In case you intend to use CloudSQL to host your application’s databases in GCE, then there will be a need for you to have Google Cloud Compute Engine SQL Proxy installed and working. This will allow you to connect to your Databases securely and beautifully. The Cloud SQL Auth proxy provides secure access to your instances without a need for Authorized networks or for configuring SSL. It works by having a local client running in the local environment. Your application communicates with the Cloud SQL Auth proxy running locally with the standard database protocol used by your database.<\/p>\n\n\n\n
Benefits of Cloud SQL Auth proxy<\/strong><\/p>\n\n\n\n For this to work till the end, we need to have the following:<\/p>\n\n\n\n To begin the installation process, we will first download the Cloud SQL Auth proxy:<\/p>\n\n\n\n After you have fetched the file of interest, we will have to make the Cloud SQL Auth proxy executable as follows.<\/p>\n\n\n\n At this point, we can use the application by executing it as follows<\/p>\n\n\n\n Even though you can use the Cloud Compute Engine SQL Proxy as it is now, we can do better. We can create a systemd service<\/em> so that we can have it easy to start, stop , enable or disable the service. It will afford us a lot os convenience and we can manage it just like we are used to managing other daemons and applications within your servers. We can do this, so let us get to it right away.<\/p>\n\n\n\n First, add cloud_sql_proxy<\/em>, the executable, to PATH as follows<\/p>\n\n\n\n Then let us create a systemd service file thus. You can call the service a name that works for you: <\/p>\n\n\n\n The \u201ccredential.json\u201d file is the service account we need having the requisite permissions to access CloudSQL. Replace the following with your details:<\/p>\n\n\n\n Do a daemon reload so that the new file can be read and loaded<\/p>\n\n\n\n Then start and enable the proxy<\/p>\n\n\n\n Check its status to confirm that everything is okay<\/p>\n\n\n\n This is the part that you smile!<\/p>\n\n\n\n When you connect to your instance using the Cloud SQL Auth proxy, you provide a user account that is used to log in to the instance. You can use any database user account for this purpose. An example of connecting to a MySQL instance is as follows via the CLI.<\/p>\n\n\n\n In this example, we are connecting to port 3307 as we configured our \u201cproxy.service<\/em>\u201d to listen from. It is also connecting to localhost. So the Google Cloud Auth SQL Proxy will receive the command and route it all the way to your GCP CloudSQL instance.<\/p>\n\n\n\n However, because the Cloud SQL Auth proxy always connects from a hostname that cannot be accessed except by the Cloud SQL Auth proxy, you can create a user account that can be used only by the Cloud SQL Auth proxy. The advantage of doing this is that you can specify this account without a password without compromising the security of your instance or your data.<\/p>\n\n\n\n To create a user account for Cloud SQL Auth proxy connections, specify the hostname as ‘cloudsqlproxy~[IP_ADDRESS]<\/em>‘. You can also use the IP address wildcard, which would result in ‘cloudsqlproxy~%<\/em>‘.<\/p>\n\n\n\n You can do it as follows using \u201cgcloud<\/em>\u201d command:<\/p>\n\n\n\n Or<\/p>\n\n\n\n After that, you can now connect to the Auth proxy from your application and it will authenticate against the new user without any qualms. And that is how we will end our guide today.<\/p>\n\n\n\n We hope that the information provided will be helpful and any improvements we can make are always welcome. Thank you for reading through and we continue to appreciate your enormous support that we continue to receive.<\/p>\n\n\n\n Other guides for you:<\/p>\n\n\n\n In case you intend to use CloudSQL to host your application’s databases in GCE, then there will be a need for you to have Google Cloud Compute Engine SQL Proxy installed and working. This will allow you to connect to your Databases securely and beautifully. The Cloud SQL Auth proxy provides secure access to your … Read more<\/a><\/p>\n","protected":false},"author":7,"featured_media":107427,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2680,461,26,36939,299,50],"tags":[36175,19830,36833,36940],"class_list":["post-113834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-databases","category-debian","category-gcp","category-how-to","category-linux-tutorials","tag-gcp","tag-google-cloud","tag-google-cloud-sql-proxy","tag-google-cloud-sql-proxy-on-debian"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/113834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=113834"}],"version-history":[{"count":0,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/113834\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/107427"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=113834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=113834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=113834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Prerequisites<\/h2>\n\n\n\n
Step 1: Install Cloud SQL Auth proxy<\/h2>\n\n\n\n
cd ~\nwget https:\/\/dl.google.com\/cloudsql\/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy<\/code><\/pre>\n\n\n\nStep 2: Make it executable<\/h2>\n\n\n\n
chmod +x cloud_sql_proxy<\/code><\/pre>\n\n\n\nStep 3: Create SystemD service<\/h2>\n\n\n\n
.\/cloud_sql_proxy -version<\/code><\/pre>\n\n\n\nsudo cp ~\/cloud_sql_proxy \/usr\/local\/bin<\/code><\/pre>\n\n\n\n$ sudo vim \/lib\/systemd\/system\/proxy.service<\/mark>\n[Install]\nWantedBy=multi-user.target\n\n[Unit]\nDescription=Google Cloud Compute Engine SQL Proxy\nRequires=networking.service\nAfter=networking.service\n\n[Service]\nType=simple\nWorkingDirectory=\/usr\/local\/bin\nExecStart=\/usr\/local\/bin\/cloud_sql_proxy -instances=your_gcp_project:region_of_instace:cloudsql_instance_name=tcp:3307 -credential_file=\/var\/credential.json \nRestart=always\nStandardOutput=journal\nUser=root<\/code><\/pre>\n\n\n\nsudo systemctl daemon-reload<\/code><\/pre>\n\n\n\nsudo systemctl start proxy\nsudo systemctl enable proxy<\/code><\/pre>\n\n\n\n$ systemctl status proxy<\/mark>\n\u25cf proxy.service - Google Cloud Compute Engine SQL Proxy\n Loaded: loaded (\/lib\/systemd\/system\/proxy.service; enabled; vendor preset: enabled)\n Active: active (running)<\/mark> since Wed 2022-02-02 13:52:01 UTC; 21h ago\n Main PID: 9411 (cloud_sql_proxy)\n Tasks: 10 (limit: 4915)\n Memory: 10.3M\n CGroup: \/system.slice\/proxy.service\n \u2514\u25009411 \/usr\/local\/bin\/cloud_sql_proxy -instances<\/code><\/pre>\n\n\n\nStep 4: Connecting to your instance via the Auth Proxy<\/h2>\n\n\n\n
mysql -u your_user \u2014-host=127.0.0.1 \u2014-port=3307 -p your_database<\/code><\/pre>\n\n\n\ngcloud sql users create user \\ \n--host=cloudsqlproxy~24.123.4.142 \\\n--instance=cloudsql-instance \\\n--password=password<\/code><\/pre>\n\n\n\ngcloud sql users create user \\ \n--host=cloudsqlproxy~% \\\n--instance=cloudsql_instance_name \\\n--password=your_password<\/code><\/pre>\n\n\n\nReferences<\/h4>\n\n\n\n
Concluding Remarks<\/h2>\n\n\n\n