Forem: Afe Damilare

How I Used WireGuard to Secure API Communication Between Cloud Servers — Plus a PyAirbyte Custom Connector Tutorial

Afe Damilare — Mon, 10 Nov 2025 19:24:10 +0000

INTRO

If you’re dealing with data pipelines or APIs between cloud servers, you know how important it is to keep those connections locked down and secure. I recently tackled this by using WireGuard; a lightweight VPN tool that’s surprisingly easy to set up and super effective. In this post, I’ll show you how I set up WireGuard between my cloud servers to create a secure tunnel. Then, I’ll walk you through building a custom connector using PyAirbyte that uses this tunnel to keep my data transfers safe and sound. No fancy jargon, just practical steps you can follow.

WHAT’S THE PROBLEM?

First off, unsecured API communication is a real risk. Data sniffing, man-in-the-middle attacks — these are nightmares you want to avoid when moving info around. That’s why I decided to take a fresh look at VPNs and ended up with WireGuard.

WHY WIREGUARD?

WireGuard is modern, fast, and much simpler than old-school VPNs. It’s perfect if you want security without headaches.

SETTING UP WIREGUARD
I'll show you how to get WireGuard up and running on two cloud servers. It took me less than 30 minutes, and it’s mostly copy-paste commands.

PYAIRBYTE AND CUSTOM CONNECTORS

If you’re new to Airbyte or PyAirbyte, no worries. I’ll give you a quick intro, then dive into how I built a custom connector that actually sends data through the WireGuard tunnel.

BUILDING THE CONNECTOR — STEP BY STEP

Here’s the code, the config, and all the little details you need to get this working.

TESTING IT ALL OUT

Once everything’s in place, I’ll show you how to run the pipeline and make sure your data’s traveling securely.

WRAP UP

So yeah — securing APIs with WireGuard and PyAirbyte is doable and doesn’t have to be complicated. Give it a shot and feel free to ask questions or share your experiences.

[Boost]

Afe Damilare — Mon, 10 Nov 2025 15:26:58 +0000

How I Used WireGuard to Secure API Communication Between Cloud Servers - DEV Community

INTRODUCTION In modern cloud architectures, microservices and APIs often communicate over the...

dev.to

How I Used WireGuard to Secure API Communication Between Cloud Servers

Afe Damilare — Mon, 10 Nov 2025 15:26:04 +0000

INTRODUCTION

In modern cloud architectures, microservices and APIs often communicate over the public internet. While HTTPS provides encryption in transit, sometimes you want an additional layer of security, especially when sensitive data flows between servers.

In this article, I’ll show how I used WireGuard, a lightweight and high-performance VPN, to secure API communication between two cloud servers. This setup ensures that all API traffic flows over an encrypted tunnel, reducing the risk of interception or tampering.

WHY WIREGUARD?

WireGuard offers several advantages for cloud-to-cloud communication:

Simplicity: Easy to configure compared to traditional VPNs like OpenVPN or IPsec.

Performance: High throughput with minimal latency.

Modern cryptography: Uses state-of-the-art protocols (ChaCha20, Poly1305).

Cross-platform: Works on Linux, Windows, macOS, and even mobile devices.

With WireGuard, you can create a private network between servers and secure all API calls automatically.

PREREQUISITES

Before you start, you’ll need:

Two cloud servers (e.g., AWS EC2, DigitalOcean Droplets) with root access.
Linux OS on both servers (Ubuntu 22.04 recommended).
Basic familiarity with the terminal and SSH.

Let’s call the servers:

Server A — the API client

Server B — the API server

Step 1: INSTALL WIREGUARD

On both servers, install WireGuard:

Update package list

sudo apt update

Install WireGuard

sudo apt install wireguard -y

Verify installation:

wg --version

Step 2: GENERATE KEYS

WireGuard uses public/private key pairs for authentication. On each server:

Generate private key

wg genkey | tee privatekey | wg pubkey > publickey

This will create two files:

privatekey → Keep secret
publickey → Share with the other server

Step 3: CONFIGURE WIREGUARD INTERFACES

On Server A (wg0.conf):

[Interface]
PrivateKey =
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey =
Endpoint = :51820
AllowedIPs = 10.0.0.2/32
PersistentKeepalive = 25

On Server B (wg0.conf):

[Interface]
PrivateKey =
Address = 10.0.0.2/24
ListenPort = 51820

[Peer]
PublicKey =
Endpoint = :51820
AllowedIPs = 10.0.0.1/32
PersistentKeepalive = 25

Explanation:

Address → Private IP for WireGuard interface

Endpoint → Public IP and port of the peer

AllowedIPs → IPs to route through the VPN

PersistentKeepalive → Keeps the connection alive behind NAT

Step 4: ENABLE AND START WIREGUARD

Start WireGuard

sudo wg-quick up wg0

Enable at boot

sudo systemctl enable wg-quick@wg0

Check connection status:

sudo wg

You should see handshake information, indicating that both servers are connected.

Step 5: TEST API COMMUNICATION

Assume Server B is running an API on port 8000. On Server A:

curl http://10.0.0.2:8000/health

The request should succeed over the encrypted WireGuard tunnel, even if the API port is not exposed publicly.

Step 6: OPTIONAL — RESTRICT PUBLIC ACCESS

For maximum security, update the firewall on Server B to only allow API requests via WireGuard:

sudo ufw allow from 10.0.0.0/24 to any port 8000
sudo ufw deny 8000

Now, the API is effectively private to the VPN.

BENEFITS OF THIS SETUP:

End-to-end encryption for API communication

Private network between cloud servers

Minimal latency and easy deployment

Works for multi-cloud or hybrid cloud architectures

Conclusion

By using WireGuard, I was able to secure API communication between servers with minimal configuration and excellent performance. This approach is particularly useful when sensitive data flows across cloud providers or when you want to avoid exposing APIs publicly.

WireGuard is lightweight, fast, and easy to manage — making it a go-to solution for secure cloud-to-cloud networking.

If you found this tutorial helpful, follow me on Dev.to for more cloud security and networking tips!

How to Monitor a Node.js App with SigNoz (Step-by-Step Guide)

Afe Damilare — Mon, 10 Nov 2025 12:26:41 +0000

🚀 WHAT YOU’LL LEARN

How to set up SigNoz locally with Docker
How to instrument your Node.js app with OpenTelemetry
How to view metrics and traces inside SigNoz

⚙️ PREREQUISITES

Before you begin, make sure you have:

Node.js installed (v14+ recommended)
Docker and Docker Compose installed
Basic familiarity with running Node.js apps

🧱 Step 1: SET UP SIGNOZ LOCALLY

SigNoz provides a quick Docker-based setup.
Open your terminal and run:

git clone https://github.com/SigNoz/signoz.git
cd signoz/deploy/docker
./install.sh

Once the setup is complete, visit:

http://localhost:3301

You should see the SigNoz dashboard running 🎉

🪄 Step 2: CREATE A SIMPLE Node.js APP

Let’s create a small Express app that we can monitor.

You can copy and paste the following code:

mkdir node-signoz-demo
cd node-signoz-demo
npm init -y
npm install express

Now, create a file called app.js:

const express = require("express");
const app = express();

app.get("/", (req, res) => {
res.send("Hello from Node.js!");
});

app.listen(3000, () => {
console.log("Server running on http://localhost:3000");
});

Run it with:

node app.js

Your app is now live on http://localhost:3000

📡 Step 3: ADD OpenTelemetry TO SEND DATA TO SIGNOZ

SigNoz works with OpenTelemetry, an open-source observability framework.

Install the necessary OpenTelemetry packages:

npm install @opentelemetry/api @opentelemetry/sdk-node @opentelemetry/auto-instrumentations-node

Then create a file called tracing.js with the following:

const { NodeSDK } = require("@opentelemetry/sdk-node");
const { getNodeAutoInstrumentations } = require("@opentelemetry/auto-instrumentations-node");

const sdk = new NodeSDK({
instrumentations: [getNodeAutoInstrumentations()],
});

sdk.start();

Finally, update your app.js to import this tracing setup:

require("./tracing"); // initialize telemetry before anything else

const express = require("express");
const app = express();

app.get("/", (req, res) => {
res.send("Hello from Node.js with SigNoz!");
});

app.listen(3000, () => {
console.log("Server running on http://localhost:3000");
});

Restart your app:

node app.js

📊 Step 4: VIEW YOUR METRICS AND TRACES IN SigNoz

Head back to your SigNoz dashboard (http://localhost:3301), and you should start seeing:

Traces from your Node.js app
Requests per second (RPS)
Latency
Error rates

You can explore your services, view spans, and even drill into slow requests.

✅ Step 5: ADD SOME LOAD (Optional)

You can test how SigNoz reacts to traffic by sending requests to your app:

for i in {1..50}; do curl http://localhost:3000; done

Now, refresh your SigNoz dashboard — you’ll see data populating in real-time.

🎯 Conclusion

Congrats! You’ve successfully:

Set up SigNoz using Docker
Created a simple Node.js application
Added OpenTelemetry instrumentation
Viewed live metrics and traces inside SigNoz

Monitoring your app is an essential step to improving reliability and performance.
With SigNoz, you get powerful observability tools for free and open-source.

🧩 Next Steps

Try monitoring a real API or microservice
Explore SigNoz alerting and dashboards
Read more: https://signoz.io/docs/

✅ If you enjoyed this tutorial, share it or comment below