cloud-sql-proxy icon indicating copy to clipboard operation
cloud-sql-proxy copied to clipboard
verified publisher icon GoogleCloudPlatform

Proxy with only private ip

Open elonyavist opened this issue 8 months ago • 3 comments

Question

Hi and thanks for your tool.

I'd like to receive an answer regarding my "issue". I configured a Cloud Sql instance (mysql 8.4.4) with a private IP.

Using this command from my local machine:

./cloud-sql-proxy -p 3306 xxxprojectxxx:europe-west6:xxxinstancexxx --private-ip

I receive correctly:

2025/04/26 18:06:26 Authorizing with Application Default Credentials

2025/04/26 18:06:26 [xxxprojectxxx:europe-west6:xxxinstancexxx] Listening on 127.0.0.1:3306

2025/04/26 18:06:26 The proxy has started successfully and is ready for new connections!

But when I try to connect to the instance I receive:

2025/04/26 18:07:35 [xxxprojectxxx:europe-west6:xxxinstancexxx] Accepted connection from 127.0.0.1:55431

2025/04/26 18:08:05 [xxxprojectxxx:europe-west6:xxxinstancexxx] failed to connect to instance: Dial error: failed to dial (connection name = "xxxprojectxxx:europe-west6:xxxinstancexxx"): dial tcp xxx.xx.xx.x:3307: i/o timeout

Do you know if there is an issue with the proxy or maybe I'm missing something?

It is a little bit strange that I see port xxx.xx.xx.x:3307 since my Cloud Sql instance is running on 3306.

NB: If I activate the public IP it works without issue.

Cloud Sql Proxy versione: cloud-sql-proxy version 2.15.2+darwin.arm64

Thanks in advance.

Code

Additional Details

No response

elonyavist avatar Apr 26 '25 17:04 elonyavist

I think the problem is related to: https://cloud.google.com/sql/docs/mysql/connect-auth-proxy?hl=en#private-ip

"To connect to a Cloud SQL instance using private IP, the Cloud SQL Auth Proxy must be on a resource with access to the same VPC network as the instance."

I cannot connect from my localmachine

elonyavist avatar Apr 26 '25 17:04 elonyavist

Hello Team,

I’m currently facing a similar issue. • I have created a Cloud SQL instance using Private IP and I’m trying to connect to the database using Cloud SQL Proxy as a sidecar container. • I have configured Private Service Connect (PSC). • Both the application and the Cloud SQL instance are in the same VPC. • From a VM inside the same VPC, I am able to telnet to the SQL instance successfully, which confirms that the VPC connectivity and firewall rules are working. • However, when the application tries to connect via Cloud SQL Proxy, it tries to connect on port 3307 and times out.

In the application, we are specifying the JDBC URL as localhost:5432, and the Cloud SQL Proxy is also configured accordingly.

Just trying to understand if I am missing something specific in the proxy configuration or setup.

Would appreciate any insights.

Thanks!

jothilal22 avatar Apr 27 '25 19:04 jothilal22

Hi @elonyavist,

As mentioned in the Use the Cloud SQL Auth Proxy with private IP section, the Cloud SQL Auth Proxy must be started on a machine with access to the same VPC where the Cloud SQL instance lives.

Local machine does not have access to the VPC, to test out the cloud-sql-proxy with private-ip

  1. Start up a GCE VM within the same VPC network, ssh into it.
  2. Install latest cloud-sql-proxy
  3. Start a proxy on port 3306./cloud-sql-proxy <INSTANCE_CONNECTION_STRING> --port 3306 --private-ip
  4. On a different terminal of the GCE VM, connect with the MySQL client mysql -u root -p --host=127.0.0.1 --port=3306

kgala2 avatar Apr 29 '25 17:04 kgala2

Closing this issue for now. Please feel free to reopen it if you have more questions.

kgala2 avatar Jul 16 '25 16:07 kgala2