Auto-upgrade to HTTPS with a custom domain

How can I set up auto-upgrade HTTP → HTTPS on a custom domain?

I followed the Elixir setup guide and things deployed well. Then I followed [the SSL guide](SSL for Custom Domains · Fly and that works too. However, only the .fly.dev auto-upgrades to HTTPS, my custom domain doesn’t. Is there a way to make it so?

I as looking through the fly.toml docs, but couldn’t find the answer.

Oh I might’ve just found the partial answer: Always Be Connecting (with HTTPS) · Fly

If I understand correctly, I need to make Elixir do the upgrade?

Yep! It’s (mostly) up to apps to enforce https right now.

.dev domains are weird because the browsers actually enforce https. So when you hit <app>.fly.dev, it’s Chrome doing the protocol upgrade, not anything in our stack. That is super confusing though.

We have some plumbing to manage this outside the app that we’ll likely expose someday. For now, in app is best.

5 Likes

Any word on when this might be available? I’m running a few static websites on fly that could really use this.

No word yet, but depending on how the static website is deployed it might be possible to make this happen. Does this use the static builtin image?

I’m using a thttpd image. I’m going to swap it out for lwan instead. It’s also a very minimal high performance web server which can additionally run Lua scripts. I should be able to handle the redirect that way.

Fly should switch to thttpd or lwan for the static image btw. Both binaries clock in at around 180KiB compared to gostatic at 4ishMiB. Also no runtime or garbage collection with these two.

The final lwan image is bigger than thttpd because I enabled all of its optional features but there is a lot going on. It’s got zstd, brotli, luajit scripting, CGI, etc. It’s also one of the fastest ways to serve HTTP period.