(reposting from my comment here)
Please allow apps with a shared IPv4 address to have just a TLS handler on port 443, instead of requiring TLS+HTTP. This is useful because it allows these apps to support non-HTTP protocols such as gRPC by wrapping them in TLS.
(Currently the only way to create a non-HTTP service is to use a dedicated IPv4 address or IPv6; but dedicated IPv4 addresses will cost $2/month, and IPv6 is not supported everywhere.)
I don’t see any technical reason to require TLS+HTTP, because presumably Fly is using SNI to identify the hostname. In fact I think shared IPv4 did work with just TLS at first, until extra checks were added.
Steps to check if bare TLS is supported:
$ mkdir app && cd app $ fly launch --image flyio/hellofly:latest # accept defaults # change the handlers of external port 443 from TLS+HTTP to TLS $ patch fly.toml <<"EOF" --- fly.toml.orig +++ fly.toml @@ -32,3 +32,3 @@ [[services.ports]] - handlers = ["tls", "http"] + handlers = ["tls"] port = 443 EOF $ fly deploy ==> Verifying app config Configuration errors in .../app/fly.toml: ✘ base: Services defined at indexes: 0 require a dedicated IP address. You currently have no dedicated IPs allocated. Please allocate at least one dedicated IP before deploying (`fly ips allocate-v4` and/or `fly ips allocate-v6`). Affected services:  tcp/80,443 => 8080 Error App configuration is not valid
Desired behaviour: Deploy should succeed, a shared IPv4 should be automatically allocated, and the app should be accessible on port 443. (This particular demo app happens to use HTTP, but any protocol should be supported as long as it is wrapped in TLS.)
(This post is distinct from Feature Request: SNI based TLS routing with shared IPv4, which is asking to provision own certificates with shared IPv4.)