How to connect to redis over private network

ajsharp · October 5, 2021, 9:19pm

I’m running two fly apps – one is a rails app, the other is a container running a redis instance. I’ve read some info in the fly docs about the private networking stack, but when I try to make a connection over the internal address, it doesn’t work:

redis = Redis.new(url: 'redis://:PASSWORD@APPNAME.internal:10000')
# => Redis::CannotConnectError (Error connecting to Redis on APPNAME.internal:10000 (Errno::ECONNREFUSED))

I’ve also tried the above with the ipv6 address returned by the DNS commands from this article but I get the same error.

Maybe there’s something I’m missing about connecting to ipv6 addresses?

kurt · October 6, 2021, 12:37am

Which Redis did you deploy? One of our Redis examples binds to IPv4 only, you will need to change the command to allow IPv6:

ajsharp · October 6, 2021, 3:47am

Updated the command to remove the --bind but still no luck. Same error.

jsierles · October 6, 2021, 7:50am

Could you post the whole command or `fly.toml’ here? Are you sure it’s binding on port 10000 and not the standard 6379?

rugwiro · October 6, 2021, 10:41am

I don’t have access to the app I was deploying then but you may find this thread helpful: Redis app refuses private connections

ajsharp · October 6, 2021, 12:52pm

@rugwiro I tried the --bind :: suggestion but for some reason it caused connections to blow out and triggered a rollback.

Here are the configs:

fly.toml

app = "redis-server"

[[mounts]]
source = "redis_server"
destination = "/data"

[experimental]
auto_rollback = true
private_networking = true

[env]

[[services]]
  internal_port = 6379
  protocol = "tcp"

  [services.concurrency]
    hard_limit = 200
    soft_limit = 190
    type = "connections"

  [[services.ports]]
    handlers = []
    port = "10000"

  [[services.tcp_checks]]
    interval = 10000
    timeout  = 2000

start-redis-server.sh

#!/bin/sh
sysctl vm.overcommit_memory=1
sysctl net.core.somaxconn=1024
redis-server --requirepass $REDIS_PASSWORD --dir /data/ --appendonly yes

jsierles · October 6, 2021, 2:08pm

I think the confusion here comes from the port 10000 in services. That will an external port, internet-facing. The internal port number will be 6379, and that’s the one you should use to connect internally.

ajsharp · October 6, 2021, 2:47pm

Yep, that did it Thank you!

kurt · October 7, 2021, 1:07am

If you’re only connecting internally, you can/should remove the services block entirely too!

ajsharp · October 7, 2021, 2:24pm

Ah great, thanks. Might be helpful to add comments as basic documentation to the generated fly.toml when you create an app:

# services are essentially firewall routing from externally exposed ports to internal ports
[[services]]

jsierles · October 7, 2021, 3:21pm

I agree we should make this clearer. We’ll be improving our generated fly.toml soon with comments.

Topic		Replies	Views
Redis app refuses private connections	7	936	May 9, 2021
Can't connect to redis app via private network Questions / Help	4	817	June 21, 2022
Connect to Redis app via internal network failing troubleshooting	18	4359	November 6, 2022
Can not connect to Redis over private network Questions / Help	7	5467	January 7, 2022
Cannot connect to redis troubleshooting	2	1518	June 26, 2022

How to connect to redis over private network

Related topics