Connect Firebase App Hosting to a VPC network
Stay organized with collections
Save and categorize content based on your preferences.
Your Firebase App Hosting backend can connect to a Virtual Private Cloud
(VPC) network. This allows your
Firebase App Hosting backend to access backend services not accessible using
public IP addresses, such as Cloud SQL, Spanner, Cloud Memorystore,
Compute Engine, or Kubernetes internal microservices.
VPC access is only available at runtime (from your Cloud Run
container), not at build time (Cloud Build).
Choose how to connect to a VPC network
- Direct VPC
Egress:
Simpler, faster, and less expensive. Uses one IP address per container.
Recommended for most use cases.
- Serverless
Connectors:
Pools IP addresses for larger applications. Requires payment for the
underlying VM. See "Serverless VPC Access" in the
VPC pricing page
for pricing details.
Use the vpcAccess mapping in your apphosting.yaml file to configure access.
Use either a fully qualified network/connector name or an ID. Using IDs allows
for portability between staging and production environments with different
connectors/networks.
Direct VPC Egress Configuration (apphosting.yaml):
runConfig:
vpcAccess:
egress: PRIVATE_RANGES_ONLY # Default value
networkInterfaces:
# Specify at least one of network and/or subnetwork
- network: my-network-id
subnetwork: my-subnetwork-id
Serverless Connector Configuration (apphosting.yaml):
runConfig:
vpcAccess:
egress: ALL_TRAFFIC
connector: connector-id
Example: connect to Memorystore for Redis from a Next.js app
Caching systems like Redis or Memcached are commonly used to build a fast data
caching layer for an app. This example shows you how to set up
Memorystore for Redis
in the same Google Cloud project as your Firebase App Hosting backend and
connect to it using
Direct VPC egress.
Step 0: Create a Memorystore for Redis instance
- Go to the
Memorystore for Redis page
in the Google Cloud console.
- Make sure the same project you're using for Firebase App Hosting is
selected.
- If you can't access this page, make sure billing is enabled for your
project and that you've enabled the
Memorystore API.
- Select Create Instance.
- Configure the new instance with your preferred settings. Here are some
example values you can use:
- Enter
my-redis-cache under Instance ID.
- Enter
Redis cache under Display name.
- Choose Basic under the tier selector. Basic tier designates a
standalone Redis node, as opposed to standard tier, which uses a
replica node to backup your data.
- Choose your App Hosting backend's region from the Region
selector.
Be sure to set this value to match the region of your backend.
- Choose any from the zone selector.
- Enter
5 under Capacity. This sets your instance capacity to 5 GB.
- Select
5.0 under Version (recommended).
- Choose default from the Authorized network selector.
Step 1: Update apphosting.yaml with your VPC network ID
- Visit the
VPC networks page
in the Google Cloud console.
- Find the VPC network ID for your Memorystore for Redis instance (it will
often be
default).
Set direct VPC egress configuration in apphosting.yaml using the VPC
network ID:
runConfig:
vpcAccess:
egress: PRIVATE_RANGES_ONLY # Default value
networkInterfaces:
- network: my-network-id
Step 2: Add environment variables that direct your app to Redis
- Find connection information (host and port) in the "Connections" tab of your
Memorystore for Redis instance in the Google Cloud console.
Connect to Redis with REDISPORT and REDISHOST environment variables. Set
these in apphosting.yaml using the host and port values from the
Google Cloud console:
env:
# Sample only. Use actual values provided by Memorystore
- variable: REDISPORT
value: 6379
- variable: REDISHOST
value: 10.127.16.3
Step 3: Use redis from your app
Install the redis npm package:
npm install redis@latest
Access your redis cache from your code. Use the environment variables
configured in the previous step. For example, here's how you might read from
a cache in a Next.js route handler:
src/lib/redis.js
import { createClient } from "redis";
// Set these environment variables in apphosting.yaml
const REDISHOST = process.env.REDISHOST;
const REDISPORT = process.env.REDISPORT;
let redisClient;
export async function getClient(req, res) {
// Only connect if a connection isn't already available
if (!redisClient) {
redisClient = await createClient(REDISPORT, REDISHOST)
.on("error", (err) => console.error("Redis Client Error", err))
.connect();
}
return redisClient;
}
src/app/counter/route.js
import { getClient } from "@/lib/redis.js";
export async function GET(request) {
const redisClient = await getClient();
const count = await redisClient.get("counter");
return Response.json({ count });
}
export async function POST(request) {
const redisClient = await getClient();
const count = await redisClient.incr("counter");
return Response.json({ count });
}
Step 4 (optional): Configure your app for local development
The Firebase App Hosting emulator can override values using
apphosting.emulator.yaml. Here, you can change the value of REDISHOST to
point to the localhost so that you can develop locally using a local
installation of Redis.
- Install Redis on your local machine
Create or edit apphosting.emulators.yaml to reference your local instance:
env:
- variable: REDISHOST
value: 127.0.0.1
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-28 UTC.
[null,null,["Last updated 2025-08-28 UTC."],[],[],null,["\u003cbr /\u003e\n\nYour Firebase App Hosting backend can connect to a [Virtual Private Cloud\n(VPC)](https://cloud.google.com/vpc/docs) network. This allows your\nFirebase App Hosting backend to access backend services not accessible using\npublic IP addresses, such as Cloud SQL, Spanner, Cloud Memorystore,\nCompute Engine, or Kubernetes internal microservices.\n\nVPC access is only available at runtime (from your Cloud Run\ncontainer), not at build time (Cloud Build).\n\nChoose how to connect to a VPC network\n\n- [Direct VPC\n Egress](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc): Simpler, faster, and less expensive. Uses one IP address per container. Recommended for most use cases.\n- [Serverless\n Connectors](https://cloud.google.com/vpc/docs/serverless-vpc-access): Pools IP addresses for larger applications. Requires payment for the underlying VM. See \"Serverless VPC Access\" in the [VPC pricing page](https://cloud.google.com/vpc/network-pricing) for pricing details.\n\nConfigure in `apphosting.yaml`\n\nUse the `vpcAccess` mapping in your `apphosting.yaml` file to configure access.\nUse either a fully qualified network/connector name or an ID. Using IDs allows\nfor portability between staging and production environments with different\nconnectors/networks.\n\nDirect VPC Egress Configuration (`apphosting.yaml`): \n\n runConfig:\n vpcAccess:\n egress: PRIVATE_RANGES_ONLY # Default value\n networkInterfaces:\n # Specify at least one of network and/or subnetwork\n - network: my-network-id\n subnetwork: my-subnetwork-id\n\nServerless Connector Configuration (`apphosting.yaml`): \n\n runConfig:\n vpcAccess:\n egress: ALL_TRAFFIC\n connector: connector-id\n\nExample: connect to Memorystore for Redis from a Next.js app\n\nCaching systems like Redis or Memcached are commonly used to build a fast data\ncaching layer for an app. This example shows you how to set up\n[Memorystore for Redis](https://cloud.google.com/memorystore/docs/redis/memorystore-for-redis-overview)\nin the same Google Cloud project as your Firebase App Hosting backend and\nconnect to it using\n[Direct VPC egress](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc).\n\nStep 0: Create a Memorystore for Redis instance **Note:** you may also be prompted to create a [service connection policy](https://cloud.google.com/vpc/docs/about-service-connection-policies) as part of this setup.\n\n1. Go to the [*Memorystore for Redis* page](https://console.cloud.google.com/memorystore/redis/instances) in the Google Cloud console.\n - Make sure the same project you're using for Firebase App Hosting is selected.\n - If you can't access this page, make sure billing is enabled for your project and that you've enabled the [Memorystore API](https://console.cloud.google.com/apis/dashboard).\n2. Select **Create Instance**.\n3. Configure the new instance with your preferred settings. Here are some example values you can use:\n - Enter `my-redis-cache` under **Instance ID**.\n - Enter `Redis cache` under **Display name**.\n - Choose **Basic** under the tier selector. Basic tier designates a standalone Redis node, as opposed to standard tier, which uses a replica node to backup your data.\n - Choose your App Hosting backend's region from the **Region** selector. **Be sure to set this value to match the region of your backend.**\n - Choose **any** from the zone selector.\n - Enter `5` under **Capacity**. This sets your instance capacity to 5 GB.\n - Select `5.0` under **Version** (recommended).\n - Choose **default** from the **Authorized network** selector.\n\nStep 1: Update `apphosting.yaml` with your VPC network ID\n\n1. Visit the [VPC networks page](/docs/app-hosting/console.cloud.google.com/networking/networks/list) in the Google Cloud console.\n2. Find the VPC network ID for your Memorystore for Redis instance (it will often be `default`).\n3. Set direct VPC egress configuration in `apphosting.yaml` using the VPC\n network ID:\n\n runConfig:\n vpcAccess:\n egress: PRIVATE_RANGES_ONLY # Default value\n networkInterfaces:\n - network: my-network-id\n\nStep 2: Add environment variables that direct your app to Redis\n\n1. Find connection information (host and port) in the \"Connections\" tab of your Memorystore for Redis instance in the Google Cloud console.\n2. Connect to Redis with `REDISPORT` and `REDISHOST` environment variables. Set\n these in `apphosting.yaml` using the host and port values from the\n Google Cloud console:\n\n env:\n # Sample only. Use actual values provided by Memorystore\n - variable: REDISPORT\n value: 6379\n - variable: REDISHOST\n value: 10.127.16.3\n\nStep 3: Use redis from your app\n\n1. Install the [redis](https://www.npmjs.com/package/redis) npm package:\n\n `npm install redis@latest`\n2. Access your redis cache from your code. Use the environment variables\n configured in the previous step. For example, here's how you might read from\n a cache in a Next.js route handler:\n\n - `src/lib/redis.js`\n\n import { createClient } from \"redis\";\n\n // Set these environment variables in apphosting.yaml\n const REDISHOST = process.env.REDISHOST;\n const REDISPORT = process.env.REDISPORT;\n\n let redisClient;\n\n export async function getClient(req, res) {\n // Only connect if a connection isn't already available\n if (!redisClient) {\n redisClient = await createClient(REDISPORT, REDISHOST)\n .on(\"error\", (err) =\u003e console.error(\"Redis Client Error\", err))\n .connect();\n }\n\n return redisClient;\n }\n\n - `src/app/counter/route.js`\n\n import { getClient } from \"@/lib/redis.js\";\n\n export async function GET(request) {\n const redisClient = await getClient();\n const count = await redisClient.get(\"counter\");\n\n return Response.json({ count });\n }\n\n export async function POST(request) {\n const redisClient = await getClient();\n const count = await redisClient.incr(\"counter\");\n\n return Response.json({ count });\n }\n\nStep 4 (optional): Configure your app for local development\n\nThe Firebase App Hosting emulator can override values using\n`apphosting.emulator.yaml`. Here, you can change the value of `REDISHOST` to\npoint to the localhost so that you can develop locally using a local\ninstallation of Redis.\n\n1. [Install Redis on your local machine](https://redis.io/docs/latest/operate/oss_and_stack/install/install-redis/)\n2. Create or edit `apphosting.emulators.yaml` to reference your local instance:\n\n env:\n - variable: REDISHOST\n value: 127.0.0.1"]]
