Configure Database for Mideye: MySQL, MariaDB, MSSQL
Mideye Server stores all data in a single relational database.
Choose one of the supported engines below and configure the application-prod.yml file.
| Engine | JDBC driver shipped | Default port | Typical OS |
|---|---|---|---|
| MariaDB 10.5 + | mariadb-java-client | 3306 | Linux |
| MySQL 8.0 + | mariadb-java-client (compatible) | 3306 | Linux |
| Microsoft SQL Server 2016 – 2025 | mssql-jdbc | 1433 | Windows |
For supported database versions, see the Preinstall checklist.
Configuration file location
Section titled “Configuration file location”| OS | Path |
|---|---|
| Linux | /opt/mideyeserver6/config/application-prod.yml |
| Windows | C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml |
Choose your database
Section titled “Choose your database”1. Create the database
Section titled “1. Create the database”CREATE DATABASE mideyeserver CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'your_strong_password';GRANT ALL PRIVILEGES ON mideyeserver.* TO 'mideye'@'localhost';FLUSH PRIVILEGES;CREATE DATABASE mideyeserver CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'your_strong_password';GRANT ALL PRIVILEGES ON mideyeserver.* TO 'mideye'@'localhost';FLUSH PRIVILEGES;If the database is on a different host, replace 'mideye'@'localhost' with 'mideye'@'%' or 'mideye'@'10.0.0.0/255.255.255.0' to restrict access to a specific subnet.
2. Configure application-prod.yml
Section titled “2. Configure application-prod.yml”spring: datasource: type: com.zaxxer.hikari.HikariDataSource url: jdbc:mariadb://localhost:3306/mideyeserver username: mideye password: 'your_strong_password' hikari: initializationFailTimeout: 3600000 data-source-properties: cachePrepStmts: true prepStmtCacheSize: 250 prepStmtCacheSqlLimit: 2048 useServerPrepStmts: true max-lifetime: 600000 jpa: liquibase: contexts: prodRemote database or MySQL 8 SSL
Section titled “Remote database or MySQL 8 SSL”MySQL 8+ enforces SSL by default. If the database server uses a self-signed certificate (common in development), add ?sslMode=trust to the URL:
url: jdbc:mariadb://db.example.com:3306/mideyeserver?sslMode=trustFor production, prefer sslMode=verify-full with a properly signed certificate.
1. Create the database
Section titled “1. Create the database”CREATE DATABASE mideyeserver;GO
-- Create a login and map it to the databaseCREATE LOGIN mideye WITH PASSWORD = 'your_strong_password';GOUSE mideyeserver;CREATE USER mideye FOR LOGIN mideye;ALTER ROLE db_owner ADD MEMBER mideye;GO2. Configure application-prod.yml
Section titled “2. Configure application-prod.yml”spring: datasource: type: com.zaxxer.hikari.HikariDataSource driver: com.microsoft.sqlserver.jdbc.SQLServerDriver url: jdbc:sqlserver://localhost:1433;databaseName=mideyeserver;trustServerCertificate=true username: mideye password: 'your_strong_password' hikari: connection-test-query: SELECT 1 initializationFailTimeout: 1000 data-source-properties: cachePrepStmts: true prepStmtCacheSize: 250 prepStmtCacheSqlLimit: 2048 useServerPrepStmts: true jpa: liquibase: contexts: prodHow Windows authentication works
Section titled “How Windows authentication works”On Windows, the MSI installer generates a JDBC URL that includes NTLM parameters.
The URL always contains user=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE;password=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE: these are required placeholders, not real credentials.
The MSSQL JDBC driver ignores them when integratedSecurity=true is set and uses the Windows service account instead.
1. Create the database
Section titled “1. Create the database”Open SQL Server Management Studio as an administrator:
CREATE DATABASE mideyeserver;GO
-- Grant the service account accessUSE mideyeserver;CREATE USER [DOMAIN\ServiceAccount] FOR LOGIN [DOMAIN\ServiceAccount];ALTER ROLE db_owner ADD MEMBER [DOMAIN\ServiceAccount];GOReplace DOMAIN\ServiceAccount with the Windows account running the Mideye Server service.
2. Configure application-prod.yml
Section titled “2. Configure application-prod.yml”spring: datasource: type: com.zaxxer.hikari.HikariDataSource driver: com.microsoft.sqlserver.jdbc.SQLServerDriver url: jdbc:sqlserver://localhost:1433;databaseName=mideyeserver;integratedSecurity=true;authenticationScheme=NTLM;useNTLMv2=true;user=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE;password=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE;trustServerCertificate=true username: '' password: '' hikari: connection-test-query: SELECT 1 initializationFailTimeout: 1000 data-source-properties: cachePrepStmts: true prepStmtCacheSize: 250 prepStmtCacheSqlLimit: 2048 useServerPrepStmts: true jpa: liquibase: contexts: prodOptional: Domain parameter
Section titled “Optional: Domain parameter”If the SQL Server is in a different domain, add the domain FQDN:
;domain=corp.example.comHow Active Directory domain login works
Section titled “How Active Directory domain login works”When SQL Server is joined to an Active Directory domain, you can authenticate using a domain user account instead of a SQL Server login or the local Windows service account. This uses NTLM authentication with an explicit domain, username, and password, the JDBC driver sends these credentials directly to SQL Server.
1. Grant the domain account access
Section titled “1. Grant the domain account access”Open SQL Server Management Studio as a domain administrator:
-- Create a login for the AD domain accountCREATE LOGIN [CORP\MideyeService] FROM WINDOWS;GO
USE mideyeserver;CREATE USER [CORP\MideyeService] FOR LOGIN [CORP\MideyeService];ALTER ROLE db_owner ADD MEMBER [CORP\MideyeService];GOReplace CORP\MideyeService with your actual domain and account name.
2. Configure application-prod.yml
Section titled “2. Configure application-prod.yml”spring: datasource: type: com.zaxxer.hikari.HikariDataSource driver: com.microsoft.sqlserver.jdbc.SQLServerDriver url: jdbc:sqlserver://sqlserver.corp.example.com:1433;databaseName=mideyeserver;encrypt=true;trustServerCertificate=true;authenticationScheme=NTLM;domain=corp.example.com username: MideyeService password: 'domain_account_password' hikari: connection-test-query: SELECT 1 initializationFailTimeout: 1000 data-source-properties: cachePrepStmts: true prepStmtCacheSize: 250 prepStmtCacheSqlLimit: 2048 useServerPrepStmts: true jpa: liquibase: contexts: prodStep-by-step: Change database configuration
Section titled “Step-by-step: Change database configuration”-
Stop Mideye Server
Terminal window Stop-Service "Mideye Server 6"Terminal window sudo systemctl stop mideyeserver6 -
Back up the current configuration
Terminal window Copy-Item "C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml" `"C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml.bak"Terminal window sudo cp /opt/mideyeserver6/config/application-prod.yml \/opt/mideyeserver6/config/application-prod.yml.bak -
Edit
application-prod.ymlUpdate the
spring.datasourcesection using the examples above.Open as Administrator:
C:\Program Files (x86)\Mideye Server 6\config\application-prod.ymlTerminal window sudo nano /opt/mideyeserver6/config/application-prod.yml -
Start and validate
Start the service and watch the log to catch errors immediately.
PowerShell's
Get-Content -Waitworks like Linuxtail -f: it streams new lines as they are written:Terminal window Start-Service "Mideye Server 6"Get-Content "C:\Program Files (x86)\Mideye Server 6\log\mideyeserver.log" -Wait -Tail 50Press Ctrl+C to stop following the log.
Terminal window sudo systemctl start mideyeserver6sudo journalctl -u mideyeserver6 -f --no-pagerOr tail the application log directly:
Terminal window tail -f /opt/mideyeserver6/log/mideyeserver.logLook for
Started MideyeServerAppin the log. If the database connection fails, the error appears within the first few seconds.
Connection string reference
Section titled “Connection string reference”MariaDB / MySQL
Section titled “MariaDB / MySQL”| Scenario | URL |
|---|---|
| Local, default port | jdbc:mariadb://localhost:3306/mideyeserver |
| Remote host | jdbc:mariadb://db.example.com:3306/mideyeserver |
| Self-signed SSL | jdbc:mariadb://db.example.com:3306/mideyeserver?sslMode=trust |
| Verified SSL | jdbc:mariadb://db.example.com:3306/mideyeserver?sslMode=verify-full |
SQL Server
Section titled “SQL Server”| Scenario | URL |
|---|---|
| SQL auth, local | jdbc:sqlserver://localhost:1433;databaseName=mideyeserver;trustServerCertificate=true |
| SQL auth, remote | jdbc:sqlserver://db.example.com:1433;databaseName=mideyeserver;trustServerCertificate=true |
| Named instance | jdbc:sqlserver://localhost\MSSQLSERVER;databaseName=mideyeserver;trustServerCertificate=true |
| Windows auth (NTLM) | jdbc:sqlserver://localhost:1433;databaseName=mideyeserver;integratedSecurity=true;authenticationScheme=NTLM;useNTLMv2=true;user=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE;password=PLACEHOLDER_DO_NOT_CHANGE_OR_REMOVE;trustServerCertificate=true |
| AD domain login | jdbc:sqlserver://sqlserver.corp.example.com:1433;databaseName=mideyeserver;encrypt=true;trustServerCertificate=true;authenticationScheme=NTLM;domain=corp.example.com |
| Encrypted connection | jdbc:sqlserver://db.example.com:1433;databaseName=mideyeserver;encrypt=true;trustServerCertificate=false |
Troubleshooting
Section titled “Troubleshooting”Where to find logs
Section titled “Where to find logs”| OS | Log directory |
|---|---|
| Linux | /opt/mideyeserver6/log/ |
| Windows | C:\Program Files (x86)\Mideye Server 6\log\ |
Tail the log while starting the service to see database errors in real time:
# Windows (PowerShell): equivalent of Linux "tail -f"Get-Content "C:\Program Files (x86)\Mideye Server 6\log\mideyeserver.log" -Wait -Tail 100 | Select-String -Pattern "error|exception|datasource|hikari"# Linuxtail -f /opt/mideyeserver6/log/mideyeserver.log | grep -i -E "error|exception|datasource|hikari"Common errors and fixes
Section titled “Common errors and fixes”Communications link failure (MariaDB / MySQL)
Section titled “Communications link failure (MariaDB / MySQL)”com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failureCause: The database server is unreachable, wrong host/port, firewall, or the service is not running.
Fix:
- Verify the database is running:
systemctl status mariadborsystemctl status mysql - Test connectivity:
mysql -h localhost -u mideye -p mideyeserver - Check firewall rules for port 3306
Access denied for user (MariaDB / MySQL)
Section titled “Access denied for user (MariaDB / MySQL)”java.sql.SQLException: Access denied for user 'mideye'@'localhost' (using password: YES)Cause: Wrong username, password, or the user does not have access to the database.
Fix:
- Verify the password in
application-prod.ymlis enclosed in single quotes - Test manually:
mysql -u mideye -p -D mideyeserver - Re-grant privileges if needed:
GRANT ALL PRIVILEGES ON mideyeserver.* TO 'mideye'@'localhost';FLUSH PRIVILEGES;
Unknown database 'mideyeserver'
Section titled “Unknown database 'mideyeserver'”java.sql.SQLSyntaxErrorException: Unknown database 'mideyeserver'Cause: The database does not exist or the name is misspelled in the URL.
Fix:
- Verify the database exists:
SHOW DATABASES; - Create it if missing (see the creation commands above)
- Check for case-sensitivity issues, use the exact name from
SHOW DATABASES
Public Key Retrieval is not allowed (MySQL 8)
Section titled “Public Key Retrieval is not allowed (MySQL 8)”java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowedCause: MySQL 8 uses caching_sha2_password by default and refuses to send the public key over an unencrypted connection.
Fix: Add ?sslMode=trust to the JDBC URL (the MariaDB JDBC driver handles this parameter):
url: jdbc:mariadb://localhost:3306/mideyeserver?sslMode=trustThe driver could not establish a secure connection to SQL Server (MSSQL)
Section titled “The driver could not establish a secure connection to SQL Server (MSSQL)”com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.Cause: SQL Server 2022+ enforces encrypted connections but the server uses a self-signed certificate that the JDBC driver does not trust.
Fix: Add trustServerCertificate=true to the URL:
url: jdbc:sqlserver://localhost:1433;databaseName=mideyeserver;trustServerCertificate=trueLogin failed for user (MSSQL)
Section titled “Login failed for user (MSSQL)”com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'mideye'.Cause: Wrong credentials, the login does not exist, or the user is not mapped to the database.
Fix:
- Verify the login exists in SQL Server:
SELECT name FROM sys.server_principals WHERE name = 'mideye'; - Verify the user is mapped:
USE mideyeserver; SELECT name FROM sys.database_principals WHERE name = 'mideye'; - Re-create if needed (see the creation commands above)
Collation mismatch (MariaDB / MySQL)
Section titled “Collation mismatch (MariaDB / MySQL)”java.sql.SQLException: Incorrect string value: '\xC3\xA4...' for column 'username'or conversion errors like Cannot convert from utf8mb4 to latin1.
Cause: The database or individual tables were created with a different character set (often latin1) than what the JDBC connection expects (utf8mb4). This happens when:
- The database was created without specifying
CHARACTER SET utf8mb4 - An older MySQL/MariaDB installation defaulted to
latin1 - Liquibase migrations create tables without explicit character set, they inherit the database default
Diagnose: Check the current character set and collation of the database and affected table:
-- Check database defaultsSELECT DEFAULT_CHARACTER_SET_NAME, DEFAULT_COLLATION_NAMEFROM INFORMATION_SCHEMA.SCHEMATAWHERE SCHEMA_NAME = 'mideyeserver';
-- Check a specific tableSELECT TABLE_NAME, TABLE_COLLATIONFROM INFORMATION_SCHEMA.TABLESWHERE TABLE_SCHEMA = 'mideyeserver' AND TABLE_NAME = 'blocked_attempts';Fix: Convert the database and all affected tables to the correct character set.
For MySQL 8:
ALTER DATABASE mideyeserver CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;
-- Convert each affected table (repeat for each table with wrong collation)ALTER TABLE blocked_attempts CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;For MariaDB:
ALTER DATABASE mideyeserver CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE blocked_attempts CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;Faster debugging with initializationFailTimeout
Section titled “Faster debugging with initializationFailTimeout”The default initializationFailTimeout is 3600000 (60 minutes), Mideye Server will retry the connection for up to an hour before giving up.
While debugging, temporarily lower this to see errors faster:
hikari: initializationFailTimeout: 10000Remember to restore the original value (3600000) after the issue is resolved.
Changing database type
Section titled “Changing database type”To migrate from one database engine to another:
- Back up your current database and
application-prod.yml - Install and configure the new database engine
- Create the
mideyeserverdatabase on the new engine - Update
application-prod.ymlwith the new connection settings - Restart Mideye Server and verify the log output
Related resources
Section titled “Related resources”- Preinstall Checklist, Supported OS and database versions
- Database Overview, Architecture, encryption, and concepts
- Shared Database Configuration, Multi-server setups
- Application Configuration, Complete
application-prod.ymlreference - MySQL to MSSQL Migration, Data migration guide