1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# fly.toml — ws-echo WebSocket server with cert-provider DNS-01
#
# DNS-01 ACME validation via bunny.net DNS API — no inbound ACME port needed.
# The WebSocket server terminates TLS directly using cert files from /certs.
#
# Before deploying:
# fly ips allocate-v4 # dedicated IPv4 required for Let's Encrypt
# fly secrets set BUNNY_API_KEY=your-bunny-net-api-key
# # Optional: S3/R2 cert sync (enables the s3-sync feature)
# fly secrets set CERT_S3_BUCKET=my-bucket
# fly secrets set CERT_S3_ENDPOINT=https://account.r2.cloudflarestorage.com
# fly secrets set CERT_S3_ACCESS_KEY=your-access-key
# fly secrets set CERT_S3_SECRET_KEY=your-secret-key
# fly secrets set CERT_S3_PREFIX=ws-echo
# fly secrets set CERT_S3_REGION=
# fly volumes create certs --size 1 --region jnb
#
# Edit ACME_EMAIL and DOMAIN below for your domain before deploying.
= 'endpoint-libs'
= 'jnb'
[]
= "Dockerfile.ws-echo"
[]
= "/certs"
= "sylvanbloch@gmail.com"
= "ws-echo.sylvan-b.com"
# BUNNY_API_KEY is set via `fly secrets set`
# CERT_S3_* vars are set via `fly secrets set`
[]
= "certs"
= "/certs"
[[]]
= '1gb'
= 'shared'
= 1
# ── WebSocket server (with TLS from /certs/fullchain.pem) ──────────────────
# handlers = [] means raw TCP — Fly passes the TLS stream through to the app.
# min_machines_running = 1 keeps the cert renewal loop alive between requests.
[[]]
= 443
= "tcp"
= "stop"
= true
= 1
[[]]
= 443
= []