We have lots of users that use MongoDB through our proxy servers.  We suggest you go with the SOCKS proxy using our QGTunnel software.

Here are some setup instruction to get you started: 

1. Download QGTunnel into the root of your project
 curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz

2. Log in to our dashboard and setup the tunnel
Using the Heroku CLI you can log into our dashboard with the following command:  heroku addons:open quotaguardshield  

Or if you prefer, you can login from the heroku dashboard by clicking on QuotaGuard Static on the resources tab of your application.

Once you are logged into our dashboard, in the top right menu, go to Setup.  On the left, click Tunnel, then Create Tunnel.

Remote Destination: tcp://hostname.for.your.server.com:27017 
Local Port: 27017 Transparent: true Encrypted: false

This setup assumes that the remote mongodb server is located at hostname.for.your.server.com and is listening on port 27017. This is usually the default port.
The Local Port is the port number that QGTunnel will listen on. In this example we set it to 27017, but if you have another process using 27017, you may have to change it (ie: 27018).

Transparent mode allows QGTunnel to override the DNS for hostname.for.your.server.com to, which redirects traffic to the QGTunnel software.  This means you can connect to either hostname.for.your.server.com or to connect through the tunnel.

If you are running a cluster, you will need to setup a tunnel (remote destination) for each endpoint and use transparent mode.

Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don't need to spend time setting it up. I believe mongodb is already encrypted but you should double check.

3. Change your code to connect through the tunnel With transparent mode and matching Local and Remote ports you should not need to change your code. You can also connect to

Without transparent mode, you will want to connect to

4. Change your startup code. Change the code that starts up your application.  In heroku this is done with a Procfile. Basically you just need to prepend your startup code with "bin/qgtunnel".

So for a Procfile that was previously: web: your-application your arguments you would now want:  web: bin/qgtunnel your-application your arguments  

If you do not have a Procfile, then heroku is using a default setup in place of the Procfile based on the framework or language you are using. You can usually find this information on the Overview tab of the application in Heroku's dashboard. It is usually under the heading "Dyno information".

5. Commit and push your code.Be sure that the file  bin/qgtunnel  is added to your repository.

If you are using transparent mode, be sure that  vendor/nss_wrapper/libnss_wrapper.so  is also added to your repository.

6. If you have problems, enable the environment variable  QGTUNNEL_DEBUG=true  and then restart your application while watching the logs.  Send me any information in the logs. Please redact any sensitive information, including your QuotaGuard connection URL.

7. After you get everything working, I suggest you download your QGTunnel configuration from our dashboard as a  .qgtunnel  file and put that in the root of your project.  This keeps your project from not relying on our website during startup.

If you have any more questions or something doesn't work, please let us know at Support so we can dig deeper into what might be the issue.