Is your feature request related to a problem? Please describe.
Observable offers a built-in database proxy that exposes database connections to the browser. In order order to access MySQL and PostgreSQL databases the respective port of the DB server must be remotely accessible.
However, this configuration is rather uncommon and considered insecure. A safer approach is to restrict port access to the internal network, then tunnel the port via SSH. Unfortunately this configuration is currently not supported in Observable.
Describe the solution you'd like
Add the option to specify an SSH connection through which the database port will be tunneled. At a minimum Observable should provide an (auto-generated?) public key that can be added to the server's authorized_keys. Password based access could be added as an option, but I suspect that passwordless authentication will be more common in this scenario.
Describe alternatives you've considered
Observable offers a self-hosted proxy, but installing / running this proxy is often not an option.
Is your feature request related to a problem? Please describe.
Observable offers a built-in database proxy that exposes database connections to the browser. In order order to access MySQL and PostgreSQL databases the respective port of the DB server must be remotely accessible.
However, this configuration is rather uncommon and considered insecure. A safer approach is to restrict port access to the internal network, then tunnel the port via SSH. Unfortunately this configuration is currently not supported in Observable.
Describe the solution you'd like
Add the option to specify an SSH connection through which the database port will be tunneled. At a minimum Observable should provide an (auto-generated?) public key that can be added to the server's authorized_keys. Password based access could be added as an option, but I suspect that passwordless authentication will be more common in this scenario.
Describe alternatives you've considered
Observable offers a self-hosted proxy, but installing / running this proxy is often not an option.
Additional context
Previously discussed in https://talk.observablehq.com/t/access-a-database-using-ssh-tunneling/6519