Access a database using SSH tunneling

Is there any way to use SSH tunneling when hooking up a database to Observable? I’m using pgAdmin to interact with a database right now, which has a dialog for access in this way. Is there some way the self-hosted data proxy or other methods can replicate this for access in Observable?

Interesting question! Where is the database located? Is the IP address and port available from the internet? In that case, I would think you could access the database from the Observable-hosted database proxy. However, since you are asking about the self-hosted proxy, I suspect your database is either locally installed or behind some firewalls?

I believe what @zachbogart is describing is the case where a database can only be accessed internally, but the port can be tunneled through an SSH connection. Many GUI database clients offer an option to specify SSH credentials in addition to the database credentials, and will take care of creating the tunnel.

I apologize that my initial response to this was a bit off. I mis-read the question and also was too hasty to offer a solution. Following my mistake, however, I did read into various options for creating SSH tunnels using JavaScript. While there are a few different packages out there to support this, most seemed to require node.js. Also, almost everything that I found will fail the module require debugger. Here are some of the options that I identified (none of which was I able to get working today):

(and apologies, I meant to reply to the thread but seems I accidently responded to Cobus - and I can’t seem to edit this setting)!

I might have a simpler/different problem. I’m using SSH tunneling because I have a floating dynamic IP address so we use our server to SSH tunnel into and use that as a connection. Have tried whitelisting my IP address but it refreshes periodically. Any experience with this?

Where and how do you whitelist the IP?

There’s a bit of blackbox telephone. Previously we emailed the client about whitelisting my IP and then got confirmation that it was whitelisted and could get access. To get around this back-and-forth, we used SSH tunneling instead.

And you want to know if there is some builtin way (either in Observable’s hosted proxy or the @observablehq/database-proxy package) to configure and setup an SSH tunnel, so that you don’t have to create one yourself each time?

Yes, I think that covers it.

Thanks for clarifying, all. As you probably figured out by now, that feature does not exist as part of our database proxy at the moment. Is it possible to run the database proxy on the machine that you are currently ssh-ing into (since that one presumably has a static IP address)?

Yeah, I will have to look into this as an option. Thanks for the discussion.

Tracked in Support SSH tunneling for MySQL/PostgreSQL connections · Issue #442 · observablehq/feedback · GitHub