Trying to deploy container with internal port 80

eadmundo · September 23, 2022, 9:52pm

Hi,

Trying to deploy an instance of Seq using their docker image, which uses port 80 internally for the web UI it serves and doesn’t seem to allow configuration of that.

Although my deploy is successful I am getting “Error”:“Forbidden” browsing to the fly.dev url for the app, I am wondering if it is a mis-configuration of the services in the fly.toml? Any help gratefully received!

# fly.toml file generated for newco-seq on 2022-09-23T10:05:05-07:00

app = "newco-seq"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[build]
  image = "datalust/seq"

[mounts]
source="newco_seq_data"
destination="/data"

[env]
  ACCEPT_EULA="Y"

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 80
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

[[services]]
  http_checks = []
  internal_port = 5341
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 5431

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

benbjohnson · September 23, 2022, 10:35pm

I gave your fly.toml a try. It looks like your both your [[services]] sections are mapped to port 443 so the second one is handling it and that is returning the “Forbidden” response.

Once I got the app deployed, I used fly ssh console to log into the app instance and then I tried running curl to both ports. The 80 port worked fine and returned HTML and the 5341 port returned the Forbidden status.

Do you need the 5341 port public? If not, you can remove that second [[services]] section.

eadmundo · September 23, 2022, 10:37pm

Unfortunately yes it does need the 5341 port public for log ingestion

eadmundo · September 23, 2022, 10:40pm

Your diagnosis is right though! Without the second [[services]] section the web UI loads without error

benbjohnson · September 23, 2022, 10:40pm

I think you just need to remove this part from your second [[services]] block so that only the internal port 80 is mapped to 443. You still have port 5341 mapped externally for that [[services]] section so it should be publicly accessible through that port.

eadmundo · September 23, 2022, 10:50pm

Success! I removed the 443 part from the second services block, and also had to remove the force_https and add tls to the handlers. Final second block was:

[[services]]
  http_checks = []
  internal_port = 5341
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 5341

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

Logs viewable in UI:

Thanks so much for your help!

Topic		Replies	Views
‘error connecting to docker’ on static deploy Questions / Help	7	560	October 20, 2021
How do I configure my fly.toml file to work with multiple ports I expose in Dockerfile? Questions / Help	6	2277	June 19, 2022
v1 Deployment failed due to unhealthy allocations Questions / Help	7	787	November 12, 2022
Multiple ports on fly app not working using modified example toml Questions / Help proxy	9	41	March 28, 2025
Confused about networking settings / cant access app's port 80 Questions / Help	5	292	March 14, 2024

Trying to deploy container with internal port 80

Related topics