在企业防火墙后面使用cloud_sql_proxy - 无法连接到mysql实例

时间:2017-09-14 13:58:54

标签: google-cloud-sql

当我将http_proxy的https_proxy变量设置为正确的值时,我能够在公司防火墙后面使用google cloud sdk。看起来服务帐户的初始Oauth连接也适用于那些代理变量集。但是,当我尝试使用mysql客户端连接到运行代理的机器时,与google mysql实例的连接失败。

以下是我的代理命令BTW(验证了代理cmd / setup在不在公司防火墙后面的系统上运行):

cloud_sql_proxy -instances=api-project-1054727403053:us-east1:mysql-google-v1=tcp:3306 -credential_file=c:\tools\myeditor.json

2017/09/14 09:39:29 using credential file for authentication; email=myeditor@api
-project-1054727403053.iam.gserviceaccount.com
2017/09/14 09:39:29 Listening on 127.0.0.1:3306 for api-project-1054727403053:us
-east1:mysql-google-v1
2017/09/14 09:39:29 Ready for new connections
2017/09/14 09:39:34 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:39:57 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:39:58 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:40:19 Throttling refreshCfg(api-project-1054727403053:us-east1:mys
ql-google-v1): it was only called 43.386s ago
2017/09/14 09:40:40 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:40:41 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:41:23 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.

错误看起来像 ... 拨打tcp 35.190.176.161:3307:connectex:连接尝试失败 因为关联方在一段时间后没有正确回应

同样,我已经验证了上述代理设置适用于不在公司防火墙后面的系统,所以我想知道是否有配置云代理使用http_proxy / https_proxy来建立连接和沟通?

谢谢

1 个答案:

答案 0 :(得分:3)

MySQL拥有自己的协议,完全独立于HTTP,通常在端口3306上。虽然Cloud SQL代理使用HTTP进行初始身份验证设置,但实际的SQL连接将此协议包装在端口3307上的TLS中。不幸的是没有办法通过HTTP代理运行MySQL协议。相反,您需要企业防火墙的例外。

如果您只需要在命令行上访问Cloud SQL,我建议您按照https://cloud.google.com/sql/docs/mysql/connect-admin-ip#cloud-shell中的说明从Cloud Shell执行此操作。

如果要构建从防火墙后面访问Cloud SQL的更复杂的应用程序,可以构建一个公开HTTP API的GAE应用程序。然后,您可以通过代理使用该API,GAE应用程序可以连接到Cloud SQL。