From 0a6cb027f4b8214ef93020294e61ea6a9cf40213 Mon Sep 17 00:00:00 2001
From: ZVN DEV <78920650+zvndev@users.noreply.github.com>
Date: Wed, 10 Jun 2026 00:53:14 -0400
Subject: [PATCH] fix(deploy): Fly.io requires POWDB_BIND=[::] (IPv6), not
 0.0.0.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fly's private .internal network and `fly proxy` route over IPv6. With an
IPv4-only bind (0.0.0.0) the proxy connects locally but the forwarded stream
resets — clients see 'handshake read error: Connection reset by peer'. The
example fly.toml shipped 0.0.0.0, so the documented `fly proxy` access path
silently failed. Verified live: after redeploying powdb-example with [::],
laptop `fly proxy` → unique-constraint insert returns the actionable
'unique constraint violation' over the wire. Railway/Docker/ECS examples are
IPv4 and correctly keep 0.0.0.0.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 README.md                | 2 +-
 examples/deploy/fly.toml | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8824b58..ab478b4 100644
--- a/README.md
+++ b/README.md
@@ -200,7 +200,7 @@ if (result.kind === "rows") console.table(result.rows);
 | Variable | Default | Description |
 |---|---|---|
 | `POWDB_PORT` | `5433` | TCP port for the server |
-| `POWDB_BIND` | `127.0.0.1` | Interface to bind; set `0.0.0.0` behind a platform proxy (Fly, Railway) |
+| `POWDB_BIND` | `127.0.0.1` | Interface to bind; set `0.0.0.0` behind an IPv4 platform proxy (Railway, Docker, ECS). On **Fly.io** use `[::]` instead — its `.internal` network and `fly proxy` route over IPv6, so `0.0.0.0` makes the proxy reset the connection |
 | `POWDB_DATA` | `./powdb_data` | Data directory (heap files, WAL, catalog, indexes) |
 | `POWDB_PASSWORD` | *(none)* | Shared password required on connect when no named users are defined (set as env var) |
 | `POWDB_ADMIN_USER` / `POWDB_ADMIN_PASSWORD` | *(none)* | Bootstrap an `admin` user on startup when both are set and that user does not yet exist (password never logged) |
diff --git a/examples/deploy/fly.toml b/examples/deploy/fly.toml
index 43eb313..636a735 100644
--- a/examples/deploy/fly.toml
+++ b/examples/deploy/fly.toml
@@ -23,7 +23,11 @@ primary_region = "iad"
   POWDB_DATA = "/data"
   POWDB_PORT = "5433"
   # Bind all interfaces — the server defaults to 127.0.0.1, which Fly's proxy can't reach.
-  POWDB_BIND = "0.0.0.0"
+  # MUST be "[::]" (dual-stack IPv6), NOT "0.0.0.0": Fly's private `.internal`
+  # network and `fly proxy` route over IPv6, so an IPv4-only bind makes the proxy
+  # fail with "handshake read error: Connection reset by peer". The server does
+  # `format!("{bind}:{port}")`, so "[::]" → "[::]:5433" and accepts both stacks.
+  POWDB_BIND = "[::]"
   # Phase 1 hardening: refuse to start when a password is set without TLS.
   # Leave OFF until you've mounted certs via secrets (POWDB_TLS_CERT /
   # POWDB_TLS_KEY) or fronted the service with a TLS-terminating proxy.