Your Replit App's IP Address Changes Every Deployment. Here's the Fix.

Replit assigns a new outbound IP address every time you deploy. If you need to connect to anything that uses IP allowlisting, that means your firewall rules break every time you push new code. There is no official fix from Replit. The workaround is to route outbound traffic through a static IP proxy, so the IP that hits your database or external API never changes regardless of what Replit does under the hood.

Why Replit's IP Keeps Changing

Replit runs deployments on Google Cloud VMs. When you deploy, Replit spins up a container on whatever infrastructure is available. That container gets a Google Cloud IP from a rotating pool. Redeploy, new container, new IP.

This is normal for ephemeral cloud infrastructure and usually doesn't matter. It becomes a problem the moment you need to connect to anything that uses IP allowlisting for access control. That includes:

• External databases (PostgreSQL on RDS, MongoDB Atlas, PlanetScale)
• Internal or corporate APIs that restrict inbound connections by IP
• Payment processors and financial data APIs
• Any SaaS vendor that requires you to register your IP before granting access

The frustrating part is Replit is often not the obvious culprit. The remote service just rejects the connection. You see a timeout, a 403, or a generic auth error and start debugging your code when the real issue is which IP the request came from.

The Fix: Route Outbound Traffic Through a Static IP Proxy

Route all outbound requests from your Replit app through a proxy with a fixed IP address. Add that fixed IP to your allowlist once. It stays valid regardless of how many times you redeploy.

QuotaGuard provides exactly this. Your app connects to a proxy endpoint using a standard HTTP or SOCKS5 proxy URL. All outbound traffic exits through your two dedicated static IP addresses. Setup takes about five minutes.

Step 1: Get Your QuotaGuard Credentials

Sign up at quotaguard.com and grab your proxy URL from the dashboard. It looks like this:

http://username:password@static.quotaguard.com:9293

Your dashboard also shows your two static IP addresses. These are the IPs you will whitelist on the other side.

Step 2: Add the Proxy URL as a Replit Secret

In your Replit project, open the Secrets panel (the lock icon in the sidebar). Add a new secret:

• Key: QUOTAGUARDSTATIC_URL
• Value: your full proxy URL from the dashboard

This keeps your credentials out of your code and out of version control.

Step 3: Configure Your App to Use the Proxy

How you configure the proxy depends on your language and what you are connecting to.

Python (HTTP requests)

import os
import requests

proxy_url = os.environ.get('QUOTAGUARDSTATIC_URL')

proxies = {
    'http': proxy_url,
    'https': proxy_url
}

response = requests.get('https://api.example.com/data', proxies=proxies)

Node.js (HTTP requests with axios)

const axios = require('axios');
const { HttpsProxyAgent } = require('https-proxy-agent');

const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
const agent = new HttpsProxyAgent(proxyUrl);

const response = await axios.get('https://api.example.com/data', {
  httpsAgent: agent
});

Node.js (native fetch, Node 18+)

import { HttpsProxyAgent } from 'https-proxy-agent';

const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
const agent = new HttpsProxyAgent(proxyUrl);

const response = await fetch('https://api.example.com/data', { agent });

Database connections (SOCKS5)

For database connections, use the SOCKS5 proxy URL instead of the HTTP proxy URL. Your QuotaGuard dashboard shows both. For PostgreSQL, MongoDB, and other TCP-level connections, the cleanest approach is QGTunnel, which handles proxy routing transparently without changes to your connection code.

Step 4: Whitelist Your Static IPs

With the proxy configured, all outbound traffic from your app exits through your two static QuotaGuard IP addresses. Add both to the allowlist on the other side. Your dashboard shows them clearly.

Redeploy your Replit app as many times as you want. The IPs your traffic comes from never change.

Verifying It Works

To confirm traffic is routing through the proxy, hit an IP echo service from within your app:

import requests
import os

proxy_url = os.environ.get('QUOTAGUARDSTATIC_URL')
proxies = {'http': proxy_url, 'https': proxy_url}

response = requests.get('https://api.ipify.org?format=json', proxies=proxies)
print(response.json())  # Should show your QuotaGuard static IP

If the IP matches what is shown in your QuotaGuard dashboard, you are set.

What This Solves

External database connections. MongoDB Atlas, AWS RDS, and similar databases let you restrict access to specific IPs. With QuotaGuard, you add your two static IPs to the database network access list and everything connects reliably regardless of Replit redeployments.

Third-party API vendor requirements. Some APIs require you to register your IP before they will accept requests. Others block connections from cloud infrastructure IP ranges entirely. Routing through a QuotaGuard IP resolves both.

Corporate or internal APIs. If your Replit app needs to call an API behind a firewall that your organization controls, add your QuotaGuard IPs to the firewall allowlist once. The connection works from that point on.

A Note on Replit-Specific Setup

Unlike Heroku, Replit has no add-on marketplace. Configuration is done entirely through environment variables (Secrets in Replit's interface) and a few lines of code. The upside is nothing platform-specific needs to be installed. The proxy URL works the same whether you are running in Replit's editor, in dev mode, or in a production deployment.

If you have questions about your specific setup, reach out to QuotaGuard support.