Secure access to servers via VPN

January 17, 2015 2k views


I would like to set up a server structure to publish websites/apps.
Therefore I set up a list of requirements for this server structure:

  • seperat database and webserver
  • git deployment
  • secure access to the database server

Also I would like to setup a home server with proxmox, to simulate the same server structure at home just to have a good reference system.

After I gathered all the requirements, I started to outline some network designs.

First design:

  • S01MYSQL: A MYSQL server that handles all databases. With one user for every application created on the webserver.
  • S02PHP: A basic nginx/PHP server with git deployment via the post receive hook
  • S03VPN: VPN server that creates the virtual network with S01MYSQL,S02PHP and all development PCs/Macs as clients

Second design:
*RS01: Rootserver with proxmox as virtualization software and openVPN installed to create the same network like I described in the first design.

S01MYSQL and S02PHP will be virtualized in proxmox.

Now I'm interested what you think about this designs.

1 Answer

This sounds pretty straightforward and should meet your needs. Be sure to test thoroughly and/or you have root passwords set (but with password authentication in sshd disabled) so if your VPN/firewall configuration ever locks you out you can access your droplets directly from the DigitalOcean control panel. Your droplets see this as a local keyboard and display so having a root password that can only be used by local (non-ssh) users comes in handy.

Have another answer? Share your knowledge.