I've got a server (let's name it A). There is an Nginx on the entry point, on the server, not in the container. So all requests to my server are handled by Nginx. Then, there are services inside containers with a reverse proxy setup. Nginx knows that if a request comes to main.net, it should route it to one container, and if it’s test.main.net, it should route to another container — everything works fine.
Now, specifically, let's take one service, which is currently test.main.net. It is raised through Docker Compose, and there is a frontend and a backend, both in the same network. There is postgres which is running in docker container and its port is exposed 5433:5432. I want to make a channel between 5433 port of A to another server B, so that it can communicate. However, there is a gcloud firewall on server A. How to open 5433 port properly, so that only A and B could communicate through this port? It is important that I can connect to postgres from server A using 'psql -h localhost -p 5433 -U your_user -d your_db'
'sudo ufw status' says that 5433 is opened, though telnet command cannot ping it. I tried to set a firewall rule using gcloud api:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ -d '{ "name": "allow-postgres-5433-from-my-ip", "allowed": [ { "IPProtocol": "tcp", "ports": [ "5433" ] } ], "sourceRanges": [ "server-ip/32" ], "direction": "INGRESS", "targetTags": [ "postgres-server" ], "network": "global/networks/default" }' \ "https://compute.googleapis.com/compute/v1/projects/calm-analog-453310-j1/global/firewalls"
But I've got an error which is "https://compute.googleapis.com/compute/v1/projects/calm-analog-453310-j1/global/firewalls". I've got a 401 error " "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential." I tried 'gcloud auth login' and 'gcloud auth application-default login' but in vain.