There’s a new handler available for exposing your PostgreSQL instance over the proxy in a secure manner: pg_tls. How to use? First, get your current config if you don’t already have it fly config save -a <your-pg-fly-app-name> Then, modify your fly.toml, adding this service: [[services]] intern…

this is amazing. i was able to use handlers = ["pg_tls", "proxy_proto"] which feeds into haproxy with bind *:5432 accept-proxy and have ip based filtering for incoming connection.