When doing a multi server setup over multiple data centers what is the preferred method to secure the traffic in between them? From what I noticed during installation it is MySQL traffic that goes in between the panel and the "nodes". If that is the case this might be encrypted on MySQL with a certificate. An other option is OpenVPN between the different servers. Best practices? I am a bit surprised that this topic isn't mentioned before on the forum. I am surely not the only one in this scenario. Therefore if I overlooked it, please let me know.
This topic has been discussed in the forum several times in the past, if I remember correctly. I guess most people use a private network to connect the nodes, so something like a VPN will work. You can also configure SSL certs for MySQL of course.
Is my assumption correct that communication is only MySQL between master and others? I purely see it from a management point of view. So provisioning from the interface to remote servers.
The slave nodes connect to the master DB and pull changes from there (via PHP, ISPConfig). So only the slave node connects to the master, the master does not connect to a slave.
Okay, but to be clear it is only MySQL traffic on port 3306 from slave to master, not https, http, ... or any other calls?
In that case I am going to tunnel the MariaDB traffic over SSH instead of using OpenVPN. It might be a suggestion for a feature you can add in a later release.
I would prefer the former though any other secured way like ssh is fine also. Read: https://security.stackexchange.com/a/192820
