How to connect an isolated node to a public node via SSH tunnel
Solution 1:
If you are on a cloud platform where a server on a private-only allocation is truly isolated, I believe a better solution for you will be something like stunnel. This would allow you to open a port on the Web server, that when opened tunnels to the main server. In effect, this is turning your web server into a limited form of an application-layer proxy.
- Use stunnel to open port 8080 on the web server's private IP, and forward all connections to the main server on port 80.
- Configure the db server to talk to the main server on the private IP of the web server on port 80.
A similar system could be accomplished with a more general proxy solution such as squid or even haproxy.