QGTunnel Setup Guide for AWS and MongoDB
Table of contents
To setup QGTunnel for QuotaGuard on Amazon Web Services (AWS) with a MongoDB endpoint connection, we suggest you go with the SOCKS proxy using our QGTunnel software. Here are some setup instructions to get you started:
Step 1: Download QGTunnel and Save to Root of Your Project
curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz
Step 2: Log in to QuotaGuard Dashboard and Create the Tunnel
In the top right menu, go to Setup (Gear Icon), click on QGTunnel Configuration, then “Create a Tunnel”.
A Note About Mongodb+Srv URL
If you are connecting with a mongodb+srv URL (eg: mongodb+srv://USERNAME:PASSWORD@cluster0.abc123.mongodb.net/DATABASE?option1=value1) then you can lookup your cluster’s shards here: https://www.whatsmydns.net/dns-lookup/srv-records.
Be sure to prepend your cluster address with mongodb._tcp (_eg: _mongodb._tcp.cluster0.abc123.mongodb.net). This will produce the hostnames of your shards (_eg: cluster0-shard-00-00.abc123.mongodb.net, cluster0-shard-00-01.abc123.mongodb.net, and cluster0-shard-00-02.abc123.mongodb.net_).
You will then need to create a tunnel for each shard.
Remote Destinations:
* tcp://cluster0-shard-00-00.abc123.mongodb.net:27017
* tcp://cluster0-shard-00-01.abc123.mongodb.net:27017
* tcp://cluster0-shard-00-02.abc123.mongodb.net:27017
Local Port: 27017
Transparent: true
Encrypted: false
This setup assumes that the remote mongodb server is listening on port 27017. This is usually the default port.
Transparent mode allows QGTunnel to override the DNS for cluster0-shard-00-0X.abc123.mongodb.net to localhost, which redirects traffic to the QGTunnel software.
Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don’t need to spend time setting it up. We believe mongodb is already encrypted, but you should double check.
Not using mongodb+srv?
If you are not using a mongodb+srv URL, please let us know what your connection URL looks like and we can help you set that up too. Send us an email at QuotaGuard Support.
Step 3: Change Your Code to Connect Through the Tunnel
In most other setups for QGTunnel, you have to change your code at this step, however with transparent mode and matching Local and Remote ports you should not need to change your code.
And there was much rejoicing…
Step 4: Change your Startup Code:
Change the startup code that starts up your application. In many platforms, this is done with a Procfile. Basically you just need to prepend your startup code with “bin/qgtunnel”.
So for a Procfile that was previously:
web: your-application your arguments
you would now want:
web: bin/qgtunnel your-application your arguments
Step 5: Setup the Environment Variable QUOTAGUARDSTATIC_URL
Setup the environment variable QUOTAGUARDSTATIC_URL or QUOTAGUARDSHIELD_URL to be equal to your Connection URL in the Setup page of our dashboard. Be sure to use the QUOTAGUARDSHIELD_URL for QuotaGuard Shield subscriptions and QUOTAGUARDSTATIC_URL for QuotaGuard Static subscriptions.
If you added us from a cloud provider, like AWS, then this is usually done for you.
Please note that QGTunnel handles converting the HTTP URL and port to the SOCKS5 URL and port. So either of the connection URLs will work.
Step 6: Commit and Push your Code
Be sure that the file bin/qgtunnel
is added to your repository.
If you are using transparent mode, be sure that vendor/nss_wrapper/libnss_wrapper.so
is also added to your repository.
If you are not using transparent mode, you will want to set the environment variable QGTUNNEL_DNSMODE to DISABLED to avoid seeing an error message in your logs.
Step 7: Troubleshoot Any Problems
If you have problems, enable the environment variable QGTUNNEL_DEBUG=true
and then restart your application while watching the logs.
If you can’t figure it out, send QuotaGuard Support the information in the logs. Please redact any sensitive information, including your QuotaGuard connection URL because it contains your password.
Step 8: VERY IMPORTANT
After you get everything working, we suggest you download your QGTunnel configuration from our dashboard as a .qgtunnel file and put that in the root of your project. This prevents your project from relying on the QuotaGuard website during startup.
Alternatively you can put the contents of the downloaded configuration file in a QGTUNNEL_CONFIG environment variable.
By following these steps, you can set up QGTunnel for AWS MongoDB database connections using QuotaGuard’s Static IP services. If you have any questions or issues, contact QuotaGuard Support for assistance.