Fly proxy seemingly doesn't work

bram-dingelstad · September 15, 2022, 12:41pm

Hey y’all

I’m trying to setup a simple tunnel to an app with a python3 -m http.server 8080 running on the other end.
I’m trying to connect my local computer through fly proxy 8080 and tells me the following:

Proxying local port 8080 to remote [notion-to-calendar.internal]:8080

However, curl localhost:8080 or curl 0.0.0.0:8080 just hangs until I close the proxy.

Is there anything I’m doing wrong? Or do I just fundamentally misunderstand the way fly proxy is supposed to be used?

I’m on an MacBook Pro M1 with Monterey 12.6 (in case that’s relevant).

jerome · September 15, 2022, 12:59pm

I’m able to reproduce this bug. We’re looking into it.

jerome · September 15, 2022, 1:26pm

Could you run your fly proxy command prefixed with LOG_LEVEL=debug?

After a few seconds after your curl, you should see an error printed.

bram-dingelstad · September 15, 2022, 1:39pm

I got the following:

❯ LOG_LEVEL=debug fly proxy 8080
DEBUG Loaded flyctl config from/Users/bram/.fly/config.yml
DEBUG determined hostname: "Brams-MacBook-Pro.local"
DEBUG determined working directory: "/Users/bram/Development/icalul8r"
DEBUG determined user home directory: "/Users/bram"
DEBUG determined config directory: "/Users/bram/.fly"
DEBUG ensured config directory exists.
DEBUG ensured config directory perms.
DEBUG cache loaded.
DEBUG config initialized.
DEBUG initialized task manager.
DEBUG started querying for new release
DEBUG client initialized.
DEBUG --> POST https://api.fly.io/graphql

{
  "query": "query ($appName: String!) { appbasic:app(name: $appName) { id name platformVersion organization { id slug } } }",
  "variables": {
    "appName": "notion-to-calendar"
  }
}

DEBUG {}
DEBUG <-- 200 https://api.fly.io/graphql (523.11ms)

DEBUG querying for release resulted to v0.0.390
{
  "data": {
    "appbasic": {
      "id": "notion-to-calendar",
      "name": "notion-to-calendar",
      "platformVersion": "nomad",
      "organization": {
        "id": "vwJ9K2ApYNJyqtROR9mkLn8mkJIQZX",
        "slug": "notion-to-calendar-766"
      }
    }
  }
}
DEBUG app config loaded from /Users/bram/Development/icalul8r/fly.toml
DEBUG --> POST https://api.fly.io/graphql

{
  "query": "query ($appName: String!) { appbasic:app(name: $appName) { id name platformVersion organization { id slug } } }",
  "variables": {
    "appName": "notion-to-calendar"
  }
}

DEBUG {}
DEBUG <-- 200 https://api.fly.io/graphql (144.9ms)

{
  "data": {
    "appbasic": {
      "id": "notion-to-calendar",
      "name": "notion-to-calendar",
      "platformVersion": "nomad",
      "organization": {
        "id": "vwJ9K2ApYNJyqtROR9mkLn8mkJIQZX",
        "slug": "notion-to-calendar-766"
      }
    }
  }
}
DEBUG --> POST https://api.fly.io/graphql

{
  "query": "mutation($input: ValidateWireGuardPeersInput!) { validateWireGuardPeers(input: $input) { invalidPeerIps } }",
  "variables": {
    "input": {
      "peerIps": [
        "fdaa:0:8a6a:a7b:957f:0:a:2",
        "fdaa:0:1799:a7b:16a9:0:a:202"
      ]
    }
  }
}

DEBUG {}
DEBUG <-- 200 https://api.fly.io/graphql (299.67ms)

{
  "data": {
    "validateWireGuardPeers": {
      "invalidPeerIps": []
    }
  }
}
DEBUG --> POST https://api.fly.io/graphql

{
  "query": "mutation($input: ValidateWireGuardPeersInput!) { validateWireGuardPeers(input: $input) { invalidPeerIps } }",
  "variables": {
    "input": {
      "peerIps": [
        "fdaa:0:1799:a7b:16a9:0:a:202",
        "fdaa:0:8a6a:a7b:957f:0:a:2"
      ]
    }
  }
}

DEBUG {}
DEBUG <-- 200 https://api.fly.io/graphql (223.81ms)

{
  "data": {
    "validateWireGuardPeers": {
      "invalidPeerIps": []
    }
  }
}
Proxying local port 8080 to remote [notion-to-calendar.internal]:8080
DEBUG accepted new connection from: 127.0.0.1:52051
DEBUG failed to connect to target: connect tcp [fdaa:0:8a6a:a7b:c207:a22f:cf7b:2]:8080: connection was refused

jerome · September 15, 2022, 1:40pm

Do you know if python3 -m http.server 8080 binds to all IPs including ipv6?

According to the docs, it should, but that error makes me suspicious.

bram-dingelstad · September 15, 2022, 1:42pm

Seemingly, only IPv4

jerome · September 15, 2022, 1:48pm

That would be the issue then

Maybe: python3 -m http.server --bind :: 8080

bram-dingelstad · September 15, 2022, 1:51pm

It works! Thank you! Is it expected behavior that only IPv6 bound services work with proxy?

jerome · September 15, 2022, 1:58pm

fly proxy specifically connects to your app via our private network and it’s all IPv6. There’s no intermediary involved (except our wireguard gateways), so your app has to be listening on the fdaa:-prefixed IP. Easiest way to achieve that is to bind to everything (w/ [::]).

If you’re accessing your app via the public hostname we provide, then that goes through IPv4 (the IP starting with 172. in your VM).

So to answer your question: yes only listeners bound on ipv6 are accessible via the fly proxy command.

Topic		Replies	Views
[2022-10-22] flyctl: Post "https://api.fly.io/graphql": dial tcp ... connect: no route to host	3	501	October 27, 2022
Flyctl proxy hangs Questions / Help	4	430	March 17, 2023
fly proxy hanging (and other problems) Build debugging postgres , flyctl	29	898	August 21, 2023
Cannot access app through fly.io subdomain Build debugging	15	872	January 12, 2023
How to use the 'fly proxy' command	2	216	May 31, 2023

Fly proxy seemingly doesn't work

Related Topics