New Postgres Example!

For those of you interested in getting Postgres running, a new “6PN” Postgres example is now available in the fly-examples/postgres repository with the guide coming soon to the docs.

If you’ve got any questions or suggestions, leave them as a reply here.

3 Likes

Nice!
Would you say 6PN is stable for production use?

Yep! We’re using it on high volume apps already.

2 Likes

Based on the Postgres example, I just deployed an instance of Clickhouse with persistent volumes. That was easy :rocket: :slight_smile:

The only limitation I ran into is around exposing multiple secure ports: clickhouse exposes port 9000 for TCP and port 8123 for HTTP. Both are unencrypted by default. :unlock:

Aside from deploying nginx as reverse proxy, and or bundling certs inside the docker image, am I missing an obvious way to get multiple secure ports configured in fly.toml? :lock:

1 Like

Hi,

Good question. You can have multiple services in your fly.toml, like this:

# fly.toml file generated for appkata-clickhouse on 2020-12-17T09:38:13Z

app = "appkata-clickhouse"

[build]
image = "yandex/clickhouse-server"


[[services]]
internal_port = 8123
protocol      = "tcp"

  [services.concurrency]
  hard_limit = 25
  soft_limit = 20

  [[services.ports]]
  handlers = ["tls","http"]
  port     = "10000"

  [[services.tcp_checks]]
  interval = 10000
  timeout  = 2000

[[services]]
internal_port = 9000
protocol      = "tcp"

  [[services.ports]]
  handlers = ["tls"]
  port     = "10001"

  [[services.tcp_checks]]
  interval = 10000
  timeout  = 2000

I’ll be adding this as a clickhouse example in our appkata examples. Let us know how you get on.

1 Like

:exploding_head: I didn’t realize I was missing something so obvious since I started using Fly!

Thanks :star_struck:

No problems. I’ll go review the docs and see if there’s a way to make it explicit that multiple services are a very real and fine thing.

1 Like

watch out if you deploy the base Docker image for Clickhouse, it has a default user with no password and write privileges.

Oof good note. I wonder if we can protect people from that particular footgun somehow.

The real answer to this is not to expose it through the [services], and use flyctl wireguard create to use it over the private network.

Adding

[env]
  CLICKHOUSE_DATABASE = "dbone"
  CLICKHOUSE_PASSWORD = "clickclick"
  CLICKHOUSE_USER = "clicker"

With appropriate values to your fly.toml should have those values baked into the clickhouse installation.

But yes, it’s very worst case startup mode - this is sort of the fix but it seems https://github.com/ClickHouse/ClickHouse/pull/10637 that its status is variable. :slight_smile:

1 Like

I’ve updated the docs to make it more explicit about multiple services sections - enjoy & feedback welcome - https://fly.io/docs/reference/configuration/#the-services-sections

This is excellent. :100:

1 Like