No access to internal address via wireguard

cjl · December 15, 2021, 8:13pm

Here is my fly.toml

app = "snap-db-data-rebuild-florida-imports"

kill_signal = "SIGINT"
kill_timeout = 5
processes = []


[build]
 image = "postgis/postgis:13-3.1"

[mounts]
  source      = "snap_db_volume_data_rebuild_florida_imports"
  destination = "/var/lib/postgresql"

[experimental]
  allowed_public_ports = []
  private_network = true
  auto_rollback = true
  cmd = ["postgres", "-c", "max_connections=200"]

[[services]]
  http_checks = []
  internal_port = 5432
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

I tried running dig -t txt _apps.internal +short but no apps show up.

charsleysa · December 15, 2021, 10:24pm

Hi @cjl

What do you see if you run fly dig TXT _apps.internal?

kurt · December 15, 2021, 10:35pm

You probably need the internal DNS server address from your wireguard config. Something like:

dig -t txt _apps.internal +short @fdaa:0:5d2::3

Here is what mine looks like:

Wireguard does some DNS magic to make our .internal works for apps that use the system resolver. dig does not use the system resolver, exactly, so it bypasses what wireguard has going.

Topic		Replies	Views
WireGuard tunnel: can't resolve <app>.internal etc.	3	389	June 16, 2023
Unable to connect to wireguard tunnel Questions / Help	11	2657	October 18, 2022
Private network via WireGuard How To help-me-help-you	4	1170	October 24, 2022
Wireguard on linux must be restarted daily Questions / Help	3	292	April 28, 2022
Create app & add WireGuard peer via API Build debugging	15	1274	June 17, 2021

No access to internal address via wireguard

Related Topics