How to Setup a Static IP with PythonAnywhere and MySQL
Unfortunately, Python’s MSSQL implementations are extrapolations of C libraries and there is no clean way to insert a proxy directly into the implementation.
But never fear, we can use the QGTunnel solution to get around this limitation.
The setup is very similar to MySQL, just with different ports involved.
We’re going to use the SOCKS proxy using the QGTunnel software.
To get started:
1. Download QGTunnel into the root of your project
curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz
2. Log in to our dashboard and setup the tunnel
Once you are logged into our dashboard, in the top right menu, go to Setup (Gear Icon), click on QGTunnel Configuration, then Create Tunnel.
Remote Destination: tcp://hostname.for.your.server.com:1433 Local Port: 1433 Transparent: true Encrypted: false
This setup assumes that the remote MSSQL server is located at hostname.for.your.server.com and is listening on port 1433. This is usually the default port.
The Local Port is the port number that QGTunnel will listen on. In this example we set it to 5432, but if you have another process using 1433, you may have to change it (ie: 1434).
Transparent mode allows QGTunnel to override the DNS for hostname.for.your.server.com to 127.0.0.1, which redirects traffic to the QGTunnel software. This means you can connect to either hostname.for.your.server.com or 127.0.0.1 to connect through the tunnel.
Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don’t need to spend time setting it up. Usually MSSQL is already encrypted, but always double check.
3. Change your code to connect through the tunnel
With transparent mode and matching Local and Remote ports you should not need to change your code. You can also connect to 127.0.0.1:1433.
Without transparent mode, you will want to connect to 127.0.0.1:1433.
4. Change your startup code.
Change the code that starts up your application. In many platforms, this is done with a Procfile. Basically you just need to prepend your startup code with “bin/qgtunnel”.
So for a Procfile that was previously:
web: your-application your arguments
you would now want:
web: bin/qgtunnel your-application your arguments
5. Setup the environment variable QUOTAGUARDSTATIC_URL to be equal to your Connection URL in the Setup page of our dashboard.
If you added us from a cloud provider (Azure, Cloudfoundry, Heroku, AWS, IBM Cloud, Pivotal, etc) then this is usually done for you.
Please note that QGTunnel handles converting the HTTP URL and port to the SOCKS5 URL and port. So either of the connection URLs is fine.
6. Commit and push your code.
Be sure that the file
bin/qgtunnel is added to your repository.
If you are using transparent mode, be sure that
vendor/nss_wrapper/libnss_wrapper.so is also added to your repository.
If you are not using transparent mode, you will want to set the environment variable QGTUNNEL_DNSMODE to DISABLED to avoid seeing an error message in your logs.
7. If you have problems, enable the environment variable
QGTUNNEL_DEBUG=true and then restart your application while watching the logs.
If you continue to have issues, send our Support the information in the logs. Please redact any sensitive information, including your QuotaGuard connection URL.
8. After you get everything working, download your QGTunnel configuration from our dashboard as a .qgtunnel file and put that in the root of your project. This prevents your project from relying on our website during startup.
Alternatively you can put the contents of the downloaded configuration file in a QGTUNNEL_CONFIG environment variable.
If you have questions, or if this solution doesn’t work or fit your use case, please reach out to us at Support so we can help figure it out with you.
Working with sensitive data, like HIPAA, Financial, or Personally Identifiable Information (PII)?
Then you will want to check out our QuotaGuard Shield solution, it has the same functionality as QuotaGuard Static, but with stronger end to end security for your requests. We can also help migrate current Static customers to Shield for free, just reach out to us at Support to request assistance.