Need multiple ports open on service/sidecar for communication between containers. #5702
Replies: 1 comment 2 replies
-
@al-dpopowich Thanks for the write-up and all the details (and the ASCII diagram)! Your second attempt involves setting "devsmtp" as a sidecar to the nginx service, a public-facing Load-Balanced Web Service. I'd like to note that the manifest that you presented exposes the "/mail" path to the public and routes those public traffic to "devsmtp"'s port 8025. This doesn't seem like what you want since "devsmtp" is meant to be hidden in the private network. Then here are some ways to achieve your goal ⬇️ As a backend service, with a YAML patch; use Service DiscoveryYou can deploy "devsmtp" as a Backend Service. Set I know you've indicated that you preferred not to use YAML patch -
In addition to avoiding CFN as much as possible, Copilot also helps by providing service patterns, operational commands that let you monitor the applications, test your applications locally ( Having to use YAML patch here is indeed due to Copilot's lack of native support for exposing multiple ports per container. If As a backend service, use internal ALBSet up the http:
path: '/'
target_port: 1025
additional_rule:
- path: '/mail'
target_port: 8025 This under the hood sets up an internal application load balancer (accessible only within the VPC). The other services would send the traffic to the internal ALB URL that's generated (and provided to you at the end of the deployment), over port 80 and the respective path. Requests to :80/ will route to the main container's 1025 port, and requests to :80/mail will go to the 8025 port. Extra cost are involved with internal ALB, but you don't need to maintain a YAML patch, and you get the load-balancing. Side noteI did find the health check failure mentioned in your post unexpected. The application load balancer isn't expected to send health check to port 1025 because 1025 is not set to connect to the alb 🤔 . The alb should be sending health check to just port 8025 (because it's in |
Beta Was this translation helpful? Give feedback.
-
I am migrating an existing compose-esc (docker-compose integration
with ecs fargate) to copilot. I am having trouble figuring out how to
configure a service/sidecar with multiple ports open on the private network for intra-container communication.
My existing architecture has the following defined docker-compose
services:
the only public ports exposed in the application. Its main
job is to serve our SPA's statically built assets (html +
js/css bundles) and reverse proxy requests on certain paths
to internal services.
Incoming requests on /api are reverse-proxied to here.
private net on port 8080. Incoming requests on /auth are
reverse-proxied to here.
the private net.
delivered by AUTH and API services in our test
environments. (Our services are configured with a real SMTP
server in production.) It listens on TWO ports: 1025 for
SMTP (which both the API and AUTH services are configured to
use) and 8025, a web application allowing a tester to
see/read the delivered mail.
I cannot figure out how to configure the DEVSMTP service:
(continung to reverse-proxy w/ nginx). (WHY are we only allowed to
configure one port for a service/sidecar?!?!?) -or-
the private network and 8025 configured as an
additional_rule
.I cannot figure out if there is a way to do 1 above without yaml
patch (the whole point of a tool like copilot is to AVOID using
cloudformation templates, right?).
For 2, my last attempt (as a sidecar, see the relevant yaml below)
keeps failing because of a healthcheck failure on 1025.
I get this error:
unhealthy in (target-group
arn:aws:elasticloadbalancing:us-east-2:990838414927:targetgroup/onboar-Targe-POTKBIR2SDLP/813af8176602329b)
due to (reason Health checks failed).
I know I could get this to work if I could just run
mailpit
with two exposed ports to the private network. The api and auth could connect to port 1025 (like they do now to postgres:5432) and I could configure nginx to reverse-proxy/mail
, like I do now.Help!
And thanks!!
Beta Was this translation helpful? Give feedback.
All reactions