How to connect to redis over private network

I’m running two fly apps – one is a rails app, the other is a container running a redis instance. I’ve read some info in the fly docs about the private networking stack, but when I try to make a connection over the internal address, it doesn’t work:

redis = Redis.new(url: 'redis://:PASSWORD@APPNAME.internal:10000')
# => Redis::CannotConnectError (Error connecting to Redis on APPNAME.internal:10000 (Errno::ECONNREFUSED))

I’ve also tried the above with the ipv6 address returned by the DNS commands from this article but I get the same error.

Maybe there’s something I’m missing about connecting to ipv6 addresses?

Which Redis did you deploy? One of our Redis examples binds to IPv4 only, you will need to change the command to allow IPv6:

Updated the command to remove the --bind but still no luck. Same error.

Could you post the whole command or `fly.toml’ here? Are you sure it’s binding on port 10000 and not the standard 6379?

I don’t have access to the app I was deploying then but you may find this thread helpful: Redis app refuses private connections

@rugwirobaker I tried the --bind :: suggestion but for some reason it caused connections to blow out and triggered a rollback.

Here are the configs:

fly.toml

app = "redis-server"

[[mounts]]
source = "redis_server"
destination = "/data"

[experimental]
auto_rollback = true
private_networking = true

[env]

[[services]]
  internal_port = 6379
  protocol = "tcp"

  [services.concurrency]
    hard_limit = 200
    soft_limit = 190
    type = "connections"

  [[services.ports]]
    handlers = []
    port = "10000"

  [[services.tcp_checks]]
    interval = 10000
    timeout  = 2000 

start-redis-server.sh

#!/bin/sh
sysctl vm.overcommit_memory=1
sysctl net.core.somaxconn=1024
redis-server --requirepass $REDIS_PASSWORD --dir /data/ --appendonly yes

I think the confusion here comes from the port 10000 in services. That will an external port, internet-facing. The internal port number will be 6379, and that’s the one you should use to connect internally.

1 Like

Yep, that did it :slight_smile: Thank you!

1 Like

If you’re only connecting internally, you can/should remove the services block entirely too!

Ah great, thanks. Might be helpful to add comments as basic documentation to the generated fly.toml when you create an app:

# services are essentially firewall routing from externally exposed ports to internal ports
[[services]]

I agree we should make this clearer. We’ll be improving our generated fly.toml soon with comments.

1 Like