Terminate TLS wrapping for non-http protocol

I am attempting to deploy a non-http protocol, which is still wrapped in a tls tunnel.

Is it possible to forward the wrapped TCP connection to the app?

The documentation didn’t cover that topic neither in TLS nor TCP cut through.


You can pass TCP connections directly to your app, simply by not specifying any handlers. This is a bit hidden in our Network Services documentation. Which page were you expecting to find this information on, so we can update the docs?

I would have expected two things: The TLS section is rather sparse, I’d have expected this to forward to sections relevant to the TLS termination.

I read This is useful if you want to handle TLS termination yourself, for example. also like I would have to handle TLS termination in the app itself, which I would not really want. I’d want the unwrapping of the TLS, but forward the inner connection.

(In case that’s the only option, how’d I access the letsencrypt certificate/key?).

If you only specify the tls handler, the Fly proxy will terminate TLS and forward the connection. Check this post about running an Envoy proxy behind TLS termination: gRPC service behind Envoy proxy

1 Like