We suggest you go with the SOCKS proxy using our QGTunnel software.
Here are the setup instructions to get you started.
1. Download QGTunnel into the root of your project
2. Log in to our dashboard and set up the tunnel
Direct / Azure / Render Users
Using the Heroku CLI you can log into our dashboard with the following command:
heroku addons:open quotaguardstatic
Or if you prefer, you can log in from the Heroku dashboard by clicking on QuotaGuard Static on the resources tab of your application.
Once you are logged into our dashboard, in the top-right menu, go to Setup. On the left, click Tunnel, then Create Tunnel.
Remote Destination: tcp://hostname.for.your.server.com:5432
Local Port: 5432
This setup assumes that the remote PostgreSQL server is located at hostname.for.your.server.com and is listening on port 5432. This is usually the default port.
The Local Port is the port number that QGTunnel will listen on. In this example, we set it to 5432, but if you have another process using 5432, you may have to change it (ie: 5433).
Transparent mode allows QGTunnel to override the DNS for hostname.for.your.server.com to 127.0.0.1, which redirects traffic to the QGTunnel software. This means you can connect to either hostname.for.your.server.com or 127.0.0.1 to connect through the tunnel.
Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don't need to spend time setting it up. In most instances, PostgreSQL is already encrypted but you should always double-check.
3. Change your code to connect through the tunnel
With transparent mode and matching Local and Remote ports you should not need to change your code. You can also connect to 127.0.0.1:5432.
Without transparent mode, you will want to connect to 127.0.0.1:5432.
4. Change your startup code
Change the code that starts up your application. In many platforms, including Heroku, this is done with a Procfile. Basically, you just need to prepend your startup code with "bin/qgtunnel".
So for a Procfile that was previously:
web: your-application your arguments
you would now want:
web: bin/qgtunnel your-application your arguments
Heroku Users: You have a procfile even if it’s not explicitly in your code base. To find it, log into the Heroku dashboard, click on the Resources tab, and you will see a list of your dyno processes. The text you see (like web npm start) next to each one acts as your Procfile if you do not have one explicitly in your code base.
5. Setup the environment variable QUOTAGUARDSTATIC_URL to be equal to your Connection URL in the Setup page of our dashboard
If you added us from a cloud provider (Azure, CloudFoundry, Heroku, Render, IBM Cloud, Pivotal, etc) then this is usually done for you.
Please note that QGTunnel handles converting the HTTP URL and port to the SOCKS5 URL and port. So either of the connection URLs is fine.
6. Commit and push your code
Be sure that the file bin/qgtunnel is added to your repository.
If you are using transparent mode, be sure that vendor/nss_wrapper/libnss_wrapper.so is also added to your repository.
7. If you have problems
Enable the environment variable QGTUNNEL_DEBUG=true and then restart your application while watching the logs. Send QuotaGuard Support any information in the logs.
Please redact any sensitive information, including your QuotaGuard connection URL.
8. After you get everything working, we suggest you download your QGTunnel configuration from our dashboard as a .qgtunnel file and put that in the root of your project.
This keeps your project from not relying on our website during startup. Our website might be down for maintenance and your application would fail because it can not find your configuration file.
If you have questions, or if this solution doesn’t work or fit your use case, please reach out to us at Support
so we can help figure it out with you.
Working with sensitive data, like HIPAA, Financial, or Personally Identifiable Information (PII)?
Then you will want to check out our QuotaGuard Shield solution, it's the same as QuotaGuard Static, but with stronger end to end security for your requests. We can also help migrate current Static customers to Shield for free, just reach out to us at Support to request assistance.