1

I'm trying to solve an architecture design puzzle, it's about designing an infra for keeping data and servers as much secured/hidden as possible, here are requirements:

  • I want to hide the internal design of my infra (several data servers with public and private hosts)

  • I want to access to each service using same IP address, and the query is forwarded to right server based on something (cookie, uri, port or whatever)

  • access to data service must be enforced with ssl/tls encryption

After studying carefully these requirements I was thinking about using a reverse proxy and grant access to all data services only across the reverse proxy server, an other pro of a reverse proxy is that access authentication is enforced at once with sll/tls encryption and no need to configure each endpoint separately.

my real issue is that I didn't find any reverse proxy that supports tcp queries, and same for static load balancing algorithms that are supported only for HTTP requests, (haproxy for instance)

Any idea how to solve this issue ?

Thanks to all

adaak
  • 21
  • 5
  • I'm voting to close this question as off-topic because it's not trying to solve a programming problem. It *may* be on topic on [ServerFault](http://serverfault.com/), but please confirm this by checking out their [help pages](http://serverfault.com/help). – PeeHaa Nov 02 '16 at 11:39
  • Do you have a problem when using haproxy? – techuser soma Nov 02 '16 at 17:52
  • there is no such a thing in haproxy docs, all it can do is load balancing http request, for me I want exactly that: mysql.example.com sends tcp requests to mysql_host and mssql.example.com sends tcp requests to mssql_host – adaak Nov 02 '16 at 18:00

0 Answers0