I switched Events In Plain Site from TNTSearch to Meilisearch. TNTSearch seems to be more-or-less abandoned, and Meilisearch is a first-party driver for both Laravel Scout (which has the additional benefit of having its docs available via Laravel Boost) and Laravel Forge.

I use Laravel Forge to manage servers and deploys. Which is in turn hooked up to my AWS account. (In the Canadian region for anyone who cares. Remember, its not really data sovereignty if you use an US provider like AWS.) So I told it to spin up the smallest ‘Melisearch server’. A couple minutes later it was sitting happily next to my app server.

With the default Security Group. Which had;

  • Allow all UDP from everywhere
  • Allow all TCP from everywhere
  • Allow everything from self

That’s … sub awesome. But easy to fix.

Security Group 1: SSH

  • Inbound: Allow SSH from anywhere (because I couldn’t be bothered to play with dynamic IP address stuff)
  • Outbound: Allow everything

Security Group 2: Meilisearch

  • Inbound: Allow TCP 7700 from self. (You have to do this in 2 steps in order to get an id to save)
  • Outbound: Allow everything

Then we replace the default Security Group on the new server with these 2. And attach the Meilisearch one as well onto the app server.

Now there are only 2 ports open, and they are appropriately constrained.

(Yes, yes, the Forge provisioned server starts Meilisearch up with a long password so ‘technically’ it was fine to be exposed to the internet, but if something doesn’t have to be, it shouldn’t be.)