Using own SSL certificates for endpoints

Hi,

You seem to be almost there. If you are using nginx, then yes you simply need to set the paths to the certificate and key:

https://nginx.org/en/docs/http/configuring_https_servers.html

You could include them as part of your image. So your Dockerfile would need to include them (copying them to where the nginx conf expects them to be and making sure they have the correct permissions) . Your .dockerignore file would of course need to not exclude them. Which by default it may be doing,

(You could use secrets instead, in your app’s code, since secrets can be staged prior to deployment. You would set the secret and then not deploy - if asked - and then they would be ready for the next deploy. Using files is perhaps simpler though)

So at this point your nginx is ready to terminate the TLS however Fly won’t know you want to handle it. Most people let its proxy handle that. You can tell it you don’t want it to handle TLS by removing the “tls” from the handlers in the fly.toml.

That should mean the TCP goes directly to your app, letting it handle the SSL certificate.

Not sure if you would need to allocate a dedicated IPv4 to the app for that to work :thinking: In theory no since it’s still HTTP and so Fly still has a domain to work with. Worth a try using a shared IPv4 (the default) and if it doesn’t work, that may be why.