I have a dotnet core 2.0 application running in Google App Engine Flexible Environment. In the same Google project, I have a Cloud SQL – MySQL database. In the Cloud SQL Instance details page, under the “Authorization” tab , it points out
Applications in this project: All authorized.
However, I cannot access the database from my application unless I add the 0.0.0.0/0 route to the authorized network section.
How do I provide database access for my application without opening the database to the world?
Update from Jeffery Rennie 2018-05-21 (reply accepted)
App Engine now supports connecting to Cloud SQL instances using port numbers instead of unix domain sockets. So now, you can add the following app.yaml:
beta_settings:
cloud_sql_instances: "your-project-id:us-central1:instance-name=tcp:5432"
And specify Host=cloudsql in the connection string in appsettings.json:
"ConnectionString": "Uid=aspnetuser;Pwd=;Host=cloudsql;Database=visitors"
In the example above, the port is 5432, which is the default port for PostgreSQL databases. For MySQL databases, use port 3306.
A complete example with instructions for deploying to App Engine can be found here:
https://github.com/GoogleCloudPlatform/dotnet-docs-samples/tree/master/appengine/flexible/CloudSql
1> Jeffrey Renn..:
The ideal solution would be to use unix domain sockets to connect to Cloud SQL from the App Engine instance. This is what other programming languages like Python and PHP do. Unfortunately, the MySQL connector does not work with Domain sockets. I see no reason why it can’t, but it’s not the case. I hope they fix this soon.
As described in https://cloud.google.com/appengine/kb/#static-ip,
Please note that using static IP address filtering is not considered a safe and effective means of protection. For example, an attacker could set up a malicious App Engine application that could share the same IP address range as your application. Instead, we recommend you take a defense-in-depth approach using OAuth and Certs.
If the certificate is not enough to protect your application, the only remaining option I see today is to build a custom runtime that runs Cloud SQL Proxy. The proxy can forward the local IP port number to a unix domain socket. If You’ve already built a docker image or two, then it’s not too bad.
I will update this answer as the situation improves.
Updated 2018-05-21
App Engine now supports connecting to Cloud SQL instances using port numbers instead of unix domain sockets. So now, you can add the following app.yaml:
beta_settings:
cloud_sql_instances: "your-project-id:us-central1:instance-name=tcp:5432"
And specify Host=cloudsql in the connection string in appsettings.json:
"ConnectionString": "Uid=aspnetuser;Pwd=;Host=cloudsql;Database=visitors"
In the example above, the port is 5432, which is the default port for PostgreSQL databases. For MySQL databases, use port 3306.
A complete example with instructions for deploying to App Engine can be found here:
https://github.com/GoogleCloudPlatform/dotnet-docs-samples/tree/master/appengine/flexible/CloudSql
Lafexlos, engineers at Google are working on improving this experience. I am actively tracking and promoting this issue.
微信扫一扫打赏
支付宝扫一扫打赏
