Database Cluster disable the public network?

Posted on June 7, 2020

MySQL

Security

Clustering

Networking

Databases

By vimiso

Database clusters have both public and private network connection details.

Digitalocean provides a couple ways to secure:

Add a trusted source, ie. you can connect using the public network details but from a trusted source (ip address).
Add a VPC network, ie. you can connect using the private network details from a droplet within the same private network.

My test setup has a trusted source (restricted ip) and VPC network. Therefore I can connect via the private connection, from my trusted ip (droplet), within my VPC. This seems pretty secure. If I want to connect externally I just SSH tunnel into the droplet and go from there.

But I can also just use the database’s public network connection from any trusted droplet, that is not within the VPC.

Sure, I can just not use the public network connection and therefore it is not known through obscurity, but wouldn’t it be better to be able to completely disable it. That way I can ensure a database cluster can only be connected to via a: trusted source + VPC + private connection only.

Interested to hear thoughts on this.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby

June 21, 2020

Hey @vimiso,

Great idea, sounds like it’d be super useful!

The best thing to do to get your voice heard regarding this would be to head over to our Product Ideas board and post a new idea, including as much information as possible for what you’d like to see implemented.