Can't connect to private Hono app with Deno 2

Setup:

Main server (public) app → Hono with Deno 2.0
Workers (private) → Hono with Deno 2.0 (launched through Machines API)
Only one Fly App with shared codebase and Dockerfile.

Simplified Dockerfile

FROM denoland/deno:2.0.4
WORKDIR /app
COPY . .

EXPOSE 8000

Simplified fly.toml file

app = 'my-app
primary_region = 'iad'

[build]

[env]
  # my env vars
[processes]
  server = 'deno run --allow-all src/server.ts'
  # worker = 'deno run --allow-all src/worker.ts'

[http_service]
  internal_port = 8000
  force_https = true
  auto_stop_machines = 'stop'
  auto_start_machines = true
  min_machines_running = 1
  processes = ['server']

[[vm]]
  size = 'shared-cpu-2x'
  memory = '1gb'
  processes = ['server']

The server will create workers on demand using the Machines API with the following config:

config: {
	guest: {
		cpu_kind: cpuKind,
		cpus,
		memory_mb: memoryMb,
	},
	image: FLY_IMAGE_REF,
	metadata: {
		fly_process_group: "worker",
	},
	env: {
	    // my envs
	},
	processes: [
		{
			cmd: ["deno", "run", "--allow-all", "src/worker.ts"],
		},
	],
},

So after the server has created the machine and waited for it to start, fetch requests to it using the private address fail with ECONNREFUSED:
http://{machineId}.vm.my-app.internal:8000/
I have a retry logic so it’s not that the machine has not started when the request happens. All 10 attempts fail with the same error.

Logs of workers machines during startup show:

2024-11-01 10:06:30.510 Listening on http://0.0.0.0:8000/
2024-11-01 10:06:28.824 2024/11/01 09:06:28 INFO SSH listening listen_address=[fdaa:1:1205:a7b:309:9d9c:6618:2]:22 dns_server=[fdaa::3]:53
2024-11-01 10:06:28.735 Machine created and started in 12.39s
2024-11-01 10:06:28.607 INFO [fly api proxy] listening at /.fly/api
2024-11-01 10:06:28.604 INFO Preparing to run: `/tini -- docker-entrypoint.sh deno run --allow-all src/worker.ts` as root
2024-11-01 10:06:28.438 INFO Starting init (commit: 74e923d)...
2024-11-01 10:06:27.474 2024-11-01T09:06:27.474073566 [01JBKFJDT6WP56VKPE99237MET:main] Running Firecracker v1.7.0
2024-11-01 10:06:27.415 Configuring firecracker

The exact same setup but running with Bun instead of Deno 2 works just fine.

A few related resources:

It looks like it might be related to the app not listening to the IP v6 address? The public server app works because that gets resolved to an IP v4 address, I think. But the .internal ones are resolved to ip v6, right?

Found this:

Gotta listen to the :: ipv6 address for it to work.

Deno.serve({
    port: 8000,
    hostname: "::"
}, app.fetch);

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.