Hello, I have created a new rails app and a nextjs app. I want the rails app to function as a private service that can be reached by the nextjs app but not by the public internet.
I have been trying to follow the official documentation (Private Networking · Fly Docs) and some forum posts ([1], [2]). First, I tried to bind my rails app to [::] with the following.
[processes]
app = './bin/rails server -b [::] -p 3000'
From some forum posts ([3]) this seemed like it would expose the service to the public, but I just wanted to get the private ipv6 networking to work first. But when I tried to call the service, it did not work.
So then I tried giving my rails app a dedicated ipv6 address and have it bind to that
[processes]
app = './bin/rails server -b [fdaa:6:xxxxxxxx] -p 3000'
With this, I was still able to get the address from dns lookups
Hi… My guess is force_https, which doesn’t play nicely with Flycast…
Perhaps you could post your full fly.toml? There might be multiple things going wrong simultaneously.
And also the output of fly ips list -a rails-app-name, just to double-check.
In general, you can’t bind to the .flycast address directly. The Fly proxy is what sits there. With recent Rails, I think -b can be omitted completely, .
Hi @mayailurus , thanks for your reply, currently my fly.toml looks like below. It’s pretty much what I got from fly launch with just the app= and force_https= edited.
# fly.toml app configuration file generated for yolets-be on 2024-02-13T13:23:04-05:00
#
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
#
app = 'yolets-be'
primary_region = 'yyz'
console_command = '/rails/bin/rails console'
[build]
[deploy]
release_command = './bin/rails db:prepare'
[processes]
app = './bin/rails server -b [fdaa:6:67aa:0:1::3] -p 3000'
solidq = 'bundle exec rake solid_queue:start'
[http_service]
internal_port = 3000
force_https = false
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
processes = ['app']
[checks]
[checks.status]
port = 3000
type = 'http'
interval = '10s'
timeout = '2s'
grace_period = '5s'
method = 'GET'
path = '/up'
protocol = 'http'
tls_skip_verify = false
[checks.status.headers]
X-Forwarded-Proto = 'https'
[[vm]]
cpu_kind = 'shared'
cpus = 1
memory_mb = 1024
processes = ['app', 'solidq']
[[statics]]
guest_path = '/rails/public'
url_prefix = '/'
The output of fly ips list is
VERSION IP TYPE REGION CREATED AT
v6 2a09:8280:1::2a:98e5:0 public (dedicated) global Feb 13 2024 18:25
v6 fdaa:6:67aa:0:1::3 private global Feb 17 2024 21:47
v4 66.241.124.247 public (shared) Jan 1 0001 00:00
I’m not sure yet what you are trying to do, but I will make a few observations. But first, I agree that ECONNRESET is generally ssl errors.
If you are running your Rails app in production, and you should, check config/environments/production.rb for config.force_ssl = true. You don’t want that.
[http_service] is for connecting your app to the internet. Since you don’t want your Rails app accessible outside of the private network, delete this section.
.