Luan Luciano
Member
Is it ok to use website and server on separate machines? Do you have advantages? Disadvantages?
-
If you're using Gesior 2012 or MyAAC, please review this thread for information about a serious security vulnerability and a fix.
Is it ok to use website and server on separate machines?
- Thread starter Luan Luciano
- Start date
Chriistian.L.B
Well-Known Member
- Joined
- Apr 17, 2008
- Messages
- 201
- Solutions
- 4
- Reaction score
- 92
I particularly use and recommend it, especially if it's version 12 on depends on login.php (if using the same)
imperianic
Well-Known Member
- Joined
- May 20, 2020
- Messages
- 213
- Solutions
- 1
- Reaction score
- 76
It's the correct way.
Every big game has the main sytems of a server on separated machines, like site, voice system, chat system.
Isolating the applications ensure a better perfomance and also the security, like layer7 attacks in webserver that may harm the gameserver if hosted in the same machine.
The only disvantage is the cost, so it depends in how big you are and the budget that you have.
If you are thinking about it, remember to get a machine located near your game database to avoid website slowness while doing queries.
Every big game has the main sytems of a server on separated machines, like site, voice system, chat system.
Isolating the applications ensure a better perfomance and also the security, like layer7 attacks in webserver that may harm the gameserver if hosted in the same machine.
The only disvantage is the cost, so it depends in how big you are and the budget that you have.
If you are thinking about it, remember to get a machine located near your game database to avoid website slowness while doing queries.
OP
OP
Luan Luciano
Member
Thanks for the answers ...
Let's move forward...
WEBSITE:
SERVER:
I did this to test and so far everything is fine.
Any more ideas on the infrastructure issue? Let's exchange knowledge.
Let's move forward...
WEBSITE:
- a VPS (ubuntu 22.04) only with HTTPS input and MYSQL output to access the database that is together with the server on another machine.
- Installed only NGINX and PHP (and its extension for mysql).
- Using znote AAC exploring cache issue.
- Using cloudflare free.
SERVER:
- dedicated (ubuntu 22.04)
- Installed LEMP stack and PHPMYADMIN.
- Created user with remote access to the database for the website.
- Open SSH, 7171, 7172, MYSQL ports and close port 80 (open only when using phpmyadmin)
- it is interesting to change the port number of all the services mentioned just as another security measure.
I did this to test and so far everything is fine.
Any more ideas on the infrastructure issue? Let's exchange knowledge.
Stellow
C++/C#/PHP/LUA
If your web gets flooded, it would still flood the game server by trying to access the database remotely.
To create a further layer of protection, I would make a cached middle-layer between the web and the game-server, so you don't access the database too frequently (besides crucial functions like login, create stuff, etc.)
Now since you have a middle layer, you don't have just to leave the 3306 port simply open. You can add further security, by opening the 3306 specifically to the middle-layer IP.
Then, you block the middle layer to be accessible only via the web server. (Maybe Cors)
As a final result:
The website is fully accessible.
The middle layer is only accessible via the website.
The middle layer protects frequent (flood) access to the game server.
3306 port on the game server is only accessible via the middle layer.
Note:
I would open PHPMyAdmin on a different port, and block that port to specific IP addresses. Opening 80 just to access it is not optimal, and opens short periods of vulnerability.
To create a further layer of protection, I would make a cached middle-layer between the web and the game-server, so you don't access the database too frequently (besides crucial functions like login, create stuff, etc.)
Now since you have a middle layer, you don't have just to leave the 3306 port simply open. You can add further security, by opening the 3306 specifically to the middle-layer IP.
Then, you block the middle layer to be accessible only via the web server. (Maybe Cors)
As a final result:
The website is fully accessible.
The middle layer is only accessible via the website.
The middle layer protects frequent (flood) access to the game server.
3306 port on the game server is only accessible via the middle layer.
Note:
I would open PHPMyAdmin on a different port, and block that port to specific IP addresses. Opening 80 just to access it is not optimal, and opens short periods of vulnerability.
OP
OP
Luan Luciano
Member
Thanks for the answer @Stellow
For example .. sudo ufw allow from 123.123.123.123 to any port 3306
Thank you for the tips.
I'm learning to use PHP's APC User Cache (APCu) to work with cache on the website.
Do you mean open port 3306 on the server machine's firewall only to the website machine's IP?
For example .. sudo ufw allow from 123.123.123.123 to any port 3306
I don't know how to do this =(
Let's say I would only use phpmyadmin in very rare cases.
Thank you for the tips.
Last edited:
OP
OP
Luan Luciano
Member
Chriistian.L.B
Well-Known Member
- Joined
- Apr 17, 2008
- Messages
- 201
- Solutions
- 4
- Reaction score
- 92
Here i use Navicat for manage mysql
imperianic
Well-Known Member
- Joined
- May 20, 2020
- Messages
- 213
- Solutions
- 1
- Reaction score
- 76
I use MySQL Benchmark Workstation, but it's confused as fuck to learn. HeidiSQL is a better option.
Also, to increase security, learn a little bit about iptables rules, to allow only your servers to communicate with opened ports, like MySQL. Just take care with SSH access xD
Also, to increase security, learn a little bit about iptables rules, to allow only your servers to communicate with opened ports, like MySQL. Just take care with SSH access xD
Similar threads
