How to Enable External Access for Huawei Cloud RDS MySQL Using an Nginx Proxy

Introduction

Our company purchased a Huawei Cloud RDS MySQL instance, which by default is only reachable from the internal network. To access it from the Internet without buying a dedicated public IP, we use a cheap ECS server as a jump host.

Buy the cheapest cloud server

Ensure the ECS and the RDS are in the same VPC (same domain); otherwise they cannot communicate.

In the security group of the ECS, open the port that will be used for the proxy (e.g., 13306) so that external traffic can reach the server.

Configure outbound rule for the cloud database

According to Huawei Cloud rules, when the ECS and RDS are in the same domain but different security groups, you must add an outbound rule on the RDS to allow traffic from the ECS on the MySQL port.

Set up Nginx as a proxy jump host

After the basic network configuration, add an Nginx stream block that listens on the public port and forwards traffic to the internal RDS endpoint.

stream {

server {
listen 13306; # database server listening port
proxy_connect_timeout 10s;
proxy_timeout 300s; # disconnect if idle for 5 minutes
proxy_pass in01.internal.cn-north-4.mysql.rds.myhuaweicloud.com:3306;
}
}

The stream block must be placed at the top level of the Nginx configuration, outside any http block.

Restart Nginx, then the RDS MySQL can be accessed via the ECS public IP and the configured port.

Conclusion

This method provides external access to an internal Huawei Cloud database without purchasing an extra public IP.