How do I send requests to a Fly Machine over the Wireguard VPN?

I’ve connected to the Wireguard VPN, and have ran the following command to find the IP of the machine:

fly dig 5683607b470d18.vm.02029a5f-319f-44e6-ad57-2be6e3035d1a.internal

;; opcode: QUERY, status: NOERROR, id: 49714
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;5683607b470d18.vm.02029a5f-319f-44e6-ad57-2be6e3035d1a.internal. IN AAAA

;; ANSWER SECTION:
5683607b470d18.vm.02029a5f-319f-44e6-ad57-2be6e3035d1a.internal. 5 IN AAAA fdaa:9:7823:a7b:8d:af16:44bd:2

Here are the logs of the machine:

2024-12-31 16:43:22.564 2024/12/31 14:43:22 INFO SSH listening listen_address=[fdaa:9:7823:a7b:8d:af16:44bd:2]:22 dns_server=[fdaa::3]:53

2024-12-31 16:43:22.521 Content root path: /app
2024-12-31 16:43:22.521 info: Microsoft.Hosting.Lifetime[0]
2024-12-31 16:43:22.521 Hosting environment: Production
2024-12-31 16:43:22.521 info: Microsoft.Hosting.Lifetime[0]
2024-12-31 16:43:22.521 Application started. Press Ctrl+C to shut down.
2024-12-31 16:43:22.521 info: Microsoft.Hosting.Lifetime[0]
2024-12-31 16:43:22.521 Now listening on: http://0.0.0.0:65432
2024-12-31 16:43:22.521 info: Microsoft.Hosting.Lifetime[14]
2024-12-31 16:43:22.439 Machine started in 941ms
2024-12-31 16:43:22.371 INFO [fly api proxy] listening at /.fly/api
2024-12-31 16:43:22.360 INFO Preparing to run: docker-entrypoint.sh /app/Agent as root
2024-12-31 16:43:22.285 INFO Starting init (commit: 1df1d0a0)…
2024-12-31 16:43:21.587 2024-12-31T14:43:21.587614516 [01JGEEY0MATR1G8J7FXMTDFEK5:main] Running Firecracker v1.7.0
2024-12-31 16:43:14.492 [ 3962.491372] reboot: Restarting system
2024-12-31 16:43:14.491 WARN could not unmount /rootfs: EINVAL: Invalid argument
2024-12-31 16:43:14.489 INFO Starting clean up.
2024-12-31 16:43:14.475 INFO Main child exited normally with code: 0
2024-12-31 16:43:13.888 Application is shutting down…
2024-12-31 16:43:13.888 info: Microsoft.Hosting.Lifetime[0]

2024-12-31 16:43:13.884 INFO Sending signal SIGINT to main child process w/ PID 321

However, attempting to contact the machine using curl fails:

curl --request POST [fdaa:9:7823:a7b:8d:af16:44bd:2]:65432
curl: (7) Failed to connect to fdaa:9:7823:a7b:8d:af16:44bd:2 port 65432 after 70 ms: Could not connect to server

How do I actually send the request?

Is your app running? You may have it auto-stopping. When you make a request directly to the machine you are not going through the fly proxy and the machine will not auto-start due to a request.

You can use fly machine list to see the status of your machines, and their internal IPv6 addresses. If a machine is not running you can use fly machine start to start it. Also note if you’re trying to reach your HTTP server directly instead of through the fly proxy, you will need to access it via HTTP on the port it is listening on, and not HTTPS via the standard HTTPS port:

% fly machine list
178117d9fe9e28	damp-field-6004      	started	      	sjc   	    	testkms:deployment-01JFAKB11HH8C0JY6YMEA7H0CY	fdaa:9:1094:a7b:152:672d:55f:2       	2024-12-17T15:19:26Z	2024-12-17T15:21:56Z	app          	shared-cpu-1x:1024MB
% curl 'http://[fdaa:9:1094:a7b:152:672d:55f:2]:8080'
<!DOCTYPE html>
<html lang="en">
<body>
<h2>I'm running in the sjc region</h2>
</body>
</html>

It’s not stopped, I set it up with autostop=“off”, autostart=true.

When you have wireguard running are you able to ping your machine? ie ping6 fdaa:9:1094:a7b:152:672d:55f:2

Yes.

ping -6 fdaa:9:7823:a7b:8d:af16:44bd:2

PING fdaa:9:7823:a7b:8d:af16:44bd:2 (fdaa:9:7823:a7b:8d:af16:44bd:2) 56 data bytes
64 bytes from fdaa:9:7823:a7b:8d:af16:44bd:2: icmp_seq=2 ttl=62 time=72.4 ms

Running

nmap -6 fdaa:9:7823:a7b:8d:af16:44bd:2
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-01 11:17 EET
Nmap scan report for 5683607b470d18.vm.02029a5f-319f-44e6-ad57-2be6e3035d1a.internal (fdaa:9:7823:a7b:8d:af16:44bd:2)
Host is up (0.071s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 1.23 seconds

Why is this happening? The machine is running, and this is the JSON I used to set it up:

{
“name” : “d69c6043-84c4-4953-94a5-bade92f6b3d4”,
“config” : {
“image” : “REDACTED”,
“env” : {
“APP_ENV” : “production”
},
“services” : [ {
“port” : 65432,
“autostop” : “off”,
“autostart” : true
} ],
“auto_destroy” : false
}
}

Are you listening on 65432 on all interfaces in your machine?
If you have netstat installed you can use fly ssh console -C "netstat -an" to see what is listening.

fly ssh console -a 02029a5f-319f-44e6-ad57-2be6e3035d1a --machine 5683607b470d18 -C “netstat -an”

Connecting to fdaa:9:7823:a7b:8d:af16:44bd:2… complete
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:65432 0.0.0.0:* LISTEN
tcp6 0 0 fdaa:9:7823:a7b:8d:a:22 :::* LISTEN
tcp6 0 36 fdaa:9:7823:a7b:8d:a:22 fdaa:9:7823:a7b:1:21820 ESTABLISHED
tcp6 0 0 fdaa:9:7823:a7b:8d:a:22 fdaa:9:7823:a7b:1:21818 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7152 /.fly/api
unix 2 [ ACC ] STREAM LISTENING 7165 /tmp/dotnet-diagnostic-321-74-socket
unix 3 STREAM CONNECTED 7130
unix 3 STREAM CONNECTED 7129

You’re listening on port 65432 on all interfaces, but only for IPv4, not for IPv6.

Fixed it by replacing 0.0.0.0:65432 with [::]:65432 in my server setup code, thanks.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.