View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions how can I use nodebalancer for mysql\redis balancing?
Log in to Ask a Question

how can I use nodebalancer for mysql\redis balancing?

general

So I tough I can use the nodebalancer for balance some services like mysql and redis

as advertise here https://www.linode.com/nodebalancers
> NodeBalancers support balancing any TCP based traffic, including SSH and MySQL.
but after setting it up I realised that its open a big security hole

There is no way for me to block access to the nodebalancer for my own servers only, and the nodebalancer public ip is accessible by everyone

so if I am using the nodebalancer to balance redis traffic anyone who find out my nodebalancer ip will be able to also connect to redis

and in my private server firewall i am only getting the nodebalancer ip so again cant block anyone except my private servers ips

what I missed out?

3 Replies

I don't think the NodeBalancer is made for private traffic, in addition, it does not offer everything that most advanced users would want, for example, multiple certificates.

Instead, my suggestion is to use HAproxy directly. You may setup a single HAproxy for distributing your traffic, or you can even setup multiple HAproxy servers for HA scenario with a fail-over IP address. This way, you may use the private IP of the servers, so there will be absolutely nothing accessible from the public. I'm using this HAproxy configuration which is part of a script for setting up a CentOS 7 server.

@IfThenElse:

I don't think the NodeBalancer is made for private traffic, in addition, it does not offer everything that most advanced users would want, for example, multiple certificates.

Instead, my suggestion is to use HAproxy directly. You may setup a single HAproxy for distributing your traffic, or you can even setup multiple HAproxy servers for HA scenario with a fail-over IP address. This way, you may use the private IP of the servers, so there will be absolutely nothing accessible from the public. I'm using this HAproxy configuration which is part of a script for setting up a CentOS 7 server.
thanks

so what's the reason of them publicly advertising using it to load balancing mysql and exposing it to the public?

open a support ticket and ask, maybe we missed something like access rules? no idea.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct