当我将http_proxy an https_proxy变量设置为正确的值时,我已经能够在公司火墙后面使用Google Cloud SDK。看起来该服务帐户的Inital Oauth连接与这些代理VAR设置一起使用。但是,当我尝试使用MySQL客户端连接到运行代理的计算机时,与Google MySQL实例失败。
这是我代理的命令,btw(验证了代理CMD/设置在不在公司防火墙后面的系统上工作):
cloud_sql_proxy -instances=api-project-1054727403053:us-east1:mysql-google-v1=tcp:3306 -credential_file=c:toolsmyeditor.json
2017/09/14 09:39:29 using credential file for authentication; email=myeditor@api
-project-1054727403053.iam.gserviceaccount.com
2017/09/14 09:39:29 Listening on 127.0.0.1:3306 for api-project-1054727403053:us
-east1:mysql-google-v1
2017/09/14 09:39:29 Ready for new connections
2017/09/14 09:39:34 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:39:57 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:39:58 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:40:19 Throttling refreshCfg(api-project-1054727403053:us-east1:mys
ql-google-v1): it was only called 43.386s ago
2017/09/14 09:40:40 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
2017/09/14 09:40:41 New connection for "api-project-1054727403053:us-east1:mysql
-google-v1"
2017/09/14 09:41:23 couldn't connect to "api-project-1054727403053:us-east1:mysq
l-google-v1": dial tcp 35.190.176.161:3307: connectex: A connection attempt fail
ed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond.
错误看起来像...拨号TCP 35.190.176.161:3307:Connectex:连接尝试失败ed,因为一段时间后连接的方没有正确响应
再次,我在不在公司防火墙后面的系统上验证了上述代理设置,所以我想知道是否在那里配置云代理以使用HTTP_Proxy/https_proxy来建立连接和通信?
谢谢
mySQL具有其自己的协议,它完全独立于http,通常在端口3306上。虽然云SQL代理使用HTTP用于初始auth设置,但实际的SQL连接将此协议包装在TLS中,将其包含在TLS上。端口3307.不幸的是,没有办法通过HTTP代理运行MySQL协议。相反,您需要公司防火墙的例外。
如果您只需要在命令行上访问云SQL,我建议您按照https://cloud.google.com/sql/docs/mysql/mysql/connect-admin-ip#cloud---壳。
如果要构建一个更复杂的应用程序,该应用程序可以从防火墙后面访问云SQL,则可以构建一个揭示HTTP API的GAE应用程序。然后,您可以通过代理使用该API,而GAE应用程序可以连接到Cloud SQL。