Creating static IP for heroku to connect to external firewall - heroku

I'm trying to connect to ObjectRocket with my Heroku app, I'm running into a little problem where I can't seem to set a static IP (tried Proximo for that).
ObjectRocket requires me to define all IP's connecting to the database, so I need a non-dynamic IP for my heroku app.
How could I create this, or is this not possible with Heroku?

Hello you can use this answer to see how to use NGINX as a reverse proxy.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku
If in your case where you require a outbound reverse proxy, setup an AWS instance and use NGINX to point it to ObjectRocket as your backend

Related

What source IP ranges to add to google cloud firewall to only allow access from the domain of my API

I currently have a Google cloud redis instance running which allows all connections ( ip range 0.0.0.0/0 ) which I would like to secure.
I have an api that is hosted on Heroku that is being forwarded to via a google domain. What I want to know is which ip do I add to the Source Ip ranges field in the google cloud firewall config tab to only allow connections from my API.
There are a few things I am confused about:
I need to specify an IP range, but I'm only going to be connecting to it from one IP ( The domain pointing to my API )
Which IP do I provide? The IP of my domain that is pointing to my API or the IP of the api instance itsself as it is on heroku?
Any help would be great!
Thanks
Heroku itself is hosted on AWS, so it uses a subset of their EC2 range.
Looking at this answer, you could use
heroku regions --json
to find the currently used IP ranges.
Problem with that: they can change!
If you need a static source IP coming from a Heroku app, you might want to use one of the SOCKS5 proxy addons.
But:
There is a performance impact for this cross-datacenter usage between your application and the Redis instance, so actually I would recommend you switching to a Redis instance by Heroku, or at least by a provider that lives inside the same AWS region.

How to serve a Heroku app with Google cloud fixed IP

I have a Heroku app that uses nodejs to serve a static web page https://foda-app.herokuapp.com
Heroku does not provide a fixed IP and I really need one for a personal project, so I'm trying to use Google Cloud's VPC reserved static external IP addresses.
I was able to reserve the IP but I'm not sure how should I link it with my Heroku app, since the Google Cloud offers so many options and services. I just wanna redirect all traffic from this IP to the Heroku app and I can't find a simple way to do it.
I need to create a global forwarding rule but I can't find a way to achieve this without using a lot of other services. Do I need a VM instance? Do I need a load balancer? Should I use VPC routes or Cloud DNS? I'm overwhelmed with all those services.
Please can someone tell me if it's possible, and what is the simplest way to achieve this?
You can achieve this using below two ways. -
Use a third party addon on heroku. eg. https://devcenter.heroku.com/articles/quotaguardstatic
Setup a proxy server on the static IP, and redirect all traffic to the desired Heroku url.
Details for step 2 -
Assigning a static external IP address to a new VM instance https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
Install Nginx/HAProxy on the newly procured VM.
setup config. like below -
upstream heroku-1{
server foda-app.herokuapp.com fail_timeout=15s;
}
server{
listen 80;
server_name yourdomain.example or ip address
location / {
proxy_pass http://heroku-1;
proxy_read_timeout 300;
}
}
Change DNS mapping for your domain(if any) to point to the static IP.

Running HTTPS on EC2 Instance

I’m trying to use HTTPS on my EC2 instance.
Currently, my URL looks like this: 192.168.0.1:8443 and works great.
However, due to HTTPS requirements by Stripe and other applications, I need the url to look like this: https://dev.domain.com
I should add that I am using Cloudflare as my DNS Manager.
I’ve tried Googling how to set this up with no luck. Maybe I’m searching for the wrong thing.
Can someone help me achieve this setup?
Thank you in advance!
You need to configure route53 to create a hosted zone for your website and then you need to add record set where you will point your ec2 server's ip for the particular website request.please follow the link for detailed instructions to setup website with ec2
AWS link
Which web server (httpd/IIS) you enabling on this EC2 instance?
try these steps if it is Linux box
SSL-on-an-instance
I ended up adding rules for ports 80 and 443 to my EC2 instance, and then telling Apache to listen on port 80 instead of 8443. This allowed me to remove the appended :8443 in the URL and I was able to copy the DNS info into Cloudflare as a CNAME and begin using my domain name. Before, I wasn’t able to use my server info as it had to have :8443 appended to the URL which Cloudflare doesn’t like.

Using Meteor behind a proxy is not working

I am connecting to an external Mongo DB that only accepts certain IPs. I have a Meteor instance running on Heroku, and I have a Quotaguard static URL that I am trying to route Meteor through so I can connect to the Mongo server from that IP. Currently I have two environment variables on Heroku:
HTTP_PROXY=http://user:password#1.2.3.4:5678
HTTPS_PROXY=http://user:password#1.2.3.4:5678
However, when I check the logs, the application was not connecting to the database from my proxy IP. It was connecting as if there were no proxy. Is there an extra step I must take on Heroku?

Proxy server on Heroku

There is an addon on Heroku called Proximo, and I'm just curious what kind of server you would need to setup to run your own proxy? Would Squid do the same thing that Proximo is doing or does anyone have any experience/suggestions for how to setup one up?
Our app vitally needs a dedicated IP address and proximo is a bit expensive.
You can use either Squid, Haproxy or even nginx - they are all high-throughput and very stable proxy/caching solutions.

Resources