Securing CMS to Database connection

Hi there,

Maybe my terminology is kind of wrong, but I’m trying to secure the connection between my CMS to my database.

I will be using Azure PostgreSQL. My webserver is using TLS 1.3. Does Azure PostgreSQL also support TLS 1.3 connections, so that I can keep using the same security everwhere?

My goal is to ensure the security between my server and my database server as much as possible. I have no experience using third party database servers yet, so I don’t know what to expect.

just use tls 1.2 it is fully supported and good enough. worry more about your firewall and auth methods.

Lock those down. And if you really need to have TLS1.3 for some reason
(it is not natively supported yet so i would recommend against it).

setup a nginx tcp proxy within azure (same availability zone, and preferably the same VPC)
wrap the entire stream in tls: SSL Termination for TCP Upstream Servers | NGINX Plus

setup an stunnel on your non azure VPS: stunnel: HOWTO

PROFIT?

2 Likes

Thanks for the reply. I usually use DO, Vultr or Linode for the CMSs. I would like to make my setup with a 1 database to rule them all, and azure postgresql seems to be priced within my budget.

My firewall and auth methods are pretty much Fort Knox’ed.

As for the 1.3, I usually go for the ssl labs A+ report, and I kind of pride myself on that front. That is why I would like to have 1.3 between all of my services. So the only way I can do that is to use the same zone, and by that I take it you mean my VPS got to be in the M$ cloud as well?

Since it is Azure, use NSGs & ASGs to create rules to allow that sort of communication.

yes or do ssl termination (and stunnel). or you can setup a vpn connection between the clouds.

No not your vps with the cms on it. but a small vps on azure in the same AZ where you install nginx on.

Then on your linode vps you can setup an stunnel