It is not required to turn on public mode as long as the Lightsail Instance and Database are in the same region.
If you would like to access the database from a local machine, via SSH tunnel through the Lightsail Instance is the safer option.
Follows instruction of relevant docker image to configure the host/username/password and database to connect. Make sure the database is created beforehand.
Access Denied Error
When running a docker container inside a Lightsail Instance with config to communicate to a Lightsail MySQL Database in the same region using the master credential. An "Access Denied" Error occurs.
I am not a DB specialist, but my best guess is that the Master Account has been limited to accessing the DB only via the subnet of the same region, which excludes the container IP and causes the error.
create a dedicated MySQL User
CREATE USER 'userx'@'%' IDENTIFIED BY 'password'
GRANT ALL PRIVILEGES ON dbx.* TO 'userx'@'%'