在企业防火墙后使用 cloud_sql_proxy - 无法连接到 mysql 个实例
Using cloud_sql_proxy behind corporate firewall - can't connect to mysql instances
当我将 http_proxy 和 https_proxy 变量设置为正确的值时,我已经能够在公司防火墙后面使用 google 云 SDK。服务帐户的初始 Oauth 连接看起来也适用于这些代理变量集。但是,当我尝试使用 mysql 客户端连接到机器 运行 时,代理与 google mysql 实例的连接失败。
这是我的代理命令,顺便说一句(已验证代理 cmd/setup 在不在公司防火墙后面的系统上工作):
cloud_sql_proxy -instances=api-project-1054727403053:us-east1:mysql-google-v1=tcp:3306 -credential_file=c:\tools\myeditor.json
2017/09/14 09:39:29 using credential file for authentication; email=myeditor@api
-project-1054727403053.iam.gserviceaccount.com
2017/09/14 09:39:29 Listening on 127.0.0.1:3306 for api-project-1054727403053:us
-east1:mysql-google-v1
2017/09/14 09:39:29 Ready for new connections
2017/09/14 09:39:34 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:39:57 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:39:58 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:40:19 Throttling refreshCfg(api-project-1054727403053:us-east1:mys
ql-google-v1): it was only called 43.386s ago
2017/09/14 09:40:40 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:40:41 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:41:23 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
错误看起来像
...
拨打 tcp 35.190.176.161:3307: connectex: 连接尝试失败
ed 因为连接方在一段时间后没有正常回复
同样,我已经验证了上述代理设置可以在不在公司防火墙后面的系统上运行,所以我想知道是否可以配置云代理以使用 http_proxy/https_proxy 来建立联系和交流?
谢谢
MySQL 有自己的协议,完全独立于 HTTP,通常在端口 3306 上。虽然云 SQL 代理使用 HTTP 进行初始身份验证设置,但实际的 SQL 连接将此协议包装在端口 3307 上的 TLS 中。不幸的是,无法通过 HTTP 代理 运行 MySQL 协议。相反,您需要公司防火墙的例外。
如果您只需要在命令行上访问 Cloud SQL,我建议按照 https://cloud.google.com/sql/docs/mysql/connect-admin-ip#cloud-shell.
中所述从 Cloud Shell 执行此操作
如果您想构建一个更复杂的应用程序来从防火墙后面访问云 SQL,您可以构建一个公开 HTTP API 的 GAE 应用程序。然后,您可以通过代理使用 API,GAE 应用程序可以连接到云 SQL。
当我将 http_proxy 和 https_proxy 变量设置为正确的值时,我已经能够在公司防火墙后面使用 google 云 SDK。服务帐户的初始 Oauth 连接看起来也适用于这些代理变量集。但是,当我尝试使用 mysql 客户端连接到机器 运行 时,代理与 google mysql 实例的连接失败。
这是我的代理命令,顺便说一句(已验证代理 cmd/setup 在不在公司防火墙后面的系统上工作):
cloud_sql_proxy -instances=api-project-1054727403053:us-east1:mysql-google-v1=tcp:3306 -credential_file=c:\tools\myeditor.json
2017/09/14 09:39:29 using credential file for authentication; email=myeditor@api
-project-1054727403053.iam.gserviceaccount.com
2017/09/14 09:39:29 Listening on 127.0.0.1:3306 for api-project-1054727403053:us
-east1:mysql-google-v1
2017/09/14 09:39:29 Ready for new connections
2017/09/14 09:39:34 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:39:57 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:39:58 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:40:19 Throttling refreshCfg(api-project-1054727403053:us-east1:mys
ql-google-v1): it was only called 43.386s ago
2017/09/14 09:40:40 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:40:41 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:41:23 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
错误看起来像 ... 拨打 tcp 35.190.176.161:3307: connectex: 连接尝试失败 ed 因为连接方在一段时间后没有正常回复
同样,我已经验证了上述代理设置可以在不在公司防火墙后面的系统上运行,所以我想知道是否可以配置云代理以使用 http_proxy/https_proxy 来建立联系和交流?
谢谢
MySQL 有自己的协议,完全独立于 HTTP,通常在端口 3306 上。虽然云 SQL 代理使用 HTTP 进行初始身份验证设置,但实际的 SQL 连接将此协议包装在端口 3307 上的 TLS 中。不幸的是,无法通过 HTTP 代理 运行 MySQL 协议。相反,您需要公司防火墙的例外。
如果您只需要在命令行上访问 Cloud SQL,我建议按照 https://cloud.google.com/sql/docs/mysql/connect-admin-ip#cloud-shell.
中所述从 Cloud Shell 执行此操作如果您想构建一个更复杂的应用程序来从防火墙后面访问云 SQL,您可以构建一个公开 HTTP API 的 GAE 应用程序。然后,您可以通过代理使用 API,GAE 应用程序可以连接到云 SQL。