Search code examples

Database connection refused with Symfony / PHP

Trying to deploy a Symfony 3.2/Doctrine application to Swisscom PaaS.

Buildpack (PHP 7, httpd etc.) are installed, composer is running and installing dependencies, but when calling the composer after-commands, like cache:clear I get an:

An exception occured in driver: SQLSTATE[HY000] [2002] Connection refused

my manifest.yml:

- services:
 - dbservice
buildpack: php_buildpack
host: myapp
name: MyApp
instances: 1
memory: 640M
 PHP_INI_SCAN_DIR: .bp-config/php/conf.d

my options.json:

"WEB_SERVER": "httpd",
"COMPOSER_INSTALL_OPTIONS": ["--no-dev --optimize-autoloader --no-progress --no-interaction"],
"SYMFONY_ENV": "prod",
"WEBDIR": "web",
"PHP_MODULES": "fpm",

And this is how I read database credentials from VCAP and set parameters in Symfony (which is perfectly working with a local setup of VCAPSERVICES env vars):

$vcapServices = json_decode($_ENV['VCAP_SERVICES']);

$container->setParameter('database_driver', 'pdo_mysql');

$db = $vcapServices->{'mariadb'}[0]->credentials;

$container->setParameter('database_host', $db->host);
$container->setParameter('database_port', $db->port);
$container->setParameter('database_name', $db->name);
$container->setParameter('database_user', $db->username);
$container->setParameter('database_password', $db->password);

// Just for debug:

echo 'User: ';

echo 'Db: ';

Service is running, both var_dump deliver the expected values. But still connection is refused.

What am I doing wrong?

****EDIT**** A similar problem seems to be here, but without a solution: Cloud foundry p-mysql


I debugged down right to the statement where PDO constructor is called.

It is called with the following parameters:

$dsn = mysql:host=;port=3306;dbname=CF_DB922DD3_CACB_4344_9948_746E585732B5;
$username = "myrealusername"; // as looked up in VCAP_SERVICES
$password = "myrealpassword"; // as looked up in VCAP_SERVICES
$options = array();

Anything looks exactly like it can be seen in the web console for the service binding.

Is an unix_socket required to successfully connect?


As Symfony is using some composer post-install-commands (in this case e.g. to clear and warm up the cache) which require already a working database connection that this is not supported with DB services by cloudfoundry as long as the container is not fully built and deployed?

Am running out of ideas.


  • Sorry for the issue and thanks for feedback. Swisscom modified the security groups. See Application Security Groups for more info.

    Cloud Foundry blocks all outbound network connections from application containers by default. Administrators can override this block-by-default behavior with Application Security Groups (ASGs).

    ASGs are a collection of egress rules that specify one or more individual protocols, ports, and destinations to allow network access to.

    Cloud Foundry has two default sets of ASGs: default-staging and default-running. All application containers in Cloud Foundry use a base policy from one of these.

    The rule for Galera as a Service (MariaDB) was only done in running. We added the rule also to staging.