Help
I need to connect into a remote MySQL DB that allows only localhost connections.
Is there an elegant, Yii way to create a MySQL connection through an SSH tunnel via the main config file?
Page 1 of 1
MySQL through SSH Tunnel?
Rate Topic:
#1
- Junior Member
-
- Group: Members
- Posts: 61
- Joined: 14-September 10
- Location:Denver, Colorado, USA
Posted 09 April 2012 - 04:17 PM
#2
- Advanced Member
-
- Group: Members
- Posts: 311
- Joined: 25-May 11
Posted 10 April 2012 - 01:23 AM
Before initializing db component, you need to start tunel as(on Linux servers):
ssh -f user@mysql-server.com -L 3306:mysql-server.com:3306 -N
Once tunel is opened, in main.php config file, for db host use localhost, and enter your mysql server username/password.
ssh -f user@mysql-server.com -L 3306:mysql-server.com:3306 -N
Once tunel is opened, in main.php config file, for db host use localhost, and enter your mysql server username/password.
Zurmo: Yii Powered Open Source CRM
zurmo.org
zurmo.org
#3
- Junior Member
-
- Group: Members
- Posts: 61
- Joined: 14-September 10
- Location:Denver, Colorado, USA
Posted 20 April 2012 - 02:24 PM
Thanks. That's just what I was looking for.
#4
- Newbie
- Group: Members
- Posts: 2
- Joined: 31-October 12
Posted 14 December 2012 - 04:37 AM
Can someone clarify where you have to start this ssh tunnel?
For me it seems that this is not possible in the main.php config file? So where is the db component initialized?
For me it seems that this is not possible in the main.php config file? So where is the db component initialized?
#5
- Master Member
-
- Group: Members
- Posts: 777
- Joined: 30-March 11
- Location:Berlin, Germany
Posted 14 December 2012 - 04:47 AM
Hm, I wonder if MySQL's built-in SSL transport weren't the better solution. One could still restrict IP access via iptables.
@Pakotski: Chances are that you cannot do that via PHP. Write a script for initd/systemd/upstart to take care of that.
@Pakotski: Chances are that you cannot do that via PHP. Write a script for initd/systemd/upstart to take care of that.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
#6
- Standard Member
-
- Group: Members
- Posts: 273
- Joined: 23-January 11
Posted 14 December 2012 - 05:51 AM
Pakotski, on 14 December 2012 - 04:37 AM, said:
Can someone clarify where you have to start this ssh tunnel?
For me it seems that this is not possible in the main.php config file? So where is the db component initialized?
For me it seems that this is not possible in the main.php config file? So where is the db component initialized?
In continuation to what already answered, while it is possible (with SSH keys and passwordless login...) you would not wish to setup and destroy SSH tunnel with each request since it takes relatively lots of time to establish this tunnel. A few seconds usually.
Its like you're actually digging up a tunnel from the web server to the MySQL server and you wouldn't want to destroy and build it again on each request.
Therapeutic PHP sessions My LinkedIn Profile
#7
- Master Member
-
- Group: Members
- Posts: 777
- Joined: 30-March 11
- Location:Berlin, Germany
Posted 14 December 2012 - 05:55 AM
Actually, I just remembered that I once used a setup of xinetd+stunnel in order to protect a cvs server of mine. It's not the fastest solution, but at least for cvs response times were acceptable.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
#8
- Newbie
- Group: Members
- Posts: 2
- Joined: 31-October 12
Posted 14 December 2012 - 07:25 AM
OK, so the best solution seems to setup a SSH tunnel on startup of the server. Will try!
#9
- Standard Member
-
- Group: Members
- Posts: 273
- Joined: 23-January 11
Posted 14 December 2012 - 08:01 AM
Pakotski, on 14 December 2012 - 07:25 AM, said:
OK, so the best solution seems to setup a SSH tunnel on startup of the server. Will try!
If this tunnel is critical or important enough, be sure to check the availability of the tunnel. It can hung up sometimes.
Therapeutic PHP sessions My LinkedIn Profile
Share this topic:
Page 1 of 1