flycast in the spotlight

superfly · Aug 9, 2024 · f9eb49e · f9eb49e
1 parent 41a5202
commit f9eb49e
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 55 deletions.
diff --git a/networking/flycast.html.markerb b/networking/flycast.html.markerb
@@ -0,0 +1,76 @@
+---
+title: "Flycast - Private Fly Proxy services"
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/privatenetwork/
+  - /docs/reference/private-networking/
+---
+
+Flycast is the Fly.io version of Anycast, but for private apps on private networks. With Flycast, requests to your private apps get routed through the Fly Proxy, rather than Machine-to-Machine using `.internal` addresses (the [private networking](/docs/networking/private-networking/) available by default on every app). Unlike `.internal` addresses, with a Flycast address, you don't need to keep Machines running for the app to be reachable.
+
+Use Flycast to do the following entirely within your organization's private network:
+
+* Use [Fly Proxy autostop/autostart](/docs/launch/autostart-stop/) for Machines based on network requests.
+* Get Fly Proxy's [geographically aware load balancing](/docs/reference/load-balancing/) for private services.
+* Connect to a service from another app that can't use DNS.
+* Connect from third-party software, like a database, that doesn't support round-robin DNS entries.
+* Access specific ports or services in your app from other Fly.io organizations.
+* Use advanced Fly Proxy features like TLS termination or PROXY protocol support.
+
+## Flycast quickstart
+
+The basic steps to up Flycast:
+
+1. Allocate a private IPv6 address for your app on one of your Fly.io organization networks.
+2. Make sure your app binds to `0.0.0.0:port`. Binding to `fly-local-6pn:<port>` won't work for Flycast.
+3. Expose services in your app's `fly.toml` `[services]` or `[http_service]` block. Don't use `force_https`; Flycast is HTTP-only.
+4. Deploy your app.
+5. Access the services on the private IPv6 address from the target organization network.
+
+<div class="warning icon">
+**Warning:** If you have a public IP address assigned to your app, then services in `fly.toml` are exposed to the public internet. Verify your app's IP addresses with `fly ips list`.
+</div>
+
+## Allocate a Flycast address
+
+A Flycast address is an app-wide private IPv6 address that the Fly Proxy can route to on the private network.
+
+By default, the Flycast IP address is allocated on an app's parent organization network.
+
+```cmd
+ fly ips allocate-v6 --private
+ ```
+ ```output
+VERSION	IP                	TYPE   	REGION	CREATED AT
+v6     	fdaa:0:22b7:0:1::3	private	global	just now
+```
+
+You can use Flycast to expose an app in one Fly.io organization to another Fly.io organization by using the `--org` option when you allocate the Flycast address:
+
+```cmd
+ fly ips allocate-v6 --private --org my-other-org
+ ```
+ ```output
+VERSION	IP                	TYPE   	REGION	CREATED AT
+v6     	fdaa:0:22b7:0:1::3	private	global	just now
+```
+
+You can also use Flycast to expose an app on one private network to another private network by using the `--network` option to specify the network from which requests will originate:
+
+```cmd
+ fly ips allocate-v6 --private --network custom-network-name
+ ```
+ ```output
+VERSION	IP                	TYPE   	REGION	CREATED AT
+v6     	fdaa:0:22b7:0:1::3	private	global	just now
+```
+
+## Flycast and Fly.io DNS
+
+Flycast addresses can also be found by using the Fly.io DNS. If an app has a Flycast address allocated to it, there will be an AAAA record at `<app name>.flycast`.
+
+## More Flycast
+
+- [Run private apps with Flycast](/docs/blueprints/private-applications-flycast/)
+- [Autostop/autostart for private apps](/docs/blueprints/autostart-internal-apps/)
diff --git a/networking/index.html.markerb b/networking/index.html.markerb
@@ -9,11 +9,13 @@ order: 10
 Networking on Fly.io.
 
 - **[Connect to an App Service](/docs/networking/app-services/):** An overview of how to connect to your app over the private WireGuard network (6PN), and how to make your app reachable from the internet.
-
-- **[Private networking](/docs/networking/private-networking):** Learn about Fly.io's IPv6 private network (6PN), DNS on Fly Machines, and how to use Flycast for load balancing and other Fly Proxy features on a private network.
 
 - **[Public networking](/docs/networking/services):** Details about public network services on Fly.io, including allocating IP addresses, finding a Machine's outbound IP, connection handlers, and redirects.
 
+- **[Private networking](/docs/networking/private-networking):** Learn about Fly.io's IPv6 private network (6PN), DNS on Fly Machines, and how to use Flycast for load balancing and other Fly Proxy features on a private network.
+
+- **[Flycast - Private Fly Proxy Services](/docs/networking/flycast):** Route requests to private apps through Fly Proxy to take advantage of features like load balancing and autostop/autostart based on traffic.
+
 - **[Dynamic request routing](/docs/networking/dynamic-request-routing/):** Use the `fly-replay` response header to route requests to other apps and regions.
 
 - **[Custom domains](/docs/networking/custom-domain/):** Add a custom domain for your app and troubleshoot certificate creation.

diff --git a/networking/private-networking.html.md b/networking/private-networking.html.md
@@ -81,7 +81,7 @@ In uncommon circumstances, such as having an unusual file system layout, or usin
 In most cases, connecting to other Machines via the `.internal` DNS is the most convenient and accessible way to connect your Fly Apps and Machines. 
 
 <div class="note icon">
-**Note:** 6PN addresses directly connect one Fly Machine with another, bypassing the Fly Proxy. To use Fly Proxy features like auto start and stop on your private network, you can use a [Flycast address](#flycast---private-fly-proxy-services).
+**Note:** 6PN addresses directly connect one Fly Machine with another, bypassing the Fly Proxy. To use Fly Proxy features like autostop/autostart on your private network, you can use [Flycast](/docs/networking/flycast/).
 </div>
 
 Most of the time, the `.internal` DNS is all you'll need for routing. If you need more complicated routing, you might be able to take advantage of the structure of 6PN addresses in your app's design. Rather than a single address, each Fly Machine is assigned a `/112` 6PN subnet, which is structured as follows:
@@ -99,57 +99,6 @@ Most of the time, the `.internal` DNS is all you'll need for routing. If you nee
 
 The machine identifier portion of the 6PN address is not related to the 14 character Machine ID; the two are independent. A Fly Machine's current 6PN address can be found in the environment variable `FLY_PRIVATE_IP`. As noted above, a Machine's 6PN address is not static, so do not assume that a Fly Machine's Machine ID can be permanently mapped to a particular 6PN address. 6PN addresses will change when an app is moved into a new Fly Org, or when a Fly Machine is migrated onto a new host server. However, an 6PN address change can only happen on a reboot, so supplying a procedure to check for a change in 6PN address on Machine startup is sufficient to handle this event.
 
-## Flycast - Private Fly Proxy services
-
-A Flycast address is an app-wide IPv6 address that the Fly Proxy can route to privately. Use a Flycast address to direct private network traffic through the Fly Proxy to take advantage of features like geographically aware load balancing and autostart/autostop based on traffic. 
-
-Use Flycast to do the following entirely within your organization's private network:
-
-* [Autostart and/or autostop](/docs/launch/autostart-stop/) Machines based on network requests.
-* Use Fly Proxy's [geographically aware load balancing](/docs/reference/load-balancing/) for private services.
-* Connect to a service from another app that can't use DNS.
-* Connect from third-party software, like a database, that doesn't support round-robin DNS entries.
-* Access specific ports or services in your app from other Fly.io organizations.
-* Use advanced proxy features like TLS termination or PROXY protocol support.
-
-The general flow for setting up Flycast is:
-
-1. Allocate a private IPv6 address for your app on one of your Fly.io organization networks.
-2. Make sure your app binds to `0.0.0.0:port`. **Binding to `fly-local-6pn:<port>` is insufficient for Flycast.**
-3. Expose services in your app's `fly.toml` `[services]` or `[http_service]` block; **do not use `force_https` as Flycast is HTTP-only**.
-4. Deploy your app.
-5. Access the services on the private IP from the target organization network.
-
-<div class="warning icon">
-**Warning:** If you have a public IP address assigned to your app, then services in `fly.toml` are exposed to the public internet. Verify your app's IP addresses with `fly ips list`.
-</div>
-
-### Assign a Flycast address
-
-By default, the Flycast IP address is allocated on an app's parent organization network.
-
-```cmd
- fly ips allocate-v6 --private
- ```
- ```output
-VERSION	IP                	TYPE   	REGION	CREATED AT
-v6     	fdaa:0:22b7:0:1::3	private	global	just now
-```
-
-You can also use Flycast to expose an app in one Fly organization to another Fly organization by using the `--org` option when you allocate the Flycast address:
-
-```cmd
- fly ips allocate-v6 --private --org my-other-org
- ```
- ```output
-VERSION	IP                	TYPE   	REGION	CREATED AT
-v6     	fdaa:0:22b7:0:1::3	private	global	just now
-```
-
-### Flycast and Fly.io DNS
-
-Flycast addresses can also be found by using the Fly.io DNS. If an app has a Flycast address allocated to it, there will be an AAAA record at `<appname>.flycast`.
-
 ## Private Network VPN
 
 You can use the [WireGuard](https://wireguard.com/+external) VPN to connect to the 6PN private network. WireGuard is a flexible and secure way to plug into each one of your Fly.io organizations and connect to any app within that organization.

diff --git a/partials/_firecracker_nav.html.erb b/partials/_firecracker_nav.html.erb
@@ -123,8 +123,9 @@
       open: false,
       links: [
         { text: "Connect to an App Service", path: "/docs/networking/app-services/" },
-        { text: "Private Networking", path: "/docs/networking/private-networking/" },
         { text: "Public Networking", path: "/docs/networking/services/" },
+        { text: "Private Networking", path: "/docs/networking/private-networking/" },
+        { text: "Flycast - Private Proxy Services", path: "/docs/networking/flycast/" },
         { text: "Dynamic Request Routing", path: "/docs/networking/dynamic-request-routing/" },
         { text: "Custom Domains", path: "/docs/networking/custom-domain/" },
         { text: "Automate Certificates via API", path: "/docs/networking/custom-domain-api/" },