SSL termination

The query engine runs by default without SSL enabled. Therefore to deploy this securely, you will need to terminate SSL at a layer in-front of the query engine, and then only allow traffic from this layer to reach the query engine. For example, on cloud providers you can terminate the SSL on the load balancer and then setup security groups to only allow traffic from that load balancer to reach the query engine.

Cloud providers often offer ways of running docker containers which offer this SSL termination layer by default, for example Google Cloud Run (opens in a new tab) and AWS App Runner (opens in a new tab).

If you require terminating SSL on the query engine itself, or you are in any doubt, then please get in-touch.

Performance GitHub Actions CI