Fly.io — Global PaaS on Firecracker
Fly.io — Global PaaS on Firecracker
Fly.io is a PaaS that quickly deploys containers to global edge locations. Internally it converts container images into lightweight Firecracker microVMs.
1. About Fly.io
Fly.io is a company and platform founded in 2017 by Kurt Mackey, Thomas Ptacek, and Jerome Petazzoni.
| When | Event |
|---|---|
| 2017 | Company founded. |
| 2018 ~ 2020 | Initial edge routing service. |
| 2020 ~ | Firecracker-based container hosting (the current model). |
| 2022 ~ | Fly Machines API. |
Core value propositions:
- Apps respond from regions near users (anycast + multi-region).
- Fast deploys via Dockerfile ·
fly launch. - Quick cold starts (Firecracker microVM).
2. Firecracker
Firecracker is a microVM monitor that AWS open-sourced in 2018. It is known as the foundation of AWS Lambda and Fargate. On top of KVM, it boots very small virtual machines very quickly (in milliseconds).
Fly.io takes Docker images and converts them into Firecracker microVMs to run. The model combines container isolation and portability with the security boundary of a virtual machine.
| Item | Container | Firecracker |
|---|---|---|
| Isolation | Shared kernel | Separate (guest) kernel |
| Boot | Very fast | Very fast (tens of ms) |
| Security surface | Shared kernel surface | Narrower |
Strong isolation is the strength in multi-tenant settings. The limit is that the guest kernel is separate, so direct access to some host capabilities is harder.
3. fly launch · deploy
brew install flyctl # Mac/Linux
fly auth signup
fly launch # in the project directory
# Windows
iwr https://fly.io/install.ps1 -useb | iex
fly launch recognizes:
- Build kind (Dockerfile · buildpacks · auto-inferred).
- App name (globally unique).
- First region (closest to the user).
- Add-ons such as Postgres or Redis.
fly deploy — Build + push + rolling deploy. Traffic moves over after health checks pass.
4. fly.toml
app = "myapp"
primary_region = "nrt"
[build]
dockerfile = "Dockerfile"
[http_service]
internal_port = 8080
force_https = true
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
[[vm]]
cpu_kind = "shared"
cpus = 1
memory_mb = 512
When auto_stop_machines and auto_start_machines combine, instances pause without traffic and wake on incoming requests (cold start). A cost-saving model.
5. fly machine
fly m list
fly m run image-ref --region nrt --memory 1024
fly m stop <id>
fly m destroy <id>
Useful for queue-based job scheduling and ephemeral GPU machines.
6. Global anycast
Fly.io operates 30+ regions. Regions near Korea: nrt (Tokyo) · hkg (Hong Kong) · sin (Singapore). primary_region is the home for stateful services; multi-region deployment replicates the same app across regions.
The same IPv4 / IPv6 addresses are advertised via anycast from multiple regions. The user's router routes to the nearest one based on BGP distance. The result is global distribution without DNS changes. Apps in the same organization talk to each other directly over the Fly private network (IPv6 mesh).
7. Pricing model
- Compute — VM size · time. No compute charges in stopped state.
- Storage — Persistent SSD volumes. Per GB-month. One volume attaches to one machine.
- Network — Egress traffic billed. A small amount is free, then per GB.
The free tier varies over time. Reports indicate model changes after 2024 (Pay As You Go + small free credit). It is safer to confirm pricing on the official page.
8. Data integrations
Fly Postgres — A Postgres model managed by Fly. Fly provisions all the infrastructure, but operational responsibility partly remains with the user (reports indicate it is not as automated as managed RDS). Recently, pairing with external managed Postgres (Neon · Supabase · CrunchyBridge) is recommended.
Upstash · Redis — fly redis create provisions an Upstash Redis instance in the same region. The interface for managed Redis.
6PN private network — IPv6-based private network. Apps in the same organization call each other via the <app>.internal hostname. Backend resources like DBs are operated without public IPs, reachable only through 6PN.
9. Comparison to other PaaS
| Platform | Model | Strengths | Limits |
|---|---|---|---|
| Heroku | PaaS | Long-standing standard · add-ons | Free tier removed (2022) |
| Railway | PaaS · git integration | Friendly UI · quick start | Limited large-traffic experience |
| Render | PaaS · managed | Static and dynamic both | Limited regions |
| Vercel | Static · serverless | Next.js · global edge | Unsuitable for long-running backends |
| DO App Platform | PaaS | DO integration | Weak global distribution |
| Fly.io | microVM PaaS | Firecracker · anycast | Shared managed responsibility |
| Hetzner Cloud | IaaS | Very cheap | Not a PaaS |
| Self VPS | IaaS | Cost control · freedom | All operational burden |
10. Common shapes
- Multi-region —
fly scale count 3 --region nrt --region fra --region iad. - Private backends — Only
http_servicepublic; DBs and workers reachable only on 6PN. - Build cache —
fly deploy --remote-onlybuilds on Fly's build server. - Secrets management —
fly secrets set KEY=value. Injected as environment variables.
11. Common pitfalls
Cold starts — auto_stop_machines = true reduces cost, but the first request pays the wake time (hundreds of ms to a few seconds).
Single-attach volumes — A volume attaches to one machine. Sharing across instances goes through external object storage or a DB.
Operational responsibility for Fly Postgres — Some operations (rolling upgrades, replication) fall on the user. External managed options are increasingly recommended.
Consistency under global distribution — When data lives in only one region, distant region instances suffer DB latency. Consider read replicas and caches.
Build environment differences — Reports of differences between local Docker and Fly's build server. Verify caching and architecture assumptions.
Closing thoughts
Fly.io's appeal is the combination of anycast and Firecracker, easily reducing global latency. That said, managed automation is weaker than Heroku or Render, and the single-attach nature of persistent volumes makes stateful distributed operations harder. It fits small global apps naturally; for large operations, ECS or self-hosted k8s may be a better fit.
Next
- iam
- s3
Fly.io docs · fly.toml reference · Fly Machines · Firecracker · Fly Postgres · Upstash · Twelve-Factor · Heroku · Render · Railway for reference.
More in cloud
All in this category →- title template single source — don''t let children stamp the site name
- GitHub Pages — host a repo as a static site
- Replit — Browser-based dev + deploy in one place
- HTTP API Mocking — WireMock · MockServer · Prism · MSW
- Firebase Local Emulator Suite — Running a Firebase Bundle on a Laptop
- Supabase Self-Hosted — Packing a BaaS into One Postgres Pot