Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CyberPulse2017-02-14 16:32:36
MySQL
CyberPulse, 2017-02-14 16:32:36

What is the correct method to access MySQL remotely?

What is:

  • 1 rack MySQL server
  • Dynamic number of clients (50-150 computers, some on, some off) that should work with this database. Clients are geographically distributed, but have a stable Internet connection. Some clients work in the mode of 1 request per 5-10 seconds, others generate 20-30 requests per second around the clock.

The question itself: how to organize the connection of clients to the database?
Already considered, but there are questions:
  • API layer (not suitable due to too much redesign of the client architecture + additional server in the rack)
  • Put MySQL "booty" on the Internet (the whole Internet is replete with the fact that this is not safe, they don’t say what exactly, except for brute force)
  • SSH tunnel (no personal experience of checking it for stability and reconnects like autossh)
  • VPN (no personal experience testing it for stability)
  • maybe there is more...

ps Clients do not have a permanent ip

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
T
ThunderCat, 2017-02-14
@CyberPulse

vpn is the most correct solution, as the name itself hints - a virtual private network. That is, an emulation of work in the internal network is created for remote users. There is a sssh from a caropka.

Report
S
Sergey Sokolov, 2017-02-14
@sergiks

Maybe IPTables ? If the client IPs are known and constant, open 3306 only for them, and close the rest of the ports for other addresses.

Report
A
Alexander Chernykh, 2017-02-14
@sashkets

Expose MySQL "booty" to the Internet
- it's not scary. We give access to the necessary addresses with a firewall (they must be static) and close it for the rest . You can also configure mysql VPN encryption
between points - in case the clients have dynamic addresses, then mysql encryption is not needed. The channel must already be encrypted

Similar questions
R
Roman Tuzov2021-03-22 23:47:34
How to count from 0 and beyond? 3Reply
D
Danil Tunev2018-11-22 04:48:49
How to see assembler input parameters? 4Reply
A
Anton Zolotarev2015-04-20 17:51:12
How to make 2 conditions in Apache - Rewrite rule? 4Reply
S
SashaYasha2018-05-24 16:00:02
Are there tutorials or sample code on how to implement such a test? 2Reply
D
darklelik2016-01-15 13:22:56
Nodejs how to create tables in MySql from a dump? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question