How to use vlan for internal multiserver configuration.

Discussion in 'Installation/Configuration' started by Bonzo, Mar 24, 2022.

  1. Bonzo

    Bonzo New Member

    I have 2 servers, one web stuff, the other mail stuff. Each server has a public IP and additionally they are connected with a local IP thru a vlan.
    I would like them to communicate with each other thru vlan and not hte public IP's. One reason is I don't want the mysql port be exposed to the public. I know I can do that with a simple firewall rule but since I alreay have vlan, why not use it. Is this possible. I found the database configuration for the multiserver setup on the slave server in /usr/local/ispconfig/server/lib/config.inc.php. The records are also possibly in the database. I also saw IP records in the Server Config -> Server section. Do I need to change that here too. The servers are live, so I want to ask before I try anything and if it's to much hassle, I'll rather go back to the firewall rule.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If dbmaster_host is set to a host name, ensure that hostname resolves to the private ip (eg. edit /etc/hosts to arrange that). You would put the same private ip entries in /etc/hosts on the master server as well.
    The ip address here (in server table) is not used for the master<->slave communication. What does matter is your mysql.user table, ensure there are entries in the master server for both the slave hostname and it's private ip.

    The other thing to address is your firewall rules, block port 3306 from all but your slave server's private ip (maybe allow the public ip as well while you are transitioning). If you want another safeguard you could edit the mysql server config and specify that it only listens on the private ip (set bind-address).
     

Share This Page