Mapping Container Ports

Overview

In Maestro, your services run inside containers. For a service to be available to anything outside its own container, including public internet access, we need a bridge between the container’s internal port and an “outside” port.

This guide explains how to set up and modify this port mapping in Maestro.

This is not limited to HTTP or web traffic. The same concepts apply if your container serves non-HTTP traffic (like web sockets, DB containers or custom TCP / UDP traffic).

Port mapping is a small (but important) part of a core system that underpins container management - service networking. If you need an introduction to the concept of Service Networking, you can find one here.

Note

In this document, "outside" is used for any client of your service that's not inside the container. This includes your other services on different nodes.

What you’ll need

Before you start, please check you have the following:

Note

This tutorial uses the simple visit counter application we've supplied on Github as a working example.

Mapping ports

When we set up our demo-app service we configured our ports so that our internal port 5000 was mapped to the public port 80.

Now imagine that your app has evolved to offer secure web (SSL / TLS) access as well as standard web access. TLS traffic typically flows over port 443, so we need to add this to the port mapping for our application.

There are two ways to do this:

Editing via the UI

To edit your ports using the standard Maestro user interface:

  1. Open the application overview page from your Dashboard
  2. Click on the Edit service icon on the right-hand side of the App Services panel
  3. On the Edit Services page, click the green Save changes button (you don’t need to make any changes first)
  4. On the Edit port settings page click the small planet icon to the left of the yellow Configure service networking panel
  5. In the configuration pop-up, add the following to the Public Internet Port field, separated from the existing entry by a comma: https:443
  6. Click Done and then Save changes

Note that the comma in Step 5 is vitally important. The end result should look like this: http:80,https:443

Mapping container ports in Maestro

Testing your changes

You can test whether this has been properly applied by clicking on the name of the service you just modified (demo-app) in the App Services panel on the application overview page.

If you've followed the steps above correctly, the Services Config panel will list both HTTP and HTTPS.

In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the application overview page.

Note

If you actually need HTTPS traffic to be available to the outside world (not just as a demo) you will also need to set up SSL certificates for your application.

Editing config files directly

Maestro uses a YAML file called service.yml to define each service inside your application(s). You can edit this file directly using the Dashboard.

To edit your service.yml:

  1. Open the application overview page from your Dashboard
  2. Click on Configuration Files in the right-hand panel
  3. Edit the YAML directly in the editor
  4. When you are done, add a commit message and click Commit

If you followed our Getting Started guide, your service.yml should initially look a lot like this:

version: 2
services:
  demo-app:
    git_url: https://github.com/cloud66/maestro-demo
    git_branch: master
    ports:
    - container: 5000
      http: 80
    dockerfile_path: Dockerfile
databases:
- redis

To add https access, you would modify the ports sub-section under the demo-app section of services, adding https: 443 on a new line.

The end result should look like this:

version: 2
services:
  demo-app:
    git_url: https://github.com/cloud66/maestro-demo
    git_branch: master
    ports:
    - container: 5000
      http: 80
      https: 443
    dockerfile_path: Dockerfile
databases:
- redis

In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the application overview page.

What’s next