Private application only accessible internally

I want to deploy a Memcached container which is only accessible internally, without a public hostname. Is it possible? Thanks!

Hi @vitobotta

Yes that’s possible. Simply remove the services section from the fly.toml file and the app will be internal only.


Hi @charsleysa, I commented out that section but fly info still shows a public hostname. What am I missing?

Hi @vitobotta

It will still show a public host name as all apps use a globally unique name.

Since there is no services section in your fly.toml file, the proxy will block incoming connections and there won’t be anyway to access your app publicly.

You should be able to verify this by trying to connect to your app using the public hostname and being rejected / no connection possible.

Gotcha, that’s perfect. Now I am having another problem. I am trying to connect to a memcached instance from my app with the hostname “fra.memcached-app-name.internal” since the instance is in Frankfurt, but I get connection refused. Is the hostname correct?

Oh I think it’s because the memcached port 11211 is not open now. How can I open it internally while still preventing access from the internet?

Internally, all ports are open, so there’s no extra config needed to open ports for internal use.

Double check that you’re using the right port, also double checking that the address you’re binding to is [::]:PORT