What is processes = [“app”] in the default config? What does allowed_public_ports do exactly?
What’s the right way to have a regular app on :80, but squid on :3128? Two services? It would be nice to have some examples of “Multiple services sections: Mapping multiple internal ports to multiple external ports.”
Hey! Indeed we’re a bit behind on these topics. See answers at the end of this post.
If you’re running Squid in front of your app as an HTTP cache, I’d recommend two separate Fly apps. They can communicate over your private network. If you have webapp as your app name, and it listens on port 80, Squid can send traffic to http://webapp.internal. Simple as that.
This will terminate TLS for you on port 443 (making for a simpler squid config). Then traffic is passed with normal HTTP to your squid instances on port 3128.
fly.toml for your app can simply contain the following if you don’t want it exposed to the internet (only to squid):
app = "mywebapp"
[[services]]
The blank services block is required to ensure the default internet-facing ports are closed off.
Now to answer your question about the fly.toml entries:
processes refers to an experimental feature allowing more than one service to be logically
grouped within a single app. Check out this post for more info.
allowed_public_ports is deprecated - we just haven’t removed it from the default config yet.
@joshua How does this interacts with mounts? With two processes I get “Error not enough volumes named (1) to run 2 processes”. I only want the mount for the app process
You’d need to add processes to the [[mounts]] section as well.
processes = ["app"]
We’ll have to look into the secrets issue. This multiple process feature is experimental so I would not recommend using it here. Running Squid as a separate app would be best.