Do Gen3 racks still support an Internal setting, thus making sure only people with VPC access can do anything to the rack?
Or if we upgrade to Gen3 will our rack now need to be publicly exposed?
NB: I specifically mean the rack itself being internal; I see that internal services are supported.
3.x Racks are all “internal” by default (private IPs and NAT Gateways on AWS)
Ok thanks @ddollar.
Sounds like it may be time to think about upgrading Gen1 to Gen3.
This does not appear to be true.
I just built a rack into our staging account. I am still able to see the status of the rack when I am not connected to our VPN; and it looks like the api URL is something at .convox.cloud.
Our Gen 1 rack is isolated from the internet - the API itself is inside our walled infrastructure.
My intended question was can we not achieve this with Gen 3?
As we have currently, for regulatory purposes, the rack (and rack API) needs to be completely invisible to the internet, even to Convox servers. We don’t use the Console app at all.
Is this no longer possible with Gen3?
@edward did you try setting internal: true on the service?
https://docs.convox.com/reference/primitives/app/service