Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CyberPulse2017-02-14 16:32:36
MySQL
CyberPulse, 2017-02-14 16:32:36

What is the correct method to access MySQL remotely?

What is:

  • 1 rack MySQL server
  • Dynamic number of clients (50-150 computers, some on, some off) that should work with this database. Clients are geographically distributed, but have a stable Internet connection. Some clients work in the mode of 1 request per 5-10 seconds, others generate 20-30 requests per second around the clock.

The question itself: how to organize the connection of clients to the database?
Already considered, but there are questions:
  • API layer (not suitable due to too much redesign of the client architecture + additional server in the rack)
  • Put MySQL "booty" on the Internet (the whole Internet is replete with the fact that this is not safe, they don’t say what exactly, except for brute force)
  • SSH tunnel (no personal experience of checking it for stability and reconnects like autossh)
  • VPN (no personal experience testing it for stability)
  • maybe there is more...

ps Clients do not have a permanent ip

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
T
ThunderCat, 2017-02-14
@CyberPulse

vpn is the most correct solution, as the name itself hints - a virtual private network. That is, an emulation of work in the internal network is created for remote users. There is a sssh from a caropka.

Report
S
Sergey Sokolov, 2017-02-14
@sergiks

Maybe IPTables ? If the client IPs are known and constant, open 3306 only for them, and close the rest of the ports for other addresses.

Report
A
Alexander Chernykh, 2017-02-14
@sashkets

Expose MySQL "booty" to the Internet
- it's not scary. We give access to the necessary addresses with a firewall (they must be static) and close it for the rest . You can also configure mysql VPN encryption
between points - in case the clients have dynamic addresses, then mysql encryption is not needed. The channel must already be encrypted

Similar questions
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
G
GRO242019-10-20 17:02:09
Writing a loop to a variable? 2Reply
E
emerysh2017-06-09 00:18:28
How to compare fields from different tables? 1Reply
Q
Questions00012021-05-07 16:07:05
How to bypass intrusive Youtube ads? ad blockers don't help. You need to switch to a paid plan to stop ads. What can be done? 4Reply
@
@nixbox2019-11-14 18:59:05
How to fix encoding issue (UnicodeEncodeError: 'latin-1' codec can't encode characters..) when interacting with mysql? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question