Hi all, in Friday’s meetup we discussed the happy path for deploying Wappler applications and the need for more tutorial videos. Therefore, I’ve created a video called “From Wappler to Web (using AWS) - Deploy a Wappler app to a live domain in minutes”
The tutorial covers the following:
Create an AWS API key
Create a Docker Machine in AWS using Wappler
Point a custom domain to the Docker Machine’s IP address
Install container & SSL management services using Wappler
Install a Wappler application into the Docker Machine
Here’s the video:
I hope it’s of use to some of you. Questions are welcome as always.
(Apologies for the single channel low volume audio. I’ll try and fix this in future videos)
Few cents regarding your tutorial: it’s missing the security section. Your Docker and PostgreSQL services now opened to the internet and everyone can try to bruteforce your PostgreSQL password without any limitations. What I’m doing in different hosting environment (Hetzner) is configure the Firewall and allow to connect to PostgreSQL port 9906 and SSH (Docker) only from specified IP addresses. This will secure access to your system on a network layer.
I’m using Amazon RDS (for PostgreSQL) to host my non-demo (i.e. dev/test/production) databases. So similar to what you’ve done, I believe I can restrict it such that only my AWS Docker Machine can see it. But you’re right, I’ve not set this up yet and rely on a very long (randomized) password to dramatically extend the time required for a brute force attack to work.
With regards to the Docker Machine, the only way to access it is via a private key which sits solely on my laptop. So unless that key is shared, I believe this is secure?
You’re absolutely correct in that additional level of security can be implemented on top of this, including restricting access via specific ports (if not already in place).
I’m happy to be told I’m incorrect on any of the above
Regarding private key - your correct, but your exposed service ports can be a potential point for DDoS attacks. For instance: spam authentication to your Docker server via 22 port.
I need to access my Docker machine from my laptop on varying networks/places (some of which don’t have static IP addresses). So to restrict SSH access to the Docker Machine from a specified IP address, I’d probably need to VPN into a network which has a static (external) IP address and connect to it from there.
I may do this in the future, but for now I’ll just need to take the chance that my stuff’s not interesting enough to be targeted for a DDoS.