I have a docker container running tinyproxy
with Dockerfile contents:
# Copyright (c) 2018 kalaksi@users.noreply.github.com.
# This work is licensed under the terms of the MIT license. For a copy, see <https://opensource.org/licenses/MIT>.
FROM alpine:3.14.3
LABEL maintainer="kalaksi@users.noreply.github.com"
# See tinyproxy.conf for better explanation of these values.
# Insert any value (preferably "yes") to disable the Via-header:
ENV DISABLE_VIA_HEADER ""
# Set this to e.g. tinyproxy.stats to enable stats-page on that address:
ENV STAT_HOST "tinyproxy.stats"
ENV MAX_CLIENTS "1024"
ENV MIN_SPARE_SERVERS "1"
ENV MAX_SPARE_SERVERS "1"
# A space separated list:
ENV ALLOWED_NETWORKS "0.0.0.0/0"
# Use a custom UID/GID instead of the default system UID which has a greater possibility
# for collisions with the host and other containers.
ENV TINYPROXY_UID 57981
ENV TINYPROXY_GID 57981
# Default tinyproxy.conf just with port set to 8888
ADD *.conf /etc/tinyproxy/
RUN apk add --no-cache \
tinyproxy
RUN mv /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.default.conf && \
chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /etc/tinyproxy /var/log/tinyproxy
# Tinyproxy seems to be OK for getting privileges dropped beforehand
USER ${TINYPROXY_UID}:${TINYPROXY_GID}
CMD set -eu; \
CONFIG='/etc/tinyproxy/tinyproxy.conf'; \
if [ ! -f "$CONFIG" ]; then \
cp /etc/tinyproxy/tinyproxy.default.conf "$CONFIG"; \
([ -z "$DISABLE_VIA_HEADER" ] || sed -i "s|^#DisableViaHeader .*|DisableViaHeader Yes|" "$CONFIG"); \
([ -z "$STAT_HOST" ] || sed -i "s|^#StatHost .*|StatHost \"${STAT_HOST}\"|" "$CONFIG"); \
([ -z "$MIN_SPARE_SERVERS" ] || sed -i "s|^MinSpareServers .*|MinSpareServers $MIN_SPARE_SERVERS|" "$CONFIG"); \
([ -z "$MIN_SPARE_SERVERS" ] || sed -i "s|^StartServers .*|StartServers $MIN_SPARE_SERVERS|" "$CONFIG"); \
([ -z "$MAX_SPARE_SERVERS" ] || sed -i "s|^MaxSpareServers .*|MaxSpareServers $MAX_SPARE_SERVERS|" "$CONFIG"); \
([ -z "$ALLOWED_NETWORKS" ] || for network in $ALLOWED_NETWORKS; do echo "Allow $network" >> "$CONFIG"; done); \
sed -i 's|^LogFile |# LogFile |' "$CONFIG"; \
fi; \
exec /usr/bin/tinyproxy -d;
Which works fine when running locally with docker run -p 8888:8888 -it .
curl http://localhost:8888 https://cloudflare.com/cdn-cgi/trace
returns HTTP 200 with the page loading correctly, however on fly.io the same command (with localhost replaced with my application’s public ipv4) returns an error curl: (56) Recv failure: Connection was reset
my fly.toml
contents are as follows:
app = "tinyproxy"
[[services]]
internal_port = 8888
protocol = "tcp"
handlers = []
[services.concurrency]
hard_limit = 25
soft_limit = 20
[[services.tcp_checks]]
interval = 10000
timeout = 3333
The application’s logs are filled with Errors like read_request_line: Client (file descriptor: 5) closed socket before read.
but I believe this is because of the TCP health checks
Any ideas?