On April 1, 2021, we are moving all of our QuotaGuard Support Documentation to 


 Please Update Your Support Bookmarks

 Documentation for this article will be maintained at 


Please click on the above link to ensure you are reading 

the most recent and updated documentation.

We strongly suggest users go with the SOCKS proxy using our QGTunnel software.  

Here are some setup instruction to get you started:

1. Download QGTunnel into the root of your project

 curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz

2. Log in to our dashboard and set up the tunnel

Using the Heroku CLI you can log into our dashboard with the following command:

 heroku addons:open quotaguardstatic  

Or if you prefer, you can login from the Heroku dashboard by clicking on QuotaGuard Static on the resources tab of your application.

Once you are logged into our dashboard, in the top-right menu, go to Setup.  On the left, click Tunnel, then Create Tunnel.

Remote Destination: tcp://hostname.for.your.server.com:22
Local Port: 2222
Transparent: true
Encrypted: false

This setup assumes that the remote SFTP server is located at hostname.for.your.server.com and is listening on port 22. This is usually the default port.

The Local Port is the port number that QGTunnel will listen on.  In this example, we set it to 2222, because port 22 is probably in use on the localhost and it is also in the reserved port range (0-1023).

Transparent mode allows QGTunnel to override the DNS for hostname.for.your.server.com to, which redirects traffic to the QGTunnel software.  This means you can connect to either hostname.for.your.server.com or to connect through the tunnel.

Encrypted mode is disabled because SFTP is already encrypted and you will not want to waste your time setting up additional end-to-end encryption.

3. Change your code to connect through the tunnel
With transparent mode you will only have to change to connect to port 2222 instead of 22. You can also connect to

Without transparent mode, you will want to connect to

4. Change your startup code.
Change the code that starts up your application.  In Heroku this is done with a Procfile. Basically, you just need to prepend your startup code with "bin/qgtunnel".

So for a Procfile that was previously:
web: your-application your arguments
you would now want:
web: bin/qgtunnel your-application your arguments  

If you do not have a Procfile, then Heroku is using a default setup in place of the Procfile based on the framework or language you are using.  You can usually find this information on the Overview tab of the application in Heroku's dashboard. It is usually under the heading "Dyno information".

5. Commit and push your code.
Be sure that the file bin/qgtunnel is added to your repository.

If you are using transparent mode, be sure that vendor/nss_wrapper/libnss_wrapper.so  is also added to your repository.

6. If you have Issues
Enable the environment variable QGTUNNEL_DEBUG=true  and then restart your application while watching the logs.
Send QuotaGuard Support any information in the logs. Please redact any sensitive information, including your QuotaGuard connection URL.

7. After you get everything working, download your QGTunnel configuration from our dashboard as a  .qgtunnel  file and put that in the root of your project.  This keeps your project from not relying on our website during startup.

If you have questions, or if this solution doesn’t work or fit your use case, please reach out to us at Support so we can help figure it out with you.

Working with sensitive data, like HIPAA, Financial, or Personally Identifiable Information (PII)? 
    Then you will want to check out our QuotaGuard Shield solution, it's the same as QuotaGuard Static, but with stronger end to end security for your requests. We can also help migrate current Static customers to Shield for free, just reach out to us at Support to request assistance.