Private Ip proxy with nginx

Currently I have a hosted nginx server that reverse proxies to my backend application through a private ip. I am using the following config which works fine.

  location /data/ {
          proxy_set_header X-Forwarded-Host $http_host;
          proxy_ssl_server_name on;
          proxy_pass http://[1234:0:1234:123:1234:1234:1234:1]:8080/data/;
  }

The issue is that this private ip changes every time I redeploy my backend application, causing me to reconfigure my nginx config to the newly created private ip. Is there a way to use a private ip like this but not have to change my config after each deploy.

Use the internal names here Private Networking · Fly Docs . You may also need to set your resolver to the Fly internal DNS fdaa::3, a la:

location /data/ {
  resolver [fdaa::3];
  proxy_set_header X-Forwarded-Host $http_host;
  proxy_ssl_server_name on;
  proxy_pass http://myapp.internal:8080/data/;
}
1 Like

Apart from what netshade suggested, you can also setup a Flycast IP. It is private and never changes. It load balances 6pn traffic to all app instances just like any load balancer would.

If going down the Nginx DNS route, I would double-check and test:

  1. When does Nginx check/refresh the IP(s) from DNS?
  2. Does Nginx health-check the IP(s)?

If Nginx only checks DNS on initial load, a specific interval, and/or TTL expiry (not sure what the TTLs are on the .internal Fly DNS records) - you may have a larger than expected outage when you update your back-end app.

Even if Nginx does regularly update the IPs from DNS - if it doesn’t health-check them (and only send to those that are responive), you may still end up with an outage when you update your back-end app due to stale Fly DNS records.

Apparently Machines currently have static private IPs.

1 Like