undefined | Better HN

0 pointsmilesrout9y ago0 comments

I can't tell if this is some kind of joke or not.

There's absolutely nothing wrong, whatsoever, with having a public IP address on a production database server.

0 comments

4 comments · 2 top-level

cookiecaper9y ago· 2 in thread

I wouldn't say there's "absolutely nothing wrong with it". Someone may have a valid use case to leave a database server exposed to the public internet, but they probably don't.

The only things that should be public facing are things that clients need to access directly. In most cases, that's just an HTTP server. In GitLab's case, it's an HTTP server and a git server.

One of the most important principles of infrastructure security is to minimize the attack surface. No matter how locked down you have it, there are always zero days and other exploits out there. This is a concern even if you block the database port at the firewall but leave some other services (like SSH) open; if any of those services get compromised, it has the potential to allow for the compromise of the rest of the box.

If there's no need for the public to connect to the server, there's no need to take the risk of leaving any of its services open. And if there's no need to have its services open, there's no need for the box to even be addressable from the public internet (i.e., no reason to have a public IP address).

Put the server on the internal network and connect over a secure mechanism like VPN and not only do you not have to worry about strangers connecting to your servers, you don't have to worry about whitelisting or blacklisting individual IPs in your firewall (instead, you whitelist the applicable internal subnets, which should also be restricted based on resource access level), you don't have to worry about your firewall's rules getting wiped for whatever reason and accidentally letting the whole planet in (common if you use iptables, most distros manually require the admin to configure iptables-restore to run on boot), don't have to worry about someone zero-daying your SSH or FTP daemon, don't have to worry about the box being affected by network-level attacks like DDoS, which can sometimes target whole subnets, and so forth. Just much tidier and safer all around.

user59944619y ago

Little correction: HTTP servers should not be publicly accessible. Only a couple of load balancers need to be accessible.

milesroutOP9y ago

Firstly, what do you think HTTP load balancers are, if not HTTP servers?

Secondly, why would anyone use a load balancer? Almost every website in existence doesn't need a load balancer.

1 more reply

NPegasus9y ago

  > There's absolutely nothing wrong, whatsoever, with having a public IP address on a production database server.

Umm, yes there is. Explain why you would ever need your database server to be publicly reachable. The only situations I can think of are if you're running everything off a single server, which of course is not relevant to this thread, or if you don't have a suitable gateway, which is rare and also not relevant to this thread.

j / k navigate · click thread line to collapse