mirror of
https://codeberg.org/git-pages/git-pages.git
synced 2026-05-21 14:41:34 +00:00
4c087278cb
More specifically, remove the dedicated HTTP datapath for health checks and verify the entire stack, from TLS frontend to S3 backend. Verifying too little has resulted in a small outage recently when the pages listener got misconfigured but the health listener happily accepted connections like normal. This would not happen now that the health check uses port 443, too.
101 lines
2.0 KiB
TOML
101 lines
2.0 KiB
TOML
# Requires secrets to be set:
|
|
# - ACME_EMAIL
|
|
# - PAGES_CONFIG_FILE
|
|
# - PAGES_STORAGE_S3_ENDPOINT
|
|
# - PAGES_STORAGE_S3_ACCESS_KEY_ID
|
|
# - PAGES_STORAGE_S3_SECRET_ACCESS_KEY
|
|
# - PAGES_STORAGE_S3_BUCKET
|
|
|
|
[build]
|
|
dockerfile = "Dockerfile"
|
|
|
|
[experimental]
|
|
cmd = ["supervisord"]
|
|
|
|
[[vm]]
|
|
cpu-type = "shared"
|
|
cpus = 2
|
|
memory = 512
|
|
|
|
[env]
|
|
UDP_BIND_TO = "fly-global-services"
|
|
ALLOW_PROXY = "172.16.0.0/16"
|
|
AUTOMEMLIMIT = "0.25"
|
|
|
|
[[files]]
|
|
guest_path = "/app/config.toml"
|
|
local_path = "config.fly.toml"
|
|
|
|
# [::]:80/TCP; HTTP/1.1 and HTTP/2 (cleartext)
|
|
|
|
[[services]]
|
|
internal_port = 80
|
|
protocol = "tcp"
|
|
auto_stop_machines = "stop"
|
|
auto_start_machines = true
|
|
|
|
[[services.ports]]
|
|
port = 80
|
|
handlers = ["proxy_proto"]
|
|
proxy_proto_options = { version = "v2" }
|
|
|
|
[services.concurrency]
|
|
type = "connections"
|
|
soft_limit = 250
|
|
|
|
[[services.http_checks]]
|
|
protocol = "http"
|
|
method = "get"
|
|
path = "/"
|
|
headers = { Health-Check = "🩺", Host = "localhost" }
|
|
grace_period = "5s"
|
|
interval = "2s"
|
|
timeout = "1.5s"
|
|
|
|
# [::]:433/TCP; HTTP/1.1 and HTTP/2
|
|
|
|
[[services]]
|
|
internal_port = 443
|
|
protocol = "tcp"
|
|
auto_stop_machines = "stop"
|
|
auto_start_machines = true
|
|
|
|
[[services.ports]]
|
|
port = 443
|
|
handlers = ["proxy_proto"]
|
|
proxy_proto_options = { version = "v2" }
|
|
|
|
[services.concurrency]
|
|
type = "connections"
|
|
soft_limit = 250
|
|
|
|
[[services.http_checks]]
|
|
protocol = "https"
|
|
method = "get"
|
|
path = "/"
|
|
headers = { Health-Check = "🩺", Host = "localhost" }
|
|
grace_period = "5s"
|
|
interval = "2s"
|
|
timeout = "1.5s"
|
|
# At the moment there's no good way to handle this, so staging needs TLS keys from production
|
|
# for this one host that isn't used for anything other than full stack health checks.
|
|
# These can be copied over manually whenever they expire.
|
|
tls_skip_verify = false
|
|
tls_server_name = "git-pages.fly.dev"
|
|
|
|
# 0.0.0.0:433/UDP; HTTP/3
|
|
# (Fly.io does not support UDP on public IPv6!)
|
|
|
|
[[services]]
|
|
internal_port = 443
|
|
protocol = "udp"
|
|
ports = [{ port = 443 }]
|
|
auto_stop_machines = "stop"
|
|
auto_start_machines = true
|
|
|
|
# Metrics
|
|
|
|
[metrics]
|
|
port = 2019
|
|
path = "/metrics"
|