Server - GPL

Copyright (c) 2000, 2026, Oracle and/or its affiliates.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Create a new database and a dedicated user with full privileges on it. Replace the password with something strong.

mysql> CREATE DATABASE appdb;
Query OK, 1 row affected (0.01 sec)

mysql> CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'Str0ng!Pass#2026';
Query OK, 0 rows affected (0.02 sec)

mysql> GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Verify the database was created.

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| appdb              |
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

For remote application access, create the user with the client host instead of localhost.

CREATE USER 'appuser'@'10.0.1.50' IDENTIFIED BY 'Str0ng!Pass#2026';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'10.0.1.50';
FLUSH PRIVILEGES;

Exit the MySQL shell.

mysql> exit

Step 6: Configure the Firewall for MySQL

If your Debian server uses ufw, allow MySQL traffic on port 3306/TCP. You can either open it to all hosts or restrict to specific source IPs. For more firewall options on Debian, see how to install and configure Firewalld on Debian.

Allow MySQL from a specific IP (recommended for production).

sudo ufw allow from 10.0.1.50 to any port 3306 proto tcp

Or allow MySQL from any source (use only in trusted networks).

sudo ufw allow 3306/tcp

Reload and verify the rules.

$ sudo ufw reload
Firewall reloaded

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 3306/tcp                   ALLOW IN    10.0.1.50

For MySQL to accept remote connections, you also need to change the bind address. Open the MySQL configuration file.

sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf

Find the bind-address directive and change it from 127.0.0.1 to 0.0.0.0 (all interfaces) or a specific server IP.

[mysqld]
bind-address = 0.0.0.0

Restart MySQL to apply the change.

sudo systemctl restart mysql

Step 7: Verify the MySQL 8.4 Installation

Run a final check to confirm everything is working. You can manage MySQL databases through a web interface using tools like phpMyAdmin on Debian or Adminer.

$ mysql -u root -p -e "SELECT VERSION();"
+----------+
| VERSION()|
+----------+
| 8.4.8    |
+----------+

Check that the server is listening on the expected port.

$ ss -tlnp | grep 3306
LISTEN  0  151  0.0.0.0:3306  0.0.0.0:*  users:(("mysqld",pid=2845,fd=24))

You can also set up MySQL monitoring with Prometheus to track query performance, connection counts, and replication lag in production.

Conclusion

MySQL 8.4 LTS is now installed and running on your Debian 13/12 server with a secured root account, a dedicated application database and user, and firewall rules in place. For production environments, configure automated backups using mysqldump or MySQL Enterprise Backup, enable SSL/TLS for client connections, and set up monitoring to catch slow queries and resource bottlenecks early. Refer to the official MySQL 8.4 documentation for advanced configuration options.

Josphat Mutai

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration, Automation,Storage Systems, Containers, Server Clustering e.t.c.

Related Articles

Databases Create New User or Update User Password in OpenSearch Management How To Install osTicket on Ubuntu 22.04|20.04|18.04 CentOS How to Convert ePub file to PDF Format on Linux CLI Databases How To Install MySQL 8.0 on Ubuntu 24.04|22.04|20.04

Press ESC to close