Databases & Secure connections

The goal is to provide protection of our customer’s personal data transmitted by the Internet and imported to Exponea application by creating SSL/TLS connection or SSH tunnel or both types at once.

📘

Keeping customer data secure is our priority

You must either create and use SSH tunnel or setup encrypted communication with SSL/TLS.

Enable SSH tunnel or SSL/TLS connection

Open the port

Open port 443 on the firewall for SSL/TLS connection or port 22 on his firewall for SSH connection. For SSH tunnel you can use also other ports than 22.

Select a database and a secure connection

Exponea supports some of the secure connections for all databases. See the list of databases and supported configurations in a table below.

Database NameSSL/TLSSSH tunnelStatic IPs
MS SQL
(MS Azure SQL)
not supportedsupportednot supported
MySQLsupportedsupportedsupported
PosgreSQLsupportedsupportedsupported

Create database integration

Every database integration has the same configuration form. For each database you need to fill in these attributes:

  • Hostname (Public ip or hostname of your database, e.g. 28.783.11.22 or db.exponea.com)
  • Port (e.g. 1433 - TCP destination port for this database)
  • Username (Name of a user who has allowed access to your local database, e.g. "exponea". MS Azure SQL username must be in format "[email protected]",
    e.g. "[email protected]")
  • Password (Password of a user who has allowed access to your local database)
  • Database name (Name of a database you want to access data from)

Configure secure connections

Exponea offers two options for protecting communication between customer’s server and Exponea application. You can pick one of the preferred options or have active both at once.

SSL/TLS encryption

Click on enable SSL/TLS connection

  • Import SSL/TLS certification authority certificate (load SSL/TLS CA file)
  • Import customer´s SSL/TLS certificate (load SSL/TLS Cert file)
  • Import private key of your customer´s server (load SSL/TLS Key file)

The example of how to enable SSL/TLS with MySQL:
https://www.digitalocean.com/community/tutorials/how-to-configure-ssl-tls-for-mysql-on-ubuntu-16-04

SSH tunnel

SSH tunnels have own configuration window. The configuration window is available in Project settings -> SSH tunnels. Only users with Dev. tools permissions have an access to SSH tunnel configuration. Take a look at roles and permissions in an Access management

  • Hostname - hostname of SSH server with its port separated by the colon
  • Username - identification of user
  • Host key - (it is the fingerprint of customer´s server public key - used for identification/verification of the customer´s host). You can find the fingerprint in the known_hosts file on any device that was successfully connected through SSH to your server. You can read more about host keys here.

📘

Steps to find the Host key:

If this is your first time connecting to your SSH server, log in to your server. You can skip this step if you have already created a successful connection in the past:

  1. Connect to SSH server: ssh [email protected]_ip_address where user_name is the name of the user that you want to log in as and server_ip_address is the IP address of your server. Now we have made a successful connection and we can terminate it by typing: exit
  2. Navigate to the .ssh directory on your local machine cd ~/.ssh
    Display the content of the known_hosts file. This file contains information about all SSH servers you have been successfully connected to. Each line of the file contains details about the server in the following format: server_ip_address server_host_key. Copy the host key that belongs to your server IP address and paste it into the “Host key” field.
  • Authentication
  • SSH key (A new key pair can be generated. Then import a Public key to the SSH server)
  • Password (Enter the password to the SSH server)

Assign SSH to your database integration

All supported integrations have the option to enable SSH integration. When you Enable SSH integration, you need to choose an active SSH tunnel.

Updated 20 days ago


Databases & Secure connections


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.


We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
Back