Hello team, any best practice to deploy airbyte in production given that there is no authentication, I want to link it to a subdomain of mine for my team to be able to access it, anyone have tried this before?

Nginx reverse proxy… https://www.domysee.com/blogposts/reverse-proxy-nginx-docker-compose I’ve not tried it yet, but it’s a pretty common pattern.

You can also set up an authn/authz filter with Envoy proxy / Istio and oauth2-proxy

There's also Ory Oathkeeper, Keycloak

Also you can use Dex from the other happy octopus team https://argoproj.github.io/argo-cd/operator-manual/user-management/#dex

Or Apache Httpd with .httpwd

Or maybe even https://traefik.io/traefik/

In short, you reverse proxy it.

If you are running on GCP or AWS I believe you can use IAP or Incognito to get an easy secured public endpoint, tied to a company IDP, out of the box without setting up too much infra

Thanks team, appreciate all the help 🙂

All great tips! Helped me get set up so thanks everyone! Figured I’d throw my AWS based solution in here for anyone else who searches for this. I used nginx reverse proxy for basic http auth but plan on switching to AWS’s ALB in the future which supports OIDC out of the box.

Hi @Seth Saperstein I have been looking for AWS based solution with NGNIX. It would be great if you can share to the community. I believe many people might be interested .

Turning it to IaC currently. I’ll drop the link in here to the terraform once I get the nginx bits in IaC as well as the log forwarding to CW

That would be great. Specifically with AWS CF or CDK.