https://linen.dev logo
#ask-community-for-troubleshooting
Title
# ask-community-for-troubleshooting
m

Martin Carlsson

09/24/2021, 7:53 AM
Hi, I’m considering using Airbyte with a client, where I need to create a custom connector (to some old API) and install Airbyte all on my clients Azure. The documentation advices that I shouldn’t expose Airbyte to the internet:
For security reasons, we strongly recommend to not expose Airbyte on Internet available ports. Future versions will add support for SSL & Authentication.
The advice is to ssh into the azure VM and expose Airbyte to localhost. However, I think this is too technical for the client. Are there any other approaches that can securely expose Airbyte’s frontend to the client?
j

Jonas Bolin

09/24/2021, 7:59 AM
Suppose you could help the client setup some kind of desktop shortcut which in turns trigger say a python scripts which runs the gcloud ssh command
Of course this requires them to have admin rights on their machine, which I suppose not everyonehas
m

Martin Carlsson

09/24/2021, 8:41 AM
@Jonas Bolin Good idea! I’ll do this for my own computer. However this is not a viable solution for the client.
j

Jonas Bolin

09/24/2021, 11:22 AM
@Martin Carlsson let me know if you find something better. am in the same situation with a client. what I suggested so far is my best attempt atm
m

Martin Carlsson

09/24/2021, 11:22 AM
@Jonas Bolin Also on Azure?
j

Jonas Bolin

09/24/2021, 11:24 AM
GCP, but it has equivalent command line SSH tunnel setup
m

Martin Carlsson

09/24/2021, 11:54 AM
Right now I’m considering RDP’ing in to the VM .. however, I’m not sure how this will work on a Linux machine 😅
u

[DEPRECATED] Marcos Marx

09/24/2021, 1:10 PM
@Martin Carlsson not super pro into Azure products. There is our FAQ docs saying about RBAC/Auth and some options to implement for yourself: reverse-ssl or use Google IAP <= dont know if Azure has something similar https://discuss.airbyte.io/t/does-airbyte-support-rbac-or-permissioning-in-the-ui/97/2
m

Martin Carlsson

09/24/2021, 1:12 PM
@[DEPRECATED] Marcos Marx Thanks - I’ll have a look at it
@[DEPRECATED] Marcos Marx Hmm .. I couldn’t find an Azure alternative to Google IAP
j

Jonathan Stacks

09/24/2021, 2:03 PM
If the client has a Virtual Network and they are currently using a VPN to access it, you could create an internal load balancer in front of the VM that terminates SSL. Putting it inside the Virtual Network would also allow you not to put it on the internet.
m

Martin Carlsson

09/25/2021, 10:34 AM
@Jonathan Stacks Thanks. I think I’ll do a version of that. Deploying Airbyte on a Linux VM and give access to it via a Windows VM in the same Virtual Network. The client are using Azure Data Factory for all data warehouse orchestration - so I also need Azure Data Factory to have API access to Airbyte - I should be able to do that with this solution.