502 when reverse proxying to S3 bucket static websites - IP being blocked?

I’m running Caddy server instances that are reverse proxying to various sites with Caddy handling SSL termination.

Most sites are working great, but I can’t get the reverse proxy to work with S3 static websites. It gives me a 502 error and Caddy gives me a context cancelled error, which typically means that the target (S3 here) has closed the connection early.

From what I can see, my caddy config should work just fine, and other people seem to be working okay with similar configs, so I’m wondering if S3 is potentially denying requests from fly.io IP addresses or something here?

Can you try flyctl ssh console from your app’s directory, then once inside the instance: try to cURL the same S3 endpoint you’re hitting? This should tell you if it works or not outside of Caddy.

It’s possible we’re getting rate limited by AWS, but that would be mildly surprising. We’re using S3 for our docker registry, doing some decent traffic, and we’ve not been rate limited yet. Perhaps it’s different with static website settings on a S3 bucket (if you have that activated).

When I try to flyctl ssh console it just hangs on connecting to tunnel forever, not sure why, so I’m not able to try curl out from the fly app. Could be something else is going on with the vm?

The bucket is indeed set to public website and with a bucket policy that makes it all public.

Can you DM me which app is doing this? I can take a closer look.

Try flyctl agent restart and then flyctl ssh console again.

This turned out to be a configuration issue on my end, not a fly issue. Thanks for the help!