Hey! Indeed we’re a bit behind on these topics. See answers at the end of this post.
If you’re running Squid in front of your app as an HTTP cache, I’d recommend two separate Fly apps. They can communicate over your private network. If you have webapp as your app name, and it listens on port 80, Squid can send traffic to http://webapp.internal. Simple as that.
The squid fly.toml might look like:
app = "mysquid"
[[services]]
internal_port = 3128
[[services.ports]]
handlers = ["tls", "http"]
port = 443
This will terminate TLS for you on port 443 (making for a simpler squid config). Then traffic is passed with normal HTTP to your squid instances on port 3128.
fly.toml for your app can simply contain the following if you don’t want it exposed to the internet (only to squid):
app = "mywebapp"
[[services]]
The blank services block is required to ensure the default internet-facing ports are closed off.
Now to answer your question about the fly.toml entries:
processes refers to an experimental feature allowing more than one service to be logically
grouped within a single app. Check out this post for more info.
allowed_public_ports is deprecated - we just haven’t removed it from the default config yet.