Switch Fly proxy to upstream keepalive pools (#337)
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
## Summary - Replace per-request DNS resolution (variable-based `proxy_pass`) with static `upstream` blocks and `keepalive` connection pools - Reuses TLS connections through the Tailscale tunnel instead of handshaking per request - Add `mise run fly-reload` for nginx config reload without full redeploy (re-resolves upstream DNS) ## Trade-off DNS is resolved at config load, not per-request. If Tailscale Ingress pods get new IPs (restart, reschedule), `mise run fly-reload` is needed. A Grafana alert will be added to detect this. ## Still TODO on this branch - [ ] Grafana alert for upstream unreachable (triggers fly-reload reminder) - [ ] Docs pass - [ ] Deploy from branch and verify latency improvement - [ ] Changelog fragment 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #337
This commit is contained in:
parent
54b1cee950
commit
fe0e913963
12 changed files with 229 additions and 102 deletions
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: Routing
|
||||
modified: 2026-03-03
|
||||
modified: 2026-04-17
|
||||
tags:
|
||||
- infrastructure
|
||||
- networking
|
||||
|
|
@ -51,6 +51,7 @@ DNS CNAMEs point to `blumeops-proxy.fly.dev`. TLS via Fly.io-managed Let's Encry
|
|||
| Service | URL | Description |
|
||||
|---------|-----|-------------|
|
||||
| [[docs]] | https://docs.eblu.me | Documentation site |
|
||||
| [[cv]] | https://cv.eblu.me | CV / resume |
|
||||
| [[forgejo]] | https://forge.eblu.me | Git hosting (public) |
|
||||
|
||||
## Tailscale-Only Services
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue