Question

Service connection without being publicly exposed

TLDR: How do I setup app platform so that my main service can do http calls internally to another container without it being exposed publicly?

My current application is composed of two containers, one that is exposed to /, and one that is a worker BUT receives http requests from the main container in order to work. I see that there’s no internal hostname/port for workers, so I need to instantiate it as a service, the problem is that this service isn’t supposed to be publicly exposed.

How do I do that?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

We released support for internal services yesterday. You can make use of these with the internal_ports field on service specs as follows:

name: sample-golang
services:
- name: web
  github:
    repo: digitalocean/sample-golang
    branch: master
  internal_ports:
  - 3000

If you specify internal_ports without http_port, then the service will only be accessible via the internal network.

👋 @WoLfulus

Workers cannot be accessed directly by other services or workers. We have a feature on the horizon that would allow for private services that can be accessed within the apps internal network and not publicly, though I don’t have a timeline when this will be released.