Setting up HTTPS with QuotaGuard Static IP’s

We suggest you go with the SOCKS proxy using our QGTunnel software. Here are the setup instructions to get you started.

Download QGTunnel into the root of your project

curl | tar xz

Log in to our dashboard and set up the tunnel

Direct, Azure, AWS, and Render users can visit to sign in to their account.

Heroku Users can use Heroku CLI to log into our dashboard with the following command:

heroku addons:open quotaguardstatic

Other option is to log in from the Heroku dashboard by clicking on QuotaGuard Static on the resources tab of your application.

Once you are logged into our dashboard, in the top-right menu, go to Setup. On the left, click Tunnel, then Create Tunnel.

Remote Destination: tcp://
Local Port: 4443
Transparent: true
Encrypted: false

This setup assumes that the remote HTTPS server is located at and is listening on port 443. This is usually the default port.

The Local Port is the port number that QGTunnel will listen on. In this example we set it to 4443, because port 443 is probably in use on the localhost and it is also in the reserved port range (0-1023).

Transparent mode allows QGTunnel to override the DNS for to, which redirects traffic to the QGTunnel software. This means you can connect to either or to connect through the tunnel. You will likely require transparent mode for HTTPS connections, as most certificates are signed by hostname and will require the HTTP request to be bound for that hostname.

Encrypted mode is disabled because HTTPS is already encrypted and you will not want to waste your time setting up additional end-to-end encryption.

Change your code to connect through the tunnel

Given the example above, you will now need to connect using the new port number in your URL.

For example, if you previously were trying to connect to:

https ://

Now you will want to connect to:

Change your startup code

Change the code that starts up your application. In many platforms, including Heroku, this is done with a Procfile. Basically, you just need to prepend your startup code with “bin/qgtunnel”.

web: your-application your arguments

you would now want:

web: bin/qgtunnel your-application your arguments

Heroku Users: You have a procfile even if it’s not explicitly in your code base. To find it, log into the Heroku dashboard, click on the Resources tab, and you will see a list of your dyno processes. The text you see (like web npm start) next to each one acts as your Procfile if you do not have one explicitly in your code base.

Setup the environment variable

Setup the environment variable QUOTAGUARDSTATIC_URL to be equal to your Connection URL in the Setup page of our dashboard.

If you added us from a cloud provider (Azure, CloudFoundry, Heroku, Render, IBM Cloud, Pivotal, etc) then this is usually done for you.

Please note that QGTunnel handles converting the HTTP URL and port to the SOCKS5 URL and port.  So either of the connection URLs is fine.

Commit and push your code

Be sure that the file bin/qgtunnel is added to your repository.  

If you are using transparent mode, be sure that vendor/nss_wrapper/ is also added to your repository.

If you have problems

Enable the environment variable QGTUNNEL_DEBUG=true and then restart your application while watching the logs. Send QuotaGuard Support any information in the logs.

Please redact any sensitive information, including your QuotaGuard connection URL.


After you get everything working, we suggest you download your QGTunnel configuration from our dashboard as a .qgtunnel file and put that in the root of your project.

This keeps your project from not relying on our website during startup. Our website might be down for maintenance and your application would fail because it can not find your configuration file.