Outbound IP Address

Interested to see if there is any plans to enable using the IP addresses assigned to an app as the outbound IP’s if those apps need to make requests to external network services.

My use case is to connect into an external DB, which has firewall requirements limiting external IP’s that can connect to it.

I think I might have answered my own question from another post…

If we add a peer on a server behind the firewall with access to the db server and setup a tunnel, it sounds like we can use the tunnel in reverse from within the instance in fly…

Will give that a test and see how we go.

1 Like

Yes that’s the best way to do it! We don’t have stable outbound IPs yet, so IP restrictions are a no go. They’re also pretty brittle and doing wireguard peers is a much better answer for talking to private services.

This is also what I was hoping to do. I have a database hosted in Azure. I can easily assign IPs to whitelist but not if they change regularly. And deploying GO code in Azure is annoying.

We’ll automate this someday, but it’s reasonably simple to create a wireguard server on an Ubuntu instance and connect your app through that to your DB.

https://fly.io/docs/reference/privatenetwork/#private-network-vpn

2 Likes

My use case is similar but a little bit different. I am using a payment gateway that needs me to whitelist an IP. Is setting up another VM and connecting it to Wireguard still the best way for me to have a whitelist-able IP?

Same here - need an IP for accessing APIs that require it.

2 Likes

We still don’t have the plumbing to give people stable outbound IPs. For now, the simplest thing is either quotaguard.com or VMs from someone like DigitalOcean running a proxy (Smokescreen would be pretty easy: GitHub - fly-apps/smokescreen: An example of deploying Smokescreen on Fly.io)

Is there a near-term future where you’d at least have a stable range of IPs? We have a BI tool running on Fly. It needs to make a connection to Redshift. Knowing which IPs our instance might be calling from would be really beneficial.

1 Like

Can something like this be configured ? If so, could you suggest the best way to do it. Thanks

I work on Enzoguard. It is a SaaS service that gives you stable outbound IP address: https://enzoguard.com
We run a free tier hosted in the US and the free-tier should be sufficient for most developers.

Give it a spin if you would like a stable IP address. We are also working on blocking egress network.
An EU region is in the works, please reach out if you want egress from a specific region or need a dedicated IP address. Cheers!

Another SaaS option to consider is Fixie. It is both language- and framework-agnostic, has proxies in US/EU regions (low latency!), and has flexible pricing.

Here are the instructions for getting started specifically with Fly.io

1 Like