Switch Fly proxy to upstream keepalive pools (#337)
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
## Summary - Replace per-request DNS resolution (variable-based `proxy_pass`) with static `upstream` blocks and `keepalive` connection pools - Reuses TLS connections through the Tailscale tunnel instead of handshaking per request - Add `mise run fly-reload` for nginx config reload without full redeploy (re-resolves upstream DNS) ## Trade-off DNS is resolved at config load, not per-request. If Tailscale Ingress pods get new IPs (restart, reschedule), `mise run fly-reload` is needed. A Grafana alert will be added to detect this. ## Still TODO on this branch - [ ] Grafana alert for upstream unreachable (triggers fly-reload reminder) - [ ] Docs pass - [ ] Deploy from branch and verify latency improvement - [ ] Changelog fragment 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #337
This commit is contained in:
parent
54b1cee950
commit
fe0e913963
12 changed files with 229 additions and 102 deletions
|
|
@ -33,7 +33,8 @@ Run `mise tasks --sort name` for the live list with descriptions.
|
|||
| `provision-indri` | Run Ansible playbook for [[indri]] |
|
||||
| `provision-ringtail` | Run Ansible playbook for [[ringtail]] (NixOS) |
|
||||
| `provision-sifaka` | Run Ansible playbook for [[sifaka]] |
|
||||
| `fly-deploy` | Deploy Fly.io public proxy |
|
||||
| `fly-deploy` | Deploy Fly.io public proxy (uses op for auth) |
|
||||
| `fly-reload` | Reload nginx config, re-resolve upstream DNS (no redeploy) |
|
||||
| `fly-setup` | One-time Fly.io secrets and certs setup |
|
||||
| `fly-shutoff` | Emergency shutoff: stop all Fly.io proxy machines |
|
||||
| `dns-preview` | Preview DNS changes with [[pulumi]] |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue