search

fly-apps / terraform-provider-fly

Terraform provider for the Fly.io API
BSD 3-Clause "New" or "Revised" License
113 stars 37 forks source link

Need ability to create machine without any public ports #137

Closed kdevan closed 1 year ago

kdevan commented 1 year ago

Most of my apps do not expose any public ports and are accessed through caddy as a proxy. It looks like I can't create a machine that doesn't expose any public ports though.

The ports key and then the port key are both required. Is there a way to bypass this by any chance? I do need the internal_port and have that set along with protocol.

I'm hoping to be able to do something like this:

services = [
    {
      internal_port =  9100
      protocol = "tcp"
    },
    {
      internal_port = 9101
      protocol = "tcp"
    }
]

Screenshot from 2023-01-12 22-14-14

OJFord commented 1 year ago

My understanding is that if you don't specify any services it's still exposed on the private network (any port) - this is just for exposing public ports. Is that not working?

https://fly.io/docs/reference/configuration/#the-services-sections

You can have:

  • No services section: The application has no mappings to the external internet - typically apps like databases that talk over 6PN private networking to other apps.

[...]

(Yes these docs are about fly.toml, but that [services] section is the equivalent of here. Note also that the private networking docs make no mention of this stuff, while the public networking docs do, and while titled 'public networking', the URL is even .../services.)

OJFord commented 1 year ago

Ah I did have to fiddle with a bit myself in the end - you do need the services, just don't attach a fly_ip to the app and it will only be available on the private network.

The ports key is still required, because that's still your mapping from port number outside vs inside the VM. Just like if you ran it with e.g. docker locally to test, you'd have -p 1234:80 say (or 80:80) or equivalent in compose.

The internal_port is the the port that's bound to in whatever you're running, EXPOSEd in the dockerfile, and the ports are those that should map into it on the machine itself - i.e. completely arbitrary, just has to match whatever you put in reverse_proxy in Caddy.

kdevan commented 1 year ago

Ok interesting. Thanks for the information. I believe I'll have a chance to try this out this weekend, I'll give an update here when I do.

kdevan commented 1 year ago

Working great. That clarifies a lot for me, even just with machines in general. Was mostly using v1 apps before this. Thanks!