Securing our RethinkDB cluster
In order to create a cluster, we need to allow the incoming connections from other machines. Hence, we added bind=all
in our configuration. That meant literally any machine from the Internet can attempt a connection to our server which is prone to Distributed Denial of Service (DDOS) attack.
To protect the RethinkDB cluster, the best thing to do is to use put the entire RethinkDB machine into one protected network by using a firewall to prevent any such connection. However, this is not optimal and possible for every infrastructure for budget or maintenance reasons.
We can protect RethinkDB in the following ways:
Using transport layer security (successor of SSL)
Binding the web port
Let's look over each of them in detail.
Using transport layer security
RethinkDB allows us to secure our connection between servers or between clients and servers using TLS encryption. You can either generate TLS certificates by self-signing with the host or buy a certificate from an official...