堆栈内存溢出
  简体   繁体   English

使用防火墙和 IAP 从 App Engine 或 CLoud Run 连接到 Compute Engine

[英]Connect to Compute Engine From App Engine or CLoud Run with firewall and IAP

 原文  2020-04-07 11:12:51       node.js/ google-app-engine/ google-compute-engine/ firewall/ identity-aware-proxy

问题描述

I have an SFTP server running on Google's Compute Engine.我有一个在 Google 计算引擎上运行的 SFTP 服务器。 The firewall is setup to allow traffic from the Identity aware proxy.防火墙设置为允许来自身份感知代理的流量。

I can connect to the service using gcloud ssh locally but I can't connect from App engine or Cloud Run.我可以在本地使用gcloud ssh连接到服务,但无法从 App Engine 或 Cloud Run 连接。 The service accounts for Cloud Run and App engine already have IAP tunnel and Https permissions. Cloud Run 和 App Engine 的服务帐号已经拥有 IAP 隧道和 Https 权限。

The backend is written in Node using ssh2-sftp-client .后端使用ssh2-sftp-client在 Node 中编写。

How can I secure the Compute Engine and allow tcp traffic from Cloud Run and App Engine on port 22 to still go through?如何保护 Compute Engine 并允许来自 Cloud Run 和 App Engine 端口 22 的 tcp 流量仍然通过 go?

1 个解决方案

解决方案1
 0  2020-04-07 13:11:49

There are two possible workarounds:有两种可能的解决方法:

  • If you use App Engine Standard you can try Serverless VPC Access :如果您使用 App Engine Standard ,您可以尝试无服务器 VPC 访问

    Serverless VPC Access enables you to connect from your App Engine app directly to Compute Engine VM instances , Memorystore instances, Cloud SQL instances, and any other resources with an internal IP address . Serverless VPC Access 使您能够从 App Engine 应用直接连接到 Compute Engine VM 实例、Memorystore 实例、Cloud SQL 实例以及具有内部 IP 地址的任何其他资源。

    Unfortunately, Serverless VPC Access isn't available for Cloud Run (more in documentation Services not yet supported ) at the moment, but there's a Feature Request at the Google Public Issue Tracker you can join, comment and track progress.不幸的是,目前 Cloud Run 无法使用无服务器 VPC 访问(更多信息请参见文档尚未支持的服务),但您可以在 Google Public Issue Tracker 上提出功能请求,加入、评论和跟踪进度。 Also, such service isn't available for App Engine Flex as well.此外,App Engine Flex 也不提供此类服务。

  • If you use App Engine Flex or Cloud Run follow steps below:如果您使用 App Engine Flex 或 Cloud Run,请按照以下步骤操作:

    1. reserve an external static IP 预留外部 static IP
    2. create f1-micro VM instance with reserved external IP address (this likely fits in the Compute Engine free tier )使用保留的外部 IP 地址创建f1-micro VM 实例(这可能适合 Compute Engine免费层
    3. create a firewall rule to allow connection to SFTP server from reserved external IP 创建防火墙规则以允许从保留的外部 IP 连接到 SFTP 服务器
    4. create a SOCKS proxy by running a ssh client that routes the traffic through created VM like in this example通过运行 ssh 客户端创建 SOCKS 代理,该客户端通过创建的 VM 路由流量,如本例所示
    5. configure ssh2-sftp-client to use SOCKS Proxy 配置ssh2-sftp-client 以使用 SOCKS 代理
    6. connect to SFTP连接到 SFTP

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Google App Engine或Google Cloud Compute VM来测试“运行我的App”? - Use Google App Engine or Google Cloud Compute VM to Test Run My App? 无法从 App Engine 中的 Node JS 连接到 Cloud MySQL - Unable to connect to Cloud MySQL from Node JS in App Engine NodeJ:无法从Google App Engine连接Google Cloud SQL - NodeJs:Unable to connect Google Cloud SQL from Google App Engine 如何使用内部IP从Google Cloud Functions连接到我的Compute Engine MongoDB实例? - How to connect to my Compute Engine MongoDB instance from Google Cloud Functions using the internal IP? TCP服务器的GCP计算引擎防火墙规则 - GCP Compute Engine Firewall Rules for TCP Server Google App Engine:修改 Cloud Run 环境 - Google App Engine: Modify Cloud Run Environment 为Google Compute Engine设置Cloud 9 - Setup Cloud 9 for Google Compute Engine 如何将 Google App Engine NodeJS 应用程序连接到 Compute Engine 中的 MongoDB? - How do you connect Google App Engine NodeJS app to MongoDB in Compute Engine? 在Compute Engine上连接Redis时,Google Cloud App Engine标准环境节点JS连接超时 - Google Cloud App Engine Standard Environment Node JS connection timeout when connecting Redis on Compute Engine 从Google App Engine连接到MongoDB Atlas - Connect to MongoDB Atlas from Google App Engine
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM