Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Mysql Mariadb setup help!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Mysql Mariadb setup help!

Hello ya all. Hope everyone is safe and healthy.

I need to setup a mysql/ mariadb instance... on a cloud server... I need to be able to setup tls / ssl so that the connection is ALWAYS encrypted. This is a pilot setup for me, so I am planning to use let's encrypt certs.

Just trying to see if:
A. Should I just do a native install or use docker?
B. I understand I need to do some type of hardening of the db instance... any suggestions?
C. Should I expose the db instance directly to the outside world as the connections will happen from over the internet... or is there some type of proxy or similar I can use?
D. I will probably need to connect from fixed up, so that will be only allowed host. However my home internet is dynamic ip.. so what options do I have? I would prefer to not open % access. Any suggestions?
E. How to ensure that the connection to the db server are 100% encrypted and deny all non encrypted connections?

Awaiting suggestions. Thanks in advance

Comments

  • @plumberg said:
    I will probably need to connect from fixed up, so that will be only allowed host. However my home internet is dynamic ip.. so what options do I have? I would prefer to not open % access. Any suggestions?

    Why not just set up a VPN, OpenVPN will work fine with a dynamic IP. Bind the MySQL server to the VPN interface ONLY not the public interface, then you have an encrypted private connection to the database (and any other services you wish).

    Thanked by 1plumberg
  • UnbelievableUnbelievable Member
    edited October 2020

    The articles provide links on how to use features within mysql to turn encryption on. Just takes a bit of reading to get a simple solution. Also if you use vultr or lightsail or do you can setup an external firewall to only allow your ip or a range of ip's

    Thanked by 1plumberg
  • nbnnbn Member
    edited October 2020

    USE WEBMIN, makes it pretty easy to set up a cloud mysql and gives you ssl encryption options. Also over large data use mysqli or pdo, dbmaria is quite a bit slower in my experience.

    The below doesn't exactly answer your question but is my basic mysql on a cloud server setup script. Obviously you'll want to change the allow settings etc.

    My usual basic webmin mysql cloud server code:

    ###METHOD FOR MYSQL SERVER 
    #install regular ubuntu
    
    #install mysql-server and client
    sudo apt-get install mysql-server mysql-client php-mysql apache2 -y
    
    
    ###INSTALL WEBMIN
    sudo apt install software-properties-common apt-transport-https wget gnupg gnupg1 -y
    wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
    sudo add-apt-repository "deb [arch=amd64] http://download.webmin.com/download/repository sarge contrib"
    sudo apt update
    sudo apt install webmin -y
    sudo ufw allow 10000/tcp
    
    #LOG IN VIA BROWSER TO https://IPADDRESS:10000 (accept risk & continue)
    
    Thanked by 1plumberg
  • @nbn when do you run mysql_secure_installation seems an important step

  • nbnnbn Member
    edited October 2020

    @Unbelievable said:
    @nbn when do you run mysql_secure_installation seems an important step

    @Unbelievable, I'm much more fluent in R and Python, but you could ssh or VNC in, run mysql -u root -p and then run the setup of mysql_secure_installation, if I'm not mistaken. You could also run mysql queries from the webmin dashboard, but the interface is a bit clunky for actual mysql queries on webmin. Webmin has ssl and most other unix administration on its dashboard.

Sign In or Register to comment.