Google app engine TCP connection Failed

Spring boot application deployed to google app engine and a request to an endpoint respond correctly with hard-coded text as expected. Apart from the default port 8080 exposed, another TCP:8595 is also exposed where data with be published to that port by tracking devices.

The problem is when i tested to get tcp connection with telnet projectid.appspot.com 8595 i get this response Connecting To projectid.appspot.com...Could not open connection to the host, on port 8595: Connect failed, thought locally a connection is made without failure.

How can an application hosted in app engine expose ports?

Disclaimer: I'm new to App Engine and GCP

As it states in the docs, you should be able to set port forwarding in your app.yaml and then exposing it via Firewall rules.

1.) port forwarding

network:
  forwarded_ports:
    - 2222/tcp

Debugging idea: with AppEngine Flex you can SSH into the instance for further debugging (App Engine > Instances , SSH button next to your instance).

After you logged in, you should be able to run this docker command to see the ports exposed (in my case I exposed 8081 in my app.yaml):

$ sudo docker port gaeapp
8080/tcp -> 172.17.0.1:8080
8081/tcp -> 0.0.0.0:8081

You can even check if it listens or not (in my case it's an HTTP service replying correctly 404):

curl localhost:8081
{"timestamp":1519837414455,"status":404,"error":"Not Found","message":"No message available","path":"/"}

(for telnet you'll need to install it with sudo apt-get update && sudo apt-get install -y telnet)

If this shows your port, then the next step is to double check your firewall settings.

2.) Firewall setup

gcloud compute firewall-rules create myrule --allow=tcp:8595 --source-ranges=0.0.0.0/0

However this will only let you access your app through the VM instance IP directly! (you can find your IP in the console or by listing your instances gcloud compute instances list)

See the description of forwarded_ports in the docs

forwarded_ports Optional. You can forward ports from your instance (HOST_PORT) to the Docker container (CONTAINER_PORT). If you only specify a PORT, then App Engine assumes that it is the same port on the host and the container. By default, both TCP and UDP traffic are forwarded. Traffic must be directly addressed to the target instance rather than over the appspot.com domain or your custom domain.