Communication between ispconfig multiserver

Discussion in 'Installation/Configuration' started by Marcostb, Nov 8, 2018 at 9:32 AM.

  1. Marcostb

    Marcostb New Member

    Hi

    ISPConfig Version: 3.1.13
    Debian 9.5

    the communication between ispconfig multiserver is encrypted by default?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    No, it's a mysql database connection.
     
  3. Marcostb

    Marcostb New Member

    Thank you for your prompt reply.
    Do you know any howto for encrypt the mysql SSL communication between servers?
     
  4. ahrasis

    ahrasis Active Member

    Marcostb likes this.
  5. Marcostb

    Marcostb New Member

    ahrasis,
    thank you,
    I do not know how to proceed on the remote server.
    But, i will try it in my sandbox and post the result here.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    It should be possible to use encrypte mysql in current ispconfig stable. @Jesse Norell added some fixes for the mysql lib recently. Another option is to set up a vpn between the servers and tunnel the mysql connection trough that vpn.
     
    ahrasis likes this.
  7. ahrasis

    ahrasis Active Member

    Just to note that when I last tested mysql with ssl enabled, pure-ftpd-mysql failed to work but when ssl is not enabled for mysql, it works just fine.

    Because of that I think some ISPConfig or ftp settings may need to be changed for pure-ftpd-mysql to work properly with mysql with ssl enabled but I haven't figured it out yet.

    I am not sure how to use vpn but I will try ISPConfig git stable and see how it goes.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Might be that pure-ftpd-mysql needs different settings then, ispconfig itself is not involved in the connection from pure-ftpd to the mysql database.
     
    ahrasis likes this.
  9. ahrasis

    ahrasis Active Member

    Any idea on how that can be fixed? I always thought that the connection to mysql database is governed by ISPConfig as it manages pure-ftpd-mysql users. I also could not find any pure-ftpd-mysql files that are handling its connection to mysql, so I ended up not enabling ssl in mysql. It's ok with me for the time being.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Basically, it works like this: ISPConfig writes data into the dbispconfig mysql database and pure-ftpd reads the data from there. So both applications have their own config files and way to connect to mysql, they just share the same database. I have not tried to enable SSL for pure-ftpd yet, so not sure if I can help much in this case. The pure-ftpd mysql configuration is located in this file on Debian and Ubuntu:

    /etc/pure-ftpd/db/mysql.conf
     
    ahrasis likes this.
  11. Marcostb

    Marcostb New Member

    Success!

    Code:
    MariaDB [(none)]> status
    --------------
    mysql  Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
    
    Connection id:          464
    Current database:
    Current user:           [email protected]
    SSL:                    Cipher in use is DHE-RSA-AES256-SHA
    Current pager:          stdout
    Using outfile:          ''
    Using delimiter:        ;
    Server:                 MariaDB
    Server version:         10.1.26-MariaDB-0+deb9u1 Debian 9.1
    Protocol version:       10
    Connection:             192.168.1.100 via TCP/IP
    Server characterset:    utf8mb4
    Db     characterset:    utf8mb4
    Client characterset:    utf8mb4
    Conn.  characterset:    utf8mb4
    TCP port:               3306
    Uptime:                 6 min 0 sec
    
    Threads: 1  Questions: 5435  Slow queries: 0  Opens: 41  Flush tables: 1  Open tables: 35  Queries per second avg: 15.097
    --------------
    Let me check the ispconfig functions with ssl enabled.
     
    ahrasis likes this.
  12. ahrasis

    ahrasis Active Member

    Just check your pure-ftpd-mysql if you installed one. Others should work fine, at least they were working fine on my last test.
     
    Marcostb likes this.
  13. Marcostb

    Marcostb New Member

    So far the pure ftp is working fine.
    Add a FTP-User, work fine.
    Connect with new FTP-User, work fine.
    Remove the FTP-User, work fine.

    But, i have some security restrictions in my server.
    Because my servers is for me and my friends only.
    like,
    On the web server, the public open port is 80 and 443 only.
    We connect FTP, SSH, 8080, webmin and othes through a openVPN connection, for security reasons.
     
  14. Marcostb

    Marcostb New Member

    I am use the web server and mysql server together in one VPS.
    2 separate region VPS for dns and one more for email.
     
  15. ahrasis

    ahrasis Active Member

    Thank you for this info. At least we know that openVPN works.
     
    Marcostb likes this.

Share This Page