Just for the people who don't know how to do this and looked at this thread to find a way. here you go! Pretty much if you have a root server running ubuntu 16.04. Open the screen/kvm and do the following : sudo apt-get update sudo apt-get install mysql-server sudo mysql_secure_installation systemctl status mysql.service (this is too test if you have installed it properly) This should be the output of systemctl status mysql.service! mysql.service - MySQL Community Server Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: en Active: active (running) since Wed 2016-11-23 21:21:25 UTC; 30min ago Main PID: 3754 (mysqld) Tasks: 28 Memory: 142.3M CPU: 1.994s CGroup: /system.slice/mysql.service └─3754 /usr/sbin/mysqld if it does not show this do this then do the test command once again after this! sudo systemctl mysql start And there you have installed it but im guessing you want to know the rest on how to get it setup with ranks and pex and stuff! mysql -u root -p (after this you should be prompt with a password the password is the one you did on step 3) CREATE DATABASE database_name; (Change datdabase_name to something else what ever you want but make sure you remember it!) grant all privileges on database_name.* to 'username_you_want'@'localhost' identified by "choose_your_password_here"; flush privileges; exit And there you now have your database!!! Now to add it to pex so all your servers can use it! Make a copy of your permissions in your pex config first Then delete your pex folder AFTER YOU MADE YOUR BACKUP! Then reload all of your servers In your game after that do /pex backend sql dont worry if you get a error thats good! then there should be another pex folder there click on it and press on config Then when your in the config change the "backend: file" to "backend: sql" Below that there should be a backend called sql. Now change that to what you put in the database in my case it will look like this! multiserver: use-netevents: true permissions: debug: false allowOps: false user-add-groups-last: false log-players: false createUserRecords: false backend: sql informplayers: changes: false basedir: plugins/PermissionsEx backends: file: type: file file: permissions.yml sql: type: sql uri: mysql://localhost/database_name user: username_you_want password: choose_your_password_here updater: true alwaysUpdate: false Do that for each config for your servers and then reload each server and there you go! You now have a sql and pex connected to it! Now all you need to do is add the ranks and perms and stuff! If you want to protect your mySQL against attackers or hackers here are the commands to only allow your ip or to block other peoples ip from your server! On Ubuntu, the easiest way to save iptables rules, so they will survive a reboot, is to use the iptables-persistent package. Install it with apt-get like this: sudo apt-get install iptables-persistent During the installation, you will asked if you want to save your current firewall rules. If you update your firewall rules and want to save the changes, run this command: sudo invoke-rc.d iptables-persistent save The loopback interface, also referred to as lo, is what a computer uses to for network connections to itself. For example, if you run ping localhost or ping 127.0.0.1, your server will ping itself using the loopback. To accept all traffic on your loopback interface, run these commands: sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT As network traffic generally needs to be two-way—incoming and outgoing—to work properly, it is typical to create a firewall rule that allows established and related incoming traffic, so that the server will allow return traffic to outgoing connections initiated by the server itself. This command will allow that: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT You may want to allow outgoing traffic of all established connections, which are typically the response to legitimate incoming connections. This command will allow that: sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT Assuming eth0 is your external network, and eth1 is your internal network, this will allow your internal to access the external: sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT Some network traffic packets get marked as invalid. Sometimes it can be useful to log this type of packet but often it is fine to drop them. Do so with this command: sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP To block network connections that originate from a specific IP address, 220.127.116.11 for example, run this command: sudo iptables -A INPUT -s 18.104.22.168 -j DROP In this example, -s 22.214.171.124 specifies a source IP address of "126.96.36.199". The source IP address can be specified in any firewall rule, including an allow rule. If you want to reject the connection instead, which will respond to the connection request with a "connection refused" error, replace "DROP" with "REJECT" like this: sudo iptables -A INPUT -s 188.8.131.52 -j REJECT To block connections from a specific IP address, e.g. 184.108.40.206, to a specific network interface, e.g. eth0, use this command: iptables -A INPUT -i eth0 -s 220.127.116.11 -j DROP I do not give credit to myself for making pex or anything in this post. I give full credit to the makers of the plugin and software!