Usually when a client needs to connect to server it is assumed that a direct connection can be established. Nowadays though, due to security reasons or network topology, it is often necessary to use a proxy or bypass a firewall. This article describes different ways to connect to server with dotConnect for MySQL.
Direct connection to server means that server host is accessible from client without extra routing and forwarding. This is the simplest case. The only network setting you need is Host parameter of connection string. This is also the fastest and most reliable way of communicating with server. Use it whenever possible.
The following lines illustrate the simplicity:
Sometimes it is necessary to connect to server in another network. For example, client address is 10.0.0.2, server address is 192.168.0.10, and the MySQL server listens on port 3307. The client and server reside in different networks, so the client can reach it only through proxy at address 10.0.0.1, which listens on port 808. In this case in addition to connection string parameter Host you have to setup MySqlConnection.ProxyOptions object as follows:
Note that setting parameters of MySqlConnection.ProxyOptions automatically enables use of proxy server. Connections through proxy are available when MySqlConnection.Protocol property is Tcp (default), HttpSsl, Ssl, or Http. You cannot use proxy when protocol is Pipe, Memory or Ssh.
As usual, you can specify all settings in connection string:
Host=192.168.0.10;Port=3307;Proxy Host=10.0.0.1;Proxy Port=808;Proxy User=ProxyUser;Proxy Password=ProxyPassword;User Id=root;Password=root;
Sometimes client machines are shielded by a firewall that does not allow you to connect to server directly at specified port. If the firewall allows HTTP connections, you can use dotConnect for MySQL together with HTTP tunneling software to connect to MySQL server.
dotConnect for MySQL supports two kinds of HTTP tunneling: New, based on the PHP script, and old, working with GNU httptunnel. Old HTTP tunneling will not be supported in the future versions. dotConnect chooses the kind of the HTTP tunneling depending on which options you have set. if the Url property is set, PHP script will be used for tunneling. If HTTP Host and HTTP Port properties are set, old HTTP tunneling method is used.
Using PHP script
Use case for the web script tunneling can be the following: you have the remote website, and access to its database through the port of the database server is forbidden. Only access through HTTP port 80 is allowed, and you need to access the database from remote computer, like when using usual direct connection.
You need to deploy the tunnel.php script, which is included to the provider package, on the web server, allowed to access to the database server to use HTTP tunneling. The script must be available through the HTTP protocol. You can verify if it is accessible with web browser. The script can be found in the HTTP subfolder of the installed provider folder, e. g. %Program Files%\Devart\dotConnect\MySQL\HTTP\tunnel.php. The only requirement to the server is PHP 5 support.
To connect to the database, you should set MySqlConnection parameters for usual direct connection, which will be established from the web server side, the Protocol property to MySqlProtocol.Http, and set the following parameters, specific for the HTTP tunneling:
Property | Mandatory | Meaning |
---|---|---|
HttpOptions.Url | Yes | Url of the tunneling PHP script. For example, if the script is in the server root, the url can be the following: http://localhost/tunnel.php. |
HttpOptions.User, HttpOptions.Password |
No | Set this properties if the access to the website folder with the script is available only for the registered users, authenticated with the user name and password. |
HttpOptions.KeepAlive | No | Boolean value, which indicates whether the connection to the website should stay open. |
Using HTTP tunneling server
There are many HTTP tunneling servers available. We use GNU httptunnel, and its .NET port. You can use any compatible HTTP tunneling server.
The main idea of such software is that it creates a bidirectional virtual data connection tunneled in HTTP requests. It accepts the requests on some port, say, 8080, decodes the data and forwards it to some other host and port. Thus you can communicate with any server via HTTP traffic that is usually allowed.
Suppose, server address is 192.168.0.10, and the MySQL server listens on port 3307, which is blocked by a firewall. Assuming that you install HTTP tunneling server on host 192.168.0.1. and it listens on port 8080, forwards traffic to 192.168.0.10:3307. In this case you have to setup MySqlConnection.HttpOptions object as follows:
Note that in this case you did not specify any host information in connection string. This is because MySQL server address and port are provided in HTTP tunneling server configuration. Note also that to enable using HTTP tunnel you have to explicitly state it either in Protocol property (conn.Protocol = MySqlProtocol.Http) or in connection string (protocol=http). All HTTP tunneling options can be specified in connection string or MySqlConnectionStringBuilder object as well.
You may use dotConnect for MySQL to establish secure SSL connections through the HTTP tunnel to the database. Such connections are only supported in the Direct mode (enabled by default). To use such connection, set the Protocol property of the connection to MySqlProtocol.HttpSsl, then set connection HTTP and SSL options.
Consider the previous case with one more complication: HTTP tunneling server is not directly accessible from client machine. Suppose, it can be communicated only via proxy at 10.0.0.1:808. So you have to specify proxy settings together with tunneling options:
Again, connection string does not include the host information because MySQL server host and port are known to HTTP tunneling server.
Technically speaking, there is one more way to tunnel network traffic. The Secure Shell forwarding, or SSH, can be used for forwarding data. However, main purpose of SSH is traffic encryption rather than avoiding firewalls or network configuration problems. The article Using Secure Connections describes how to use SSH protocol in dotConnect for MySQL.
Keep in mind that traffic tunneling or encryption always increases CPU usage and network load. It is recommended that you use direct connection whenever possible.