Mapping Container Ports
Overview
In Maestro, your services run inside containers. For a service to be available to anything outside its own container, including public internet access, we need a bridge between the container’s internal port and an “outside” port.
This guide explains how to set up and modify this port mapping in Maestro.
This is not limited to HTTP or web traffic. The same concepts apply if your container serves non-HTTP traffic (like web sockets, DB containers or custom TCP / UDP traffic).
Port mapping is a small (but important) part of a core system that underpins container management - service networking. If you need an introduction to the concept of Service Networking, you can find one here.
Note
In this document, "outside" is used for any client of your service that's not inside the container. This includes your other services on different nodes.
What you’ll need
Before you start, please check you have the following:
- A Cloud 66 Account — If you don’t already have one, sign up for a Cloud 66 account. You’ll get free unlimited access to all products for 4 weeks.
- An existing application set up in Maestro — To make the most of this tutorial you need to have an app already set up in Maestro. Follow our Getting Started guide if you’re not sure how to do this.
Note
This tutorial uses the simple visit counter application we've supplied on Github as a working example.
Mapping ports
When we set up our demo-app service we configured our ports so that our internal port 5000
was mapped to the public port 80
.
Now imagine that your app has evolved to offer secure web (SSL / TLS) access as well as standard web access. TLS traffic typically flows over port 443
, so we need to add this to the port mapping for our application.
There are two ways to do this:
- Using the standard edit service interface
- Directly modifying the
service.yml
for your application (this is only recommended for advanced users)
You can also read our guide to using service.yml for more help.
Editing via the UI
To edit your ports using the standard Maestro user interface:
- Open the Application Overview from your Dashboard
- Click on the Services tab
- Click on the Edit service icon next to the service you wish to configure. This will open a panel on the left-hand side of your screen.
- Edit the ports as needed and then click Save Service
Testing your changes
You can test whether this has been properly applied by looking at that the Network column of the Services panel.
If you've followed the steps above correctly, the Network column will list both port 80 and port 443.
You can test whether this has been properly applied to your service by clicking on the respective ⓘ icon in the App Services panel on the Application Overview.
If you've followed the steps above correctly, the Services Config panel will list both HTTP and HTTPS.
In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the Application Overview.
Note
If you actually need HTTPS traffic to be available to the outside world (not just as a demo) you will also need to set up SSL certificates for your application.
Editing config files directly
Maestro uses a YAML file called service.yml
to define each service inside your application(s). You can edit the content of this file directly using the Dashboard in two ways:
- Via the Services UI, using the left-hand panel we described above - but click the YAML tab instead of Network & Storage
- Via the Configuration Files interface
Note that with method 1 you are only editing the section of service.yml
specific to your context. So in this case you would be editing the ports
section of your service.yml
. To edit the file as a whole, you’ll need to use method 2.
What’s next
- Learn how to configure for more advanced service networking use cases (such as non-HTTP traffic)
- Learn how to add a rule to the firewall to allow traffic to (or from) a non-standard port.