EE RC2 - Apps can't reach other apps in UDP, only TCP

Hi,

I’ve deployed several apps and created port forwards from the host like this:

app1 - host:9001/tcp

app2 - host:9002/tcp

app3 - host:9003/tcp
app3 - host:9003/udp

The apps inside the docker image can communicate successfully between themselves through the host in TCP like:

app1 can cURL the host on port 9002 to reach app2

But doing the same on UDP doesn’t work, there’s a timeout.

app1 can't reach the host on port 9003 to reach app3 in UDP

app3 in indeed available on :9003/udp as I can communicate with it from the host itself or another machine on the local network.

Thanks

You only published TCP to the HOST, so on the host you only have TCP

If you need the apps to communicate put them on the same network

Example (all non-network information deleted from example)

networks:
  nextcloud:
    name: nextcloud
    ipam:
      driver: default
      config:
        - subnet: 172.25.3.0/24
          ip_range: 172.25.3.0/24
          gateway: 172.25.3.1
  main:
    name: main
    external: true
services:
  nextcloud-aio-apache:
    networks:
      - main
      - nextcloud
  nextcloud-aio-database:
    networks:
      - nextcloud
  nextcloud-aio-nextcloud:
    networks:
      - nextcloud
  nextcloud-aio-notify-push:
    networks:
      - nextcloud
  nextcloud-aio-redis:
    networks:
      - nextcloud
  nextcloud-aio-collabora:
    networks:
      - nextcloud
  nextcloud-aio-onlyoffice:
    networks:
      - nextcloud
  nextcloud-aio-imaginary:
    networks:
      - nextcloud
  nextcloud-aio-fulltextsearch:
    networks:
      - nextcloud

Stack has two networks
Nexcloud and Main

Nextcloud it will create…
Main it expects it to ALREADY EXIST as external is true

Every app on the nextcloud network which is every app in this stack can communicate with each other

Apache on the main network is there so it can be reached by the reverse proxy and we can access it, and ONLY it externally

***In the example no ports are published and the reverse proxy is used and everything on the nextcloud network has access to everything and every port on that and only that network

If you need access to these apps form the host and are not using a reverse proxy… add the ports to apps you are coming in on from the host

As I said I published both, and testing from other clients on the same network (including the host) proved it was open.

My apps got migrated and since we can’t right now specify the network in the UI, I don’t want to recreate all my apps as a single docker compose file.

I don’t mind the extra hop to the host (when it will work for UDP as it does for TCP). Thanks for the suggestion though, it might help someone else!

you dont have to create them in a single compose file. The apps just need to share a common network.
I have 20 apps with their own compose fiels which all share the common network “proxy”, so i can reach them via traefik and domain name.

1 Like

Lars is correct you can make an external network… then any app in any stack can connect

But I have 32 apps that got converted to “iX App” with point and click options :laughing:

Maybe I am not understanding something… I don’t have any apps that were created via the “Custom App” dialog that lets you paste yaml.

The UDP port is for DNS trafic but I configured the client to use TCP for now as both ports were exposed so I got a workaround!

Thanks for the help to both of you, can I create the external networks in a custom app (pasting the yaml) and “tell” an existing “iX App” (point and click) to use that network?

You can create a network via the CLI

Example

sudo docker network create -d bridge main --ipam-driver default --subnet 172.24.0.0/16 --ip-range 172.24.1.0/24 --gateway 172.24.0.1

this would be a network named ‘main’

in a compose it is this simple to connect a container to it

networks:
  main:
    name: main
    external: true
services:
  flaresolverr:
    networks:
      - main

For an IX-AP I imagine there is a way to join an external network in the setup screen… I cant check it myself as I have my EE temp install offline until release

1 Like

Unfortunately not! I heard it will be in the next major version after EE.

So every IX app makes it own network …

how terrible…

I would use dockge or portainer and just compose/run them all in manually

But couldn’t portainer change the network ?? even if it is an IX-AP

Yea, networking is something on our list to do for Apps. The trouble is exposing that in a way where you don’t break internal apps communication every time by mistake. That will start to be addressed after this lands: