Secure Database Lab Engine
To make your work with DBLab Engine UI / API / CLI and clones secure, install and configure Envoy proxy with a SSL certicate.
Configuring a secure DBLab engine​
1. DNS configuration​
Update the DNS A record for your public domain to resolve to the public IP address of the DBLab Engine server. Note that DNS changes may take some time to propagate.
2. Proxy installation​
Run the following command to install the Envoy proxy and obtain a Let's Encrypt SSL certificate. Replace the placeholders with your actual server details:
docker run --rm -it \
-v $HOME/.ssh:/root/.ssh:ro \
-e ANSIBLE_SSH_ARGS="-F none" \
postgresai/dle-se-ansible:v1.0 \
ansible-playbook software.yml --tags proxy --extra-vars \
"dblab_host='user@server-ip-address' \
proxy_install='true' \
certbot_domain='dblab.yourdomain.com' \
certbot_admin_email='[email protected]' \
platform_org_key='YOUR_ORG_KEY' \
platform_project_name='YOUR_PROJECT_NAME'"
Replace user@server-ip-address with the actual username and IP address for your server, dblab.yourdomain.com with your domain.
Accessing the DBLab Engine and clones​
DBLab Engine UI/API/CLI​
Connect securely over HTTPS on port 443, such as https://dblab.yourdomain.com.
DBLab database clones​
Access database clones by appending +3000 to the original connection port. For example, for a clone originally on port 6000, you would use port 9000. This mapping ensures that connections to clones are routed correctly through the proxy:
PGPASSWORD=secret_password psql \
"host=dblab.yourdomain.com port=9000 user=dblab_user dbname=test sslmode=require"
Adjust the port numbers accordingly for other clones, following the pattern original_port+3000 (e.g., 6001->9001, 6002->9002, etc.).