Struggling with Private Networking

I’ve deployed 2 apps to

  • A database I don’t want accessible to the internet
  • An oauth2-proxy that should front traffic to the database

Sadly, while I can ping and dig any of the private _apps.internal or <app>.internal addresses successfully, I’m unable to connect directly to my database at <db app>.internal. Should I be using the internal port of the container running the database? Any pointers about sending tcp packets between separate apps in the same org would be much appreciated. Thanks!

Is the database listening on all network interfaces? Specifically, is it listening on IPv6? Not doing so is, by far, the most common pitfall: Cannot Connect to Machines on internal Service Port - #3 by ignoramous

For pointers on 6pn, check out test apps by Fly engs: Fly io Newbie: Making internal requests between apps - #3 by ignoramous

If you’re using Fly Machines, then you’d need to assign a Flycast 6pn IP (free to use) to wake 'em up: Cloning a stopped machine? - #5 by ignoramous

See also: Specify instance-id in fly-replay header - #10 by ignoramous

Groan — yes! I’m fairly certain your first point is the issue. I listened on, which is only ipv4. Thank you for these links!!

1 Like