2

I am running a Ruby on Rails application on Heroku and my database is in someother place where it will be accessed with certain whitelisted IP's only but since heroku doesn't provide dynamic IP's I thought of using proximo.

Please help me how to connect to remote database with proximo from heroku.

Aahlad
  • 141
  • 5
  • 14

4 Answers4

5

We had a difficult time achieving this (we ended up whitelisting every domain)

IP's

The problem is Dyno's are hosted on AWS' EC2 cloud - meaning they aren't actually Heroku's servers. This causes a lot of problems, as the IPs are all shrouded & change:

Because the Heroku dyno grid is dynamic in nature, the IP address that a given dyno will be assigned over time will be both dynamic and unpredictable. This dynamic sourcing of outbound traffic can make it difficult to integrate with APIs or make connections through firewalls that require IP-based whitelisting

After seeing the proximo addon, you may be able to achieve what you need using a static IP

Proximo

According to the proximo tutorial on Heroku's site, you should be able to install the add-on & receive your outbound IP relatively simply:

$ heroku addons:add proximo:development
Adding proximo to sharp-mountain-4005⦠done, v18 ($5/mo)
Your static IP address is 127.0.0.1

You should then be able to use this on your db host - to allow the IP

Richard Peck
  • 76,116
  • 9
  • 93
  • 147
  • 3
    Note, to whitelist every domain, you can whitelist 0.0.0.0/0 (add this in "authorized networks" if you are using a Google Cloud SQL database). If you do so, it is highly recommended to configure SSL and "only allow SSL connections". – Steren Oct 24 '14 at 14:46
1

No ruby database adapters natively support proxy connections so for database access you need to proxy your calls via a SOCKS proxy. A SOCKS wrapper script to do this is available as part of our QuotaGuard Static Heroku add-on.

You configure this by prepending the call to the wrapper script in your Procfile so should work with minimal integration.

 web: bin/qgsocksify bundle exec unicorn -p $PORT -c ./config/unicorn.rb

By default this wrapper routes all outbound TCP traffic via the proxy but there is additional configuration available to limit this to just your database traffic.

Tim Williams
  • 318
  • 2
  • 6
  • Here's the script mentioned https://raw.githubusercontent.com/quotaguard/rails-ldap-example/master/bin/qgsocksify – ScotterC Jan 07 '15 at 18:04
  • Ignore my last comment. There's more to it which is detailed here: http://support.quotaguard.com/support/solutions/articles/5000013939-socks-quick-start-guide-quotaguard-static – ScotterC Jan 07 '15 at 18:14
1

A workaround is to whitelist all IP adresses from your SQL database provider admin interface: You can do this by whitelisting 0.0.0.0/0. (In Google Cloud SQL, you can do this under "authorized networks")

If you do so, it is highly recommended to configure your connection to use SSL and to only allow SSL connections to your database.

Steren
  • 7,311
  • 3
  • 31
  • 51
0

You can configure NGINX as your reverse proxy to allow your Heroku app to connect to the IP address(which is your NGINX server and whitelisted), the reverse proxy will connect to the DB.

https://stackoverflow.com/a/27874505/1345865

http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku

Community
  • 1
  • 1
amdstorm
  • 66
  • 6