在公司防火墙后使用cloud_sql_proxy-无法连接到mysql实例 [英] Using cloud_sql_proxy behind corporate firewall - can't connect to mysql instances
问题描述
当我将http_proxy和https_proxy变量设置为正确的值时,我已经能够在公司防火墙后面使用Google Cloud SDK.看起来服务帐户的初始Oauth连接可以与那些代理vars集一起使用.但是,当我尝试使用mysql客户端连接到运行代理的计算机时,与google mysql实例的连接将失败.
I've been able to use the google cloud sdk behind a corporate fire wall when I set my http_proxy an https_proxy variables to the right values. It also looks like the inital Oauth connection for the service account works with those proxy vars set. However when I attempt to use a mysql client connection to the machine running the proxy the connection to the google mysql instance fails.
这是我的代理命令BTW(已验证代理cmd/setup在不位于公司防火墙后面的系统上工作):
Here is my command for the proxy, BTW(verified the proxy cmd/setup works on a system that isn't behind the corporate firewall) :
cloud_sql_proxy -instances=api-project-1054727403053:us-east1:mysql-google-v1=tcp:3306 -credential_file=c:\tools\myeditor.json
2017/09/14 09:39:29 using credential file for authentication; email=myeditor@api
-project-1054727403053.iam.gserviceaccount.com
2017/09/14 09:39:29 Listening on 127.0.0.1:3306 for api-project-1054727403053:us
-east1:mysql-google-v1
2017/09/14 09:39:29 Ready for new connections
2017/09/14 09:39:34 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:39:57 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:39:58 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:40:19 Throttling refreshCfg(api-project-1054727403053:us-east1:mys
ql-google-v1): it was only called 43.386s ago
2017/09/14 09:40:40 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:40:41 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:41:23 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
错误看起来像...拨打tcp 35.190.176.161:3307:connectex:连接尝试失败ed,因为关联方在一段时间后未正确响应
The error looks like ... dial tcp 35.190.176.161:3307: connectex: A connection attempt fail ed because the connected party did not properly respond after a period of time
再次,我已经验证了上述代理设置在不位于公司防火墙后面的系统上可以工作,因此我想知道是否仍然可以将云代理配置为使用http_proxy/https_proxy建立连接并进行通信?
Again, I have verified the above proxy setup works on a system that isn't behind the corporate firewall, so I'm wondering is there anyway to configure the cloud proxy to use the http_proxy/https_proxy to establish connections and communicate?
谢谢
推荐答案
MySQL具有自己的协议,该协议与HTTP完全独立,通常在端口3306上.CloudSQL代理使用HTTP进行初始身份验证设置,但实际的SQL连接将此协议包装在端口3307上的TLS中.不幸的是,无法通过HTTP代理运行MySQL协议.相反,您将需要公司防火墙的例外.
MySQL has it's own protocol that is completely independent from HTTP, typically on port 3306. While the Cloud SQL proxy uses HTTP for initial auth setup, the actual SQL connection wraps this protocol in TLS on port 3307. Unfortunatly there is no way to run the MySQL protocol through an HTTP proxy. Instead you will need an exception to the corporate firewall.
If you just need to access Cloud SQL on the command line, I recommend doing this from Cloud Shell as described at https://cloud.google.com/sql/docs/mysql/connect-admin-ip#cloud-shell.
如果您要构建更复杂的应用程序以从防火墙后面访问Cloud SQL,则可以构建一个公开HTTP API的GAE应用程序.然后,您可以通过代理使用该API,并且GAE应用程序可以连接到Cloud SQL.
If you want to build a more complex application that accesses Cloud SQL from behind the firewall, you could build a GAE app that exposes an HTTP API. You can then use that API through the proxy and the GAE app can connect to Cloud SQL.
这篇关于在公司防火墙后使用cloud_sql_proxy-无法连接到mysql实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
