Hi all,
I’m trying to figure out how to send cretain traffic from my app hosted on fly.io to route out via our office interconnects and certain backend services used in my app are whitelisted by IP address and can only be accessed from our office IPv4 address.
Anyone done this?
So I have this working now. Recreated the tunnel like:
fly wireguard create [your-org] [region] [peer-name]
then installed curl on my fly vm for testing and can get to the office nginx on my-office._peer.internal.
I then set up reverse proxy at http://my-office._peer.internal/api1 and http://my-office._peer.internal/api2 etc. after making nginx listen on IPv6 for the wireguard tunnel like so:
server {
access_log /var/log/nginx/my-office.log;
listen [::]:80;
server_name my-office._peer.internal;
location /api1 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
rewrite ^/api1/?(.*) /$1 break;
proxy_pass https://api1.com;
proxy_redirect off;
}
location /api2 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
rewrite ^/api2/?(.*) /$1 break;
proxy_pass https://api2.com;
proxy_redirect off;
}
}
I’m not too fussed about http into the office as it’s over wireguard, but TLS out to everything else, nginx handles nicely.
I hope this helps others 
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.