Page MenuHomePhabricator

Revisit feasability of TTS-consumer/TTS-provider Security groups
Closed, DeclinedPublic

Description

From T161094#3133689
While the audio needs to be publicly accessible it could be possible to make the main tts server only speak to the wiki by having client requests go to the action api (of the MediaWiki extension) which in turn forwards these to he TTS service and handles the reply.

The question which such an approach is the trade-of between any performance losses (due to the api go-between) and potential security gains. This is worth revisiting after T153841 which will likely introduce/require some of the action api functionality anyway.

If so the Security group settings are the below and the wikispeech-tts proxy is no longer needed.:

Create security groups:

  • ComputeAccess & securityCreate security group, name TTS-consumer
  • ComputeAccess & securityCreate security group, name TTS-provider
    • Add rule: port = 10000, Remote = Security group, Security Group = TTS-consumer