No access to internal address via wireguard

cjl · December 15, 2021, 8:13pm

Here is my fly.toml

app = "snap-db-data-rebuild-florida-imports"

kill_signal = "SIGINT"
kill_timeout = 5
processes = []


[build]
 image = "postgis/postgis:13-3.1"

[mounts]
  source      = "snap_db_volume_data_rebuild_florida_imports"
  destination = "/var/lib/postgresql"

[experimental]
  allowed_public_ports = []
  private_network = true
  auto_rollback = true
  cmd = ["postgres", "-c", "max_connections=200"]

[[services]]
  http_checks = []
  internal_port = 5432
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

I tried running dig -t txt _apps.internal +short but no apps show up.

charsleysa · December 15, 2021, 10:24pm

Hi @cjl

What do you see if you run fly dig TXT _apps.internal?

kurt · December 15, 2021, 10:35pm

You probably need the internal DNS server address from your wireguard config. Something like:

dig -t txt _apps.internal +short @fdaa:0:5d2::3

Here is what mine looks like:

Wireguard does some DNS magic to make our .internal works for apps that use the system resolver. dig does not use the system resolver, exactly, so it bypasses what wireguard has going.

Topic		Replies	Views
Unable to dig _apps.internal after setting up Wireguard Questions / Help troubleshooting	9	838	February 21, 2022
Wireguard connection down? postgres	4	431	December 22, 2021
spring boot + postgresql Questions / Help postgres	7	1058	July 30, 2023
Issue With Wireguard // Connecting To Postgres (User Error I'm Sure)	18	1699	March 21, 2022
WireGuard tunnel: can't resolve <app>.internal etc.	3	502	June 16, 2023

No access to internal address via wireguard

Related topics