New Shared IPv4 Connection Reset by peer

Questions / Help
1

I just followed the instructions to move my app from a dedicated IPv4 address to a shared address, and now the server wont respond via my CNAME.

➜ curl -i flimflan.fly.dev
HTTP/1.1 301 Moved Permanently
location: https://blog.flimflan.com/
content-type: application/x-msdownload
content-length: 82
date: Fri, 05 Jan 2024 23:27:22 GMT
server: Fly/fd64846af (2024-01-05)
via: 1.1 fly.io
fly-request-id: 01HKDZ7R96GV1F8X2QX5M2R7ZR-dfw

Redirecting to <a href="https://blog.flimflan.com/">https://blog.flimflan.com/</a>

This is the correct response (301).

Now, when I attempt with the CNAME:

➜ curl -i www.flimflan.com
curl: (56) Recv failure: Connection reset by peer

Check DNS:

➜ dig www.flimflan.com

; <<>> DiG 9.10.6 <<>> www.flimflan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7064
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.flimflan.com.		IN	A

;; ANSWER SECTION:
www.flimflan.com.	52	IN	CNAME	flimflan.fly.dev.
flimflan.fly.dev.	52	IN	A	66.241.124.50

PING resolves to correct IP:

➜ ping www.flimflan.com
PING flimflan.fly.dev (66.241.124.50): 56 data bytes
64 bytes from 66.241.124.50: icmp_seq=0 ttl=46 time=37.528 ms

Try by IP:

(fly.dev address works)

➜ curl -i 66.241.124.50 -H "Host: flimflan.fly.dev"
HTTP/1.1 301 Moved Permanently

(cname fails)

➜ curl -i 66.241.124.50 -H "Host: www.flimflan.com"
curl: (56) Recv failure: Connection reset by peer

Any suggestions would be appreciated.

1 Like
2

Hi @joshf

When your app is using a shared IP, fly-proxy has to know about all the custom domains you have for the app in order to properly route the requests to it (since there are many apps behind a single IP address).

You can tell fly-proxy about the custom domain by issuing a certificate for it:

$ fly certs add www.flimflan.com

Once the certificate is issued and propagated you should be able to access the app using www.flimflan.com.

3

Great, thank you, that fixed it.

Shouldn’t this step be part of the migration guide? I re-read it and don’t see how I should have made the leap to needing this step. I did not specifically need a cert (was only accessing via http).

4

Thanks! It’s been added to the migration guide and also in the docs (Public Network Services · Fly Docs)

5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.