Add custom networks to index

networking/dynamic-request-routing.html.md

@@ -14,25 +14,25 @@ Sometimes it's useful, or necessary, to route requests to other regions, other a
 
 ## The `fly-replay` response header
 
-Apps may append a `fly-replay` header to responses. This instructs the [Fly Proxy](/docs/reference/fly-proxy) to redeliver (replay) the original request in another region, or to replay it to another app in the same Fly organization.
+Apps may append a `fly-replay` header to responses. This instructs [Fly Proxy](/docs/reference/fly-proxy) to redeliver (replay) the original request in another region, or to replay it to another app in the same organization.
 
-The content of the `fly-replay` header fields tells our proxy which magic to perform, and the proxy takes it from there. If the target region doesn't host any healthy instances for the target app, the proxy throws an error.
+The content of the `fly-replay` header fields tells Fly Proxy which magic to perform, and the proxy takes it from there. If the target region doesn't host any healthy Machines for the target app, the proxy throws an error.
 
 |Field |Description |
 |---|---|
-|`region` | The 3-letter code for a region to which the request should be routed. |
-|`instance` | machine ID of a specific instance to which the request should be routed. |
-|`app` | The name of an app within the same organization, to which the request should be routed.<br>fly-proxy will choose the nearest instance if no region is specified.|
+|`region` | The 3-letter code for the [region](/docs/reference/regions/) to which the request should be routed. |
+|`instance` | The ID of the specific Machine to which the request should be routed. |
+|`app` | The name of the app within the same organization, to which the request should be routed.<br>Fly Proxy will choose the nearest Machine if no region is specified.|
 |`state` | Optional arbitrary string to include in the `fly-replay-src` header appended to the request being replayed. |
-|`elsewhere` | Boolean. If `true`, the responding instance will be excluded from the next round of load-balancing. |
+|`elsewhere` | Boolean. If `true`, the responding Machine will be excluded from the next round of load-balancing. |
 
 ### Limitations
 
 Attempting to replay requests larger than 1MB will throw an error. If you need certain requests - like file uploads - to be handled by a specific region, consider the following workarounds.
 
-If your service is simply proxying uploads to object storage, some services like S3 allow [uploading directly from the browser](https://aws.amazon.com/blogs/compute/uploading-to-amazon-s3-directly-from-a-web-or-mobile-application/). Rails supports this [out of the box](https://guides.rubyonrails.org/active_storage_overview.html#direct-uploads).
+If your service is simply proxying uploads to object storage, some services like S3 allow [uploading directly from the browser](https://aws.amazon.com/blogs/compute/uploading-to-amazon-s3-directly-from-a-web-or-mobile-application/+external). Rails supports this [out of the box](https://guides.rubyonrails.org/active_storage_overview.html#direct-uploads+external).
 
-If you can perform uploads via `fetch` or `XMLHttpRequest` (aja Ajax), you can prepend the [fly-prefer-region](#the-fly-prefer-region-request-header) or [fly-force-instance-id](#the-fly-force-instance-id-request-header) header to send the request directly to that region.
+If you can perform uploads via `fetch` or `XMLHttpRequest`, you can prepend the [fly-prefer-region](#the-fly-prefer-region-request-header) or [fly-force-instance-id](#the-fly-force-instance-id-request-header) header to send the request directly to a specific region.
 
 
 ## `fly-replay` use cases
@@ -44,80 +44,88 @@ Here are a few example use cases for the `fly-replay` response header.
 Fly.io Postgres supports [global read replicas](/docs/postgres/high-availability-and-global-replication) for speeding up reads in regions close to users.
 
 Replay a request to the region where the HA database leader lives:
+
 ```
 fly-replay: region=sjc
 ```
 
-The proxy will get the request to an instance in that region and let the instances in the cluster take care of getting it to the writeable leader.
+Fly Proxy will get the request to a Machine in that region and let the instances in the cluster take care of getting it to the writeable leader.
 
 Check out our blueprint for [Multi-region databases and fly-replay](/docs/blueprints/multi-region-fly-replay/).
 
 ### Replay requests to other apps
 
 `fly-replay` can replay requests across apps in the same organization. Think of a router app for a FaaS that wants to spin up a customer [Machine](/docs/machines/) on demand.
 
-To send the request to an instance of a different app in the same organization, in the nearest region that has one:
+To send the request to a different app in the same organization, in the nearest region that has a Machine:
+
 ```
 fly-replay: app=app-in-same-org
 ```
 
-### Replay requests to specific VMs
+### Replay requests to specific Machines
+
+Replay the request to a specific Machine by ID:
 
-Replay the request to a specific VM by ID:
 ```
 fly-replay: instance=00bb33ff
 ```
 
 ### Pass state to replay targets
 
-The request replay target may need to know why the request was routed to it.
+The request replay target may need to know why the request was routed to it:
+
 ```
 fly-replay: region=sjc;state=captured_write
 ```
 
-Fields can be stacked; for instance, to send the request on to an instance of the app "app-in-same-org" in the sjc region:
+Fields can be stacked; for instance, to send the request on to an Machine in the app "app-in-same-org" in the sjc region:
+
 ```
 fly-replay: region=sjc;app=app-in-same-org
 ```
 
-Some combinations of fields can conflict: e.g. don't specify an app name and an instance ID that doesn't belong to that app.
+Some combinations of fields can conflict. For example, don't specify an app name and a Machine ID that doesn't belong to that app.
 
 Related: [Multi-region PostgreSQL](/docs/postgres/high-availability-and-global-replication); [Run Ordinary Rails Apps Globally](/blog/run-ordinary-rails-apps-globally/)
 
 ## The `fly-replay-src` request header
 
-When replaying an HTTP request, our proxy appends the `fly-replay-src` header with information about the instance that sent the `fly-replay`.
+When replaying an HTTP request, Fly Proxy appends the `fly-replay-src` header with information about the Machine that sent the `fly-replay`.
 
 |Field |Description |
 |---|---|
-|`instance` | The ID of the instance emitting `fly-replay`. |
+|`instance` | The ID of the Machine emitting `fly-replay`. |
 |`region` | The region `fly-replay` was sent from. |
 |`t` | A timestamp: microseconds since the Unix epoch. |
 |`state` | The contents of the `state` supplied by the `fly-replay` header, if any. |
 
-[See how the official Fly.io Ruby client](https://github.com/superfly/fly-ruby/blob/main/lib/fly-ruby/regional_database.rb#L74-L76) uses the `state` and `t` fields to prevent [read-your-own-write](https://jepsen.io/consistency/models/read-your-writes) inconsistency.
+See how the [official Fly.io Ruby client](https://github.com/superfly/fly-ruby/blob/main/lib/fly-ruby/regional_database.rb#L74-L76+external) uses the `state` and `t` fields to prevent [read-your-own-write](https://jepsen.io/consistency/models/read-your-writes+external) inconsistency.
 
 ## The `fly-prefer-region` request header
 
-Clients accessing Fly.io apps may set the `fly-prefer-region` header to attempt sending the request directly to a desired target region. This is useful for cases where `fly-replay` isn't practical, such as large file uploads which can't be replayed once buffered by the proxy.
+Clients accessing Fly.io apps may set the `fly-prefer-region` header to attempt sending the request directly to a desired target region. This is useful for cases where `fly-replay` isn't practical, such as large file uploads which can't be replayed once buffered by Fly Proxy.
 
-If the target region has no healthy instances, the region nearest to the client with healthy instances will field the request.
+If the target region has no healthy Machines, the region nearest to the client with healthy Machines will field the request.
 
 Example:
+
 ```
 fly-prefer-region: ams
 ```
 
 ## The `fly-force-instance-id` request header
 
-Clients accessing Fly.io apps may set the `fly-force-instance-id` header to ensure that the request is sent directly to a desired machine only.
+Clients accessing Fly.io apps may set the `fly-force-instance-id` header to ensure that the request is sent to only a specific Machine.
 
-If the machine is deleted or not found, no other instances will be tried.
+If the Machine is deleted or not found, no other Machines will be tried.
 
 Example:
+
 ```
 fly-force-instance-id: 90801679a10038
 ```
 
-**Note**: the value of this header is the machine id, which can be found
-as the `"id"` field in `fly machine list --json` output.
+<div class="note icon">
+**Note**: The value of this header is the Machine ID, which you can get by running `fly status` or `fly machines list`.
+</div>

networking/index.html.markerb

@@ -14,13 +14,15 @@ Networking on Fly.io.
 
 - **[Private networking](/docs/networking/private-networking):** Learn about Fly.io's IPv6 private network (6PN) and DNS on Fly Machines.
 
+- **[Custom Private Networks](/docs/networking/custom-private-networks):** Isolate users, data, and code on custom private networks.
+
 - **[Flycast - Private Fly Proxy Services](/docs/networking/flycast):** Route requests to private apps through Fly Proxy to take advantage of features like load balancing and autostop/autostart based on traffic.
 
-- **[Dynamic request routing](/docs/networking/dynamic-request-routing/):** Use the `fly-replay` response header to route requests to other apps and regions.
+- **[Dynamic request routing](/docs/networking/dynamic-request-routing/):** Use Fly.io request and response headers to customize request routing to regions, apps, and even specific Machines.
 
 - **[Custom domains](/docs/networking/custom-domain/):** Add a custom domain for your app and troubleshoot certificate creation.
 
-- **[Automate the certificate process with the GraphQL API](/docs/networking/custom-domain-api):** If you need to issue multiple certificates automatically for custom domains, you can do that with the GraphQL API.
+- **[Automate the certificate process with the GraphQL API](/docs/networking/custom-domain-api):** Issue multiple certificates automatically for custom domains with the GraphQL API.
 
 - **[HTTP request headers](/docs/networking/request-headers/):** Fly.io-specific and standard HTTP headers added by the HTTP connection handler.
 

security/index.html.markerb

@@ -12,7 +12,7 @@ Securing a public cloud platform like Fly.io is a hard problem, and we take it s
 _Fly.io security practices and features._ 
 
 - **[SSO for organizations](/docs/security/sso/):** Set up org-wide Single Sign-on with Google or GitHub.
-- **[Remove a member from an organization](/docs/security/remove-org-member/):** How to remove a user from an organization and the subsequent steps to help keep the organization secure.
+- **[Remove a member from an organization](/docs/security/remove-org-member/):** Remove a user from an organization and take steps to help keep the organization secure.
 - **[Built-in TLS termination](/docs/security/tls-termination/):** You get TLS termination by default for your web apps.
 - **[Fly.io security practices and compliance](/docs/security/security-at-fly-io/):** Learn about our security practices for the Fly.io platform.
 
@@ -22,7 +22,7 @@ _Fly.io security practices and features._
 
 _Tokens on Fly.io._
 
-- **[Access tokens](/docs/security/tokens/):** Learn about tokens and how to create them to manage access to organizations and apps.
+- **[Access tokens](/docs/security/tokens/):** Use tokens to manage access to organizations and apps.
 - **[OpenID Connect](/docs/security/openid-connect/):** Use OpenID Connect (OIDC) to manage access to 3rd party services.
 
 ---