Hello. I have set up two orgs. We’ll call them org1 and org2. I set up nginx app called ‘dmz-proxy’ in org1 and given it a flycast private ip using fly ips allocate-v6 --private --org org2. An v6 address was allocated. I set up a wireguard network for both org1 and org2. Over the wireguard network for org1, I am able to reach the app using its internal address. In org2, I should be able to obtain the app using the assigned IP address, but I cannot.
The toml is below. I am expecting that the internal ports 80 and 443 will be mapped to 80 and 443 on the allocated v6 address and they will be reachable in org2. I cannot curl the v6 address when wireguard is open to org 2.
Browsing to the address gives me a 400 with “invalid authority” on port 80. I am testing port 80 before supplying certs and setting a DNS entry for the v6 ip. It seems this ought to work but its not.
My goal with the setup is to expose services in the dmz org to the destination org via the dmz-proxy. I should note I have also released the public v6 and v4 ips for the dmz-proxy app.
app = “dmz-proxy”
kill_signal = “SIGINT”
kill_timeout = 5
processes =
[build.args]
NGINX_VERSION = “1.23”
[experimental]
auto_rollback = true
[[services]]
http_checks =
internal_port = 80
protocol = “tcp”
script_checks =
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = “connections”
[[services.ports]]
force_https = true
handlers = [“http”]
port = 80
[[services]]
http_checks =
internal_port = 443
protocol = “tcp”
script_checks =
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = “connections”
[[services.ports]]
handlers = [“tls”, “http”]
port = 443