From df52ce1a2351f89a565cfce595ff85583bdf9278 Mon Sep 17 00:00:00 2001 From: andie787 <4andie@gmail.com> Date: Fri, 9 Aug 2024 16:31:27 -0400 Subject: [PATCH] edits --- networking/flycast.html.markerb | 14 ++++++-------- networking/private-networking.html.md | 6 ++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/networking/flycast.html.markerb b/networking/flycast.html.markerb index a8d03bd66a..e6a2db23cf 100644 --- a/networking/flycast.html.markerb +++ b/networking/flycast.html.markerb @@ -5,7 +5,7 @@ nav: firecracker redirect_from: /docs/networking/private-networking/#flycast-private-fly-proxy-services --- -Flycast is the Fly.io version of Anycast, but for private apps on private networks. With Flycast, requests to your private apps get routed through the Fly Proxy, rather than Machine-to-Machine using `.internal` addresses (the [private networking](/docs/networking/private-networking/) available by default on every app). Unlike `.internal` addresses, with a Flycast address, you don't need to keep Machines running for the app to be reachable. +Flycast provides network addressing and routing for private apps on Fly.io private networks. With Flycast, requests to your private apps get routed through the Fly Proxy, rather than Machine-to-Machine using `.internal` addresses (the [private networking](/docs/networking/private-networking/) available by default on every app). Unlike `.internal` addresses, with a Flycast address, you don't need to keep Machines running for the app to be reachable. Use Flycast to do the following entirely within your organization's private network: @@ -18,13 +18,13 @@ Use Flycast to do the following entirely within your organization's private netw ## Flycast quickstart -The basic steps to up Flycast: +The basic steps to set up Flycast: 1. Allocate a private IPv6 address for your app on one of your Fly.io organization networks. 2. Make sure your app binds to `0.0.0.0:port`. Binding to `fly-local-6pn:` won't work for Flycast. -3. Expose services in your app's `fly.toml` `[services]` or `[http_service]` block. Don't use `force_https`; Flycast is HTTP-only. +3. Expose services in your app's `fly.toml` with an [`[http_service]`](/docs/reference/configuration/#the-http_service-section) or [`[services]`](/docs/reference/configuration/#the-services-sections) section. Don't use `force_https`; Flycast is HTTP-only. 4. Deploy your app. -5. Access the services on the private IPv6 address from the target organization network. +5. Access the services on the private IPv6 address, or with `my-app-name.flycast` from the target organization network.
**Warning:** If you have a public IP address assigned to your app, then services in `fly.toml` are exposed to the public internet. Verify your app's IP addresses with `fly ips list`. @@ -32,9 +32,7 @@ The basic steps to up Flycast: ## Allocate a Flycast address -A Flycast address is an app-wide private IPv6 address that the Fly Proxy can route to on the private network. - -By default, the Flycast IP address is allocated on an app's parent organization network. +A Flycast address is an app-wide private IPv6 address that the Fly Proxy can route to over the private network. By default, the Flycast IP address is allocated on an app's default organization network. ```cmd fly ips allocate-v6 --private @@ -66,7 +64,7 @@ v6 fdaa:0:22b7:0:1::3 private global just now ## Flycast and Fly.io DNS -Flycast addresses can also be found by using the Fly.io DNS. If an app has a Flycast address allocated to it, there will be an AAAA record at `.flycast`. +Flycast addresses can also be found by using the Fly.io DNS. If an app has a Flycast address allocated to it, there will be an AAAA record at `my-app-name.flycast`. ## More Flycast diff --git a/networking/private-networking.html.md b/networking/private-networking.html.md index a244c3f3a6..dc6cb720a2 100644 --- a/networking/private-networking.html.md +++ b/networking/private-networking.html.md @@ -7,17 +7,15 @@ redirect_from: - /docs/reference/private-networking/ --- -Fly Apps are connected by a mesh of WireGuard tunnels using IPv6. +Fly Apps are connected by a mesh of WireGuard tunnels using IPv6. Private networking is always available to apps by default; you don't have to do anything special to get it. Applications within the same organization are assigned special addresses (6PN addresses) tied to the organization. Those applications can talk to each other because of their 6PN addresses, but applications from other organizations can't. The Fly.io platform won't forward packets between different 6PN networks. -Private networking is always available to apps by default; you don't have to do anything special to get it. - You can connect apps running outside of Fly.io to your 6PN network using WireGuard. You can even connect your dev laptop to your 6PN network. To do that, you'll use flyctl, the Fly.io CLI, to generate a WireGuard configuration that has a 6PN address. ## Fly.io `.internal` DNS -A Fly Machine is configured to resolve domain names with a custom DNS server from the Fly Platform. This DNS server can resolve arbitrary DNS queries, so you can look up `google.com` with it. But it’s also aware of 6PN addresses, and will let you look up 6PN addresses for other apps in your organization. Those addresses live under the custom top-level domain `.internal`. You might want to use `.internal` domains to connect your app to databases, API servers, or other apps in your 6PN network. +A Fly Machine is configured to resolve domain names with a custom DNS server from the Fly Platform. This DNS server can resolve arbitrary DNS queries, so you can look up `google.com` with it. But it’s also aware of 6PN addresses, and will let you look up 6PN addresses for other apps in your organization. Those addresses live under the custom top-level domain `.internal`. You might want to use `.internal` domains to connect your app to databases, API servers, or other apps in your 6PN network. If you don't need the second-level domains available with `.internal` and you want to use of Fly Proxy features for your internal apps, then you should use [Flycast](/docs/networking/flycast/) instead. Underneath `.internal` there are second-level domains for every app in your Fly organization. For example, if your app is in an organization with another app called `my-app-name`, then there will be a AAAA record at `my-app-name.internal`. The AAAA record will contain *all* the 6PN addresses of the started Fly Machines that make up the `my-app-name` Fly App. Note that different libraries and tools will use multi-address AAAA records differently; most will only use the first address that is returned, but others might round-robin between entries for every request -- if you'd like to know more, consult the documentation for the library or tool you are using for DNS lookup.