Right now, the only way to accomplish this is to run the container as the root user.
I’d like to run as a user with read-only permissions while still binding to port 80.
Your container is actually running in a VM of its own, so you could go ahead and run whatever permissions set up you would otherwise run on a normal VM to make this happen — it should work fine.
Alternatively, are there any plans to support internal, non-public services with the service router?
Any service that listens inside the container VM without a corresponding [[services.ports]] section in your
fly.toml is ready an internal, non-public service, accessible inside your network on
app.internal:<port>. You can run any / many internal services this way, and you’ll can explicitly expose the ones you want to the internet using the