Trouble accessing private service on port 8081

Questions / Help
1

I have 3 apps on Fly.io:

  1. A bot app that needs to connect to Telegram API server
  2. A self-hosted Telegram API server
  3. A Redis instance used by the bot

I’m trying to understand why one service works with internal access while the other doesn’t.

This Redis configuration works fine with internal access:

app = 'your-redis-appname'

[build]
  image = 'redis:7'

[[mounts]]
  source = 'redis_data'
  destination = '/data'
  processes = ['app']

However, when I try to connect to my Telegram API server internally, I get this error:

aiogram.exceptions.TelegramNetworkError: HTTP Client says - ClientConnectorError: Cannot connect to host telegram-api-server.internal:8081 ssl:default [Connect call failed ('fdaa:c:7c9e:a7b:4a:e000:672d:2', 8081, 0, 0)]

Using this configuration:

app = 'telegram-api-server'

[build]
  image = 'aiogram/telegram-bot-api:latest'

[[mounts]]
  source = 'telegram_bot_api_data'
  destination = '/var/lib/telegram-bot-api'
  initial_size = '1gb'
  processes = ['app']

[[services]]
  protocol = 'tcp'
  internal_port = 8081

I can successfully connect to the Telegram API server when exposing it to the public internet using [[services.ports]] port = 8081 and a dedicated IPv4 address. However, I want to keep this service private and access it internally using http://telegram-api-server.internal:8081 for my bot’s API connection. How can I achieve this?
Is there something special I need to configure for internal port 8081 access?

2

Delete your public IP address and add a private ipv6 one and it should be able to communicate. You should use .flycast so it hits the proxy to wake up the instances.

4

Thanks for the suggestion. I’ve tried the following:

  1. Allocated a private IPv6 address using fly ips allocate-v6 --private before deploying the Telegram API server
  2. Changed the BASE_URL to http://telegram-api-server.flycast:8081

However, this resulted in a different error:

aiogram.exceptions.TelegramNetworkError: HTTP Client says - ClientOSError: [Errno 104] Connection reset by peer

And I forgot to mention that this warning also pops up when deploying telegram api server with the [[services]] section but without [[services.ports]] section:

Service must expose at least one port. Add a [[services.ports]] section to fly.toml; Check docs at https://fly.io/docs/reference/configuration/#services-ports   Validation for _services without ports_ will hard fail after February 15, 2024.

I’m also curious why should we use .flycast instead of .internal?

7

I’ve resolved the main issue and got rid of the annoying warning by following your advice + adding back [[services.ports]] port = 8081. Thanks again for your reply!

However I still don’t get why we should use .flycast instead of .internal

8

.flycast will go through the fly proxy while .internal does directly to your app. If you have a suspended/sleeping machine, you have to go through the proxy to wake it up.

1 Like
9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.