Networking

Defang configures Security Groups, deploys applications to a private subnet and uses an Application Load Balancer to route traffic to your services from the public internet only when required.

tip

This page is about internal networking only. If you want to configure your services to be accessible from the public internet, check the domains page.

Internal Communication

You can expose ports in your service definition to allow other services to communicate with it. Similar to public communication, you can use the ports section of your service definition, but set the mode to host instead of ingress to allow other services to communicate with it through the internal network.

Sample Configuration

Compose
Pulumi

services:
    # [...]
    service1:
        ports:
        - mode: host
          target: 3000	
          protocol: http

const service = new defang.DefangService("service1", {
    // [...]
    ports: [{
        target: 3000,
        mode: "host",
        protocol: "http",
    }],
});

Internal DNS

Internal communication is handled slightly differently between the Defang Playground and Defang BYOC.

Playground
BYOC

Internal communication between services in the Defang Playground follows the following pattern:

http://<username>-<service-name>:<port>

Internal communication between services in Defang BYOC follows the following pattern:

http://<service-name>:<port>

Networking

Internal Communication​

Sample Configuration​

Internal DNS​

Internal Communication

Sample Configuration

Internal DNS