The app is not listening on

:wave: Hello! I’m relatively new to Fly and loving it so far.

But, I’m not sure what to do here:

I’ve set up an Nginx machine. It’s running fine and listening on the default internal port 8080.

The intent is to have Fly pass all TCP traffic on port 443 direct to Nginx on port 8080.


app = "<app name here>"
primary_region = "ord"

  protocol = "tcp"
  min_machines_running = 1

  port = 443

  hard_limit = 1000
  soft_limit = 800

On deploy, I’m getting the following warning:

WARNING The app is not listening on the expected address and will not be reachable by that 683d67ebd4dd68 [app] is up and running
You can fix this by configuring your app to listen on the following addresses:
Found these processes inside the machine with open listening sockets:
  PROCESS                                    | ADDRESSES
  nginx: master process nginx -g daemon off; |
  /.fly/hallpass                             | [fdaa:3:3f4a:a7b:191:5eca:2f4b:2]:22
  nginx: worker process                      |

So I’m left wondering: What does it mean to not be listening on port 0? And what can I do about it?

do you have try add env to Dockerfile


You probably want to replace everything after the primary_region line in your fly.toml with:

  internal_port = 8080
  force_https = true 
  auto_stop_machines = true
  auto_start_machines = true 
  min_machines_running = 1 

Feel free to adjust the auto start/stop machine lines.

Make sure that your nginx config has a line like one of the following (wither will do)::

  listen [::]:8080;

Ah, I see what you’re suggesting.

If I understand the documentation correctly, that would have Fly terminating SSL/TLS before forwarding traffic to the machines. Yes?

In my setup, I imagine I want the TCP connections forwarded without Fly terminating the SSL because I have Cloudflare in front of this, with SSL/TLS set to Full (strict), which requires a trusted CA or Cloudflare Origin CA on the machine terminating the SSL/TLS.

If I can install a CA somewhere into Fly without introducing my own proxy, I’d be thrilled to do that.

I mention all of that because maybe I can skirt the present issue by not using NGINX at all.

P.S. Just came across Custom Domains and SSL Certificates · Fly Docs and will work through it and see if it shows the path forward.

Just to be clear, that’s not what the message says at all. Make sure that your nginx config does not look like the following:


This would listen on port 8080 requests that originate from localhost. What you want instead is to listen on all addresses.

listen 8080 ssl;

My understanding is that means listen on all addresses. And in the original post, it looks to me that fly sees the nginx processes listening on — does it look that way to you?

The error message says that I can fix things by getting my process to listen on

I read that as “get your process to listen on all addresses, port 0”… which doesn’t make sense to me.

I might be misreading something.

You are reading it correctly.

Try adding the following to your [[services]] section:

internal_port = 8080

That is supposed to be the default, but doesn’t appear to be working.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.