MariaDB lab (one public server [for web server, etc] and one db server)
You probably don't need a transaction database. If all you're doing is stuff with users, config, or logs (90%+ of all scenarios), you can avoid the hassle of tabular transactional systems. MongoDB is probably a better choice for your scenarios.
For the extremely rare instances where you need transactions, here is a mechanism to setup a MariaDB (formerly known as MySQL) system.
In this lab, there's a public service and a private one. MongoDB is on the private server. SSH into the public one, then SSH into the private one.
The purpose of that is to demonstrate the type of security you'll probably have in production. Having said that, it's probably too extreme for Azure. There's nothing wrong with simply telling your security group to only let the web server and YOU in. Azure naturally handles a lot of the security stuff that you might be used to.
Deploy to Azure