docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon superfly

Update log shipper docs to ensure that no public access is granted

Open jsierles opened this issue 2 years ago • 4 comments

A customer pointed out that our log shipper could expose its GraphQL API. We want standard shipper deployments to have no services nor IPs.

Note: --no-public-ips fails when an HTTP service is setup by default by fly launch.

jsierles avatar Aug 16 '23 12:08 jsierles

Should we mention that if they want only 1 machines, then use the --ha=false flag on fly deploy?

Related: this user PR for apps that do have 2 machines https://github.com/superfly/docs/pull/820

andie787 avatar Aug 16 '23 16:08 andie787

Yes, actually this may be a related issue. The shipper can operate in HA mode by setting a QUEUE env var, but that doesn't happen by default. I've been working on automating the shipper, but parked that for now.

jsierles avatar Aug 16 '23 19:08 jsierles

#820 mentioned above was merged. this added info about QUEUE env var to the docs

andie787 avatar Sep 12 '23 12:09 andie787

@jsierles Should we still ship this docs change or did it get fixed in flyctl?

andie787 avatar Aug 12 '24 13:08 andie787