# Network interaction
For each application, an *Access Service* is created, with the help of which this application can be connected to from other Amverum applications and the Internet. The access service translates the application ports specified in the ``run`` ``containerPort`` section of the [configuration file](config-file.md)
separated by commas to the access ports, also specified in the ``servicePort`` variable, separated by commas (by default, the ``servicePort`` and ``containerPort`` values for applications are equal to 80).
The service ensures balancing of requests in the event that several replicas of the same application are running.

```{eval-rst}
.. admonition:: Clue
   :class: hint

   To avoid explicitly specifying the port number, you can use the environment variable `PORT`. By default, its value is `80`.
```

![network_proc](../../img/network_proc.png)

## Access from other applications

To access the application from other applications deployed in Amverum, it is enough to access the application by the internal domain name
`amverum-<transliterated-project-name>-run-<user-name>`.

To manage ports, you need to use the ``run.containerPort`` and ``run.servicePort`` parameters [of the configuration file](config-file.md)
by default for applications, their values are 80.

So, if your application listens on port 8090, and you need to connect to it on port 90, the ``run`` section will be as follows:

``` yaml
run:
  --- Some other parameters ---
  containerPort: 8090
  servicePort: 90
```

```{eval-rst}
.. admonition:: Attention
   :class: attention

   Interaction over the internal network occurs without encryption from Amverum!
```

## Access from the Internet
For external access to applications, two types of controller are used:
   - HTTP|HTTPS based on nginx.
   - TCP with open ports 5432, 27017 and 6379.

To activate them, you need to go to the "Settings" section.

### HTTP|HTTPS based on nginx
When adding a domain name, an *Ingress controller* is created, which listens to the specified domain and ``80`` port and forwards
requests to the access service, which in turn delivers them to one of the running replicas of the application. When selecting the ``HTTPS`` connection type, a certificate is bound to the domain, providing access via the ``HTTPS`` protocol.

```{eval-rst}
.. admonition:: Important
   :class: warning

   It may take some time to create the *Ingress Controller* and issue the `SSL` certificate.
```

You can set different application ports to different paths for one input controller of this type.
If you want `<domain>.amverum.io/web` to point to port 80, and `<domain>.amverum.io/backend` to 8080, the settings will be as follows:

![web_ports](../../img/web_ports.png)

#### Free Amverum domain name
For each application, it is possible to link a free third-level domain name, which will provide secure
access to the application from the global Internet. To do this, in the "Settings" section, in the "Domain names" section, you need to click on the "Add domain name" button, select the connection type and "Domain type": "Free Amverum domain".

The application will receive a URL in the format `<transliterated-project-name>.<user-name>.amverum.io`.
So, for the "Test" project of the user "user", you can access the application at `https://test.user.amverum.io/`.

![default_domain](../../img/default_domain.png)

#### Your domain name
To link your domain name purchased from a registrar (for example [reg.ru](https://reg.ru)) you need to do the following:
1. Log in to your registrar's personal account.
   - Find "DNS servers and zone management" or something similar. Namely, where the `A` record, `TXT`, `@`, etc. are registered in your registrar's personal account.
   - Find the A record and enter the IP specified in the "Settings" section "Create a domain name" of the required application in Amverum Cloud.
   - Find the TXT record and enter the TXT specified in the "Settings" section "Create a domain name" of the required application in Amverum Cloud.
2. Wait for the record to propagate across DNS servers (may take up to 24 hours).
3. In the "Settings" section, "Create a domain name", specify the domain name and click "Confirm and bind". If everything is done correctly and the information about the domain has reached the Google DNS server (8.8.8.8), the domain will be successfully bound.
4. Wait for the *Ingress Controller* to be configured and a free [Let's Encrypt](https://letsencrypt.org/) `SSL` certificate to be generated.

### TCP traffic
When selecting the `POSTGRES`, `MONGO` or `REDIS` connection type, a controller is created that listens to the corresponding ports
and forwards TCP traffic to the access service based on ``SNI``.

  - `POSTGRES` -> 5432 (only suitable for managed postgres)
  - `MONGO` -> 27017
  - `REDIS` -> 6379

If you want the application to receive TCP traffic, you can select, for example, the `MONGO` connection type and set
``run.servicePort`` to 27017.

The domain name for TCP traffic differs from HTTP(S) and has the form:
`<transliterated-project-name>.<user-name>.db-<region>.amverum.tech`.



## Example of setting up records in the personal account [reg.ru](https://reg.ru)
![reg_ru](../../img/reg_ru.png)
You need to click "Add record" at the bottom of the page and enter the A and TXT values.

## Error prevention
If an error appears when you click the "Confirm and bind" button, you should check that the records are filled in correctly and that they are on the DNS servers.
You can use a [special service](https://mxtoolbox.com/txtlookup.aspx) to check the records.

After entering the domain name in the field and clicking `TXT Lookup`, a line with the record required to be filled in the "Settings" section "Create a domain name" should appear in the list.
After changing `TXT Lookup` to `DNS Lookup`, the IPv4 address of the Amverum server specified in the "Settings" section "Create a domain name" should be displayed.