I’m a little confused about how to make a python server app only accessible through a proxy. I tried the following, but I am not sure which one is correct. First, I use fly ips release released all the ips, but the server was still accessible. Then, I deleted the http_service section from the fly.toml file, and the server was no longer accessible. This means that releasing the ips did not have the expected effect. I am really confused.
here’s my dockerfile and fly.toml
FROM python:3.11.6-slim-bookworm as base
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
WORKDIR /app
RUN pip install flask
COPY main.py /app/main.py
RUN mkdir /data/
RUN touch /data/file.txt
ENTRYPOINT ["flask"]
CMD ["--app","main","run","--host","::","--port","8080"]
So to make your app accessible through a private network, don’t use http_service, use [[services]] instead. EG:
[[services]]
protocol = "tcp"
internal_port = 8080
# this sets up an internal HTTP connection (on the same port) so that
# you can use the proxy to load balance via <app-name>.flycast:8080
[[services.ports]]
handlers = ["http"]
port = "8080"
Note: If you have a public IP address assigned to your app, services in fly.toml will be exposed to the public internet. Verify this with fly ips list.
I still use the http_service config for my apps, but I manually release the public IP addresses and then add a private ipv6 address so that it can still be load balanced via the .flycast address.
It’s strange that you still had access when all ips were released, I haven’t encountered that issue before.
Yeah it’s weird, I haven’t confirmed that, but I suspect that even after releasing all ips, if the fly.toml still has http_service, it still accessible even after I removed the http_service, the situation stayed the same
