Outbound IP Address

Interested to see if there is any plans to enable using the IP addresses assigned to an app as the outbound IP’s if those apps need to make requests to external network services.

My use case is to connect into an external DB, which has firewall requirements limiting external IP’s that can connect to it.

I think I might have answered my own question from another post…

If we add a peer on a server behind the firewall with access to the db server and setup a tunnel, it sounds like we can use the tunnel in reverse from within the instance in fly…

Will give that a test and see how we go.

1 Like

Yes that’s the best way to do it! We don’t have stable outbound IPs yet, so IP restrictions are a no go. They’re also pretty brittle and doing wireguard peers is a much better answer for talking to private services.

This is also what I was hoping to do. I have a database hosted in Azure. I can easily assign IPs to whitelist but not if they change regularly. And deploying GO code in Azure is annoying.

We’ll automate this someday, but it’s reasonably simple to create a wireguard server on an Ubuntu instance and connect your app through that to your DB.

https://fly.io/docs/reference/privatenetwork/#private-network-vpn

My use case is similar but a little bit different. I am using a payment gateway that needs me to whitelist an IP. Is setting up another VM and connecting it to Wireguard still the best way for me to have a whitelist-able IP?

Same here - need an IP for accessing APIs that require it.

We still don’t have the plumbing to give people stable outbound IPs. For now, the simplest thing is either quotaguard.com or VMs from someone like DigitalOcean running a proxy (Smokescreen would be pretty easy: GitHub - fly-apps/smokescreen: An example of deploying Smokescreen on Fly.io)