This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .
Today, I got a question from a customer that they want to connect from their OnPremise environment to Azure SQL Database Private Endpoint. I would like to share with you some details and how NGINX helped us in this point.
Environment
- We have installed a NGINX in an Azure Virtual Machine.
- The public IP address assigned by Azure DNS of this machine will be 20.1.1.1.
- We created a Private Endpoint in the VNET/Subnet of this Virtual Machine. The private IP address assigned by Azure Private DNS zone will be 172.23.0.5
- Working from home/office my public IP will be 30.1.1.1
- The Azure SQL Server:
- Name will be servername.database.windows.net.
- Connection policy will be PROXY.
- Public access will be disabled.
Network configuration
- I added a new NSG rule in the VNET of my Azure Virtual Machine allowing the inbound connection from the IP 30.1.1.1 to this Azure Virtual Machine with IP 20.1.1.1 to the port 9030, I would like to use this one, instead using 1433.
- I added as a DNS of this Azure Virtual Machine ServerName.northeurope.cloudapp.azure.com (ServerName will be the same of Azure SQL Server).
NGINX configuration
- I modified the nginx.conf file with the following parameters and I re-started the service.
stream {
upstream servername.northeurope.cloudapp.azure.com
{
server servername.database.windows.net:1433;
}
server {
listen 9030;
proxy_pass servername.database.windows.net:1433;
}
}
Testing the connection
- Using SQL Server Management Studio:
- Using ServerName.northeurope.cloudapp.azure.com,9030 and trust server certificate enabled. I was able to connect using NGINX TCP Proxy server. NGINX Proxy server will connect directly to Private Endpoint because is implemented in the same VNET/Subnet.
Related articles:
- Using a TCP proxy to connect to SQL Database over VPN - Microsoft Community Hub
- Testing connectivity against a Managed Instance using a CNAME - Microsoft Community Hub
Enjoy!