Secured Connection to Postgres on Linode host


#1

Issue Summary

Secured Local Hosted Redash Connection to a remote Postgre SQL hosted on Linode

Technical details:

Hi,
I would like to run Redash on my local Macbookpro and connect to a PostgreSQL hosted on Linode VPS.
Please let me know what is the most secured connection method to make this remote connection.
The reason is we are running our live eCommerce platform on the Linode and need the most secured method to connect to the database directly.
Regards,
Chee


#2

Could you spin up Redash at Linode so the data traffic never leaves their network?


#3

Hi Jesse,

Yes that could be it.

Will be secured.

Thanks.

Chee


#4

Hi Jesse,

I was trying to install Redash on a local macbookpro OSX 10.14 using Docker as the build process.

The auto script managed to run but show some error.

When I try to access the frontend, it shows on the browser:


#5

Another approach would be to create an SSH tunnel from your local macbook pro to the remote Linode VPS, configured so Redash (running on the macbook) can query PostgreSQL over the connection.

This is what I’m doing presently, for connecting to a remote host on Scaleway (instead of Linode). The raw command line to run is:

ssh -L127.0.0.1:5431:127.0.0.1:5432 -N linodeserver &

Where linodeserver should be the DNS name, or IP address, of your Linode VPS.

With that command run, ssh will start listening on port 5431. Anything that connects to it will be transparently connected through to 127.0.0.1 (localhost), port 5432 on the remote server.

You tell Redash to run queries against 127.0.0.1:5431 (localhost on your macbook), and ssh will do the tunneling between things.

That may be more secure than setting up Redash on a remote server if you’re not comfortable with securing servers on the internet. If you have a team that can secure a remote server for you though, that may be the better option. :smile:


#6

Hi Justine,

Thanks for the help.

I will try this SSH method to connect into our server.

May I also ask for you advise on making sql update,delete,alter command, are there any safety mechanism on Redash that provide accident rollback?

Regards,

Chee


#7

Not sure, I haven’t been using Redash for long myself either. :wink:

From a “maximum safety” perspective, it’s probably best to develop your queries against a copy of the database (on a different server) instead of doing it live on a production one.

With SQL in general it’s possible to write bad queries that can impact the entire database. Many companies create replicas of their database on a different server, specifically so people can run all kinds of queries on that and not have a bad effect on their main database server. Not sure how much that applies to your situation though. :smile:


#8

Good morning,
I don’t understand your need.
Do you plan to run update/delete and alter queries from Redash ?
If you only plan to execute select queries to feed your dashbord and you’re afraid of “bad queries”, you may create a PotgresSQL user for your Redash datasource who only have “reading rights” (connect on database , usage on schema , select table/views rights)


#9

It’s probably from a “playing it safe with a new product I’m not yet familiar with” viewpoint. :smile:


#10

Just to confirm here: no, Redash does not include rollback protection. It’s designed for data visualization and is not tuned towards the full suite of DB admin activities.


#11

Sorry Justin,
I was talking about @cheekc 's need.
And I do understand you point of view :slight_smile:


#12

Hi All,

Thanks everyone for the supportive advice.

We are going to make a db replication and perform our analytics on that data source.

And the suggestion to create a dedicated user with restricted permissions is a good idea. We will surely try that.

Best Regards,

Chee KC


#13

Hi Justin,

How are you doing?

Our company is interested to consider integrating Redash for our Customer Facing use case.

We are a startup company from Singapore and our SaaS is of the same name as our company “Acornity”. It is an eCommerce ads platform. We engage bloggers to provide publication space for merchants to deliver product advertisement.

We have 2 use case:

Case 1: For integrating Redash into Acornity to allow merchant and blogger to check on how their campaigns are doing and provide insight to fine tune their promotion activity and blog content direction. We charge a fee to the merchant to use Acornity. We would like to make this a While Label arrangement and not to display any Redash logo in our service. We will not make code change to Redash.

Case 2: For our internal staff operation usage. To check the various status of operation and optimize our service delivery. This is an internal facing use and we will be able to show and adhere to all Redash license logo display. We will not make code change to Redash.

Please let us know how much the Commercial License will cost and are there any further restriction on use.

Please also let us know if our Case 2 will qualify for a free usage license.

Regards,

Chee


#14

Looks interesting. :slight_smile:

I’m definitely not the correct person to ask about licensing though, as I’m just helping out on here on the forums when I feel like it, rather than working for Redash.

The best person to ask is likely @arikfr, who’ll probably read this message and hopefully respond anyway. :slight_smile:


#15

Thanks Justin for the feedback.

Hi Arikfr,

May be you direct email me on the license fee part.

I didn’t realize this is a public forum.

Regards,

Chee


#16

Hi,

I’m not sure if Redash is the best tool for Case 1 at the moment. We’re working on capabilities to allow embedded analytics scenarios, but we’re not 100% there yet. But this also depends on what functionality you want to provide for your merchants.

Anyway, the open source code is licensed with a standard BSD license and there is nothing preventing you from commercial usage. No license fees are required.

Good luck,
Arik