2

I have a VM instance (e2-micro) on GCP running with postgres. I added my own external ip address to pg_hba.conf so I can connect to the database on my local machine. Next to that I have a nodeJS application which I want to connect to that database. Locally that works, the application can connect to the database on the VM instance. But when I deploy the app to GCP I get a 500 Server Error when I try to visit the page in the browser.

These are the things I already did/tried:

  • Created a Firewall rule to allow connections on my own external ip address
  • Created a VPC connector and added that connector to my app.yaml
  • Made sure everything is in the same project and region (europe-west1)

If I allow all ip addresses on my VM instance with 0.0.0.0/0 then App Engine can connect, so my guess is that I'm doing something wrong the connector? I use 10.8.0.0/28 as ip range while the internal ip address of the VM instance is 10.132.0.2, is that an issue? I tried an ip range with 10.0.0.0 but that also didn't work.

Lennert
  • 153
  • 7

2 Answers2

1

First check if your app uses a /28 IP address range (see the documentation):

When you create a connector, you also assign it an IP range. Traffic sent through the connector into your VPC network will originate from an address in this range. The IP range must be a CIDR /28 range that is not already reserved in your VPC network.

When you create a VPC connector a proper firewall rulle is also created to allow traffic:

An implicit firewall rule with priority 1000 is created on your VPC network to allow ingress from the connector's IP range to all destinations in the network.

As you wrote yourself when you create a rule that allows traffic from any IP it works (your app can connect). So - look for the rule that allows traffic from the IP range that your app is in - if it's not there create it.

Or - you can connect your app to your DB over public IP's - in such case you also have to create a proper rule that will allow the traffic from the app to DB.

Second - check the IP of the DB that app uses. My guess is that you didn't change the IP of the DB (that app uses) and it tries to connect not via VPC connector but via external IP and that's why it cannot (and works only when you create a firewall rule).

Wojtek_B
  • 4,245
  • 1
  • 7
  • 21
  • Indeed I tried to connect to my external IP address in my `app.yaml`, changed that to my internal IP address. But I also needed to deploy with `gcloud beta app deploy`, see my answer below – Lennert Nov 07 '20 at 06:43
1

This answer pointed me in the right direction: https://stackoverflow.com/a/64161504/3323605.

I needed to deploy my app with

gcloud beta app deploy

since the VPC connector method was on beta. Also, I tried to connect to the external IP in my app.yaml but that needed to be the internal IP ofcourse.

Lennert
  • 153
  • 7