I am currently trying to develop a Webserver, where about 100 domains point to. It gets a bit messy if I try to do the configuration in a single file.
Is there a way to connect Nginx to a Mysql Database in which all Domains and their SSL certificates are stored?
It doesn't have to be Nginx as a proxy. If another proxy fits better I'll take that one.
Related
I have a Node.JS Express API App that's hosted on Heroku in the cloud. I'd like to query a MySQL DB.
The problem is that this DB is hosted on a secure LAN with proprietary info. We don't want to expose this DB to the public. What's the desired pattern for things like this?
I have a static proxy IP that I was thinking of maybe whitelisting in MySQL Server if possible. I think introducing another layer like VPN or SSH isn't going to work.
I have a static proxy IP that I was thinking of maybe whitelisting in MySQL Server if possible
MySQL does allow whitelisting of IPs. It is possible.
However, you can create an SSH tunnel from the local system to the server. The SSH tunnel can give you an encrypted SSH connection. And instead of using an SSH based on password, the better method is to use a key based encryption
What you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file. And preferably, disable password based authentication and only permit key based ssh connections.
If you need some steps on how to achieve this, I can list down too.
I have an application that connects to a domain using port 3306 (MySQL) and port 21 (FTP).
I've had to move the MySQL hosting to another server (AWS) and need to keep the FTP server as is.
Now the problem I have is that the application doesn't allow you to specify a different server name for each service so it's trying to connect via FTP to the MySQL server in AWS.
Is there any way to setup Windows to redirect certain ports only to a different IP?
Is there a way to set up the new server to bounce FTP requests back to the older server?
Alternatively is there a way to setup the domain DNS to point MySQL port requests to the MySQL server?
One of the ways to fix this is, install a TCP proxy server (Eg. nginx, haproxy) on the new server and pass the request to the old server based on the request type.
I have built an application in vb.net that needs to connect to a mysql database. This all works fine from my own network and several other home networks.
But if i want to use the application on my company's network, i get the error
Unable to connect to any of the specified MySQL hosts
I thought that this is caused by the firewall of the network.
But I used the "automatic update" option and I publish the application on a online server. This works fine on my company's network.
So the application can download the updates from the network, but can't connect to the mysql server. What could cause this issue?
The most common situation that would cause this is selective egress filtering. Specifically, the firewall is most likely only allowing HTTP/HTTPS port connections out.
Try changing mysql to listen on 443, then try again using 443 instead. The firewall may allow the traffic since it is using 443 like web traffic instead of 3306 (mysql default).
If you're testing it locally, its because you need to whitelist the IP that you're CURRENTLY on.
On live sites, the IP of the server doesn't change. So you use that IP with the correct permissions to allow mysql to work.
So basically, figure out where your allowed IP's to talk to the DB are, find your local ip, and modify. Incorrect ports can be a problem also
The MySql server and client are on the same server. In time, they will be on separate machines. We want to establish secure protocols from the get go.
Does it make sense to require SSL on database connections? Or put another way, is there any reason NOT to use SSL?
If I were you, I'd refrain from connecting to localhost, and instead connect to your local machine by using its explicit hostname. I think you're also wise to use TLS / SSL to connect in this configuration if that's what you're expecting to use when you deploy in production.
You may want to ask yourself whether that's worth the trouble, though. If your app - to - mysqld connection is on a private backend network (as it may be) using TLS / SSL may be overkill. It's called "transport layer security" and it pretty much protects against badguys intercepting data going to and from mysql. Your app system will probably have other vulnerabilities that render TLS protection uninteresting. For example, if it's a web app the mysql password is probably hardcoded in a config file someplace. If the badguy wants to look at your data, he need only grab the password and log in to the mysqld. To keep your info safe you need to keep badguys off your private network.
It's a good idea always to paramaterize the hostname, port number, and production password of your mysql database. If those things are parameterized you can then deploy to a staging or production server system simply by changing those parameters.
Hi I am completely new to phpMyAdmin and mySQL
Is there any way to configure remote management/access of my MySQL database by pointing requests or a browser to an IP? I have my server set up behind a router and have setup port forwarding for ports 8080 (tomcat) and 3306(should be default mySQL). Everything works locally on the machine, however I cannot access the dbs or phpmyadmin by pointing a browser from a computer on the local network to http://IP/phpmyadmin or from externally by pointing the browser to the IP given to me by my ISP. Any thoughts? Is there a specific way to edit the config files in order to allow the use of IP addresses?
Exposing your db and appserver on the internet is not a good idea. If these need to be accessed remotely, use a VPN or authenticated SSL. In the case of phpmyadmin - if this is running on a webserver on your network then you'll need to forward port 80 too - although I'd recommend using HTTPS/SSL (port 443)