Looking for advice on securely exposing a MySQL database for external client access

B

bigbigapple

New Member
Jul 3, 2025
1
0
1
Hi everyone,

We’re working on a setup where we need our customers to access a MySQL database remotely through the internet.

The database is actually part of an industrial control system for our packaging machines (we manufacture corrugated box production equipment: https://jeytop.com). We’re looking to host the MySQL server on a Proxmox VE virtual machine and expose it via a secure method (preferably with reverse proxy, VPN, or similar approach).

Key concerns:
- Security of database access over the internet
- Performance and port forwarding recommendations
- Should we use NAT, firewall, or specific container settings for this use case?

Any advice would be greatly appreciated. Thank you!

— Jeytop Tech Team
 
Hi Team,

This isn't really a Proxmox VE–specific question. Whether you're running your application on bare metal, PVE, ESXi, or Hyper-V, the approach remains hypervisor-independent.

That said, I trust there's a valid reason your customers need access to a database that’s part of an ICS. As a rule, I would strongly advise against exposing it directly to the internet.

At a minimum, consider implementing:

- Access control layers (e.g., VPN or private link)

- Traffic inspection/sanitization mechanisms, such as a WAF or an appliance like F5

Cheers


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Since you are in control of the code on the remote devices, it may be worthwhile to predeploy a zerotrust type client (eg, cloudflared) with the proper certificate directly onto your end devices. it will add a little bit of cost BUT the security it allows with effectively zero end user participation is worth it and then some.
 
You must log in or register to reply here.
Top Bottom