Outbound IP Address

mikeb · May 4, 2021, 12:43am

Interested to see if there is any plans to enable using the IP addresses assigned to an app as the outbound IP’s if those apps need to make requests to external network services.

My use case is to connect into an external DB, which has firewall requirements limiting external IP’s that can connect to it.

mikeb · May 4, 2021, 4:35am

I think I might have answered my own question from another post…

If we add a peer on a server behind the firewall with access to the db server and setup a tunnel, it sounds like we can use the tunnel in reverse from within the instance in fly…

Will give that a test and see how we go.

kurt · May 4, 2021, 2:09pm

Yes that’s the best way to do it! We don’t have stable outbound IPs yet, so IP restrictions are a no go. They’re also pretty brittle and doing wireguard peers is a much better answer for talking to private services.

billg · May 5, 2021, 12:46pm

This is also what I was hoping to do. I have a database hosted in Azure. I can easily assign IPs to whitelist but not if they change regularly. And deploying GO code in Azure is annoying.

kurt · May 5, 2021, 3:01pm

We’ll automate this someday, but it’s reasonably simple to create a wireguard server on an Ubuntu instance and connect your app through that to your DB.

https://fly.io/docs/reference/privatenetwork/#private-network-vpn

theo · May 27, 2021, 1:35pm

My use case is similar but a little bit different. I am using a payment gateway that needs me to whitelist an IP. Is setting up another VM and connecting it to Wireguard still the best way for me to have a whitelist-able IP?

jsierles · May 27, 2021, 3:20pm

Same here - need an IP for accessing APIs that require it.

kurt · May 27, 2021, 5:45pm

We still don’t have the plumbing to give people stable outbound IPs. For now, the simplest thing is either quotaguard.com or VMs from someone like DigitalOcean running a proxy (Smokescreen would be pretty easy: GitHub - fly-apps/smokescreen: An example of deploying Smokescreen on Fly.io)

boiserunner · November 15, 2022, 5:48pm

Is there a near-term future where you’d at least have a stable range of IPs? We have a BI tool running on Fly. It needs to make a connection to Redshift. Knowing which IPs our instance might be calling from would be really beneficial.

suryatmodulus · March 10, 2023, 8:03am

Can something like this be configured ? If so, could you suggest the best way to do it. Thanks

hkb · January 15, 2024, 6:55pm

I work on Enzoguard. It is a SaaS service that gives you stable outbound IP address: https://enzoguard.com
We run a free tier hosted in the US and the free-tier should be sufficient for most developers.

Give it a spin if you would like a stable IP address. We are also working on blocking egress network.
An EU region is in the works, please reach out if you want egress from a specific region or need a dedicated IP address. Cheers!

ariabov · March 10, 2024, 11:34pm

Another SaaS option to consider is Fixie. It is both language- and framework-agnostic, has proxies in US/EU regions (low latency!), and has flexible pricing.

Here are the instructions for getting started specifically with Fly.io

Topic		Replies	Views
Route all traffic through a remote VPN	3	1713	March 17, 2023
Are outbound requests sent from the instance's public IP?	4	1736	March 10, 2023
Can I use the dedicated IP address for outbound traffic?	4	1102	June 19, 2023
Set/get outgoing IP address for whitelisting on external APIs/Hosts	41	5846	September 30, 2024
Static egress IP Questions / Help	4	2975	November 4, 2022

Outbound IP Address

Related topics