I deployed a private app that is only accessible internally within the organization. When I try to connect to http://private-app.internal:8080, I receive the following error:
# This request is made from another Fly app within the organization
> Req.post!("http://private-app.internal:8080/messages/new")
** (Mint.TransportError) non-existing domain
(req 0.3.0) lib/req.ex:641: Req.request!/1
The private-app is listening to IPv4 and IPv6 as per suggested in [3] & [4].
Can someone please shed some light on this problem?
Does Mint use IPv6 where available (changelog)? If not, you may have to enable it explicitly to use private network on Fly (6pn) which is IPv6-only (ref).
iirc, an empty [[services]] block in fly.toml for private-only apps is a must. Add that if it is missing.
I tried to enable IPv6 explicitly but it didn’t work. It returned the same error. Other HTTP clients (hackney, HTTPoison) also returned the same error.
Unrelated to the error you’re seeing but, make sure to connect over plaintext http (not https, unless you have self signed certs setup for the .internal domain) and that the server on the other side is also capable of serving plaintext http.
Just to be sure, you’re attempting to connect to private-app from another app within the same Fly org, correct?
…to ascertain if both the client app and the server (private-app) in your org have indeed been assigned 6pn IPs (if not, exec flyctl ips allocate-v6 --private -a <app-name>; docs)?
If so, can you try
flyctl ssh console -a private-app -C nslookup -type AAAA private-app.internal
flyctl console -a private-app -C nslookup -type AAAA global.private-app.internal