#community-help

Typesense Production Architecture and Security Question

TLDR bnfd asked about Typesense production architecture and security. Kishore Nallan recommended not using it as a primary datastore and provided security advice.

Powered by Struct AI

1

Aug 25, 2021 (29 months ago)
bnfd
Photo of md5-ca6495d5be926db80e09aabf066f4b8b
bnfd
02:54 PM
What is the recommended architecture for running typesense in production? Should we use postgres (or something similar) as primary datastore and sync the updates to typesense?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
02:55 PM
Yes, Typesense is not meant to be used as a primary datastore. Depending on how often your data changes you can do daily dumps or streaming updates.
bnfd
Photo of md5-ca6495d5be926db80e09aabf066f4b8b
bnfd
03:05 PM
Thanks!
03:08
bnfd
03:08 PM
What about security hardening? In a use case where there are multiple collections, multiple users, user1 should only have access to user1 documents, user2 only user2 documents etc. I'm thinking reverse proxy with nginx + SSL + scoped keys. Is there anything else that's recommended?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
03:09 PM
Scoped keys will handle user-level access control well. Nginx is optional because Typesense uses a production grade HTTP server library (h2o) which is used by Fastly in their edge deployments, so it's battle tested.
bnfd
Photo of md5-ca6495d5be926db80e09aabf066f4b8b
bnfd
03:11 PM
as a means to not expose typesense directly
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
03:12 PM
It's fine to expose directly.

1