Appx.Create and config database proxy
Configuring Database Proxy on EC2
Create and log in to the proxy EC2 machine, configure forwarding ports
Some users' database Security Groups have restrictions that only allow fixed IP access. In this case, users need an EC2 as a Proxy to provide a fixed IP.
Next, we will create an EC2 instance as a database proxy, install Nginx software, and set up port forwarding. When making a data source connection, SDPS connects to EC2 and makes a JDBC connection to the database through this EC2.
Step 1: Create an EC2 Instance
- In the EC2 console. Create an EC2 in the VPC where SDP is located, to be used as a proxy server.
- Configure the EC2 Security Group: Add an Inbound Rule, allowing all TCP entries from the following two security groups: SDPS-CustomDB, Stack Name-RDSRDSClient
Step 2: Install Nginx software on EC2
- Copy the EC2's .pem file to the Bastion host for logging into the proxy server.
- From your Bastion host, log in to EC2 using SSH, for example:
ssh -i /path/to/your/key.pem ec2-user@ec2-private-ip - Run the following commands in sequence to install and start Nginx.
- Installation:
sudo yum install nginx nginx-mod-stream - Start:
sudo systemctl start nginx - Check status:
systemctl status nginx
Step 3: Configure Nginx software
- Open the configuration file:
vim /etc/nginx/nginx.conf - Edit the configuration file:
!!! Info How to edit the configuration file when there are many databases? If you need to configure multiple port forwarding, you can use the SDP batch create data source feature, and create the Nginx configuration file through the template. See below Appendix.
# Replace the default nginx.conf file content with code. You need to make necessary adjustments. stream { upstream backend1 { server 10.0.34.171:3306 max_fails=3 fail_timeout=30s; # You need to modify the server address to the IP:Port of your target database, you can also use DomainName:Port format. } server { listen 7001; # This EC2 port is used for forwarding requests (Port) proxy_connect_timeout 2s; proxy_timeout 3s; proxy_pass backend1; } }
Step 5: Reload the configuration file
Save the configuration file and reload it to take effect: sudo nginx -s reload
Step 7: Test if the proxy EC2 port forwarding is effective (Optional)
On EC2, install telnet, and test if the local 7001 port can be pinged.
sudo yum install telnet
telnet 127.0.0.1 7001
If configured correctly, you should see the following log:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Appendix: Batch create data sources forwarded from the proxy server
Step 1: Download the template
From the SDP UI, download the template for batch creating data sources.
Step 2: Edit the excel file
Fill in the data sources you need to scan.
| InstanceName | SSL | Description | JDBC_URL | JDBC_Databases | SecretARN | Username | Password | AccountID | Region | ProviderID |
|---|---|---|---|---|---|---|---|---|---|---|
| test-instance-7001 | 1 | xxxx1.sql.db.com:23297 | jdbc:mysql://172.31.48.6:7001 | root | Temp123456! | 123456789 | ap-guangzhou-1 | 4 | ||
| test-instance-7002 | 1 | xxxx2.sql.db.com:3306 | jdbc:mysql://172.31.48.6:7002 | root | Temp123456! | 123456789 | ap-guangzhou-1 | 4 |
Step 3: Generate the Nginx software's config file
(On your local machine) Open the Excel software, in the menu bar click Tools → Macro → Visual Basic Editor.
Click the run button, and a config.txt file will be generated in the directory where the Excel file is located.
// This is a sample.
// Forward through EC2's 7001 port to xxxx1.sql.db.com:23297 database.
// Forward through EC2's 7002 port to xxxx2.sql.xxdb.com:3306 database.
stream {
upstream backend1 {
server xxxx1.sql.db.com:23297 max_fails=3 fail_timeout=30s;
}
server {
listen 7001;
proxy_connect_timeout 2s;
proxy_pass backend1;
}
upstream backend2 {
server xxxx2.sql.db.com:3306 max_fails=3 fail_timeout=30s;
}
server {
listen 7002;
proxy_connect_timeout 2s;
proxy_pass backend2;
}
}