What is Fly?
Fly is an Application Delivery Network (ADN) that accelerates dynamic application delivery. We use a global network of servers to accept visitor traffic, run middleware on requests, then route them to backend applications.
Setting up a site
Create a site within the Fly web interface, verify that you own your domain, then change your DNS to point to Fly. Visitors to your application connect to the nearest Fly edge server, which handles HTTPS termination and intelligently routes requests to your backend applications.
As you connect more backends, you can adjust where and how you will route your visitors. For example, you can mount your application to
myapp.com then attach a GitHub Pages backend to
myapp.com/pages, add a Ghost Blog to
myapp.com/blog, or direct an API to
myapp.com/api. You can send visitors from Germany to a German language backend or send visitors on a cellular connection a lightweight text-only page; seamless discovery and full control over your visitor's roundtrip.
Using Fly Middleware, you can run logic on visitors requests. You can enforce HTTPS, investigate and adapt to user location with Geo IP Lookup, use Render Speed Tracking to monitor application performance, apply intelligent Session Aware Routing for authentication and more.
As a cherry on top, the full end-to-end roundtrip between the visitor, our topographically distributed edge nodes, and the agent running next to your application is fully encrypted using HTTPS until SSL termination, then into a hardened SSH tunnel. Your data is secure until it arrives at your application.
Where are your data centers?
We have data centers all over the world. The closer the edge node to the visitor, the faster your application will appear. Currently, we deliver applications from:
- San Jose, California.
- Chicago, Illinois.
- Ashburn, Virginia.
- Amsterdam, Netherlands.
- Tokyo, Japan.
- Sydney, Australia.
We use a network addressing and routing method called Anycast which is part of the Border Gateway Protocol, or BGP. BGP is the the core internet routing protocol. Using Anycast, we assign a single IP address across all the edge nodes, then send your visitors to the one which is topographically closest. Requests travel across fast backhaul connections to your applications.
An added bonus: our servers are secure physical servers with their own networking equipment. Fly does not use cloud-based servers for traffic delivery or routing.
How much does Fly cost?
We feel that pricing should be transparent and easy to predict. Our pricing is based on your monthly site requests - clear and simple.
First, we establish the base price. This includes the core platform but does not include Middleware.
|Number of Site Requests||$$ Base|
|0 - 50,000||Free|
|50,000+||$0.05 per 1,000 requests.|
Each month, the first 50000 requests are free. After that, just $0.05 per 1000 requests.
1. Sign up
Create your account at app.fly.io.
2. Add a Site
Let us know what domain you want your backends to link to. You can do this by clicking
Add Site within the
Dashboard. We ask that you provide us with a hostname and, optionally, a name to represent that hostname. You can add multiple hostnames to a site, for example
3. Install the Fly Agent
Next, download the Fly Agent or use our public Docker repository to get the Docker image.
To guide you through the initial setup, we have our usage instructions. We also have tips on how to get started with the Fly agent if you are using Docker, Heroku or Kubernetes.
4. Deploy your app
Once you deploy your changes, your application will automatically connect to the Fly servers and start serving traffic. We'll generate a special preview link so you can verify everything works end-to-end before switching your domain over to us.
5. Update your DNS
The last step is to point your domain to the Fly servers. We have a handy guide to help you. We'll then be able to issue a valid SSL/TLS certificate for your domain using the Let's Encrypt API.
Congratulations! Your application is now connected to the Fly Global Load Balancer. You have end-to-end encryption, slick discovery, seamless routing, and access to our growing bounty of powerful middleware.
What is middleware?
Fly Middleware allows you to transmogrify visitor request and server response data. Depending on the Middleware, it could add data to the backend request headers, change body content, or send custom log or debug information at the end of each request. To your application, this looks like end-to-end HTTPS, Geo IP headers, Google Authentication, Session Aware Routing and more.
How much does Middleware cost?
Pricing for basic Middleware is clear and simple. Your first 50,000 requests are free. Pricing will vary depending on the Middleware.
What about Beta Middleware?
Powerful new Middleware will be showing up all the time. The newest will be marked with the Beta tag. These Middleware can be used free of charge until the tag is removed.
Built in Middleware
We think that HTTPS is really important. Using the HTTPS Upgrader, you can redirect all your
http requests to
https. The Upgrader receives the highest priority and will always run first.
Geo IP Lookup
With Geo IP Lookup, you can detect your visitor's geographic location based on their IP address. Once active, we will add location headers to your requests. Your application can then use these headers to change behavior based on user geography. For example, you can serve a localized German version of your pages to those with a
Fly-IP-Counter-Name of Germany.
The Geo IP headers are:
Connection Speed Lookup
Using Connection Speed Lookup, you can detect a visitor's connection speed. After you enable this middleware, we will add the
Fly-Connection-Type header to all of your requests. You can then use this information to optimize performance based on connection speed. For example, if your users are on a cellular network, you can serve them a 'low bandwidth' version of your application.
Possible header values are:
Render Speed Tracking
With Fly, you can inject Google Analytics directly into your requests. To add it, click configure and enter your Google Analytics ID. Don't have one? Get started with Google Analytics here.
The Google Analytics Middleware is in beta.
The Google Auth Middleware allows you to define restrictive authentication rules within your site. We attach an encrypted
Fly-Google-Auth-User-JWT header to your requests, allowing you to 'gate' application functions behind the Google OpenID Connect protocol. For more information on how to write Google Authentication into your application, check out our guide.
The Google Authentication Middleware is in beta.
Rails 4+ Session Aware Routing
Sessions, like cookies, are used to store information about the visiting client. Within Rails, a session is similar to a cookie but - in Rails 4 or greater - encrypts its contents. With Rails 4+ Session Aware Routing, we are able to decrypt, analyze, and action session related information.
This enables you to route requests to specific backends and react to the information stored within the sessions. For example, your users who have a session indicating 'logged in' will receive your application while new or returning users will visit your marketing page to register or login.
The Rails 4+ Session Aware Routing Middleware is in beta.
Can I write my own?
Almost! If you are interested in writing your own middleware, please email email@example.com. Developers will soon be able to augment their application functionality with custom logic that runs close to users. Middleware can either be specific to a single app, or made available to all fly.io customers.
The Fly Agent
What is the Fly agent?
The Fly Agent is a binary that sits beside your application. Its job is to provide seamless service discovery, encrypt traffic between the Load Balancer and your application, and help weave in Middleware.
In most Load Balancing scenarios, an HTTPS connection becomes exposed after SSL Termination. Your data may move unencrypted as it travels within your data center - or even more perilous - to your co-located CDNs or application servers. The Fly Agent fixes this problem by routing your traffic through an SSH tunnel that encrypts your data after SSL-Termination until it arrives at your application.
With topographically distributed edge nodes we shorten SSL Termination to improve performance then blast the traffic through secure SSH tunnels. You receive true end-to-end encryption. There is no need for you to setup any SSL/TLS certificates; Fly issues SSL/TLS certificates for you automatically using the Let's Encrypt API. You verify your hostname, add the agent to your backends, then get right to the magic of simplified application delivery: slick service discovery, easy routing and powerful Middleware.
For a deeper primer on the state of HTTPS, how it works, its impact on network and server performance, and how Fly changes things, check out this document.
How does it work?
The Fly Agent spawns small programs that run alongside your web application servers. Using strong ciphers, we create an encrypted connection that is used as a tunnel for transporting data to and from your servers. Our tunnels are connected through SSH remote port forwarding. Each instance of the Fly Agent uses SSH to both authenticate and encrypt the data.
Doesn't it cause TCP-over-TCP performance issues?
Nope! SSH tunneling doesn't encapsulate full TCP packets. It extracts data from each packet and sends it over an encrypted session. Our tunnels have a negligible impact on per request latency, comparable to the latency cost of doing end-to-end SSL/TLS in a traditional load balancing configuration.
Learn More Download
Mounting a GitHub Pages Backend
Fly allows you to use GitHub Pages as an SSL/TLS secure back-end associated with your hostname. A excellent example case for this is attaching a GitHub Pages repository to your domain at
/docs/ to host your documentation. For example, our documentation is hosted on GitHub pages and is being served through Fly via HTTPS to this URL - neat, eh?
First, you will need to have a verified hostname. If you see green checkmarks under
DNS Configured, then we are good to go.
Access the hostname you would like to attach GitHub Pages to then visit the
Routing page. Within the
Routing page, click
Add Backend. You will then have three fields to enter:
- Name: A descriptive name for the backend. Documentation, GitHub Pages - something like that.
- Repository: The name of your repository. It can be public or private. If you are using GitHub Pages it will look like this
- Path prefix for mounting: Here you can specify the URL that will serve your GitHub Pages backend. A key note is that we do not do any content rewriting. If we choose
/docs/as the prefix for mounting, then pages will be served from
/docs/as the absolute path.
Once the backend has been created, it will have a routing rule specifying the path you have selected.
You will now be able to access your GitHub pages from that path!
This is a quick, no-cost way of hosting your own documentation, easily securing it via SSL/TLS and attaching it to your own domain name. You should be aware of the usage limits before rolling this out to thousands of users.
Mounting a Heroku Backend
Once you have verified your hostname, the next step is to add a backend. If you host your application on Heroku, you can take advantage of the Heroku Backend.
Access the hostname that you would like to associate with your Heroku application. Click within the Routing tab, then under Backends select Add a Backend.
You will now be able to select Heroku. Provide a name for the application, like
Store, or whatever feels good for you. Next, you need to provide the Heroku repository name - then, create it. For example, if you access your Heroku application by visiting:
https://infinite-beach-71880.herokuapp.com/, you would enter
The next step is to attach the Fly agent to your application. We can do this by adding the Fly buildpack; after adding the backend, you receive a backend token and a Heroku command to add the buildpack.
heroku buildpacks:add https://github.com/superfly/fly-heroku-buildpack heroku config:set FLY_TOKEN=2c2d3b67b92bee86d919ffbf8f429eac83d86fc06721cde9421de73db5cd666a
Within your Heroku initialized repository, enter the commands above. Finally, push to the changes up to master.
git push heroku master
Fly will detect the agent immediately. The final step is to click Add a routing rule; here, you can specify how this application will be accessed relative to your hostname. If you would like to set your new Heroku application on the root of the domain,
/, simply add
/ as the Path to match.
Once the rule has been added, you are done! Your Heroku application is now attached to the Fly Global Load Balancer.
We are here to help! We offer email based support. You can email us at firstname.lastname@example.org.
If you need SLAs, guaranteed response times, or things of that nature, please contact us.