QGTunnel Setup Guide for AWS and HTTPS
Table of contents
If you’re looking to set up QGTunnel for HTTPS connections on QuotaGuard on Amazon Web Services (AWS), we suggest you go with the SOCKS proxy using our QGTunnel software.
Please follow these step-by-step instructions for a secure and reliable connection.
Step 1: Download QGTunnel and Save to Root of Your Project
curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz
Step 2: Log in to QuotaGuard Dashboard and Create the Tunnel
In the top right menu, go to Setup (Gear Icon), click on QGTunnel Configuration, then “Create a Tunnel”.
Fill in the following data:
Remote Destination: tcp://hostname.for.your.server.com:443
Local Port: 4443
Transparent: true
Encrypted: false
This setup assumes that the remote HTTPS server is located at hostname.for.your.server.com and is listening on port 443. This is usually the default port.
The Local Port is the port number that QGTunnel will listen on. In this example we set it to 4443, because port 443 is probably in use on the localhost and it is also in the reserved port range (0-1023).
Transparent mode allows QGTunnel to override the DNS for hostname.for.your.server.com to 127.0.0.1, which redirects traffic to the QGTunnel software. This means you can connect to either hostname.for.your.server.com or 127.0.0.1 to connect through the tunnel. You will likely require transparent mode for HTTPS connections, as most certificates are signed by hostname and will require the HTTP request to be bound for that hostname.
Encrypted mode is disabled because HTTPS is already encrypted and you will not want to waste your time setting up additional end-to-end encryption.
Step 3: Change Your Code to Connect Through the Tunnel
Given the example above, you will now need to connect using the new port number in your URL.
For example, if you previously were trying to connect to:
https://hostname.for.your.server.com/some/long/path?var=1&var2=3
Now you will want to connect to:
https://hostname.for.your.server.com:4443/some/long/path?var=1&var2=3
Step 4: Change your Startup Code:
Change the startup code that starts up your application. In many platforms, this is done with a Procfile. Basically you just need to prepend your startup code with “bin/qgtunnel”.
So for a Procfile that was previously:
web: your-application your arguments
you would now want:
web: bin/qgtunnel your-application your arguments
Step 5: Setup the Environment Variable QUOTAGUARDSTATIC_URL
You need to setup the environment variable QUOTAGUARDSTATIC_URL to be equal to your Connection URL in the Setup page of our dashboard.
If you added us from a cloud provider (AWS, Azure, Heroku, Render, GCP, IBM Cloud, Pivotal, etc) then this is usually done for you. Please note that QGTunnel handles converting the HTTP URL and port to the SOCKS5 URL and port. So either of the connection URLs is fine.
Step 6: Commit and Push your Code
Be sure that the file bin/qgtunnel
is added to your repository.
If you are using transparent mode, be sure that vendor/nss_wrapper/libnss_wrapper.so
is also added to your repository.
If you are not using transparent mode, you will want to set the environment variable QGTUNNEL_DNSMODE to DISABLED to avoid seeing an error message in your logs.
Step 7: Troubleshoot Any Problems
If you have problems, enable the environment variable QGTUNNEL_DEBUG=true
and then restart your application while watching the logs.
If you can’t figure it out, send QuotaGuard Support the information in the logs. Please redact any sensitive information, including your QuotaGuard connection URL because it contains your password.
Step 8: VERY IMPORTANT - Download QGTunnel Configuration
After you get everything working, we suggest you download your QGTunnel configuration from our dashboard as a .qgtunnel file and put that in the root of your project. This prevents your project from relying on the QuotaGuard website during startup.
Alternatively you can put the contents of the downloaded configuration file in a QGTUNNEL_CONFIG environment variable.
By following these steps, you can set up QGTunnel for AWS FTP connections using QuotaGuard’s Static IP services. If you have any questions or issues, contact QuotaGuard Support for assistance.