I’m deploying a few different applications: one nextjs app, which also serves a graphql API, a python fastAPI application which also serves a graphql API and and graphql API gateway which needs to connect to both of the graphql APIs.
All of them are currently exposed to the internet while I’m getting this up and running, but they are using the internal addresses to communicate since the idea is that only a reverse proxy will be exposed in the end.
Most of it works. I can access all 3 services from the internet, and I can verify that I can connect to one graphql API via the API gateway. But for some reason, it looks like the python service, which listens on port 8000, only exposes that port to the internet, but not the internal address.
I’ve tried SSHing into various services and connecting to the python service. I can ping it just fine, but I can’t curl/wget it. If I setup a wireguard tunnel and run a port scan on the internal address, I only get port 22. If I scan the other services, their internal ports are open as expected.
The Dockerfile command is
CMD ["uvicorn", "main:app", "--host", "0.0.0.0" , "--port", "8000"]
I’ve also tried ::
based on some threads I’ve managed to find by googling, but this makes the deployment fail because the healthchecks don’t pass. In fly.toml, internal_port = 8000
.
I feel like I must be missing something, but I’ve really spent an unreasonable amount of time on this issue at this point and would really appreciate any and all input.