Reverse proxy based on DNS for multiple mysql hosts - mysql

I've some mysql host in private network and would like to use a reverse proxy server (i.e. nginx) to connect with mysql-client to mysql host via reverse proxy server.
An example to better understand my answer:
suppose I've:
a mysql server with ip yyy.1
a mysql server with ip yyy.2
both in the network of a proxy server with ip XXX, and I associate to XXX the DNS mysql-server1.com and mysql-server2.com.
My goal is connect to mysql server yyy.1 when I use mysql client to connect to XXX by calling mysql-server1.com on port 3306, and similare when try mysql-server2.com on port 3306.
The problem with nginx is that I can't differenciate TCP request by server name, so in XXX server I should associate one port foreach mysql server, but this implies that every time I should change the port also in mysql client settings, and I don't wanna this!
There's some proxy-server that can accomplish that?
Could I use IP Table to route the request mysql-server1.com:3306 to localhost:[some port], where I could use [some port] in proxy setting to forward the requests to the server yyy.1?

This is impossible.
In the MySQL Client/Server protocol, the client never identifies the hostname to which it is attempting to connect to. Unlike in some other protocols, such as HTTP (with the Host header), the original name the client used to resolve an IP address from DNS is not preserved. TLS SNI is also not available, because TLS negotiation on a MySQL connection does not begin until the client reads the server capability flags to discover whether the server supports TLS, at which point the client asks to switch the connection to TLS... and this, of course, is after the connection is is already established.
In the MySQL Client/Server protocol, the server always talks first.
Your only options are for the proxy machine to listen on multiple IP addresses, with a DNS hostname pointing to each IP, and use the address to which the client connected to determine which server to use.
Or, each proxy instance listens on a separate port.
The protocol design prevents name-based virtual hosting.

Related

Setting up MySQL database behind a VPN address

I have a regular MySQL server running with XAMPP at port 3306 and accessible by my internet ip aswell my local ip (127.0.0.1), the ports are forwarded in my router. An account set up to be accessed from any IP, Everything works fine.
I'm trying to make this same server be accessible by AirVPN DNS address. So I've followed AirVPN instructions to remove the forwarded ports in my router and forward a new port at their VPN with a random number (lets go with 1111) with local port as 3306 and DNS named as xxx.airdns.org
So I open MySQL with XAMPP under port 3306, nothing changed in config file. I run the AirVPN port checker over 1111 and it signals as open. I also try at other sites that checks ports and signals open at xxx.airdns.org:1111
Though when I try to make a connection as usual it returns error (10060): Can't connect to MySQL server on 'xxx.airdns.org' (10060)
Resolutions I've tried:
Switch port values in MySQL config files matching with the ports open in AirVPN
bound address to VPN adapter bind-address="10.6.114.48"
repeated the options above in all different kind of port combinations and addresses
Disabled Firewall on Ethernet adapter of VPN as described here
I couldn't achieve success in this task. I'm looking for some enlightment so I can understand the process.
EDIT:
The connection is set only to TCP protocol. A port check done through airVPN and is registered at XAMPP & FIREWALL logs as accepted connections. Though trying to connect from a client I got no log from Xampp or Firewall, it gets timed out.
Sorry for "answer" type not just comment, but i dont have enough reputation here :)
Maybe the protocol ( TCP/UDP ) is your issue.
If you use UDP on your airVPN better check forwarding on your router - most of them
by default sets TCP only. Otherwise maybe change to TCP on your airVPN.
ISP provider often filter this protocol.
Issue: Consider that you can't connect to a service running "behind" some VPN server from a machine that's connected to that very same VPN service.
Solution: Connect from another machine to test your service properly.

What is the difference between: proxy, port and server

What are the differences between a proxy, a port and a server. Also, what is the difference between local server and mysql sever and how we can differentiate among them ?
Thanks in advance.
Ports: connection between 2 computers/interfaces or more using ports is more like a gate where the IP addresses pass.
Server: give different services for one client or more over the network.
Proxy: middle station between the server and the client.
Local: internal network or using loop interface, network card can be a server and also a client in the same time without going out side the network.
Mysql server is service for database, using default port 3306, it's have is own IP address and you can connect him depends on the firewall rules and routing.
Knowing this topics is not enough you need to cover all the network theory it's combine a lot of parts that only when you connecting all of them together you getting the entire picture....
https://en.wikipedia.org/wiki/Proxy_server
https://en.wikipedia.org/wiki/Server_(computing)
https://en.wikipedia.org/wiki/MySQL

Connect SQL Server 2008 r2 through Internet

I have a VB.NET application that can connect to the SQL Server through LAN base, but how can I connect to it through internet, the application need to use outside, I know i need to use the public IP instead of using the IP address of the server but my public IP address that I've set in connection string can't connect to the server, Here's my connection string
Dim connstr$ = "Server=xxx.xx.xx.xxx\SQLEXPRESS,xxxx;Initial Catalog=sample_db;Integrated Security=True
Public conn As New SqlConnection(connstr)
I've try also to set the port and change the firewall restriction,enabled the TCP etc. and search a lot here but still doesn't work
Here's our network setup
PC-->router-->internet modem
1433 is the default sql server communication port. Port 1433 should be forwarded to the local IP address where your sql server runs.
1) Make sure that port 1433 is the valid communication port for sql server. You can check it from sql server configuration tools. Use actual port number rather than 1443 if it was changed by someone.
2) Find NAT (Network address translation) menu in your modem or router administration panel.
3) Forward port 1433 to your server's local IP address
4) Restart device
As a note that, your modem does not require a static IP. Your device most probably might have a new IP address after every restart. But it would be valid until you restart it once more. You can use this IP address in order to access your database remotely. It would be better but you don't have to get a static IP address.
UPDATE: You should also be sure that, port is not blocked by a program on the server such as a virus or security program.
Good luck
Google "port forwarding", which is also called Network address translation or "NAT".
The other answers are perfect but searching for the term on google should get you an idea on what it is, and how to go about it. Add your router name to the search for exact steps.
In short forward the port that SQL Server is listening on, from the router to the server machine. You will need to do some configuration on the router for that by opening the admin page. For how and details, Google "port forwarding"

Protocol used by JDBC to connect to MySQL on different Host

I want to know what is the protocol that is used by JDBC to connect to MySQL Database that is present on an other host.
My client has only http and https access restricted to his host. I want an application on an other host to communicate with that MySQL Database available on my client's host.
Please note my Client uses WINDOWS 2012 SERVER
He has asked me the protocols and ports my application is using to connect to MySQL so that he would enable them.
Request you to help.
By default mysql server uses 3306/tcp port but this is configurable. They should open up only the port that the server is listening on. Regarding the protocol it is mysql specific, you can find more info at the official documentation
By default MySQL server listens on port 3306/TCP. See manual for more details.
MySQL uses its own binary protocol over TCP to destination port 3306 to connect to the database. If you cannot get a path open betwee your client and the server for port 3306 maybe you can get the server configured to use a port that IS available to you. It would depend on who has the stricter rules, the network admins or the DBA :-)

Nginx reverse proxy DNS configuration

I am looking to deploy an nginx/dns server on a vps proxy that maps to the real back-end in a different geographical location. The back-end runs apache,mysql,dovecot,postfix. It is a pay-for mail server. The users get entered through apache through php into mysql, and when users set up IMAP, dovecot/postfix pools them from mysql and delivers or uses the smtp outbound.
I read about something in the nginx.conf file, that I can declare the mail hostname on the proxy as so:
mail {
server_name mail.example.com;
...
}
This mail.example.com is the actual mx for the example.com mail exchanger listed in DNS? Here is where that came from:
"As you can see, we declared the name of this server at the top of the mail context.
This is because we want each of our mail services to be addressed as mail.example.
com. Even if the actual hostname of the machine on which NGINX runs is different,
and each mail server has its own hostname, we want this proxy to be a single point
of reference for our users. This hostname will in turn be used wherever NGINX
needs to present its own name, for example, in the initial SMTP server greeting."
So from my understanding, the physical hostname of the proxy should be something else besides mail.example.com. So in DNS on the proxy, I can define that as anyhost.example.com? The proxy also proxies back to my apache on the back-end.
Finally, on the back-end, how do I set up my DNS for that? What hostname do I choose for the actual box running apache,mysql,dovecot,postfix? Its all on one box. I understand that on the registrar, I point 2 nameservers, these should be two proxies, that way running a dig would only pull up the proxies and the MX which should be "known" to be on the proxy.
in your case where all of the services in one box including the proxy, you can set the apache, mysql and other services accessible only from localhost / 127.0.0.1. Then from nginx you put
upstream: 127.0.0.1:80
upstream: 127.0.0.1:3306
therefore the nginx is serving frontend request and forward them to designated services