This add-on is operated by IPBurger, LLC
Static Dedicated IP Address for Secure Outbound Requests via HTTP(S) and SOCKS5
IPBurger
Last updated 24 June 2020
The IPBurger add-on is currently in beta.
Table of Contents
- Provisioning the add-on
- The difference between SOCKS5 and HTTP/HTTPS proxy
- End-to-end encryption of HTTPS requests
- Using with languages that don’t support SOCKS5 proxies
- Local setup
- Use with Ruby
- Use with Python
- Use with Node.js
- Use with Java
- Use with Go
- Use with PHP
- Use with cURL
- Use with SSH and SCP
- Removing the add-on
- FAQ
- Support
- Privacy
IPBurger is an add-on that provides Heroku applications the ability to proxy their app network output through a SOCKS5 or HTTP/HTTPS proxy under a fixed, static IP. IPBurger is language and framework agnostic.
Without IPBurger, your Heroku application makes requests from an unpredictable and impermanent set of IP addresses. Because Heroku IPs are dynamic, it can be difficult to securely integrate Heroku applications with services that allowlist a fixed IP, including certain APIs and services that operate behind a corporate firewall.
IPBurger acts as a proxy for outbound traffic, tunneling your requests through a known IP address. Each IPBurger subscriber is assigned a particular IP address. This address can be used anywhere you need a fixed IP: API providers, firewall configurations, etc.
IPBurger provides customers with three standard proxy URLs, one for SOCKS5, one for HTTP and the other to HTTPS, all of which can be used to make requests from any server-side language, including Ruby, Python, Node, Java, and Go. IPBurger can also be used by cURL and other command-line tools.
Provisioning the add-on
IPBurger can be attached to a Heroku application via the CLI. You can provide the --location option which will grant you an IP from that particular location. You can specify the “Country Code” of any of these locations:
| Flag | Country Code | Fullname |
|---|---|---|
| 🇦🇺 | au | Australia |
| 🇨🇦 | ca | Canadá |
| 🇩🇪 | de | Germany |
| 🇫🇷 | fr | France |
| 🇸🇬 | sg | Singapore |
| 🇬🇧 | uk | United Kingdom |
| 🇺🇸 | us | United States |
$ heroku addons:create ipburger --app your-app-name --location=ca
-----> Creating ipburger on ⬢ your-app-name... free
IPBurger provision successful.
Your Static Dedicated IP Address: 192.99.41.203
Created ipburger-rectangular-80571 as IPB_HTTP, IPB_HTTPS, IPB_SOCKS5
Use heroku addons:docs ipburger to view documentation
After you provision IPBurger, the IPB_SOCKS5, IPB_HTTPS, IPB_HTTP config vars are available in your app’s configuration. They contain the full URL you should use to proxy your requests. This can be confirmed using the heroku config:get command:
$ heroku config:get --app your-app-name IPB_SOCKS5
username:password@54-39-189-181.ip.ipb.cloud:8040
After installing IPBurger, your application should be configured to fully integrate with the add-on. See more below.
The difference between SOCKS5 and HTTP/HTTPS proxy
IPBurger provides a IP address via a SOCKS V5 or HTTP and HTTPS proxy. As such, SOCKS5 is capable of proxying any TCP connection. You can make HTTP and HTTPS requests via SOCKS5, but using a HTTP/HTTPS proxy is generally a better fit for that use case. SOCKS5 is perfect for making requests to databases, FTP servers, and other lower-level connections because it allows you to tunnel arbitrary TCP connections.
End-to-end encryption of HTTPS requests
When your application makes a request to an HTTPS resource via IPBurger, your application sends a CONNECT request to IPBurger. This request instructs IPBurger to open a TCP connection to the remote host. Once this connection has been established, IPBurger transparently tunnels this connection. Neither IPBurger nor any other party has the ability to decrypt this traffic. The proxy negotiation (the initial CONNECT request to IPBurger) happens in the clear, but the connection with the remote host remains encrypted end-to-end.
Using with languages that don’t support SOCKS5 proxies
Some languages do not provide native support for SOCKS5 proxies. Where this is the case, there are other options for using SOCKS5 under IPBurger.
There are several utilities that transparently proxy requests over SOCKS5. Popular options include Dante Socksify client, tsocks, and proxychains. Some of these utilities require some caveats: Dante only works on linux, so is not a good option if you develop locally on Mac or Windows. tsocks is not threadsafe, so is not a good choice for some applications.
Alternately, socat can be used to establish port-forwarding through IPBurger. Socat will establish a tunnel through IPBurger and bind to a local port through which your service can make requests.
Local setup
Environment setup
If you wish to use IPBurger to proxy requests while developing locally, it is necessary to locally replicate the IPB_* environment variables.
Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a .env file. To view all of your app’s config vars, type heroku config. Use the following command for each value that you want to add to your .env file:
$ heroku config:get --app your-app-name IPB_SOCKS5 -s >> .env
$ heroku config:get --app your-app-name IPB_HTTPS -s >> .env
$ heroku config:get --app your-app-name IPB_HTTP -s >> .env
Credentials and other sensitive configuration values should not be committed to source-control. In Git exclude the .env file with: echo .env >> .gitignore.
For more information, see the Heroku Local article.
Use with Ruby
HTTP/HTTPS proxy
You can use IPBurger with any Ruby http client. Included are examples of using it with Net::HTTP from the standard library and with popular rest-client or faraday gems.
Using rest-client:
require 'rest-client'
RestClient.proxy = ENV["IPB_HTTP"]
response = RestClient.get("http://google.com")
Using faraday:
require 'faraday'
conn = Faraday.new(:url => "http://google.com", :proxy => ENV["IPB_HTTP"])
response = conn.get
Using httparty:
proxy = URI.parse ENV['IPB_HTTP']
HTTParty.get(
"http://google.com",
http_proxyaddr: proxy.host,
http_proxyport: proxy.port,
http_proxyuser: proxy.user,
http_proxypass: proxy.password
)
Using Net::HTTP from the standard library:
require 'net/http'
_, username, password, host, port = ENV["IPB_HTTP"].gsub(/(:|\/|@)/,' ').squeeze(' ').split
uri = URI("http://google.com")
request = Net::HTTP.new(uri.host, uri.port, host, port, username, password)
response = request.get(uri)
Use with Python
HTTP/HTTPS proxy
IPBurger works with any http client library, including urllib2 from the standard library and third-party packages including the popular requests package.
To route a specific request through IPBurger using requests:
import os, requests
proxyDict = {
"http" : os.environ.get('IPB_HTTP', ''),
"https" : os.environ.get('IPB_HTTPS', '')
}
r = requests.get('http://www.example.com', proxies=proxyDict)
Using urllib2 to send a specific request through IPBurger:
import os, urllib2
proxy = urllib2.ProxyHandler({'http': os.environ.get('IPB_HTTP', '')})
auth = urllib2.HTTPBasicAuthHandler()
opener = urllib2.build_opener(proxy, auth, urllib2.HTTPHandler)
response = opener.open('http://www.example.com')
html = response.read()
If you intend to route all outbound traffic through IPBurger, you can set the http_proxy and https_proxy environment variables. Both urllib2 and requests honor the http_proxy and https_proxy environment variables, so you can route all outbound requests through IPBurger using these environment variables:
import os, requests
os.environ['http_proxy'] = os.environ.get('IPB_HTTP', '')
os.environ['https_proxy'] = os.environ.get('IPB_HTTPS', '')
requests.get("http://www.example.com")
SOCKS5 Proxy
You can also use the popular requests library to use the SOCKS5 proxy provided by IPBurger:
import requests
import os
proxies = {'http': "socks5://" + os.environ['IPB_SOCKS5'],
'https': "socks5://" + os.environ['IPB_SOCKS5'] }
response = requests.get('http://ifconfig.co', proxies=proxies)
print response.content
Use with Node.js
HTTP/HTTPS proxy
IPBurger works with both the standard http module and with higher-level http clients, including the popular request NPM module.
If you use the request module, you can use IPBurger for specific requests:
const request = require('request')
const proxyRequest = request.defaults({'proxy': process.env.IPB_HTTP});
proxyRequest('http://www.example.com', (err, res, body) => {
console.log(`Got response: ${res.statusCode}`);
});
Or, if you prefer, you can use the standard library’s lower-level http package directly:
const http = require('http');
const url = require('url');
const proxyUrl = url.parse(process.env.IPB_HTTP);
const requestUrl = url.parse('http://www.example.com');
http.get({
host: proxyUrl.hostname,
port: proxyUrl.port,
path: requestUrl.href,
headers: {
Host: requestUrl.host,
'Proxy-Authorization': `Basic ${new Buffer(proxyUrl.auth).toString('base64')}`,
}
}, res => {
console.log(`Got response: ${res.statusCode}`);
});
SOCKS5 proxy
With Node.js, the general pattern is to establish a SOCKS5 connection using a client library like socksjs and then provide this stream to the database driver, request library, or other library of your choosing.
Connecting to MySQL
MySql2 connects via a SOCKS5 connection provided as the stream property. This example uses connection pooling.
Connecting to Postgres or Amazon Redshift
As with mysql, you can pass a custom stream to the node-postgres library. This will work both for connections to Postgres databases as well as to Amazon Redshift, here’s a example.
Use with Java
HTTP/HTTPS proxy
You can use IPBurger with any HTTP library. Popular options include Apache HttpClient and OkHttp.
A example using HttpClient.
Or, for projects that use OkHttp.
SOCKS5 Proxy
Java supports a system property socksProxyHost, which can be used to route every outbound request through IPBurger. Additionally, Java 7 introduced ProxySelector, which can be used to conditionally proxy requests depending on the hostname.
Here’s how to proxy all outbound requests through IPBurger SOCKS5 Proxy:
URL proxy = new URL(System.getenv("IPB_SOCKS5"));
String[] proxyUserInfo = proxy.getUserInfo().split(':');
String proxyUser = proxyUserInfo[0];
String proxyPassword = proxyUserInfo[1];
System.setProperty("socksProxyHost", proxy.getHost());
Authenticator.setDefault(new ProxyAuthenticator(proxyUser, proxyPassword));
//...
private class ProxyAuthenticator extends Authenticator {
private final PasswordAuthentication passwordAuthentication;
private ProxyAuthenticator(String user, String password) {
passwordAuthentication = new PasswordAuthentication(user, password.toCharArray());
}
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return passwordAuthentication;
}
}
Use with Go
HTTP/HTTPS proxy
To use IPBurger for specific http requests, you can create a custom http.Client:
package main
import (
"net/url"
"net/http"
"os"
"io/ioutil"
)
func main () {
proxyUrl, err := url.Parse(os.Getenv("IPB_HTTP"))
customClient := &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(proxyUrl)}}
resp, err := customClient.Get("http://example.com")
if (err != nil) {
println(err.Error())
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
println(string(body))
}
If you intend to use IPBurger for all outbound requests, an alternative is to use the HTTP_PROXY and HTTPS_PROXY environment variables. Go honors these environment variables by default. You can set HTTP_PROXY and HTTPS_PROXY in your application, typically in main.go:
package main
import (
"net/http"
"os"
"io/ioutil"
)
func main () {
os.Setenv("HTTP_PROXY", os.Getenv("IPB_HTTP"))
os.Setenv("HTTPS_PROXY", os.Getenv("IPB_HTTPS"))
resp, err := http.Get("http://google.com")
if (err != nil) {
println(err.Error())
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
println(string(body))
}
SOCKS5 Proxy
Golang’s net/proxy package provides a SOCKS5 proxy dialer that can be used with IPBurger. This dialer can be used for any TCP connection. This example uses it to make an HTTP request.
Use with PHP
HTTP/HTTPS Proxy
You can use PHP cURL to get your PHP application working correctly with IPBurger. Here’s how:
<?php
function proxyRequest() {
$proxyUrl = getenv("IPB_HTTP");
$parsedProxyUrl = parse_url($proxyUrl);
$proxy = $parsedProxyUrl['host'].":".$parsedProxyUrl['port'];
$proxyAuth = $parsedProxyUrl['user'].":".$parsedProxyUrl['pass'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyAuth);
curl_close($ch);
}
$response = proxyRequest();
print_r($response);
?>
Use with cURL
cURL accepts a --socks5-hostname argument:
curl --socks5-hostname $IPB_SOCKS5 http://example.com
Use with SSH and SCP
SSH and SCP accept a ProxyCommand option. Using this option, you can pass in an ncat command that establishes a connection via the IPBurger SOCKS5 proxy. This requires ncat v7 or newer.
Ncat does not accept proxy authentication via the standard proxy url schema, so instead you must provide it as a separate argument:
ssh -o ProxyCommand='ncat --proxy-type socks5 --proxy YOUR-IPB-SOCKS5-DOMAIN-AND-PORT --proxy-auth USERNAME:PASSWORD %h %p' serveruser@server.ip.address
Removing the add-on
You can remove IPBurger via the CLI:
$ heroku --app your-app-name addons:destroy ipburger
-----> Removing ipburger from sharp-mountain-4005... done, v20 (free)
FAQ
Do you offer Dedicated Static IPs?
Yes! All our IPs are guaranteed to be dedicated, after provision the IP is yours for your usage only and you can be sure it will stay that way.
What happens when I reach my usage limit?
That’s the best about IPBurger, there are no usage limits! We enjoy giving our customers the freedom to use their IP as much as they want to.
I’ve forgotten which is my Static IP!
Your IP is available to you in the config var IPB_MYIP. Check the config vars of the app you provisioned IPBurger and it’ll be there.
What region does IPBurger run in?
IPBurger is provided by IPBurger LLC, a VPN company with several years of experience and many customers being served good, high quality IPs across the world. We have IPs on several locations.
Can I access MySQL or Postgres through this?
Yes we have many users doing this. If you are using Node.js you can also configure the SOCKS5 proxy in your Javascript code to access MySQL or Postgres.
Support
All IPBurger support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at support@ipburger.com
Privacy
IPBurger is committed to protecting your privacy. We want you to understand what information we collect, what we don’t collect, and how we collect, use, and store information. We do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.
Our guiding principle toward data collection is to collect only the minimal data required to operate a world-class VPN service at scale. We designed our systems to not have sensitive data about our customers; even when compelled, we cannot provide data that we do not possess.
Our full privacy policy document is available here.