Service connection without being publicly exposed

TLDR: How do I setup app platform so that my main service can do http calls internally to another container without it being exposed publicly?

My current application is composed of two containers, one that is exposed to /, and one that is a worker BUT receives http requests from the main container in order to work. I see that there’s no internal hostname/port for workers, so I need to instantiate it as a service, the problem is that this service isn’t supposed to be publicly exposed.

How do I do that?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

We released support for internal services yesterday. You can make use of these with the internal_ports field on service specs as follows:

name: sample-golang
- name: web
    repo: digitalocean/sample-golang
    branch: master
  - 3000

If you specify internal_ports without http_port, then the service will only be accessible via the internal network.

👋 @WoLfulus

Workers cannot be accessed directly by other services or workers. We have a feature on the horizon that would allow for private services that can be accessed within the apps internal network and not publicly, though I don’t have a timeline when this will be released.