Building a tunnel to access databases
Databases hosted on Scalingo are not directly available on the Internet. By default access to most databases are unencrypted, so unsecured. To access them remotely from your workstation you need to setup an encrypted connection.
Since we don’t want unencrypted network traffic from/to your databases, the DB tunnel provides an encrypted way to access them. However, it does not provide any additional security layer. We will only verify that your public key is registered on our platform. The DB tunnel is just an encrypted bridge between your laptop and our infrastructure.
Another possibility is to make your database accessible from internet.
You need to have Scalingo’s command line interface to achieve this action.
Build the tunnel
By running the following command, an encrypted SSH tunnel will be built between you and your database.
$ scalingo --app my-app db-tunnel MONGO_URL Building tunnel to <dbhost>:<dbport> You can access your database on '127.0.0.1:<localport>'
We use MONGO_URL in the example, but it can be REDIS_URL or DATABASE_URL according to the database you’re using.
Use any client to read, import or export your data
Once the tunnel has been built, you can use any tool you need by connecting it to the
Credentials to connect to the database are still the same, so read them from
scalingo --app my-app env
$ scalingo --app my-app db-tunnel MONGO_URL Building tunnel to <dbhost>:<dbport> You can access your database on '127.0.0.1:10000' # In another terminal $ scalingo --app my-app env | grep MONGO_URL MONGO_URL=mongo://user:secret@<dbhost>:<dbport>/database $ mongo -u user -p secret localhost:10000/database $ mongodump -u user -p secret -h localhost:10000 -d database
If you activated the force TLS option, you should add both options
--sslAllowInvalidCertificates to the
Build the tunnel with the OpenSSH client
Our command line tool handles it in a simple command, but you might want to use the tunnel without it. With the standard OpenSSH client, the way to build the tunnel is:
ssh -L <local port>:<database host>:<database port> email@example.com -N
The database host and database port can be found in the environment variable representing the connection string
of your database instance. Get it from the dashboard or with the
env command of the CLI. It should look like:
The value of this variable is an URL which represents:
As stated previously, you need to get the
port from the URL.
If the environment variable is the following:
The command to run is:
ssh -L 10000:my-db.postgresql.dbs.appsdeck.eu:30000 firstname.lastname@example.org -N
Then you connect on
localhost:10000 to reach your Scalingo database. (You’ll still need to authenticate to the
database with the credential you can get from the connection string)