Securely connect your application server to a remote MySQL server! We'll cover firewalls, networking binding and user security within MySQL.
This will explain the parts you need to know about MySQL to connect remotely without sacrificing security.Here's the basic things standing in our way of connecting to a remote MySQL server:
Firewall rules on both servers (Notably the INPUT chain on the MySQL server)
MySQL's Bind Address (what network it's listening on)
MySQL User allowed to be used for remote connections
Firewalls
Assuming AWS rules are all set (that's shown in the video but outside the scope of it), let's start with the Firewalls.
We need to ensure the MySQL server allows incoming connections on MySQL's port 3306. Let's open up port 3306 to allow those connections through.
Here are the commands used to create the current firewall rules on the MySQL server:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP
To add onto this rules and allow incoming requests on port 3306, we can do the following:
sudo iptables -I INPUT 4 -p tcp --dport 3306 -j ACCEPT
However, let's make this more secure and only allow these incoming requests from a specific IP address (our application server):
sudo iptables -I INPUT 4 -p tcp -s 173.10.0.22 --dport 3306 -j ACCEPT
Where -s is the --source IP address (your application server).
|
|
