A Smaller Front Door: Hardening the Nearbase Platform
We retired a public-facing service and consolidated how our apps talk to the outside world. Nothing changes for you — except a platform that's quieter, safer, and more reliable.
Good infrastructure work is the kind you never notice. This week we shipped a change to how the Nearbase platform is wired together — and if we did our job right, you won’t feel a thing. The CLI still logs in the same way, the pricing calculator still updates instantly, and every database keeps humming.
So why write about it? Because “nothing changed for users” is exactly the outcome we’re proud of.
What we did, in one sentence
We shrank the part of Nearbase that faces the public internet, folding a handful of outward-facing responsibilities into the surfaces that already needed to be online — and taking one more service off the open web entirely.
That’s it. No new product, no migration for you to run, no settings to flip.
Why a smaller surface is a safer surface
Every service you expose to the internet is a door. Doors are useful — people walk through them — but each one is also something you have to lock, watch, and maintain. The fewer doors you have, the less there is to defend and the less that can go wrong.
By consolidating, we:
- Reduced our public attack surface. A service that used to accept traffic from the open internet no longer does. It now runs in a place only our own systems can reach.
- Removed a class of outages. Fewer independent services in the request path means fewer things that can be slow, fail, or need a maintenance window.
- Simplified the mental model. When something needs attention, there are fewer places to look. That makes us faster at keeping the platform healthy.
These are the boring-but-load-bearing properties of a system you’re trusting with production data. We take them seriously.
What stayed exactly the same
We held a hard line on one thing: this change had to be invisible.
- Your CLI sessions keep working. If you’re already logged in, you stay logged in.
nearbase loginworks just as before. - The pricing calculator is unchanged. Same numbers, same speed.
- Your databases were never in the path. This was about how our apps talk to each other, not about your instances. There was no downtime and no data involved.
The principle behind it
We have a simple rule of thumb: expose the minimum, and keep the rest private. The things that need to be on the internet should be, and nothing else should. Periodically we step back, look at what’s grown a little too public over time, and pull it back in.
This was one of those clean-ups. It won’t be the last — and that’s a good thing. A platform that gets quietly simpler over time is a platform you can keep trusting.
As always, if you ever notice something that isn’t invisible, tell us in Discord. The best infrastructure feedback usually starts with “hey, this felt a little off.”