TCP proxy
Overview
Section titled “Overview”This page lists the DNS endpoints we use for databases on the LEF private network.
This is currently used for database connectivity (*.db.lef). It can be extended to proxy other TCP services if/when needed.
Where it runs
Section titled “Where it runs”These hostnames typically point at np-proxy (HAProxy) on proxy.core.lef, which routes TCP traffic to the correct backend.
Access & security notes
Section titled “Access & security notes”- You are on VPN / LAN (see VPN access).
- You have credentials and the right access (see Access control policy).
Entry points
Section titled “Entry points”- SQL Server:
tcp://<database>.db.lef:1433 - PostgreSQL (if applicable):
tcp://<database>.db.lef:5432
SQL Server endpoints
Section titled “SQL Server endpoints”| Hostname | Port | Backend | Notes |
|---|---|---|---|
pivot.db.lef | 1433 | coragem.core.lef:6010 | Pivot environment |
pivoted.db.lef | 1433 | coragem.core.lef:8010 | Pivoted environment |
trainee.db.lef | 1433 | lab.core.lef:7010 | Trainee environment |
concepts.db.lef | 1433 | lab.core.lef:9010 | Concepts environment |
sicoob.db.lef | 1433 | lab.core.lef:12010 | Sicoob environment |
solutions.db.lef | 1433 | alma.core.lef:5010 | Solutions environment |
unimed.db.lef | 1433 | alma.core.lef:10010 | Unimed environment |
sapore.db.lef | 1433 | alma.core.lef:11010 | Sapore environment |
tokio.db.lef | 1433 | tokio.core.lef:4010 | Tokio environment |
tokio-prod.db.lef | 1433 | See EVEO DBaaS | EVEO DBaaS (managed SQL) |
PostgreSQL endpoints
Section titled “PostgreSQL endpoints”| Hostname | Port | Backend | Notes |
|---|---|---|---|
tools.db.lef | 5432 | alma.core.lef:5432 | Tooling database |
Operational notes
Section titled “Operational notes”- Prefer
*.db.lefhostnames over hardcoded IPs in configs and connection strings. - Don’t store database passwords in Git; use Vault or the approved secret manager.
- If a DB endpoint is down, check
np-proxyhealth first (HAProxy routing) and then the target backend host. - HAProxy stats (VPN/LAN): http://proxy.core.lef:8404/haproxy?stats
Known risks / failure modes
Section titled “Known risks / failure modes”- Not on VPN →
db.lefhostnames won’t route. - Wrong DNS or stale cache → you hit the wrong backend.
- HAProxy is down → multiple DB endpoints appear down at once.