NodeJS - 安全地连接到外部 redis 服务器 [英] NodeJS - securely connect to external redis server

问题描述

在我的主服务器上，我从一个外部/独立的redis服务器获取数据，该服务器通过一个apihttps://localhost:7000/api访问/?token=**** 有效.但是 token 和 api 并不安全.而且由于我想让 redis 服务器 分开，所以这种技术不适合我的情况.

On my main server, I fetch data from an external/seperate redis server which is accessed through an api https://localhost:7000/api/?token=**** which works. However token and api is not secure. And since I want to have redis server to be separate, this technique isn't suited for my case.

就我而言，我想要 2 个独立的服务器 A 和 B.
A 应该从 B 加载数据而不使用 api 或 url 调用...相反，它应该使用 port(例如 //server:123).这样服务器 B 只能从 A 访问.

In my case I want to have 2 independent servers A and B.
A should load data from B without using an api or url call... Instead it should use port (e.g. //server:123). This way server B can only be accessed from A.

我希望这种方法适用于开发和生产.我相信 AWS 有服务器组"，但这只是生产......

I want this approach to work for both development and production. AWS has "Server Groups" I believe, but that's production only...

那么有没有办法用nodejs创建这种连接呢?我还想知道这是否只能拥有正在运行的服务器，因为我还没有.

So is there a way to create this kind of connection with nodejs? I also want to know if this is only possible having a running server already, since I don't have one yet.

注意:如果你想知道，我使用redis来存储用于加密的私钥，所以我需要一个安全的、可以独立控制的独立服务器

推荐答案

由于不使用 API 从另一台服务器访问数据实际上没有任何意义，因此您不太清楚您要尝试做什么.您为访问它所做的任何事情都是某种类型的 API.

It is not very clear what you're trying to do since accessing data from another server without using an API does not really make sense. Anything you do to access it is some type of API.

如果您想让只有服务器 A 可以访问服务器 B，那么您有多种选择来确保安全:

If you want to make it so that only server A can access server B, then you have a number of choices to make that secure:

1. 每当访问服务器 B 时都需要进行身份验证，并确保只有服务器 A 拥有这些身份验证凭据.

1. Require authentication whenever server B is accessed and make it so that only server A has those authentication credentials.

假设服务器 A 和服务器 B 位于您的同一服务器基础架构中，将服务器 B API 放在外部世界不可用但只能从您的服务器基础架构内部使用的端口上(这通常涉及选择您的防火墙阻止访问外部的端口).

Assuming server A and server B are in your same server infrastructure, put the server B API on a port that is not available to the outside world, but is only available from within your server infrastructure (this usually involves picking a port that your firewall to the outside is blocking access to).

在服务器 A 上，仅接受来自服务器 B 特定 IP 地址的 API 连接.

On server A, only accept connections on its API from the specific IP address of server B.

您甚至可以一次实施多个这些选项.例如，将 1) 和 2) 一起使用并不少见.

You can even implement more than one of these options at once. For example, it's not uncommon to use 1) and 2) together.

这篇关于NodeJS - 安全地连接到外部 redis 服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！