Mapping Container Ports

Overview

In Maestro, your services run inside containers. For a service to be available to anything outside its own container, including public internet access, we need a bridge between the container’s internal port and an “outside” port.

This guide explains how to set up and modify this port mapping in Maestro.

This is not limited to HTTP or web traffic. The same concepts apply if your container serves non-HTTP traffic (like web sockets, DB containers or custom TCP / UDP traffic).

Port mapping is a small (but important) part of a core system that underpins container management - service networking. If you need an introduction to the concept of Service Networking, you can find one here.

Note

In this document, "outside" is used for any client of your service that's not inside the container. This includes your other services on different nodes.

What you’ll need

Before you start, please check you have the following:

A Cloud 66 Account — If you don’t already have one, sign up for a Cloud 66 account. You’ll get free unlimited access to all products for 4 weeks.
An existing application set up in Maestro — To make the most of this tutorial you need to have an app already set up in Maestro. Follow our Getting Started guide if you’re not sure how to do this.

Note

This tutorial uses the simple visit counter application we've supplied on Github as a working example.

Mapping ports

When we set up our demo-app service we configured our ports so that our internal port 5000 was mapped to the public port 80.

Now imagine that your app has evolved to offer secure web (SSL / TLS) access as well as standard web access. TLS traffic typically flows over port 443, so we need to add this to the port mapping for our application.

There are two ways to do this:

Using the standard edit service interface
Directly modifying the service.yml for your application (this is only recommended for advanced users)

Editing via the UI

To edit your ports using the standard Maestro user interface:

Open the Application Overview from your Dashboard
Click on the Edit service icon on the right-hand side of the App Services panel
On the Edit Services page, click the green Save changes button (you don’t need to make any changes first)
On the Edit port settings page click the small planet icon to the left of the yellow Configure service networking panel
In the configuration pop-up, add the following to the Public Internet Port field, separated from the existing entry by a comma: https:443
Click Done and then Save changes

Note that the comma in Step 5 is vitally important. The end result should look like this: http:80,https:443

Mapping container ports in Maestro

Testing your changes

You can test whether this has been properly applied by clicking on the name of the service you just modified (demo-app) in the App Services panel on the Application Overview.

If you've followed the steps above correctly, the Services Config panel will list both HTTP and HTTPS.

You can test whether this has been properly applied to your service by clicking on the respective ⓘ icon in the App Services panel on the Application Overview.

If you've followed the steps above correctly, the Services Config panel will list both HTTP and HTTPS.

In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the Application Overview.

Note

If you actually need HTTPS traffic to be available to the outside world (not just as a demo) you will also need to set up SSL certificates for your application.

Editing config files directly

Maestro uses a YAML file called service.yml to define each service inside your application(s). You can edit this file directly using the Dashboard.

To edit your service.yml:

Open the Application Overview from your Dashboard
Click on Configuration Files in the right-hand panel
Edit the YAML directly in the editor
When you are done, add a commit message and click Commit

If you followed our Getting Started guide, your service.yml should initially look a lot like this:

version: 2
services:
  demo-app:
    git_url: https://github.com/cloud66/maestro-demo
    git_branch: master
    ports:
    - container: 5000
      http: 80
    dockerfile_path: Dockerfile
databases:
- redis

To add https access, you would modify the ports sub-section under the demo-app section of services, adding https: 443 on a new line.

The end result should look like this:

version: 2
services:
  demo-app:
    git_url: https://github.com/cloud66/maestro-demo
    git_branch: master
    ports:
    - container: 5000
      http: 80
      https: 443
    dockerfile_path: Dockerfile
databases:
- redis

In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the Application Overview.

What’s next

Learn how to configure for more advanced service networking use cases (such as non-HTTP traffic)
Learn how to add a rule to the firewall to allow traffic to (or from) a non-standard port.

Need help with deployments?

Contact Support

Mapping Container Ports

Overview

Note

What you’ll need

Note

Mapping ports

Editing via the UI

Testing your changes

Note

Editing config files directly

What’s next

Need help with deployments?

More Questions?