I'm working on a setup with two servers. The first server, Server A, is running several Docker containers, including a PHP application and a MySQL database. Currently, the MySQL database doesn't accept connections from outside the server. Now, I'm setting up Server B, which will host a Python application that needs to communicate with the MySQL database. I'm looking for best practices on how to securely make this connection. I believe I can only open ports to specific IP addresses, but I've heard that IP spoofing is a concern. Additionally, I think I can implement SSL for the connection, but I'm not clear on its impact or what user to create the SSL certificate under. Also, I'm unsure if there are other methods I should consider for ensuring security during this setup. Any advice would be appreciated!
1 Answer
It's generally best to avoid exposing your MySQL database to the public internet. If both servers are in a private network, like a VPC or using tools like Tailscale or WireGuard, that will keep your MySQL instance safer. This way, you can treat the connection as if it's local, which is way more secure than messing with public access and certificates.
Would using a certificate let me keep MySQL off the public network? I mean, could I just SSH into Server A and connect locally without opening any ports?