pessoal2004 Posted November 20, 2021 Share Posted November 20, 2021 I have the httpd and mariadb-server on the same server. I want to split, httpd on one server and mariadb-server on another server, and the connection must be encrypted. How to tell the Thirtybees to use the mariadb-client SSL to connect to the other mariadb-server server? Any help will be appreciated. Link to comment Share on other sites More sharing options...
0 lesley Posted November 22, 2021 Share Posted November 22, 2021 Its always going to be slow and you are going to always get latency doing what you are wanting to do. But the easiest way to do it, would be to bind mariadb to port 443 on the database server, block all ips from accessing port 443 except your main machine. But like I said, it will be slow because oft the ssl negotiation. 1 Link to comment Share on other sites More sharing options...
0 lesley Posted November 21, 2021 Share Posted November 21, 2021 How you are wanting to do it is the wrong way to do it. I am assuming you have two different machines or instances in a data center. What you need to do, is on the database instance close off any external networking, and have it only accessible by the local network. That way, no one outside your network ever reaches your machine. While it can be done in the way you want, it is not advisable and would be pretty complex. Your database out of the box is going to use port 3306, but your ssl certificate is going to bind to port 443. So you will need to bind the ssl to port 3306, then on your front facing machine, you will have to set up port 443 to also expect that 3306 on the database machine is using ssl. If you are using digital ocean or similar, look into private networking, it is made for this and is 100 times more secure. Only machines that have a physical wire can connect to your database. Link to comment Share on other sites More sharing options...
0 nickz Posted November 21, 2021 Share Posted November 21, 2021 On 11/20/2021 at 3:44 PM, pessoal2004 said: I want to split, httpd on one server and mariadb-server on another server, and the connection must be encrypted. Do you mind telling us why you want to do that? Link to comment Share on other sites More sharing options...
0 pessoal2004 Posted November 22, 2021 Author Share Posted November 22, 2021 Thank you very much for your answers. We don't want private networks like the digital ocean or similar, because we want to put our data on separate data centers. We already tried Stunnel. On Stunnel we only need to give the TB the IP 127.0.0.1:3306, and make all configurations (IP, port and SSL) on Stunnel, it works but is too slow. Now we are looking for a better solution. We also made an SSL tunnel between server #1 and server #2 with MariaDB_client Server #1 with: -Httpd -MariaDB_client:3306 with SSL Server #2 with: -MariaDB_server:3306 with SSL Right now, the TB on server #1, goes directly to MariaDB_Server on server #2. And mannualy we can go from MariaDB_client on server #1 to MariaDB_server on server #2 ussing the following command: mysql -u tb -h XXX.XXX.XXX.XXX --port=3306 -p databasetest The goal is telling to TB to go to MariaDB_client on server #1 and then to go to MariaDB_server on server #2. Our question is, how to tell TB to use the MariaDB_client? Any help will be appreciated. Link to comment Share on other sites More sharing options...
0 datakick Posted November 22, 2021 Share Posted November 22, 2021 I don't understand at all. What is MariaDB_client on server #1? Do you have two instances of mariadb servers installed in master->slave mode? Or are you talking about mysql/mariadb client program? 1 Link to comment Share on other sites More sharing options...
0 pessoal2004 Posted November 23, 2021 Author Share Posted November 23, 2021 On 11/22/2021 at 1:56 PM, datakick said: I don't understand at all. What is MariaDB_client on server #1? Do you have two instances of mariadb servers installed in master->slave mode? Or are you talking about mysql/mariadb client program? "Or are you talking about mysql/mariadb client program?" Yes. Link to comment Share on other sites More sharing options...
0 pessoal2004 Posted November 23, 2021 Author Share Posted November 23, 2021 On 11/22/2021 at 2:13 PM, lesley said: Its always going to be slow and you are going to always get latency doing what you are wanting to do. But the easiest way to do it, would be to bind mariadb to port 443 on the database server, block all ips from accessing port 443 except your main machine. But like I said, it will be slow because oft the ssl negotiation. "it will be slow because oft the ssl negotiation" Unfortly it's true, and we can't find a way around this. Link to comment Share on other sites More sharing options...
0 nickz Posted November 23, 2021 Share Posted November 23, 2021 4 hours ago, pessoal2004 said: "it will be slow because oft the ssl negotiation" Unfortly it's true, and we can't find a way around this. Rent 2 Servers from the same datacenter, one next to each other. 1 Link to comment Share on other sites More sharing options...
0 datakick Posted November 24, 2021 Share Posted November 24, 2021 12 hours ago, pessoal2004 said: "Or are you talking about mysql/mariadb client program?" Yes. Well, then what you are asking for is not possible. Thirty bees estabilish connection with mysql server directly, it does not use any third party program to communicate through. 2 Link to comment Share on other sites More sharing options...
0 pessoal2004 Posted November 24, 2021 Author Share Posted November 24, 2021 Ok, We will drop down this configuration. Thanks for your help Link to comment Share on other sites More sharing options...
Question
pessoal2004
I have the httpd and mariadb-server on the same server.
I want to split, httpd on one server and mariadb-server on another server, and the connection must be encrypted.
How to tell the Thirtybees to use the mariadb-client SSL to connect to the other mariadb-server server?
Any help will be appreciated.
Link to comment
Share on other sites
10 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now