I am connecting to a MySQL instance hosted on AWS from a seperate AWS EC2 server that is running NodeJS on Express.
Here are my connection settings:
var connection = mysql.createConnection({
host: '<mydatabase>.rds.amazonaws.com',
user: '<user>',
password: '<password>',
database: '<db_name>',
ssl: 'Amazon RDS',
});
And I run the file using node db_test.js and it returns a SQL query just fine. How can I verify that it is making use of the ssl: 'Amazon RDS' line and it is actually secure?
use this query :
let sql= "show status like 'Ssl_version'";
and check the output
connection.query(sql, function (err, result) {})
Official docs says
SSL options
The ssl option in the connection options takes a string or an object.
When given a string, it uses one of the predefined SSL profiles included.The following profiles are included:
- "Amazon RDS": this profile is for connecting to an Amazon RDS server and contains the certificates from https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem and https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
So, I think you can not use ssl:{rejectUnauthorized:true}
But you can always set this process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1.It does the same thing. So when you set this option you will get TLS authorization error if you provide invalid rds SSL profile and won't be able to connect to DB
You can read this as well:
https://medium.com/soluto-nashville/best-security-practices-for-amazon-rds-with-sequelize-600a8b497804
Related
I have issue when i try to connect to the database on remote server.
My code:
const mysql = require('mysql');
const database = mysql.createPool({
host: 'localhost',
user: 'user',
password: 'pass',
database: 'db'
});
database.getConnection(function (err, connection) {
if (!err) {
console.log('Database is connected ...');
} else {
console.log('Error connecting database ...');
}
});
The credentials for connection in code is faked. With the right credentials I have, I login successfully on phpMyAdmin on remote server, on datebase that I want to connect. Credentials is good.
When I run script, return this error:
view error
Also, when I input credentials for connection with my local database, everything work perfect.
As pointed out by Luuk, you need to replace the localhost with the actual IP address of the remote database server and the port on which the database server is running.
For example -
const database = mysql.createPool({
host: '123.234.121.234',
port : '3306',
user: 'user',
password: 'pass',
database: 'db'
});
Also, make sure the port is whitelisted and can be accessed over the network. Heres a tiny little diagram for explanation.
phpmyadmin runs on the same machine as your MySQL server, so it can connect to the server using the generic host name localhost.
I guess, from your question, that your nodejs program runs on some other machine (your personal machine, maybe?). That takes some special-purpose setup to do.
You must use the server's actual hostname in your host: property, not localhost.
MySQL login credentials aren't just username/password. They are host/username/password. You may need to create a new set of credentials for remote access so your nodejs program can get in. Read this: https://webmasters.stackexchange.com/questions/2242/how-to-create-separate-users-in-phpmyadmin-each-one-cant-see-others-databases
If your MySQL server runs on a rented server at some cloud or hosting service, you may need to open up a firewall to allow your machine to connect. If you're on a hosting service, ask their customer support krewe about that. On a cloud service, you want to open port 3306. Look up how to do that in their documentation. (It may be a gnarly configuration task).
Your easiest way of troubleshooting this is to use some MyQSL client program (like MySQL Workbench or HeidiSQL) on your own machine. when you get that to connect, you can use the same credentials in your createPool() call.
I have a Node.js app (running on AppEngine) connecting to a GCP CloudSQL (MySQL) instance. Now I want to connect to the same database from Node.js (Knex) running on Heroku.
From AppEngine, Node.js connects via user/password and socketPath. I'm also connecting to the same MySQL DB from MySQL Workbench via host IP (over SSL).
I'm trying to use the same host, port, user and pass as Workbench from Heroku and it's not working. To try and make it easy, I've temporarily allowed all networks to connect (0.0.0.0/0) and I've allowed non-SSL connections.
Here's the error: ER_ACCESS_DENIED_ERROR: Access denied for user 'usernamehere'#'xx.xxx.xxx.xx' (using password: YES)"
The environment variables are stored in the Heroku app and they must be working because the username is correct.
It's not very helpful, but here's the code:
import Knex = require('knex');
const envConfig = require('../config/environments').get(process.env.NODE_ENV);
module.exports = knex;
The only way I found to resolve this issue was to connect to CloudSQL over SSL.
const mysql = require("mysql");
const fs = require('fs');
const knex = require('knex')({
client: 'mysql',
version: '5.7',
connection: {
host : 'xx.xx.xx.xx',
ssl: {
ca: fs.readFileSync('ca.pem'),
key: fs.readFileSync('client-key.pem'),
cert: fs.readFileSync('client-cert.pem'),
},
user : 'root',
password : 'xxxxxxxxx',
database : 'mydbname',
},
});
I hosted a nodeJS application in google console under a paid account. When i tried to connect my nodeJS app to MySQL db in localhost server it is working but once i configured it to work in google cloud console it says can't connect to database. I successfully created a google SQL instance and sure about user name and password as i can connect to database via cloud console.
i referred to many tutorials in the internet and couldn't get a way....
var con = mysql.createConnection({
host: 'localhost',
user: 'root',
password: '1234',
database: 'test'
});
con.connect(function(error){
if(error){
console.log('error');
}
else{
console.log('connected');
}
});
Since this question is tagged with google-app-engine, I assume it is the product you are using to deploy your application. In this case:
App Engine uses a Unix socket to connect to a Cloud SQL instance, because of that you need to pass the instance's connection name, like in the example below:
var con = mysql.createConnection({
host: "localhost",
socketPath: "/cloudsql/<PROJECT_ID>:<REGION>:<SQL_INSTANCE_NAME>",
user: "root",
password: "secret"
});
con.connect(function(err) {
if (err) throw err;
console.log("Connected!");
});
You can actually test that by running the cloud_sql_proxy locally and connecting through the unix socket. The Using Cloud SQL for MySQL tutorial explains how to do that.
EDIT:
In case you are using App Engine Flex, it is also important to set the correct beta_settings on your app.yaml like in the example below:
beta_settings:
# The connection name of your instance, available by using
# 'gcloud beta sql instances describe [INSTANCE_NAME]' or from
# the Instance details page in the Google Cloud Platform Console.
cloud_sql_instances: YOUR_INSTANCE_CONNECTION_NAME
Your local machine sql server can't be connected to the google console as it is not
exposed to the internet.You should host your mssql db in some platform and then you
can connect with that in google console
I am using azure connection string (from Azure portal) for Node.js app, still cannot connect to Azure Database for Mysql server.
var conn = mysql.createConnection({
host: yourhost,
user: "username",
password: "password",
database: "database",
port: 3306,
ssl:{ca:fs.readFileSync(__dirname + '/baltimore.pem')}});
I get following error:
"Error: MySQL server is requesting the old and insecure pre-4.1 auth mechanism.Upgrade the user password or use the {insecureAuth: true} option."
But I can connect using Mysql Benchmark same credentials.
What I am doing wrong ?
Azure Database for MySQL is incompatible with the mysqljs connector library. See issue 1729 for details and pull 1730 for a workaround.
I am using the tunnel-ssh module to establish connection to the remote mysql database using node.js. The documentation is poor and I am not able to establish a connection. Here is the code snippet:
var tunnel = require('tunnel-ssh')
var server = tunnel.tunnel(config.sshData, function(err, result) {console.log('connected'});
Here is my sshData object.
config.sshData = {host : 'serverxyz.web-hosting.com', username : 'xyz', password : 'xyz',
srcPort: 3307, dstPort : 21098}
The dstPort is 21098 as suggested by the namecheap documentation.
However I am getting timeout error and whenever I add this snippet:
server.on('error', function(err) {});
I get the error server.on is not a function. The remote connection is working fine on putty and SQLyog. Any procedure on how to establish successful connection would be of great help. Thanks!
Update
Got the database working by using the correct ports specified and by directly using ssh2 module with the code example given here
There is a misunderstanding with the namecheap documentation. 21098 is the ssh port, not the port the database is listening on. In order to use a non-standard ssh port, you will need to explicitly specify the port value like:
config.sshData = {
host: 'serverxyz.web-hosting.com',
port: 21098,
username: 'xyz',
password: 'xyz',
dstPort: 3306
};
Then you should be able to connect to localhost:3306 to access your remote database.