So...I want to put the Web Server on one EC2 instance and the MySQL database on a separate EC2 instance. Which I can do, but how would I point the web server over to the other instance that I am using for MySQL?
You know Amazon do offer a specialized MySQL instance instead of standard instances, just gives backups, etc.
I'm not sure whether you mean how do you expose MySQL service as a port, or how to identify the database instance.
You can expose MYSQL on a machine port as service and access through telnet or SSH (usually SSH). The default is 3306, I believe.
To get the IP of the database instance, create and assign an elastic IP to the DB instance and use that.
Every instance of EC2 that is spun up has a number of domain names associated with it.
You probably want to use the internal address for communication (saves you money). It looks something like domU-12-31-39-00-86-35.compute-1.internal and is treated like any other hostname.
The issue with using such internal addresses, rather than elastic IP, is that if things reboot, you need to update the internal addresses. Your mileage may vary, but I was part of a project that ran for months and saw no EC2 reboots (other than what the team rebooted themselves).
See http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?concepts-instance-addressing.html for more on addressing (look for "Using Instance IP Addresses" -- Amazon doesn't like deep linking, apparently).
Related
Currently I am using the native Cloud SQL instance that is getting billed against the same project. However to cut some cost, I intend to shift the databases to my other mysql sitting at my other hosting. But I need to put a static IP on the allowed hosts in order to make it work. I added the 4 hosts that they make you add as A records to point the domain. But it didn't work. I read about Sockets API.. but didn't really get it. It's confusing. How to make it work? putting those 4 IP in makes it workable once or twice randomly when once of those provided IP is active I guess but whenever some other IP from the pool gets active, it doesn't work!
Have you looked at Serverless VPC Access with VPC Access Connector as described here?
You should be able to use the VPC Access Connector Source IP CIDR range at your MySql end as allowed IP list.
However you must ensure the connection is secure with a VPN or interconnect.
I have jar file of springboot and I'm running on compute engineVM
And I also connect SQL-client but what address of mysql should I give in spring boot
I assume you are using GCP's hosted mysql? (Cloud SQL).
If so, then if you are connecting to it via cloud sql proxy, which is running on the same machine, then you just use localhost. The proxy should know the way to the server from there, assuming that you've configured the instance name and project/etc. correctly.
Otherwise, without the proxy, you can use your SQL instance's public IP address, which you can see on the list of running instances when you select the SQL page.
In the second case (using the actual IP address) keep in mind that GCP probably wont let the VM running your application through the firewall to the SQl instance directly. To work around this, you'd have to list your VM's IP address in the Authorized Networks section of the SQL entry (click on your SQL instance in the list and select the Authorization tab). Again, in this case, you need to keep in mind that your VM's IP address is ephemeral by default (unless you made and effort to make it permanent). So if you restart your VM, the above Authorization will no longer make sense. So make sure you make your VM's IP address permanent.
We have an EC2 instance which is a website, which uses a mysql database which is on another EC2 instance in the same region. In mysql, we have provided restricted access based on server elastic IP to prevent intrusion.
Now, we have decided to install ELB on this server. The ELB part actually works fine, but when auto-scaling spins up a new instance, it has a random public IP address, hence cannot be added to mysql's exceptions.
I tried adding ELB dns(A Name) to mysql for providing access, but it is still not working. The ELB works, Auto scaling spins up a new instance, but the website shows error due to not-connected to database.
How can I correct this?
Rather than restricting access via IP addresses, use Security Groups:
Create a security group (eg App-SG) and associate it with any instance that is permitted to communicate with the MySQL server
Create a security group for the MySQL instance (eg call it SQL-SG) and permit Inbound connections from App-SG
This way, only machines with the App-SG will be allowed to communicate with the MySQL instance. When Auto Scaling launches new instances that are associated with the App-SG, they will also be able to communicate with MySQL.
You should avoid hard-coded IP addresses as much as possible (as in... never use them!).
Instead of restriciting your database access by IP, consider restricting by subnet.
You will have a public subent (webserver and ELB are there) and a private one (database server is there)
Computers in a public subnet is accessible to everyone in internet, computers in a private subnet is available to only computers in a public subnet.
More information about such configuration is here:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
In order to manage your database server, you can setup a bastion host:
http://blogs.aws.amazon.com/security/post/Tx2ZWDW1QA6D62Y/Controlling-Network-Access-to-EC2-Instances-Using-a-Bastion-Server
In my env variable there is host for MySQL database. But it is ip in local network (starts with 127...). How can I make MySQL available for external world via domain name for db?
This is not possible. Openshift is a Platform-as-a-Service (PaaS) that shields the internals of the implementation in a paradigm that allows access through an API connector such as PHP and a database cartidge. Or through SSH tunneling. It does not expose an IP Address of your mysql server sitting there as port 3306 for use in development with such db libraries a c#, java, python, etc. Or with Mysql Workbench or the like.
In fact, it is not your mysql server as much as it is a shared one.
Infrastruture-as-a-Service (IaaS) platforms such as AWS EC2 would allow for those native port 3306 connections and a public IP Address exposed if you opened up the firewall for them.
With Openshift, in order to achieve connections with such things as Mysql Workbench, you need a pki key pair and an SSH tunnel. Same for a native app, say, written in c#, which would need the likes of SSH.NET . these are all configurations that are bearable for a single developer, but don't scale for a rollout to your users, generally speaking. Unless you are up for the task of doing that. That is, key management.
It is one of the drawbacks, but also one of the security guarantees you can bank on. You can also enjoy its simplicity. But it has its shortcomings. I have converted some people away from Openshift once they have realized this. The same limitations exist with major shared hosts where SSH is the only way in.
I hope I have answered your question.
have a problem when consider about more Couchbase(CB) instances running in same PC. It is because, The screen which allows to add another server provides options to add the second server IP, and no any ports. This might be because each CB communicate through the same port. How ever without mentioning the connecting port, how to add another server which is running on same PC? (the already running server ip is 127.0.0.1, then what to mention in the second servers IP ?)![enter image description here][1]
The best solution for running this would be to use virtual machines to run the CB instances. Use 1 VM per node/instance (which can be quickly provisioned using vagrant). This (particularly the vagrant solution) allows multiple nodes/instances to communicate between each other on correct ports (as each node is given a unique IP (from the reserved private addresses), and is well tested in terms of resource usage/performance.
More information along with prebuilt vagrant configurations can be found on GitHub and at this blog (one of Couchbase's engineers).