Struggling with Private Networking

bff · November 26, 2022, 8:08am

I’ve deployed 2 apps to fly.io:

A database I don’t want accessible to the internet
An oauth2-proxy that should front traffic to the database

Sadly, while I can ping and dig any of the private _apps.internal or <app>.internal addresses successfully, I’m unable to connect directly to my database at <db app>.internal. Should I be using the internal port of the container running the database? Any pointers about sending tcp packets between separate apps in the same org would be much appreciated. Thanks!

ignoramous · November 26, 2022, 8:31am

Is the database listening on all network interfaces? Specifically, is it listening on IPv6? Not doing so is, by far, the most common pitfall: Cannot Connect to Machines on internal Service Port - #3 by ignoramous

For pointers on 6pn, check out test apps by Fly engs: Fly io Newbie: Making internal requests between apps - #3 by ignoramous

If you’re using Fly Machines, then you’d need to assign a Flycast 6pn IP (free to use) to wake 'em up: Cloning a stopped machine? - #5 by ignoramous

See also: Specify instance-id in fly-replay header - #10 by ignoramous

bff · November 26, 2022, 4:28pm

Groan — yes! I’m fairly certain your first point is the issue. I listened on 0.0.0.0, which is only ipv4. Thank you for these links!!

Topic		Replies	Views
Private networking example? Questions / Help	5	926	November 16, 2021
New dox dropped: the no good very bad unforgivable TCP port filter	5	365	December 8, 2021
Access private app with domain name Questions / Help	3	267	June 7, 2023
Private apps with Flycast - "the app won’t be accessible via Flycast from its own network" - what does this mean? proxy	2	41	December 21, 2024
Flycast for postgres Fresh Produce postgres	15	2420	September 10, 2023

Struggling with Private Networking

Related topics