V
V
Vladimir Shiklgruber2015-03-08 00:56:36
PHP
Vladimir Shiklgruber, 2015-03-08 00:56:36

How to organize secure communication between your servers?

Hello. I am making one interesting network. Its essence is that I connect all my projects with one admin panel, (a lot of admin panels are stupidly organized in the admin panel, I work with the api of my remote sites) Everything works fine. Now the most annoying question for me... How can I secure these apis? What I need is:
- the api works only with its own server (the main admin panel on a separate server)
- I need to somehow encrypt everything that I transfer. I think in the direction of xxtea. Only there will be three keys and everything through if (perhaps nonsense, but I didn’t come up with anything cooler) this is a very big minus ... They will get into the file system and the end of protection ... through the key it will be possible to pull everything that only the soul desires I
thought rsa but I couldn't organize it...

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alex, 2015-03-08
@isqua

Maybe connect the servers to the network via VPN? VPN listens on the port specified in the config. What traffic to let through the VPN can be configured with a firewall (for example, iptables). And you can start up all traffic through VPN. In order to combine servers into a VPN network, you need to choose which of the servers will be the "central" one - the VPN server. Let him issue certificates to the rest.

F
FanatPHP, 2015-03-08
@FanatPHP

Modery, close this Hitler already.
In the post, the mat, in the question "sites of black subjects", there is rubbish in my head.
Do you mind messing with it yourself?

M
Maxim Kudryavtsev, 2015-03-08
@kumaxim

As already recommended above, one of the possible solutions is to organize a VPN between the servers and your admin machine. Keyword for Google OpenVPN, then head + hands to help you.
As the second option, if the topic is "dark", then most likely it requires increased protection from your deanonymization. Here, take a look at the Tor network and its bulbous routing. Technically - raise a relay-node (this is a word for Google) on your servers and you will be happy. There is only one catch here - your resource will only be visible in the onion space.
As for ports - yes, in fact, a web server and OpenVPN can be put on any ports. I won’t tell you the details, but for example, almost all hosting providers put apache from the standard port 80 to 8080, and nginx puts it on 80 itself. For other applications, this should not be a problem.

V
Vlad Zhivotnev, 2015-03-08
@inkvizitor68sl

VPN, https, ip restriction, authorization by certificates. Pick any 2 and match.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question