Skip to main content

Database Connection Options

If your database is not publicly accessible, Nexla enables connecting via a SSH tunnel. In this method Nexla would connect to a bastion host via SSH and the database connection would happen from the SSH host.

For an additional layer of security, you can whitelist the following Nexla IP addresses:

34.231.167.112, 54.209.27.1, 35.245.202.207

Reach out to support@nexla.com if you have questions.

image1.png

1. SSH Tunnel Host set up

To connect via an SSH tunnel, you need to use a bastion host running SSH tunnel server that has access to your database. The tunnel server's SSH port needs to be accessible from Nexla’s IP. You’ll also need to create an SSH user for Nexla. To create a SSH user follow the steps.

Create SSH user

Login to your SSH tunnel host and run the following commands:

Create group Nexla

sudo groupadd nexla

Create user Nexla

sudo useradd -m -g nexla nexla

Switch to the Nexla user

sudo su - nexla

Create the .ssh directory

mkdir ~/.ssh

Set permissions

chmod 700 ~/.ssh

Change to the .ssh directory

cd ~/.ssh

Create the authorized_keys file:

touch authorized_keys

Set permissions

chmod 600 authorized_keys

In a text editor, add the below public SSH key to the authorized_keys file. The key must be all on one line. Make sure that you don’t introduce any line breaks when cutting and pasting.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7QotchBHqfI3jDTm83LNwWLrzJZhnwahD/T0apF14oA5xE1ASUva5tKHvNOYx1MoGqAEz+lu7so/OjAI0NQzE2WDcPlqH7N2HGReAYurjXiuJDRUfUDkC7lzQPsKgZUSRNk163As3ghExtIV53GcN9QPZNVt1SmsbgG8I2lRBvFRz732O7yYLXnUaOABxu45Miu5Yn9/rXcJN27HKZ0PxYhOeC/wThlLHTovPv/JWmsprGxm7P8oeQPT6hl4+ANlOH4JablS7dPqcC7JwqWIx/xZ70MbmSF6k6EBk1WTQ6jFxHMKZfSIMhS2p2cMrhGIoAy7SJvnP7QZF0mHcYbSkjU3MnEr7F9TLWULbTzn2O4QBQHLM2UsbfPeA4zne72F/Tw2cT7qYb4t3ewqkWL2qr/1KSkSGo2kveCvGh6qK3HM7IHppNuGXQCXuinU1axfVOEv0+K5a6X3s9lmgSzHudiy1XWBFKTKB5shk4QWuAcjkj8RxalhKKYRWJW/1la4NWPLC3G5tjB5Ca3aMRvumEt4qaUZkNmytf9/ZPXIpEgW7IdO3CnjxcpIRGiEJzIs3WAdLnFCNy57md1z+wEClPFBRzhQNQtNmS3zOvOOzNVUAFdbslMeL2bJnFNYmysZg7E2NS2YKE5sC+Kme3rRBS6xc4c0FtynukAEMeea9mw== avinash@Avinashs-MacBook-Pro-2.local

2. Nexla Setup for SSH tunnel

Follow steps 1-3 in Connect to Database. You will see this for Advanced Settings.

image2.png

To Connect via SSH tunnel:

  1. Enter the SSH tunnel hostname or IP address (as set up in Step 1 above)
  2. Enter the SSH tunnel port (Default is 22)
  3. Username for tunnel as created in step 1 above (Default is nexla)

Follow the rest of the steps in Connect to Database to finish connecting to a database.