RegisterLogin
docs
udbproxy
Instructions for Security Groups

Security Group Description

The database proxy has supported the security group function. If user's account has the security group function activated, the database proxy will automatically adapt related functions.

Note: If the current account has not activated the security group, you can ignore this section.

Check Whether the Account Has Activated the Security Group

Go to the network module in the control panel and click to enter the private network UVPC.

If you can see the Security Group tab in the tag options on the private network page, it means that the current account has activated the security group function.

Security Group of the Database Proxy

After activating the database proxy, the database proxy will automatically create a security group for the proxy, with the proxy ID as the beginning of its name. It has binded the resources of the current proxy inside, and this group will have default rules.

You can manage which IP addresses can access the database proxy by operating the security group rules of the database proxy. For detailed instructions and specific operations, see Security Group Operation Document

Security Group Rules

In addition to creating the security group for the proxy itself, it will also add a rule for the security group where the MySQL of the current proxy is located to allow the IP of the database proxy. Each database proxy node will add a rule in the security group for management purposes.

The priority of the rule is 0, to allow communication between MySQL and the database proxy.

Use Examples

Firstly create a MySQL instance, and make sure MySQL has joined the security group.

After activating the database proxy, return to the security group page, and you will find an additional security group starting with the proxy ID. Its inbound rule is the default rule.

Click on the security group details of MySQL, you can see that there is an extra rule in the security group

If you want to prevent a certain IP from visiting the database through the proxy, you can add a reject rule in the proxy's security group.

In actual production, if you want the database to be accessed only by the proxy and not by other means, you can set a high-priority reject rule to reject all IP segments, and allow the network within the group (between databases).

The situation of directly connecting to the MySQL database before and after adding the rejection rule in the database is shown below.

At the same time, we connect through the proxy and can directly connect to the database.

For detailed operations related to the security group, please refer to Security Group Operation Document

Version UpgradePerformance Comparison
support01@surfercloud.com
FollowUS
  • Company
  • ContactUs
  • Blog
Copyright © 2024 SurferCloud All Rights Reserved