Hi everyone, what kind of solution are you using to protect access to applications in non-production environments? I mean especially http/s traffic to applications in dev/staging environments that should not be reachable from public internet. examples: • VPN server • A web proxy • IP Whitelist • No protection at all I am looking for something that can be centrally managed, can apply for different environments (esp. AWS), and can scale globally (clients connecting from anywhere).

Tailscale

If you want to avoid the fuss of a VPN setup, have used Pritunl Zero as an identity-aware-proxy to put in front-end of restricted access http(s) sites https://docs.pritunl.com/docs/pritunl-zero-service Isn't too tricky to setup using a Docker image

At work I use Zscaler ZPA for this since, uh I work there but for otherwise Tailscale works pretty well.

Tailscale is a good one - we have some customers at Qovery using it. But since we introduced the native support of port-forward they no longer need third party tools. But Tailscale look good.

Vpn. Block all in sg except vpn address. Done

Thanks everyone. I am currently using VPN but it's not performant for users across the globe. There are latency issues, management, onboarding / offboarding and also the CIDR block that might conflict with users' home network. So I am looking for some alternative for all those issues. I will check Tailscale.

I'm using terraform to manage my tailscale ACL file. I also use group membership to control who has access to what and TF makes the ACL

Alright sounds good. TF is part of my setup 100%.