To accomplish this goal, we suggest using a SOCKS proxy with our QGTunnel software.
Here are some setup instruction to get you started.
1. Download QGTunnel
Download and extract the
qgtunnel package in the root directory of your app:
$ curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz
2. Setup the Tunnel
Login to our Admin Dashboard and begin to setup the tunnel.
At the top right, click Settings, then Setup. On the left, click Tunnel, then Create Tunnel. You should reach this screen below.
For example, this assumes a MySQL server is being setup.
Remote Destination: tcp://hostname.for.your.server.com:3306
Local Port: 3306
This setup assumes that your server is located at “hostname.for.your.server.com” and is listening on port 3306 (the default MySQL port).
Use the same port for the local port, unless you are using that port or it is below 1024, then you will have to change this to some other port (say 3307).
Transparent mode allows QuotaGuard to override the DNS for hostname.for.your.server.com to 127.0.0.1, which redirects traffic to the QGTunnel software. This means you can connect to either hostname.for.your.server.com or 127.0.0.1 to connect through the QGTunnel. More information is available on transparent mode as you follow along in these instructions
Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don’t need to spend time setting it up. We have more details on end-to-end encryption as you follow along in these instructions.
Creating the tunnels in the dashboard is for convenience. Please see the last step (Harden your setup) for how to remove a dependency from your system.
3. Change your code (maybe)
You may have to change your code to connect through QGTunnel.
With transparent mode, and when using the same local and remote port, you should not have to change your code.
Without transparent mode, you will want to connect to 127.0.0.1:3306 (in this example). If you changed the local port, then you will need to change the port number to match.
4. Change your Procfile
Heroku Users: You have a procfile even if it’s not explicitly in your code base. To find it, log into the Heroku dashboard, click on the Resources tab, and you will see a list of your dyno processes. The text you see (like web npm start) next to each one acts as your Procfile if you do not have one explicitly in your code base.
Modify your app Procfile to prepend the QGTunnel application to your standard commands:
web: bundle exec unicorn -p $PORT -c ./config/unicorn.rb
web: bin/qgtunnel bundle exec unicorn -p $PORT -c ./config/unicorn.rb
Commit and deploy your changes. Be sure to add
bin/qgtunnel. If you are using transparent mode, be sure
vendor/nss_wrapper/libnss_wrapper.so is also committed.
6. (Optional) If problems arise...
By default all fatal errors encountered by the qgtunnel will be logged to your logs.
If this information is not enough you can enable verbose output mode by setting QGTUNNEL_DEBUG environment variable to true and restart the application while watching the logs.
Send any information in the logs (please redact any credentials, including your QuotaGuard connection URL) to our Support so we can help figure out the problem.
7. IMPORTANT: Harden your setup.
This step is highly recommended as we do not have any SLA on our website, which can be out due to maintenance at any time.
By default qgtunnel will try to fetch configuration from the QuotaGuard API, but it also supports local configuration.
You can download a configuration file from the Dashboard by pressing Download configuration on the Tunnel page.
Place the downloaded file into the root directory of your project under the .qgtunnel filename, commit and deploy.
With this file your application will not depend on the availability of our website during application startup.
The SOCKS wrapper is not straight forward to set up, or debug, so if you have any issues just get in contact with our Support and we'll help you out.
If you have questions, or if this solution doesn’t work or fit your use case, please reach out to us at Support
so we can help figure it out with you.
Working with sensitive data, like HIPAA, Financial, or Personally Identifiable Information (PII)?
Then you will want to check out our QuotaGuard Shield solution, it's the same as QuotaGuard Static, but with stronger end to end security for your requests. We can also help migrate current Static customers to Shield for free, just reach out to us at Support to request assistance.