Raw http and Fly

Using fly certificates, is there a way to allow pure HTTP traffic rather then forcing encryption? I have an app which i would like to be available over both HTTP and HTTPS, rather then just one.

Share IPs force HTTPs, we setup shared IPs by default on new apps because we don’t charge for them.

If you switch to a dedicated IP, you can do plaintext HTTP. Just run fly ips allocate-v4. Dedicated IPs are $2/mo, though, just be aware.

How do i enable the actual plaintext HTTP? According to curl, i’m simply being redirected to the https version of the site. Do the load balancers still sit in front of it? Can i have to terminate my own TLS, and if so, can i use a Fly certificate that is managed automatically?

Check your fly.toml, there’s a force_ssl setting in there that might be set to true.

If you didn’t already know this, browsers auto upgrade .dev domains to https. So curl is the right way to test if you’re hitting a .dev domain.

Also make sure curl -v shows the same IP as fly ips list does. We have to make a DNS change when you switch to a dedicated IP, it might take a bit to get out of various caches.

You can also remove the http handler in fly.toml and we’ll send you raw TCP. That’s usually suboptimal for HTTP services, but it could be a useful debugging step.

force_ssl was set to true. (figured out)

fly deploy applies the fly.toml config.

Thanks, i figured that out right after asking.
However, i have one final issue: does fly http proxy send a real client IP? What header is it under, if so?

fly-client-ip is our header that isn’t forgeable.

Thank you! I’m quite impressed by how fast y’all answered.

1 Like