End-to-End Encryption on Rasa Open Source

Hello all,

I have currently built my RASA agent in an EC2 instance and am looking up ways to make my bot secure as it will be handling very sensitive information from the user during a conversation. I understand that it’s best to use a reverse nginx proxy and HTTPS so I plan to implement that in my current docker-compose file. Is the reverse nginx proxy suppose to be on the same EC2 instance as the RASA agent or a different instance and connected? if the latter of the two, how would one do that on AWS?

Also (this is more about a question if this is good practice), how is the best way to secure and send data to the RASA agent from a client like iOS? (I’ve already connected the two via webhook and the HTTP api)? I was thinking about client-side encryption and the server side decryption but googling and reading some reddit threads seems that this isn’t the right approach perhaps?

Anyone having experience or any tips would be a great help!

hi @jeff-ridgeway ! Short version - I think you can run nginx on the same EC2 instance. As per making calls from iOS, if those calls are over SSL they will already be encrypted in flight. More generally, your questions apply not just to Rasa but to any web application. Rasa uses the sanic webserver, so you may find additional help on these topics in that community.

1 Like

Hey @amn41 thanks for the repsonse! I was able to get the reverse proxy with nginx working on the EC2 instance successfully. I’ll mark your reply as the solution.