Hi Everyone, I want to set up Airbyte installation on an AWS EC2 instance. But I don't want to expose the airbyte dashboard (UI) port on the instance as this will mean anyone with the public IP address and the port number can access it. I also read from the documentation that authentication is not yet supported. How can I place restrictions on this port?

Do you have to use a public ip for that ec2 instance for other reasons? If not, you can tell it not to assign a public IP, and then you have a private instance. If you have to keep the instance public, but want to protect the airbyte controls, you could look at using a Security Group to allow only a specific IP range to connect to that port number, instead of letting the whole world connect. That would work if you access it yourself from a consistent IP such as a company network or company vpn. Another option might be to put an nginx or similar web server in front of airbyte as a proxy, with authentication required for that, and it forwards to airbyte behind the scenes after authentication passes. Do any of those seem like they will work for you, or do you need other ideas?

Interesting suggestion on fronting Airbyte with a private IP with a nginx reverse proxy. Is there a documentation or blog post available for that somewhere @Jenny Brown

I’m not super familiar with our docs yet (I’m new) so I’m going to tag @abhi to take a look at this thread once he’s available.

@Jenny Brown Thank you for the response. I am tilting towards doing a research on the third option. However , just to ask for the first option using the private IP, would I still be able to access the UI via a browser to set the connection for replication ?

It depends on how your network is configured. A lot of companies have their aws vpc connected to their company’s network via a private vpn tunnel, so that the private aws IP addresses within their vpc act as if they’re part of the company network. In that case, yes you can access it via the private IP. I don’t know your company’s network configuration, though, so you’d be best to talk to your network operations team.

@Opeyemi Fabiyi I used a different approach. I have Airbyte running on a Docker container in a Google Cloud Compute engine instance, then I used SSH Port Forwarding to forward a port from my Machine to the server, allowing me to access Airbyte on a port on localhost.

That’s clever, and clean and simple.

@Paschal Onuorah Yeah, that's the current guideline mentioned in the docs but I'm trying to avoid interception so anyone with the public iP address and the port number shouldn't be able to access it. I'm currently exploring the option @Jenny Brown suggested

@Opeyemi Fabiyi yeah, the public ip points to a different application with it’s own authentication, served using nginx.

Thanks @Jenny Brown I've been able to setup Looking forward to a great experience using Airbyte for the Modern-stack I'm setting up

@Paschal Onuorah Have you setup nginx authentication for Airbyte with a private IP?

@Shadab No, I haven’t.

@Paschal Onuorah I was able to set it up. I will blog about it soon