Need some hosting advice
I'm working on a project which has it's front-end and backend hosted on CF Pages / Workers, and I also use the CF KV out of convenience.
Sadly I can't use D1 for my project, so I'm forced to host some external postgres DB on a VPS and communicate to it from workers.
What would be the most secure and reliable way to communicate between my CF Workers and my postgres DB?
Using a simple username + password connection string seems simple, but that opens possibility for brute-force attacks. And I'm not sure what types of firewall rule's I'd need to apply because CloudFlare would probably request the database from several different IP addresses.
3 Replies
as for whitelisting cloudflare IPs you can check their ranges
https://www.cloudflare.com/ips/
and perhaps you can use something like cloudflared to expose your postgres database?
https://developers.cloudflare.com/hyperdrive/ Cloudflare has hyperdrive, a service for connecting to Postgres DBs from Workers, which also has connection pooling and caching
Cloudflare Docs
Hyperdrive · Hyperdrive
Hyperdrive is a service that accelerates queries you make to existing databases, making it faster to access your data from across the globe, …
Both Hyperdrive and TCP Connect don't use /ips/ and instead use CF WARP IPs (not documented anywhere) though