Binance 搞事．限制API來源國家的使用

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

就如罐頭訊息般的回文，讓我對於 GCP 失效很焦慮．

GCP(Google Cloud Function)

我選擇亞洲的區的甚至台灣區的 server 怎麼還不行？

讓我們 deploy 一隻小程式顯示來源IP．

    result = requests.get("https://api.ipify.org?format=json")
    return json.dumps(result.json())

結果為
35.203.255.124

用網路現成的查詢IP服務，才發現這是美國的ＩＰ，難怪 Binance 會一直阻擋．

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

解法．設定 VPC (Vitrual Private Cloud Network)

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

使用 Google Cloud SDK 完成

按照以下步驟重新部署後，對外連線的ＩＰ就是你指定地區的固定ＩＰ．
這樣好處還不錯，還可以在其他服務中設定白名單．因為幣安搞事讓我又學到了…Orz

Create VPC

gcloud services enable compute.googleapis.com

gcloud compute networks create my-vpc \
    --subnet-mode=custom \
    --bgp-routing-mode=regional

Create a Serverless VPC Access connectors

gcloud services enable vpcaccess.googleapis.com

gcloud compute networks vpc-access connectors create functions-connector \
	--network my-vpc \
	--region asia-east1 \
	--range 10.8.0.0/28

Grant Permissions

export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
export PROJECT_NUMBER=$(gcloud projects list --filter="$PROJECT_ID" --format="value(PROJECT_NUMBER)")

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=serviceAccount:service-$PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com \
--role=roles/viewer

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=serviceAccount:service-$PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com \
--role=roles/compute.networkUser

Configurate the connector

gcloud functions deploy %你自己的 Google Cloud Function% \
	--runtime python37 \
	--entry-point main \
	--trigger-http \
	--allow-unauthenticated \
	--vpc-connector functions-connector \
	--egress-settings all \
    --region asia-east1

Reserve static IP

gcloud compute addresses create functions-static-ip \
    --region=asia-east1

Creating the Cloud Router

gcloud compute routers create my-router \
    --network my-vpc \
    --region asia-east1

Creating Cloud Nat

gcloud compute routers nats create my-cloud-nat-config \
	--router=my-router \
    --nat-external-ip-pool=functions-static-ip \
    --nat-all-subnet-ip-ranges \
    --enable-logging

來源參考資料：
https://github.com/AlvarDev/functions-static-ip

Binance 搞事．限制API來源國家的使用

GCP(Google Cloud Function)

解法．設定 VPC (Vitrual Private Cloud Network)

使用 Google Cloud SDK 完成

Create VPC

Create a Serverless VPC Access connectors

Grant Permissions

Configurate the connector

Reserve static IP

Creating the Cloud Router

Creating Cloud Nat

tags: 疑難雜症 Binance

tags: `疑難雜症` `Binance`