using Wireguard / connecting to a port on an app

I don’t know a ton about networking. I’d like to connect to a clojure nrepl server running on a running fly app. I’ve gotten as far as installing wireguard and connecting to fly, such that dig +noall +answer _apps.internal txt returns a TXT record with my deployed app names as expected. How can I connect to, say, port 7888 on one of those apps?

Once you’re connected to wireguard, you’re effectively on the same network as your VMs.

So connecting to <app>.internal:7888 should work. If your client can’t query DNS for some reason, you can run fly ips private to get a list of IPs, then connect to something like [fdaa:0:446b:a7b:775b:3407:7069:2]:7888.

You will need to make sure the process you’re connecting to is listening on IPv6 though. Listening on 0.0.0.0 is usually IPv4 only.

Hi @kurt, thanks a lot for the pointer. That’s great, sounds very simple.

I’m seeing connection refused errors now. I’ve tried .internal:7888 (this domain works in my web browser with :8080) and also added a line to my Dockerfile, EXPOSE 7888. I’m also using "::1" for the host on the nrepl-server instead of "localhost". Would you expect anything else to be necessary?

I’m also using "::1" for the host on the nrepl-server instead of "localhost".

If the intention is to connect to nrepl-server over 6pn, then nrepl-server must listen on :: or _local_ip.internal or fly-local-6pn to accept connections tunneled in Fly’s wireguard overlay (6pn).

See also: Private networking not working - #4 by kurt

…also added a line to my Dockerfile, EXPOSE 7888.

Fly doesn’t respect dockerfile’s EXPOSE directive. If you intend the port be exposed to the public internet, you need to specify so in fly.toml (ref). If you intend the port be exposed on the vm, there’s nothing to be done, as your Fly app has a free reign to open as many ports it likes.