I create a fly.io application that gets SSL automatically. Now instead of serving HTTPS over port 443, I want to serve a raw TCP stream, with SSL terminated by Fly.io. My toml now looks sort of like this:
[[services]]
http_checks = []
internal_port = 4433
processes = ["app"]
protocol = "tcp"
script_checks = []
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = "connections"
[[services.ports]]
handlers = ["tls"]
port = 443
[[services.tcp_checks]]
grace_period = "1s"
interval = "15s"
restart_limit = 0
timeout = "2s"
When I do that, fly.io wants me to get my own IPv4. When I do that, everything works fine.
But now Iām curious how fly.io dispatches traffic between applications. Why do I have to get my own IPv4 now? Is it a technical limitation? That would indicate it uses something from the HTTP request to dispatch, but a few tests suggest not.
Up until now I assumed it would use SNI, and of course it would need that to serve custom domains at all.
Any ideas why this is technically necessary? Or is this just how you guys do pricing?
Cloudflare appears to have the same limitation, so I must be missing something.