Outbound IP Address

mikeb · May 4, 2021, 12:43am

Interested to see if there is any plans to enable using the IP addresses assigned to an app as the outbound IP’s if those apps need to make requests to external network services.

My use case is to connect into an external DB, which has firewall requirements limiting external IP’s that can connect to it.

mikeb · May 4, 2021, 4:35am

I think I might have answered my own question from another post…

If we add a peer on a server behind the firewall with access to the db server and setup a tunnel, it sounds like we can use the tunnel in reverse from within the instance in fly…

Will give that a test and see how we go.

kurt · May 4, 2021, 2:09pm

Yes that’s the best way to do it! We don’t have stable outbound IPs yet, so IP restrictions are a no go. They’re also pretty brittle and doing wireguard peers is a much better answer for talking to private services.

billg · May 5, 2021, 12:46pm

This is also what I was hoping to do. I have a database hosted in Azure. I can easily assign IPs to whitelist but not if they change regularly. And deploying GO code in Azure is annoying.

kurt · May 5, 2021, 3:01pm

We’ll automate this someday, but it’s reasonably simple to create a wireguard server on an Ubuntu instance and connect your app through that to your DB.

https://fly.io/docs/reference/privatenetwork/#private-network-vpn

theo · May 27, 2021, 1:35pm

My use case is similar but a little bit different. I am using a payment gateway that needs me to whitelist an IP. Is setting up another VM and connecting it to Wireguard still the best way for me to have a whitelist-able IP?

jsierles · May 27, 2021, 3:20pm

Same here - need an IP for accessing APIs that require it.

kurt · May 27, 2021, 5:45pm

We still don’t have the plumbing to give people stable outbound IPs. For now, the simplest thing is either quotaguard.com or VMs from someone like DigitalOcean running a proxy (Smokescreen would be pretty easy: GitHub - fly-apps/smokescreen: An example of deploying Smokescreen on Fly.io)

boiserunner · November 15, 2022, 5:48pm

Is there a near-term future where you’d at least have a stable range of IPs? We have a BI tool running on Fly. It needs to make a connection to Redshift. Knowing which IPs our instance might be calling from would be really beneficial.

suryatmodulus · March 10, 2023, 8:03am

Can something like this be configured ? If so, could you suggest the best way to do it. Thanks