I know this is a longstanding problem that anyone who uses a database in a public cloud / VPS hosting environment is likely to have. So, I’m sure there’s an obivous solution I’m simply unaware of. I’m a developer and Ops is not my strong suit.
Since my cluster will live in a datacenter outside my control, all ports on each node that are open are exposed to the world. I don’t have a way to create a private network, so would like to create a virtual private network.
I’m looking for suggestions for open source software that does this, with the important requirement that there be no central VPN server.
Thus I’d like there to be a separate network (e.g.: 10.0.1.X) that all of the Couchbase nodes talk to and communicate with each other over, so that 8091, et. al, are only open on this network and not the publicly routed interface. (A web server operating on port 80 would be how the outside world talks to the cluster, and all the rest of the ports (except SSH) would be firewalled off on the public ip.)
Conceivably, I can create SSH tunnels between each of the couchbase nodes and use key based authentication to make it work automatically, and set up some sort of watchdog to keep the tunnels up. That is quite possible, since I’ll know the map of the whole cluster, and thus each node would simply need N-1 tunnels to other nodes. I believe that is a solution that will work.
However, I suspect someone has solved this problem before, in a better and more elegant way. I’ve googled but there hasn’t been an obviously good/best solution.