How to Install MySQL 8.0 on Debian (12, 11)

MySQL 8.0 is a widely used relational database management system that powers everything from small web applications to large-scale data warehouses. Whether you need a backend for WordPress, a logging database, or a robust solution for e-commerce transactions, MySQL provides the performance and reliability to handle it. By the end of this guide, you will have MySQL 8.0 installed and secured on your Debian 12 or 11 system, ready for production use.

MySQL 8.0 reaches end-of-life in April 2026. Oracle provides packages for Debian 12 and 11, but Debian 13 (Trixie) users should install MySQL 8.4 LTS instead or consider MariaDB as a drop-in alternative.

MySQL 8.0 Availability by Debian Release

Oracle’s APT repository provides MySQL 8.0 packages for Debian 11 and 12. The table below shows the current package versions available for each release:

Debian Release	MySQL 8.0 Version	Support Status	Recommendation
Debian 12 (Bookworm)	8.0.45	Supported	Follow this guide
Debian 11 (Bullseye)	8.0.37	Supported	Follow this guide
Debian 13 (Trixie)	Not available	Not supported	Use MySQL 8.4 LTS or MariaDB

Why Debian Uses MariaDB Instead of MySQL

Debian’s default repositories include MariaDB instead of MySQL due to licensing and community governance concerns that arose after Oracle’s acquisition of MySQL. MariaDB maintains protocol compatibility with MySQL, meaning most applications work with either database. However, MySQL remains the preferred choice when you need Oracle’s specific implementation, features like the X Protocol for document store operations, or compatibility with MySQL-specific tooling. Because the default repositories do not include MySQL, this guide configures Oracle’s official APT repository to provide the latest community builds with security updates.

Choose Your MySQL 8.0 Installation Method

You can install MySQL 8.0 using either Debian’s extrepo tool or by manually configuring Oracle’s APT repository. Both methods install the same packages from Oracle’s servers, but they differ in setup complexity and reliability.

Method	Channel	Steps	Best For
Manual Repository (Recommended)	Oracle MySQL APT Repository	5 commands	Reliable setup, scripted deployments, custom configurations
extrepo	Debian’s curated repository manager	5 commands	Users who prefer Debian’s tooling (requires GPG workaround)

The manual repository method is recommended because it works reliably without workarounds. The extrepo method currently has a GPG key formatting issue that requires additional steps to resolve. Both methods are documented below.

Update Debian Before MySQL 8.0 Installation

First, update your system to ensure all existing packages are current. This step prevents potential conflicts during the MySQL installation.

sudo apt update && sudo apt upgrade

Method 1: Install MySQL 8.0 with Manual Repository Configuration (Recommended)

This method configures Oracle’s APT repository directly, giving you explicit control over the setup. It works reliably on both Debian 11 and 12 without requiring workarounds.

Install Required Packages

First, install the packages needed to securely download and verify the MySQL repository:

sudo apt install ca-certificates curl gpg lsb-release -y

These packages provide SSL certificate validation (ca-certificates), file downloading (curl), GPG key conversion (gpg), and release detection (lsb-release). Together, they allow you to securely add external repositories.

Import the MySQL GPG Key

Download and install Oracle’s GPG signing key to verify package authenticity. This command fetches the key from Ubuntu’s keyserver (which mirrors Oracle’s key) and converts it to the binary format that APT requires:

curl -fsSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB7B3B788A8D3785C' | sudo gpg --dearmor -o /usr/share/keyrings/mysql.gpg

The key ID B7B3B788A8D3785C belongs to MySQL Release Engineering and is used to sign all official MySQL APT packages.

Add the MySQL APT Repository

Create the repository configuration file using the modern DEB822 .sources format. This format is more explicit and less error-prone than the legacy single-line format:

cat <<EOF | sudo tee /etc/apt/sources.list.d/mysql.sources
Types: deb
URIs: http://repo.mysql.com/apt/debian
Suites: $(lsb_release -cs)
Components: mysql-8.0
Architectures: $(dpkg --print-architecture)
Signed-By: /usr/share/keyrings/mysql.gpg
EOF

The $(lsb_release -cs) command automatically inserts your Debian codename (bookworm or bullseye), so this command works on both Debian 11 and 12.

Optional: Add MySQL Development Tools

If you need MySQL Connectors (for Python, Java, C++, etc.) or other development libraries, add the mysql-tools component:

cat <<EOF | sudo tee /etc/apt/sources.list.d/mysql-tools.sources
Types: deb deb-src
URIs: http://repo.mysql.com/apt/debian
Suites: $(lsb_release -cs)
Components: mysql-tools
Architectures: $(dpkg --print-architecture)
Signed-By: /usr/share/keyrings/mysql.gpg
EOF

Update Package Index and Install MySQL

Refresh your package lists to include the newly added MySQL packages:

sudo apt update

Then install the MySQL community server:

sudo apt install mysql-community-server

During installation, several configuration dialogs appear:

1. Root password: Enter a strong password for the MySQL root account. This is separate from your system’s root password.
2. Confirm password: Re-enter the password to verify it.
3. Authentication plugin: Select the default option (caching_sha2_password) for optimal security. Legacy applications may require mysql_native_password instead.

Use the Tab key to navigate between fields and buttons, and press Enter to confirm selections.

Method 2: Install MySQL 8.0 with extrepo

The extrepo tool is Debian’s official method for managing external repositories. While it automates repository configuration, the current MySQL entry has a GPG key formatting issue that requires a workaround.

Install extrepo and Enable Non-Free Policy

Install the extrepo package:

sudo apt install extrepo -y

Enable the non-free policy in extrepo’s configuration. MySQL is classified as non-free because Oracle’s licensing differs from Debian’s free software guidelines. The following command uncomments the non-free line in the configuration file:

sudo sed -i 's/# - non-free/- non-free/' /etc/extrepo/config.yaml

Enable the MySQL Repository and Fix GPG Key

Enable the MySQL 8.0 repository:

sudo extrepo enable mysql-8.0

The extrepo package stores the GPG key in ASCII armor format, but the key file contains embedded escape sequences that prevent APT from verifying signatures. To fix this, download a fresh copy of the key directly from the keyserver:

curl -fsSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB7B3B788A8D3785C' | sudo gpg --dearmor -o /var/lib/extrepo/keys/mysql-8.0.gpg
sudo sed -i 's|mysql-8.0.asc|mysql-8.0.gpg|' /etc/apt/sources.list.d/extrepo_mysql-8.0.sources

Update the package index:

sudo apt update

Install MySQL Community Server

Install MySQL:

sudo apt install mysql-community-server

Follow the same installation prompts described in Method 1 to set the root password and configure authentication.

Verify MySQL 8.0 Installation

After installation completes, verify that MySQL was installed correctly by checking the package version:

apt-cache policy mysql-community-server

On Debian 12 (Bookworm), the output shows:

mysql-community-server:
  Installed: 8.0.45-1debian12
  Candidate: 8.0.45-1debian12
  Version table:
 *** 8.0.45-1debian12 500
        500 http://repo.mysql.com/apt/debian bookworm/mysql-8.0 amd64 Packages
        100 /var/lib/dpkg/status

On Debian 11 (Bullseye), you will see version 8.0.37-1debian11 instead. The Installed line confirms MySQL is installed, while 500 indicates the package priority from the MySQL repository.

Manage MySQL Service

MySQL runs as a systemd service that starts automatically after installation. This section covers how to verify service status and execute common management commands.

Check MySQL Service Status

To verify that MySQL is running correctly, check the service status:

systemctl status mysql

The output below indicates an active, healthy service:

● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; preset: enabled)
     Active: active (running) since Fri 2025-12-20 10:00:00 UTC; 5min ago
       Docs: man:mysqld(8)
             http://dev.mysql.com/doc/refman/en/using-systemd.html
   Main PID: 12345 (mysqld)
     Status: "Server is operational"
      Tasks: 38 (limit: 4644)
     Memory: 365.2M
        CPU: 2.456s
     CGroup: /system.slice/mysql.service
             └─12345 /usr/sbin/mysqld

If the service is not running, start it and enable it to launch at boot with a single command:

sudo systemctl enable mysql --now

Common Service Commands

Use the following commands to control the MySQL service as needed:

Stop the MySQL service:

sudo systemctl stop mysql

Start the MySQL service:

sudo systemctl start mysql

Restart the MySQL service:

sudo systemctl restart mysql

Disable MySQL from starting at boot:

sudo systemctl disable mysql

Enable MySQL to start at boot:

sudo systemctl enable mysql

Secure MySQL 8.0 After Installation

MySQL’s default configuration prioritizes ease of installation over security. Running the security script hardens your installation by removing test databases, anonymous users, and remote root access.

Run the Security Script

Execute the bundled security script to configure recommended settings:

sudo mysql_secure_installation

The script prompts you for your root password, then walks through several security configurations:

1. VALIDATE PASSWORD component: Enforces password complexity requirements. Enable this for production systems to require passwords with a minimum length, mixed case, numbers, and special characters.
2. Change root password: Skip this step if you already set a strong password during installation.
3. Remove anonymous users: Answer Y to remove accounts that allow unauthenticated connections. Anonymous users exist only for testing and should never remain on production systems.
4. Disallow root login remotely: Answer Y to restrict root access to localhost only. This prevents brute-force attacks against the root account from remote machines.
5. Remove test database: Answer Y to delete the test database and its access privileges. The test database is world-accessible and provides no value in production.
6. Reload privilege tables: Answer Y to apply changes immediately without restarting MySQL.

For a production server, answer Y to all prompts to apply maximum security hardening.

Test Database Connection

After securing the installation, verify you can connect to MySQL with the root account. The -u flag specifies the username and -p prompts for the password:

mysql -u root -p

Enter your root password when prompted. A successful connection displays the MySQL prompt:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.45 MySQL Community Server - GPL

Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Type exit to close the MySQL shell and return to your terminal.

Configure Firewall for Remote Access (Optional)

By default, MySQL listens only on localhost (127.0.0.1) and does not accept remote connections. If you need to allow remote database access—for example, from an application server on a different machine—you must configure both MySQL and your firewall.

First, edit the MySQL configuration to bind to all interfaces:

sudo sed -i 's/bind-address.*=.*127.0.0.1/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
sudo systemctl restart mysql

If you use UFW, allow MySQL traffic:

sudo ufw allow 3306/tcp

For better security, restrict access to specific IP addresses instead of allowing all traffic:

sudo ufw allow from 192.168.1.100 to any port 3306

Replace 192.168.1.100 with the IP address of your application server.

Exposing MySQL to the internet without proper security measures creates significant risk. Always use strong passwords, restrict access to known IP addresses, and consider using SSH tunnels or VPNs for remote database access.

Update MySQL 8.0

The MySQL APT repository provides updates through your system’s standard package management. To update MySQL specifically without upgrading other packages, run the following commands:

sudo apt update
sudo apt install --only-upgrade mysql-community-server

Alternatively, for a full system update that includes MySQL along with all other packages:

sudo apt update && sudo apt upgrade

Troubleshoot MySQL 8.0

GPG Key Verification Errors

If you see “The following signatures couldn’t be verified” or “NO_PUBKEY” errors during apt update, the GPG key may be missing, corrupted, or outdated. Re-import the key:

curl -fsSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB7B3B788A8D3785C' | sudo gpg --dearmor -o /usr/share/keyrings/mysql.gpg
sudo apt update

If you installed MySQL using extrepo, update the key in the extrepo directory instead:

curl -fsSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB7B3B788A8D3785C' | sudo gpg --dearmor -o /var/lib/extrepo/keys/mysql-8.0.gpg
sudo apt update

Service Fails to Start

If MySQL fails to start, check the service logs for detailed error messages:

sudo journalctl -xeu mysql

Common causes include:

Port conflict: Another service is using port 3306. Check which process is using the port:

sudo ss -tlnp | grep 3306

Permission problems: The MySQL data directory has incorrect ownership. Fix it with:

sudo chown -R mysql:mysql /var/lib/mysql

Corrupted data files: If MySQL crashed unexpectedly, data files may be corrupted. Check the error log at /var/log/mysql/error.log for specific file errors. InnoDB can often recover automatically on restart, but severe corruption may require restoring from backup.

Insufficient memory: MySQL requires memory for buffers and caches. On systems with limited RAM, you may need to reduce buffer pool sizes in /etc/mysql/mysql.conf.d/mysqld.cnf.

Cannot Connect as Root

If you cannot connect with mysql -u root -p, first verify the MySQL service is running:

systemctl is-active mysql

If the service is active but authentication fails, you may need to reset the root password. Stop the service and start MySQL with grant tables disabled:

sudo systemctl stop mysql
sudo mysqld_safe --skip-grant-tables &

Connect without a password and reset the root password:

mysql -u root

ALTER USER 'root'@'localhost' IDENTIFIED BY 'YourNewSecurePassword';
FLUSH PRIVILEGES;
EXIT;

Kill the safe mode process and restart MySQL normally:

sudo killall mysqld
sudo systemctl start mysql

Authentication Plugin Errors

MySQL 8.0 uses caching_sha2_password as the default authentication plugin, which some older applications do not support. If you see errors like “Authentication plugin ‘caching_sha2_password’ cannot be loaded”, you have two options:

Option 1: Update your application’s MySQL connector to a version that supports caching_sha2_password.

Option 2: Change the user’s authentication method to the legacy plugin:

ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Remove MySQL 8.0

If you need to uninstall MySQL from your system, follow these steps to remove the packages, repository configuration, and optionally the data directory.

Stop the MySQL Service

First, stop the MySQL service to prevent issues during removal:

sudo systemctl stop mysql

Remove MySQL Packages

Next, remove the MySQL server and related packages:

sudo apt remove --purge mysql-community-server mysql-community-client mysql-common -y
sudo apt autoremove -y

The autoremove command removes dependencies that were installed automatically and are no longer needed.

Remove Repository Configuration

Then remove the repository files and GPG key based on which installation method you used:

For extrepo installations:

sudo extrepo disable mysql-8.0
sudo rm -f /etc/apt/sources.list.d/extrepo_mysql-8.0.sources /var/lib/extrepo/keys/mysql-8.0.*

For manual repository installations:

sudo rm -f /etc/apt/sources.list.d/mysql.sources /etc/apt/sources.list.d/mysql-tools.sources
sudo rm -f /usr/share/keyrings/mysql.gpg

After removing the repository files, refresh the package cache:

sudo apt update

Verify Removal

Finally, confirm that MySQL is no longer available from the repository:

apt-cache policy mysql-community-server

The following output confirms successful removal:

mysql-community-server:
  Installed: (none)
  Candidate: (none)
  Version table:

Remove MySQL Data Directory (Optional)

The following command permanently deletes all MySQL databases, user accounts, configurations, and logs stored in /var/lib/mysql. This action cannot be undone. Only proceed if you have backed up any data you need to keep.

To completely remove all MySQL data, run:

sudo rm -rf /var/lib/mysql /etc/mysql

Conclusion

You now have MySQL 8.0 installed and secured on your Debian 12 or 11 system. The database is configured with a root password, anonymous users have been removed, and remote root access is disabled. From here, you can create databases and user accounts for your applications, set up phpMyAdmin for web-based database management, or integrate MySQL with WordPress or other web applications.

Useful Links

For more information about MySQL and related guides, explore the resources below:

• MySQL Official Website: Information about MySQL features and download options.
• MySQL Documentation: Comprehensive guides for installation, configuration, and usage.
• MySQL APT Repository Guide: Official guide for the APT repository configuration.
• MySQL GitHub Repository: Source code, issue tracking, and development.
• Install MariaDB on Debian: Alternative MySQL-compatible database for Debian.
• Install phpMyAdmin on Debian: Web-based MySQL administration interface.
• Install PHP on Debian: Server-side scripting for MySQL-powered web applications.
• Install Nginx on Debian: Web server setup for your database-backed applications.
• Install WordPress on Debian: Complete CMS setup using MySQL and Nginx.
• Install UFW on Debian: Firewall configuration to secure your MySQL server.
• Install Fail2ban on Debian: Intrusion prevention to protect MySQL from brute-force attacks.
• Install Redis on Debian: In-memory caching to complement your MySQL database.