Hello, because of external services that need access to the postgres database I exposed the app, now I would like to add fail2ban or a similar tool to have a minimum security as from the logs I see that there are many attempts, is it possible to do so?
One neat trick you can do is create a proxy for you app (any way you’d like, Go, nginx, Elixir, go for it) and use a trick we have built-in on Fly called Replay.
If you send a response with that header we will understand you want us to replay that same request on another app, which would be the DB one.
Wrapping up:
Original Request → [proxy app] → response with Fly-Replay → Fly Proxy understands that and re-routes → [db app]
Then you’d not expose your [db app] directly, fly replay work just fine for apps without IPs, the one who would need to be exposed would be [proxy app]