Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From render
Configures Render private services for internal-only apps like APIs, microservices, gRPC servers, sidecars, and TCP services. Use when building non-public services reachable only via private network, or choosing vs background workers.
npx claudepluginhub render-oss/skills --plugin renderHow this skill is triggered — by the user, by Claude, or both
Slash command
/render:render-private-servicesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Private services are identical to web services except they have **no public URL**. They are reachable only by other Render services on the same **private network** (same region + workspace). Use them for internal APIs, microservices, gRPC servers, sidecar processes, and anything that should never face the internet.
Configures private networking for Render services with internal DNS, service discovery, and cross-service communication. Useful for wiring services, resolving hostnames, troubleshooting connectivity, and environment isolation.
Guides Railway deployments: editing railway.toml/json/Procfile, configuring services/databases/workers/env vars, troubleshooting. Covers serverless patterns, multi-service setups, guardrails.
Diagnoses and configures Cloudflare VPC Services for Workers to access private APIs in AWS, Azure, GCP, or on-premise networks. Use for dns_error troubleshooting, cloudflared tunnels, VPC bindings, and internal service routing.
Share bugs, ideas, or general feedback.
Private services are identical to web services except they have no public URL. They are reachable only by other Render services on the same private network (same region + workspace). Use them for internal APIs, microservices, gRPC servers, sidecar processes, and anything that should never face the internet.
For public-facing HTTP services, use render-web-services. For services that don't receive any traffic, use render-background-workers.
| Criterion | Private Service | Background Worker |
|---|---|---|
| Binds to a port | Yes (required) | No |
| Receives private network traffic | Yes | No |
| Sends outbound traffic | Yes | Yes |
| Has internal hostname | Yes | No |
| Use case | Internal APIs, gRPC, TCP servers | Queue consumers, async processors |
Rule of thumb: If the process listens on a port and other services call it, it's a private service. If it pulls work from a queue and never receives requests, it's a background worker.
onrender.com subdomain—not reachable from the internet<service-name>:<port> on the private network by services in the same region and workspaceOther services reference a private service via its internal hostname and port:
http://<service-name>:<port>
In Blueprints, wire the address using fromService:
- key: INTERNAL_API_URL
fromService:
name: my-api
type: pserv
property: hostport
Available fromService properties for pserv:
| Property | Value |
|---|---|
host | Internal hostname (e.g. my-api) |
port | Port the service listens on |
hostport | host:port combined (e.g. my-api:10000) |
You can also reference a specific env var from the private service using envVarKey instead of property.
Private services must bind to at least one port. If your process does not need to receive traffic, create a background worker instead.
0.0.0.0 (not 127.0.0.1 or localhost)PORT env var defaults to 10000, but you can listen on any non-restricted porthostportservices:
- type: pserv
name: internal-api
runtime: node
region: oregon
plan: starter
buildCommand: npm ci && npm run build
startCommand: npm start
envVars:
- key: DATABASE_URL
fromDatabase:
name: db
property: connectionString
services:
- type: web
name: gateway
runtime: node
plan: starter
region: oregon
buildCommand: npm ci && npm run build
startCommand: npm start
envVars:
- key: USER_SERVICE_URL
fromService:
name: user-service
type: pserv
property: hostport
- key: BILLING_SERVICE_URL
fromService:
name: billing-service
type: pserv
property: hostport
- type: pserv
name: user-service
runtime: node
plan: starter
region: oregon
buildCommand: npm ci
startCommand: node server.js
envVars:
- key: DATABASE_URL
fromDatabase:
name: db
property: connectionString
- type: pserv
name: billing-service
runtime: python
plan: starter
region: oregon
buildCommand: pip install -r requirements.txt
startCommand: gunicorn billing:app
envVars:
- key: DATABASE_URL
fromDatabase:
name: db
property: connectionString
| Document | Contents |
|---|---|
references/patterns.md | Microservice topology, gRPC setup, sidecar patterns, health checks for private services |
render.yaml schema, fromService wiring