我在 Heroku 上运行 Ruby on Rails 应用程序,我的数据库位于其他地方,只能使用某些列入白名单的 IP 访问它,但由于 heroku 不提供动态 IP,我想使用 proximo。
请帮助我如何使用 heroku 的 proximo 连接到远程数据库。
问问题
4014 次
4 回答
5
We had a difficult time achieving this (we ended up whitelisting every domain)
IP's
The problem is Dyno's are hosted on AWS' EC2 cloud - meaning they aren't actually Heroku's servers. This causes a lot of problems, as the IPs are all shrouded & change:
Because the Heroku dyno grid is dynamic in nature, the IP address that a given dyno will be assigned over time will be both dynamic and unpredictable. This dynamic sourcing of outbound traffic can make it difficult to integrate with APIs or make connections through firewalls that require IP-based whitelisting
After seeing the proximo addon, you may be able to achieve what you need using a static IP
Proximo
According to the proximo tutorial on Heroku's site, you should be able to install the add-on & receive your outbound IP relatively simply:
$ heroku addons:add proximo:development
Adding proximo to sharp-mountain-4005⦠done, v18 ($5/mo)
Your static IP address is 127.0.0.1
You should then be able to use this on your db host - to allow the IP
于 2014-02-17T10:08:07.860 回答
1
一种解决方法是将 SQL 数据库提供程序管理界面中的所有 IP 地址列入白名单:您可以通过将 0.0.0.0/0 列入白名单来做到这一点。(在 Google Cloud SQL 中,您可以在“授权网络”下执行此操作)
如果这样做,强烈建议您将连接配置为使用 SSL,并且只允许 SSL 连接到您的数据库。
于 2014-10-24T15:01:53.870 回答
1
没有 ruby 数据库适配器本身支持代理连接,因此对于数据库访问,您需要通过 SOCKS 代理代理您的调用。用于执行此操作的 SOCKS 包装脚本可作为我们的QuotaGuard 静态 Heroku 插件的一部分。
您可以通过在 Procfile 中预先调用包装脚本来配置它,因此应该以最少的集成工作。
web: bin/qgsocksify bundle exec unicorn -p $PORT -c ./config/unicorn.rb
默认情况下,此包装器通过代理路由所有出站 TCP 流量,但有额外的配置可将其限制为仅限于您的数据库流量。
于 2014-10-04T10:39:51.923 回答
0
You can configure NGINX as your reverse proxy to allow your Heroku app to connect to the IP address(which is your NGINX server and whitelisted), the reverse proxy will connect to the DB.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku
于 2015-01-10T10:01:23.393 回答