Use Case: I have a reverse proxy that needs to block all URL’s except those on a whitelist.
Problem: This blocks the Live check unless I’m careful
Temp solution: I currently let in all traffic from 213.188.192.15:80 and that seems to work. But if that gets changed I’m assuming that it will crash my applications.
What should I do to solve this? Is there a certain IP range I can always expect? Or did I completely miss something and none of this makes sense?
That IP address will change, yes.
The best way to do these health check is only respond on a specific hostname, and then configure the check to send that hostname. We have an nginx config that listens for health.check like this:
server {
listen 8080;
listen [::]:8080;
server_name health.check;
location /healthz {
access_log off;
return 200 "ok: healthz";
}
}
And then the corresponding fly.toml has:
[[services.http_checks]]
interval = 3000
method = "get"
path = "/healthz"
protocol = "http"
timeout = 1000
[services.http_checks.headers]
Host = "health.check
You can also use a script check if you’d prefer, just add a script to your app and configure it like this:
[[services.script_checks]]
interval = 2000
timeout = 1000
command = "/usr/bin/check-master.sh"
This has to return an exit code of 2 to fail, 0 to succeed.
Thanks for writing that out @kurt Good to know on the health script too.