Skip to content

Update log shipper docs to ensure that no public access is granted#930

Closed
jsierles wants to merge 2 commits into
mainfrom
js-no-ips-log-shipper
Closed

Update log shipper docs to ensure that no public access is granted#930
jsierles wants to merge 2 commits into
mainfrom
js-no-ips-log-shipper

Conversation

@jsierles

@jsierles jsierles commented Aug 16, 2023

Copy link
Copy Markdown
Contributor

A customer pointed out that our log shipper could expose its GraphQL API. We want standard shipper deployments to have no services nor IPs.

Note: --no-public-ips fails when an HTTP service is setup by default by fly launch.

@andie787

Copy link
Copy Markdown
Contributor

Should we mention that if they want only 1 machines, then use the --ha=false flag on fly deploy?

Related: this user PR for apps that do have 2 machines #820

@jsierles

Copy link
Copy Markdown
Contributor Author

Yes, actually this may be a related issue. The shipper can operate in HA mode by setting a QUEUE env var, but that doesn't happen by default. I've been working on automating the shipper, but parked that for now.

@andie787

Copy link
Copy Markdown
Contributor

#820 mentioned above was merged. this added info about QUEUE env var to the docs

@andie787

Copy link
Copy Markdown
Contributor

@jsierles Should we still ship this docs change or did it get fixed in flyctl?

@kcmartin

kcmartin commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Thanks for this, and sorry it sat so long! The file moved since, so I've re-applied the fix (remove the public services section, deploy with --no-public-ips, plus notes for releasing existing IPs) in #2420. Closing in favor of that.

@kcmartin kcmartin closed this Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants