I would like to connect Heroku dynos to external compute and storage resources (i.e. on-prem, multi-cloud, etc.)
Heroku Private and Shield have VPC peering with AWS, but introduces additional overhead.
Does ZeroTier work with Heroku dynos? If so, are there are any gotchas to be aware of?
Related
I read more tutorials about deploy Strapi to Heroku and all of them talks about deployng your Strapi app to Heroku. But in addition I would like to understand if it is possible to deploy for example 2 different Strapi applications, to the same Heroku dyno and if it has any disadvantage or not.
Yes, it's possible.
You need to use Nginx Virtual Host as defined in Strapi Nginx Proxying documentation.
It's mentioned in Amazon AWS part of the documentation.
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-18-04
I want to host a production Rails application on Heroku but have some doubts. Can there be any problems with accessing application from Russia because of the Roskomnadzor ban?
Heroku runs on Amazon Web Services, and it looks like many AWS IP addresses have been blocked in the past:
On 13 April 2018, messaging service Telegram was banned... The ban has been enforced via the blockage of over 15.8 million IP addresses. IPs associated with Amazon Web Services and Google Cloud Platform are included in the block, due to Telegram's use of these platforms; this measure resulted in collateral damage due to usage of the platforms by other services in the country, including... many other unknown websites being blocked for no reason for a month.
I'm not sure that any host would be completely safe from this kind of block.
I have an application deployed to Heroku. I'm using a service that requires me to access their SFTP server using a static ip address. I know Heroku dynos are unreliable in this regard. I have successfully achieved this using the Proximo addon, however, its too expensive for the amount of traffic that I'll be sending (around 500 MB/month). Is there an alternate to this? I'm inclined towards using an EC2 instance but not quite sure what's required to create a proxy or whatever.
I'd go with an EC2 micro instance; pushing bits around doesn't really consume much CPU, so it's unlikely to get throttled. I would then give that instance an elastic IP address and communicate that address to the other service. (Whatever I choose to do later, I can always spin up another instance and associate it to that IP.) I would then deploy a SOCKS proxy (Dante?); SOCKS has pretty widespread application support, and it can handle SFTP just fine.
From here, there are a couple details specific to Heroku -- for one, you'll want to configure your proxy server's EC2 security group such that Heroku can access it (see Dynos and the Dyno Manifold). You'll also want to enable authentication on the SOCKS server, since granting Heroku access to your proxy grants everyone in Heroku access to your proxy. Then, heroku config:set SOME_SERVICE_SOCKS_PROXY=socks://user:pass#ip-10-1-2-3.ec2.internal, and have your application look for that environment variable and do the right thing.
You'll likely be paying $0.01/GB for intra-region data transfer between your proxy and Heroku, since statistically, your application will be in a different availability zone most of the time. Heroku dynos last about 24 hours in production, so while the exact location will dance around unpredictably, it'll probably land in the $0.008/GB range in aggregate. You'll also be paying for the micro instance itself (though reserved instances make them stupid cheap) as well as the usual AWS Internet data transfer rates.
I'm considering using Heroku for a NodeJS app, and I was wondering if their Dynos enjoy the free internal data transfer inside the AWS network.
I want to use DynamoDB, ElastiCache, RDS, SQS and a bunch of other AWS offerings - if I can connect to all of them from Heroku, which region and AZ do I need to set them up in to talk to them for free from the Heroku Dynos?
Heroku runs in US-East region so as long as you setup there you shouldn't incur any transfer costs between dynos and other services.
There's more details on the https://devcenter.heroku.com/articles/amazon_rds page - it relates to RDS but a lot of it is general Amazon stuff like security groups etc.
I'm creating a redis instance in ec2 that I want my heroku app to be able to access. Are there specific inbound source ip ranges or security settings I can set in Amazon ec2 security groups to only allow traffic from my heroku instances?
UPDATE: Heroku no longer publishes it's security groups so this is no longer possible.
Heroku dynos can make any outbound tcp connection to anywhere.
I think this is what you want: https://devcenter.heroku.com/articles/proximo
Then you will be able to use AWS security groups.