https issue

fuji246 · October 13, 2022, 10:18pm

I’m now deployed NPS but having some problem with https and customized domain.

I have no problem on the control panel, https and customized domain works:

https://nps.fly.dev:8080
https://nps.lomorage.com:8080

I’ve add domain settings and verified that:

The certificate for *.lomorage.com has been issued.
Hostname                  = *.lomorage.com

DNS Provider              = cloudflare

Certificate Authority     = Let's Encrypt

Issued                    = rsa,ecdsa

Added to App              = 46 minutes ago

Source                    = fly

However when I tried the tunnel with subdomain like “bob.lomorage.com”, I don’t see the traffic forwarded in the log. I can’t figure out why the web admin service on 8080 works but not tunnel on 443, any thoughts?

Below is the fly.toml file, the external tunnel service port is 443, I don’t have https running on nps, so it’s using fly.io to handle the https and forward it nps, just like using nginx as https proxy.

# fly.toml file generated for nps on 2022-10-11T14:44:40-07:00

app = "nps"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[env]

[experimental]
  allowed_public_ports = [80, 443]
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 80
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

[[services]]
  http_checks = []
  internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 8080

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"


[[services]]
  http_checks = []
  internal_port = 8024
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    port = 8024

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

ignoramous · October 13, 2022, 11:52pm

A guess that you may want to redirect 443 north to 8080 south.

[experimental]
-  allowed_public_ports = [80, 443]
  auto_rollback = true

[[services]]
-  http_checks = []
-  internal_port = 80
+ internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

If not, check if the health checks for 443 → 80 are passing: flyctl status --all -a <app-name> (ref).

Not required but, you can also omit all mentions of process = ["app"] (if you are not running a Fly multi-process app), which is anyway the default.

fuji246 · October 14, 2022, 12:32am

Thanks for the help.

8080 is actually the web admin service port, while the TCP tuning is using port 80.

flyctl status --all -a nps shows 3 passing, matches the setting in fly.toml file above, 8080 → 8080, 8024 → 8024 and 443 → 80.

App
  Name     = nps          
  Owner    = personal     
  Version  = 11           
  Status   = running      
  Hostname = nps.fly.dev  
  Platform = nomad        

Instances
ID      	PROCESS	VERSION	REGION	DESIRED	STATUS 	HEALTH CHECKS     	RESTARTS	CREATED              
b6fb305d	app    	11 ⇡   	lax   	run    	running	3 total, 3 passing	0       	2022-10-12T23:44:15Z	
dc931b90	app    	3      	lax   	stop   	failed 	                  	2       	2022-10-11T23:38:08Z	
c4db572c	app    	2      	lax   	stop   	failed 	1 total           	2       	2022-10-11T23:34:40Z	
b13e95f4	app    	1      	lax   	run    	failed 	                  	2       	2022-10-11T22:07:51Z	
59ba0c21	app    	0      	lax   	stop   	failed 	                  	2       	2022-10-11T21:54:12Z

fuji246 · October 14, 2022, 12:33am

Tried again, seems it’s working now, I haven’t change anything, probably cache somewhere finally updated, not sure. Anyway, thank you for the help!

ignoramous · October 14, 2022, 5:40pm

Yeah, could be a problem at Fly end of things: Unable to reach recently deployed apps at .fly.dev address (502s) - #8 by jerome | Can't deploy my app in iad - #8 by michael

Glad you’ve got it working though!

Topic		Replies	Views
SSL for custom domains doesn't seem to be working consistently	2	318	August 10, 2021
HTTPS traffic blocked Questions / Help	7	318	September 29, 2022
custom domain: You need allocated IPs and services on your fly.toml to be able to set your certificates properly certificates	1	216	December 18, 2023
SSL certificate on port distinct from 443 voids for <myapp>.fly.dev domain Questions / Help	4	303	October 4, 2023
Subdomain dns configuration not working Questions / Help	1	313	November 14, 2022

https issue

Related Topics