Hi, I’m considering using Airbyte with a client, where I need to create a custom connector (to some old API) and install Airbyte all on my clients Azure. The documentation advices that I shouldn’t expose Airbyte to the internet:

For security reasons, we strongly recommend to not expose Airbyte on Internet available ports. Future versions will add support for SSL & Authentication.

The advice is to ssh into the azure VM and expose Airbyte to localhost. However, I think this is too technical for the client. Are there any other approaches that can securely expose Airbyte’s frontend to the client?

Suppose you could help the client setup some kind of desktop shortcut which in turns trigger say a python scripts which runs the gcloud ssh command

@Jonas Bolin Good idea! I’ll do this for my own computer. However this is not a viable solution for the client.

@Martin Carlsson let me know if you find something better. am in the same situation with a client. what I suggested so far is my best attempt atm

@Jonas Bolin Also on Azure?

GCP, but it has equivalent command line SSH tunnel setup

Right now I’m considering RDP’ing in to the VM .. however, I’m not sure how this will work on a Linux machine 😅

@Martin Carlsson not super pro into Azure products. There is our FAQ docs saying about RBAC/Auth and some options to implement for yourself: reverse-ssl or use Google IAP <= dont know if Azure has something similar https://discuss.airbyte.io/t/does-airbyte-support-rbac-or-permissioning-in-the-ui/97/2

@[DEPRECATED] Marcos Marx Thanks - I’ll have a look at it

If the client has a Virtual Network and they are currently using a VPN to access it, you could create an internal load balancer in front of the VM that terminates SSL. Putting it inside the Virtual Network would also allow you not to put it on the internet.

@Jonathan Stacks Thanks. I think I’ll do a version of that. Deploying Airbyte on a Linux VM and give access to it via a Windows VM in the same Virtual Network. The client are using Azure Data Factory for all data warehouse orchestration - so I also need Azure Data Factory to have API access to Airbyte - I should be able to do that with this solution.