I'm running the server on CentOS and Nginx (nodejs application).
I am experiencing too many connections to my mysql database and website goes down.
My iotop log shows me that mysqld is taking to much IO read (gigabyte/sec) when no any strange requests to app server does (confirmed by Nginx log and app log). I connected Cloudflare and the firewall logs confirms that there is no strange HTTP request activity.
The site (https://info-kurs.com) has not much visitors per day (was a lot white crawlers but I disallow them with robots.txt).
My mysqld.log tells me that there is a lot of error like:
IP address 'ХХ.ХХ.ХХ.ХХ' could not be resolved: Name or service not known
And then my application errored with this:
MySQL Error 1040: Too Many Connections
I read this post MySQL warning "IP address could not be resolved"
It suggests me to add skip_name_resolve to my.cnf file. I added this directive. Also to setup firewall. I choose Firewalld.
My question is - how to set Firewalld for the first time and do not loose the ssh and http/https connection to server/site and how to prevent mysql:3306 connection from all internet except my office IP. I use workbench to have access to my DB.
For now I know:
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
But how to block all connection to mysql except one IP?
