diff --git a/.github/ISSUE_TEMPLATE/improve-docs-content.md b/.github/ISSUE_TEMPLATE/improve-docs-content.md
new file mode 100644
index 0000000000..7f7547643f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/improve-docs-content.md
@@ -0,0 +1,17 @@
+---
+name: Improve docs content
+about: Suggest improvements or report an error or omission in the docs
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Link to the affected page or pages**
+Provide URLs of pages on fly.io/docs.
+
+**Describe what parts of the doc need improvement**
+Provide lots of detail about your suggestion for improvement or about the error or omission that you found. If applicable, let us know how you would fix the content.
+
+**Additional info**
+Add any other context about the issue here. If applicable, add screenshots to help explain the suggestion or error.
diff --git a/.github/ISSUE_TEMPLATE/improve-the-fly-io-docs-site.md b/.github/ISSUE_TEMPLATE/improve-the-fly-io-docs-site.md
new file mode 100644
index 0000000000..a245d25a7b
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/improve-the-fly-io-docs-site.md
@@ -0,0 +1,17 @@
+---
+name: Improve the fly.io/docs site
+about: Suggest improvements or report a site or display error.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Link to the affected page or pages**
+If applicable, provide URLs of pages on fly.io/docs.
+
+**Describe what part of the site needs improvement**
+Provide lots of detail about what's going wrong with the navigation or display of the site.
+
+**Additional info**
+Add any other context about the issue here. Add screenshots to help explain the suggestion or error.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index af691b23be..f8c247f255 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,7 +1,8 @@
 ### Summary of changes
 
+### Preview
+
 ### Related Fly.io community and GitHub links
-n/a if none
 
 ### Notes
-n/a if none
+
diff --git a/.github/workflows/vale-docs-linter.yml b/.github/workflows/vale-docs-linter.yml
index 15d62b7290..43404c4cf6 100644
--- a/.github/workflows/vale-docs-linter.yml
+++ b/.github/workflows/vale-docs-linter.yml
@@ -8,13 +8,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 2
 
       - name: get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v39
+
+        uses: tj-actions/changed-files@v46.0.5
         with:
           fetch_depth: 2
 
diff --git a/.vale.ini b/.vale.ini
index b1b4e2cef7..29d5c627a5 100644
--- a/.vale.ini
+++ b/.vale.ini
@@ -1,9 +1,11 @@
 StylesPath = styles
 
-Vocab = Fly-terms
+Vocab = fly-terms
 
 MinAlertLevel = suggestion
 
+SkippedScopes = script
+
 Packages = proselint, write-good, Google
 
 [*{.markerb,md}]
@@ -13,7 +15,7 @@ BasedOnStyles = Fly, Google, proselint, Vale, write-good
 Fly.Exclamation = NO
 Fly.Headings = NO
 Fly.Latin = NO
-# Fly.Machine = NO # we can do an initial search and replace and then this rule will be less noisy and more useful
+Fly.Machine = NO # we can do an initial search and replace and then this rule will be less noisy and more useful
 Fly.OxfordComma = NO
 Fly.SentenceLength = NO # turn on later; then reduce further?
 Fly.Us = NO
@@ -76,4 +78,4 @@ Vale.Spelling = NO # replaced by Fly.Spelling
 # Vale.Terms = NO
 
 [formats]
-markerb = md # maps our markerb file extension to md for linting
\ No newline at end of file
+markerb = md # maps our markerb file extension to md for linting
diff --git a/about/billing.html.markerb b/about/billing.html.markerb
index 9eb560b82e..9dd7689ac7 100644
--- a/about/billing.html.markerb
+++ b/about/billing.html.markerb
@@ -6,45 +6,128 @@ nav: firecracker
 redirect_from: /docs/about/credit-cards/
 ---
 
-Billing for Fly.io is monthly per organization. Organizations are administrative entities that enable you to add members, share app development environments, and manage billing separately.
+## Overview
 
-If you provision services beyond the [free allowances](/docs/about/pricing/#free-allowances), we will charge you actual money at the end of each month.
+Billing for Fly.io is monthly per organization. Organizations are administrative entities that enable you to add members, share app development environments, and manage billing.
 
-Refer to our [Pricing page](/docs/about/pricing/) for resource cost details.
+New customers and all new organizations (including those created by previously existing customers) are billed monthly for resource usage. Refer to our resource [Pricing page](/docs/about/pricing/) for details. 
+
+---
 
 ## View invoices
 
-You can view and download invoices from the Billing section of your [dashboard](https://fly.io/dashboard/personal/billing) for each organization.
+You can view and download invoices from the **Billing** section of your [dashboard](https://fly.io/dashboard/personal/billing) for each organization.
 
-To download a past invoice, click View for the relevant cycle. You'll be sent to the Stripe billing portal where you'll have the option to download the invoice.
+To download a past invoice, click **View** for the relevant cycle. You'll be sent to the Stripe billing portal where you'll have the option to download the invoice.
 
-## Volume billing
+---
+
+### Understand your invoice charges
+
+The prices of provisioned services are mostly fixed. If you provision Machines and leave them running all month, we’ll charge you a predictable amount for that Machine.
+
+A common reason for additional charges is extra RAM usage.
 
-Volume billing is pro-rated to the hour and we subtract the free allowances first. For details, see [Volume pricing](/docs/about/pricing/#persistent-storage-volumes).
+For a breakdown of charges, check out your invoice in the Billing section of the [dashboard](https://fly.io/dashboard/personal/billing).
 
-If you create a volume, you will be charged for it. You’re billed for volumes that aren’t attached to Machines, and for volumes that are attached to Machines in any state, including stopped Machines.
+We’re happy to discuss a refund if you do create compute resources by mistake, or if your app receives unexpected traffic due to an attack and generates a surprisingly large bill. Just send an email to billing@fly.io.
 
-You aren't billed for the 5 days worth of [daily volume snapshots](/docs/apps/volume-manage/#restore-a-volume-from-a-snapshot) that we store for you by default.
+---
 
 ## Machine billing
 
-Machines are billed based on the number of CPUs and the RAM used, according to the Machine state and the time they are running (started). 
+Started Machines are billed per second that they're running (the time they spend in the `started` state), based on the price of a named CPU/RAM combination, plus the price of any additional RAM you specify.
+
+For example, a Machine described in your dashboard as "shared-1x-cpu@1024MB" is the “shared-cpu-1x” Machine size preset, which comes with 256MB RAM, plus additional RAM (1024MB - 256MB = 768MB). For pricing and available CPU/RAM combinations, read about [Compute pricing](/docs/about/pricing/#compute).
+
+Stopped and suspended Machines are billed based on their root file system (rootfs) usage per second (the time they spend in the `stopped` or `suspended` state) by $0.15 per GB per month.
+
+For example, a Machine described in your dashboard as having 1GB of rootfs stopped for 10 days in the entire month will cost $0.05. If you have 3 stopped Machines of 1GB rootfs each stopped for 30 days it will cost $0.45 ($0.15 x 3).
+
+---
+
+## GPU billing
+
+GPUs are billed per second that the attached Fly Machine is running (the time they spend in the `started` state), based on the per hour cost of the GPU card. Learn more about [pricing for GPUs](/docs/about/pricing/#gpus-and-fly-machines).
+
+You're also billed for the Fly Machine separately from the GPU.
+
+---
+
+## Volume billing
+
+Volume billing is pro-rated to the hour and we subtract the free allowances first for the  Launch, Scale, and Enterprise plans (all of which are now discontinued for new customers). For details, see [Volume pricing](/docs/about/pricing/#persistent-storage-volumes).
+
+If you create a volume, you will be charged for it. You're billed for volumes that aren't attached to Machines, and for volumes that are attached to Machines in any state, including stopped Machines. Volumes in `pending_destroy` state do not accrue charges.
+
+---
+
+## Volume snapshot billing
+
+Volume snapshot billing is pro-rated to the hour and we subtract the free allowance first. For details, see [Volume Snapshots pricing](/docs/about/pricing/#volume-snapshots).
+
+If you create a snapshot of a volume (either manually or through automatic daily snapshots), you will be charged for the storage space it occupies.
+
+Snapshots are stored incrementally, so you're only charged for data that has changed since the previous snapshot for the volume.
+
+For example, if you have a 10GB volume with 2GB of actual data and 5 daily snapshots with minimal changes between them, you might be charged for around 2.5GB of total snapshot storage rather than 50GB (5 × 10GB).
 
-For example, “1x Shared 1024MB” is one CPU and 1024 MB RAM. To estimate costs, multiply the the price of “shared-cpu-1x” by the number of CPUs used and the number of seconds the Machine was running (price x cpu count x seconds). Then add charges for any extra RAM. Note that we subtract the free allowances first and that pricing is tiered based on usage. For details, see [Compute pricing](/docs/about/pricing/#compute).
+---
+
+## Unified Billing
+
+Unified billing allows you to consolidate billing for multiple organizations under a single organization. This means you'll receive a single invoice for all organizations under unified billing. This feature is useful for managing billing for multiple organizations, such as when you have multiple teams or projects.
+
+**Billing Organization**: The organization that is responsible for paying for the resources used by all organizations linked to it. Any organization in good standing with an attached payment method can be a Billing Organization.
+
+**Linked Organization**: An organization that is linked to another organization for billing purposes. It otherwise functions as a normal organization.
+
+### How Unified Billing Works
+
+- You'll receive a single invoice for all organizations under unified billing.
+- Billing Organization must have a payment method on file (credit card or Stripe Link).
+- Linked Organizations share credits with their Billing Organization.
+- Billing Organizations can have a max of 100 Linked Organizations.
+
+### How to use Unified Billing
+
+You can either create a new Linked Organization or link an existing one:
+
+#### New Organization
+
+A **Linked Organization** can be created from the [new organization page](/organizations/new). When creating a new organization, you can choose an existing Organization to link it to.
+
+#### Link an existing Organization
+
+An existing organization can be converted to a **Linked Organization** from the organization's billing page by clicking the "Link billing to another Organization" button.
+
+- Only admins can link an organization to another organization.
+- We recommend saving any invoices you may need for account purposes before linking an organization.
+
+---
+
+## Some things to consider
+
+- Each organization has its own [private network](/docs/networking/private-networking/). Organizations are isolated from each other, which might
+be advantageous from a security standpoint.
+- Cross organization networking is still possible with [Flycast](/docs/networking/flycast/)
+- Detaching a Linked Organization from its Billing Organization is not possible at this time. Instead we suggest creating a new organization and moving resources there.
+
+---
 
 ## Payment options
 
-We process payments through Stripe. Paid plans and monthly invoicing require a credit card or credits.
+We process payments through Stripe. Monthly invoicing requires a credit card or credits.
 
 ### How we use credit cards
 
 We require an active, valid credit card on file for most Fly.io accounts to do things like deploying multiple apps and deploying public images. This is primarily a means to prevent abuse and ensure that we can collect payment at the end of the month.
 
-### Preauthorization Requests
+### Pre-authorization Requests
 
-We may send a preauthorization request to the issuing bank to verify a bank will authorize charges. Some credit card companies present these as real charges, which may surprise you.
+We may send a pre-authorization request to the issuing bank to verify a bank will authorize charges. Some credit card companies present these as real charges, which may surprise you.
 
-A preauth is really just a hold on a credit card; it is not a real charge. We’ll typically preauthorize a small amount (usually less than $5) after signup, then cancel the authorization immediately. Banks may show the preauth for up to 7 days, even though we have not collected any money.
+A pre-auth is really just a hold on a credit card; it is not a real charge. We’ll typically pre-authorize a small amount (usually less than $5) after signup, then cancel the authorization immediately. Banks may show the pre-auth for up to 7 days, even though we have not collected any money.
 
 ### If you don't have a credit card
 
@@ -54,12 +137,31 @@ While a credit card is the preferred payment method, if you don't have one, then
 
 You can't use a prepaid card as a default (or saved) payment method. You can, however, use a prepaid card to add credits to your account.
 
-## Understand charges beyond the free allowances
+---
 
-The prices of provisioned services are mostly fixed. If you provision Machines and leave them running all month, we’ll charge you a predictable amount for that machine.
+## Delete your account
 
-A common reason for additional charges is extra RAM usage.
+To delete your Fly.io account, go to Account > Settings > [Delete Account](https://fly.io/user/deactivate) in your dashboard. You'll see a list of clean-up tasks that need to be done before you can delete the account, including:
 
-For a breakdown of charges, check out your invoice in the Billing section of the [dashboard](https://fly.io/dashboard/personal/billing).
+- Delete or remove yourself from organizations to avoid leaving behind inaccessible orgs. This does not include your personal organization.
+- Delete apps (or remove yourself from the associated organizations).
+- Remove certificates so that any custom domains are released.
+- Remove extensions to ensure that you don't get billed by partners when you can no longer access your account.
+
+When you've completed the clean-up tasks, click **Delete** to permanently delete your Fly.io account.
+
+---
+
+## Discontinued/legacy plans
+
+### Legacy Plan billing
+
+<div class="note icon">
+Customers who received a $5 free trial usage credit when signing up for the $5/mo Hobby plan will be billed monthly after that credit is used up.
+</div>
+
+Legacy plan billing, and any included usage, is pro-rated over the month. For example, if you signed up for a Scale plan on September 15th, then you'd be charged $14.50 (half of the $29/mo plan cost) right away and you'll have $14.50 of usage included up to September 30th. Then you'll be charged $29 at the start of October and have $29/mo of usage included for that billing cycle.
+
+### Free resource allowances for Legacy Plan users
 
-We’re happy to discuss a refund if you do create compute resources by mistake, or if your app receives unexpected traffic due to an attack and generates a surprisingly large bill. Just send an email to billing@fly.io.
\ No newline at end of file
+Fly.io has deprecated plans as of October 7, 2024, but is still honoring them for users who purchased them prior to that date. If your plan includes [free allowances](/docs/about/pricing/#legacy-free-allowances), we subtract them off the top of your usage total. Once your usage exceeds the free allowance for any given resource, we start metering usage of that resource for billing purposes.
\ No newline at end of file
diff --git a/about/cost-management.html.md b/about/cost-management.html.md
new file mode 100644
index 0000000000..8b6002655a
--- /dev/null
+++ b/about/cost-management.html.md
@@ -0,0 +1,64 @@
+---
+title: Cost Management on Fly.io
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-10-23
+---
+
+## Predicting your Fly.io bill and avoiding surprises
+
+We’ve done our best to make billing on Fly.io something you can reason about. Machines don’t appear out of nowhere. If something is running, it’s because you launched it, or you configured something that did. In general, when we talk about **autoscaling**, we mean starting or stopping machines you’ve already defined. We don’t quietly spin up extras in the background that turn into mystery charges on your bill. The idea is that your bill should always be traceable to something you can see, name, and plausibly explain when someone asks. If it’s not, we’re happy to help you sort it out.
+
+<div class="callout">
+**Need more help understanding your bill?** Reach out to us at [billing@fly.io](mailto:billing@fly.io).
+</div>
+
+## A few examples
+
+So when you’re budgeting, you can look at what you’ve provisioned and do some quick math. Let’s say you’ve deployed three “shared-1x 1GB” machines in `sjc`. That’s $20.37/month, tops. If you let them stop when idle, you might only pay for a few hours of compute—but the worst-case scenario is still capped at that monthly rate.
+
+Here are a few more grounded examples:
+
+- A **staging app** running in the  `sjc` region with one `shared-1x 256MB` machine that auto-stops when idle might cost less than **$1/month**. If you leave it running full-time, it’s still only **$2.32/month**.
+- A **queue worker** (also in `sjc`) that uses metrics-based autoscaling on `shared-1x 512MB` machines might average 3–5 machines running during busy hours. If those stay up for 50% of the month, you’re looking at **$5.72–9.52/month**, worst-case around **$19 month** if they all run 24/7.
+
+We recommend budgeting for the “always-on” cost. You can get under that number with auto-stop or bursty usage, but don’t depend on it to hit your budget.
+
+If your estimate seems high, the most predictable way to save money isn’t fiddling with auto-stop/start settings (since any random request might spin a machine up again), but by just…running fewer machines. Or smaller ones.
+
+<div class="callout">
+**Want to play with numbers?** Try the [Fly.io pricing calculator](https://fly.io/calculator) to get a rough sense of what your setup might cost. For the full breakdown, here’s our [pricing page](/docs/about/pricing/).
+</div>
+
+## Metrics-based autoscaling can affect costs
+
+There is one important exception to the rule that Fly.io doesn’t create machines on your behalf. If you use the **metrics-based autoscaler**, for example to scale a background worker based on queue depth, it _can_ create or destroy machines automatically.
+
+**When can the metrics-based autoscaler create machines?** When you deploy and configure the [**Fly Autoscaler**](/docs/launch/autoscale-by-metric/), and use `FAS_CREATED_MACHINE_COUNT` instead of `FAS_STARTED_MACHINE_COUNT`, you're giving it permission to create and destroy machines on your behalf. It still uses the machine sizes and regions you specify, and anything it spins up counts toward your bill. [Read more in the docs](/docs/launch/autoscale-by-metric/).
+
+## Other Stuff to Watch For
+
+A few more things that can quietly run up your bill if you're not paying attention:
+
+- **Bandwidth costs can add up.** Outbound data transfer is billed at $0.02/GB in North America and Europe, with higher rates in some other regions. Ingress is free. If you're serving media, syncing large datasets, or replicating across regions, bandwidth can quietly become a big line item. [Learn about data transfer pricing.](/docs/about/pricing/#data-transfer-pricing)
+- **Volumes don’t stop billing when your machines do.** Persistent volumes are billed hourly, whether or not your machine is running. That 3GB volume you forgot about in `fra`? It's still costing you. [Read about storage pricing here](/docs/about/pricing/#volumes).
+- **Volume snapshots will start billing in January 2026.** If you're using automatic volume snapshots as part of your backup strategy, just be aware: starting next year, they’ll be a billable feature. [We’ve announced the change](https://community.fly.io/t/we-are-going-to-start-charging-for-volume-snapshots-from-january-2026/26202) and will share more details well ahead of time.
+- **Managed services live outside your apps.** Fly's [Managed Postgres](/docs/mpg/overview/) (MPG), [Upstash Redis](/docs/upstash/redis/), and [Tigris object storage](/docs/tigris/) don’t get deleted when you delete your apps. You’ll find them in  your Dashboard. If you're cleaning up, double-check there too. We've seen people get surprised by bills from leftover services and databases they thought were gone.
+- **Dedicated public IPv4 addresses aren’t free.** Each http app gets billed $2/month if you assign it a dedicated public IPv4. If you’ve got a bunch of apps or deploy previews per branch, this can sneak up on you.
+- **Internal-only apps still count.** Just because a Fly app doesn’t serve web traffic doesn’t mean it’s free. Background workers, queue processors, cron jobs: they all run machines, and those still cost money.
+
+## Understanding Free Usage and Overages
+
+- **Free allowances don’t cap your bill.** We may give you free credits and usage allowances, especially when you’re starting out or have a legacy billing plan. But there’s no soft ceiling. If you go over, we’ll bill you. We don't support billing alerts (yet), so budget accordingly.
+- **There is no "free account/free tier" on Fly.io.** We do have a Free Trial program, which you can read about [here](/docs/about/free-trial/).
+- **Check your dashboard often.** To spot ballooning costs and overages before they become an issue, check the "current month to date bill" item in your dashboard.
+
+## Related Reading
+
+Want to go deeper on scaling strategies, autoscaling configuration, or controlling concurrency? These docs walk through the mechanics:
+
+- [Autoscale Fly Machines](/docs/blueprints/autoscale-machines/) A practical guide to getting basic autoscaling working with Fly Machines. Covers HTTP-based scaling triggers.
+- [Metrics-based Autoscaling](/docs/launch/autoscale-by-metric/) This is the one that _can_ create machines automatically, based on queue depth or another metric you specify. Use it wisely.
+- [Setting Concurrency Limits](/docs/blueprints/setting-concurrency-limits/) Shows how to keep your app from getting overwhelmed by too many concurrent requests. Especially useful if you’re scaling horizontally.
+
diff --git a/about/extensions.html.markerb b/about/extensions.html.markerb
index 22fdc4bd7a..ea1b5d0c1e 100644
--- a/about/extensions.html.markerb
+++ b/about/extensions.html.markerb
@@ -9,7 +9,7 @@ Fly.io is a global cloud service for running full stack apps close to users. We
 
 We have two main goals: to deliver a slick developer experience, and to build the best possible platform for running full stack apps. We're looking for partners that share this goal, extending Fly.io with services our customers need.
 
-Services such as managed databases, exception handlers, CI runners or log aggregators are great examples. Check out our [managed Upstash for Redis](https://fly.io/docs/reference/redis/) to get an idea of what's possible, and how we integrate services directly into our CLI.
+Services such as managed databases, exception handlers, CI runners or log aggregators are great examples. Check out our [managed Upstash for Redis](https://fly.io/docs/upstash/redis/) to get an idea of what's possible, and how we integrate services directly into our CLI.
 
 [Check out our documentation](https://fly.io/docs) to see what our platform has to offer. Contact us at [extensions@fly.io](mailto:extensions@fly.io) to discuss your case!
 
@@ -52,4 +52,4 @@ To fulfil our promise of a performant application in any Fly.io region, latency
 
 Your Fly.io network is essentially a global, encrypted LAN, with DNS service discovery and load balancing built-in. This greatly simplifies configuration of services that cluster and gossip. Customers access your service via a single private IP address that automatically routes traffic to the nearest provider VM.
 
-We also offer cost-cutting features such as [automatic VM stop/start based on incoming request volume](https://fly.io/docs/apps/autostart-stop/). Contact us at [extensions@fly.io](mailto:extensions@fly.io) to learn more - we're happy to help you get started!
+We also offer cost-cutting features such as [automatic VM stop/start based on incoming request volume](/docs/launch/autostop-autostart/). Contact us at [extensions@fly.io](mailto:extensions@fly.io) to learn more - we're happy to help you get started!
diff --git a/about/free-trial.html.md b/about/free-trial.html.md
new file mode 100644
index 0000000000..2c97fa4cf1
--- /dev/null
+++ b/about/free-trial.html.md
@@ -0,0 +1,51 @@
+---
+title: Fly.io Free Trial
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-10-27
+---
+
+**Fly.io runs your apps close to your users. This page explains how our free trial works and what resources you can use before you need to add a payment method.**
+
+## Free Trial overview
+
+A free trial on Fly.io includes 2 hours of machine runtime or 7 days of access, whichever comes first. That’s just enough to get a real app up and running before you decide if it’s a fit for you.
+
+<div class="callout">If you hit any of the limits below before your 7 days are up, **your trial is considered exhausted**, and your apps will stop until you add a payment method.</div>
+
+Here’s what’s **included** during the trial:
+
+- **2 total VM hours** (Shared across any machines you launch) <br /> **Note: Trial Machines are set to automatically stop after running for 5 minutes**
+- **10 machines max**
+- **20GB of volume storage**
+- Up to **2 vCPUs per machine**
+- **4GB memory per machine**
+
+These are **not included** in the free trial:
+
+- Dedicated IPv4 addresses
+- Access to performance-optimized vCPUs
+- GPU machines
+
+<div class="callout">You can add a credit card from the dashboard at any time during the trial. This lifts the resource limits and keeps your apps running without interruption. **Note: adding a card ends the free trial** and your usage starts counting toward your bill from that point on.</div>
+
+## Checking usage
+
+You can see what you’ve used and what’s left under **“Trial Status”** in the Fly.io dashboard. Machines usage (including memory) is tracked per second, while Volumes and Machine count are tracked per hour.
+
+The free trial is meant for kicking the tires. Spin something up, poke around, deploy a real app or two. If Fly.io fits your use case, great! Add a credit card to keep going. If not, no hard feelings.
+
+## What happens when the free trial ends?
+
+If you don’t add a payment method by the end of your 7-day trial, or if you use up the included resources, your apps will stop running. You won’t be able to launch new machines, attach volumes, or deploy changes until billing is set up.
+
+Whether you're testing the waters or gearing up to launch something real, the free trial gives you room to get started. If Fly.io feels like a fit, adding a payment method from the Dashboard is all it takes to keep going. No surprises, no downtime, no pressure.
+
+---
+
+## Related Reading
+
+- [Pricing Overview](/docs/about/pricing/)
+- [How Billing Works](/docs/about/billing/)
+- [Fly.io Pricing Calculator](https://fly.io/calculator)
diff --git a/about/healthcare.html.markerb b/about/healthcare.html.markerb
index b2402b6552..94f4150595 100644
--- a/about/healthcare.html.markerb
+++ b/about/healthcare.html.markerb
@@ -5,76 +5,127 @@ sitemap: true
 nav: firecracker
 ---
 
-Fly.io is a great place to develop and host healthcare applications! You can get started for free and be up and running with a fully secure solution in minutes. 
+<figure>
+  <img src="http://github.com/static/images/healthcare.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon examining a green box with A written on it" class="w-full max-w-lg mx-auto">
+</figure>
 
-We recognize that healthcare apps and data are different beasts and we're here to protect your patients' data (and keep your auditors happy). We're SOC2 (Type 1) audited, we'll sign BAAs, and we're available to answer questions you might have about how our platform meets your compliance needs [(just ask!)](mailto:sales@fly.io).
+Fly.io is a great place to develop and host healthcare applications! You can get started for free and be up and running with a fully secure solution in minutes.
 
-Nailing the security for a HIPAA-compliant application can be a big task, and no hosting provider can do it all for you. But Fly.io has a security-first design and a number of features that make HIPAA simpler: 
+We recognize that healthcare apps and data are different beasts and we're here to protect your patients' data (and keep your auditors happy). We're SOC2 (Type 2) audited, we'll sign BAAs, and we're available to answer questions you might have about how our platform meets your compliance needs [(just ask!)](mailto:sales@fly.io).
+
+Nailing the security for a HIPAA-compliant application can be a big task, and no hosting provider can do it all for you. But Fly.io has a security-first design and a number of features that make HIPAA simpler:
 
 
 ## Access Control
-##### Database Endpoint Security  
+
+
+### Database Endpoint Security
+
 Whether you’re running Fly.io Postgres or your own database, there’s no network ACLs required to ensure that only your application can talk to the database server; databases on Fly.io talk to app servers over 6PN and WireGuard, and never to the public Internet.
-##### Anti-Spoofing Controls
+
+### Anti-Spoofing Controls
+
 Attackers that boot up evil Fly.io apps can’t spoof packets to other Fly.io instances; we use both Linux kernel controls, IP routing, and eBPF programs to make sure of that. It’s kind of a 1998 sort of attack to worry about, but in case your auditor cares, we took care of it.
 
 ## Audit
-##### Centralizing Logging and Metrics
-Fly.io collects logs and metrics from your apps, and can send them wherever you need them to go; you can get a single feed of logs from all your instances into an ELK cluster or a Splunk instance, or aim Grafana at our metrics, so you have visibility and an audit trail of what’s going on with your app. 
+
+### Centralizing Logging and Metrics
+
+Fly.io collects logs and metrics from your apps, and can send them wherever you need them to go; you can get a single feed of logs from all your instances into an ELK cluster or a Splunk instance, or aim Grafana at our metrics, so you have visibility and an audit trail of what’s going on with your app.
+
 
 ## Integrity
-##### Hardened Hosting
-Apps running on Fly.io run inside Firecracker, a Rust-based, memory-safe KVM hypervisor designed at Amazon as the engine for Fargate. At Fly.io, we take container images from our users and transmogrify them into VMs, for full, no-shared-kernel isolation between applications. Firecracker VMs run as userland processes on our hosts, and are further locked down with modern Linux security tools, including cgroups, file and network namespaces, resource limits, and privilege separation. 
-##### Kernel Vulnerability Response
+
+### Hardened Hosting
+
+Apps running on Fly.io run inside Firecracker, a Rust-based, memory-safe KVM hypervisor designed at Amazon as the engine for Fargate. At Fly.io, we take container images from our users and transmogrify them into VMs, for full, no-shared-kernel isolation between applications. Firecracker VMs run as userland processes on our hosts, and are further locked down with modern Linux security tools, including cgroups, file and network namespaces, resource limits, and privilege separation.
+
+### Kernel Vulnerability Response
 Fly.io is responsible for the security both of our host kernels (of course) and of the guest kernels our apps run in; one less thing for you worry about.
 
 ## Authentication
-##### Multi-Factor Authentication
+
+### Multi-Factor Authentication
 Fly.io supports standard multifactor authentication apps, because of course we do. We feel a little miffed you had to ask.
-##### Secrets Management
+
+### Secrets Management
+
 It’s easy to expose secrets to your running apps without leaking them in configurations: we provide a “write-only” secrets management scheme that keeps app secrets encrypted, exposing them only to running instances of your app, using a token-based system that ensures your plaintext secrets never hit machines not running your apps.
 
 ## Confidentiality
-##### WireGuard Everywhere
+
+### WireGuard Everywhere
+
 The Fly.io platform is knitted together out of hosts connected via a WireGuard mesh. Everything talks to everything else over WireGuard.
 WireGuard is a next-generation in-kernel (and userland) VPN designed by vulnerability researchers for simplicity, auditability, and modern cryptography. The Linux kernel implementation of WireGuard runs in steady state without requiring dynamic memory allocation! WireGuard is great, and is the gold standard for secure network transports.
-We run a full mesh of WireGuard. That means that once a request arrives at our edge from the Internet, when we proxy it to a host running your app, that communication occurs over a WireGuard virtual network.  
+We run a full mesh of WireGuard. That means that once a request arrives at our edge from the Internet, when we proxy it to a host running your app, that communication occurs over a WireGuard virtual network.
+
 We also use WireGuard in our API. Need to SSH to an instance of your app? That’ll happen over WireGuard. Need to open a Postgres shell? WireGuard. Deploy a new instance using a remote builder running in Fly.io? You guessed it: the Docker protocol stuff is running over WireGuard, from your machine to our hosts.
-##### Encryption In Transit
-See above! WireGuard runs 256-bit ChaCha20-Poly1305 with an authenticated Curve25519 key exchange. 
-##### TLS Everywhere
-Fly.io terminates TLS for our users at our edge. We run a fleet of memory-safe, Rust-based proxies that use the Hyper and Rustls libraries to implement HTTPS, in a tight configuration that scores an A grade from Qualys SSL Labs, without you needing to lift a finger. 
+
+### Encryption In Transit
+
+See above! WireGuard runs 256-bit ChaCha20-Poly1305 with an authenticated Curve25519 key exchange.
+
+### TLS Everywhere
+
+Fly.io terminates TLS for our users at our edge. We run a fleet of memory-safe, Rust-based proxies that use the Hyper and Rustls libraries to implement HTTPS, in a tight configuration that scores an A grade from Qualys SSL Labs, without you needing to lift a finger.
+
 You can terminate TLS in your application instead of at our edge, if you really want to. But you won’t want to.
-##### Automatic Certificate Management with LetsEncrypt
-Fly.io manages the ACME protocol to securely provision LetsEncrypt TLS certificates, so that’s another thing you’re just not going to have to think much about. 
-##### HTTP Strict Transport Security and HTTPS-Only
-It’s easy (a single configuration line) to lock your apps to HTTPS-only, using the HSTS protocol to direct browsers exclusively to the secure endpoint of your application and defeating SSL-stripping attacks. 
-##### Default-Deny Public Networking
-Apps running on Fly.io get routable IPv4 addresses. We’re just givin’ ‘em away! But when your users hit those addresses, they’re not bouncing directly off your app instances; instead, they’re routed to our edge, where we use our memory-safe Rust proxy to direct traffic. What that means for you is that nothing on your app is exposed unless you ask us to expose it. No security group rules or network ACLs required! You’re locked down by default.
-##### 6PN Private Networking
+
+### Automatic Certificate Management with LetsEncrypt
+
+Fly.io manages the ACME protocol to securely provision LetsEncrypt TLS certificates, so that’s another thing you’re just not going to have to think much about.
+
+### HTTP Strict Transport Security and HTTPS-Only
+
+It’s easy (a single configuration line) to lock your apps to HTTPS-only, using the HSTS protocol to direct browsers exclusively to the secure endpoint of your application and defeating SSL-stripping attacks.
+
+### Default-Deny Public Networking
+
+Apps running on Fly.io get routable IPv6 addresses and shared IPv4 addresses. But when your users hit those addresses, they’re not bouncing directly off your app instances; instead, they’re routed to our edge, where we use our memory-safe Rust proxy to direct traffic. What that means for you is that nothing on your app is exposed unless you ask us to expose it. No security group rules or network ACLs required! You’re locked down by default.
+
+### 6PN Private Networking
+
 Modern applications are often composed of ensembles of services. Some of those services are fit for talking to random users on the Internet. Others are best kept under wraps. Fly.io makes it easy to deploy complicated applications built out of multiple services: all Fly.io apps live in a private IPv6 network exclusive to your organization. We use eBPF in the Linux kernel to ensure that private networks can’t talk to each other; they’re completely private, without any extra configuration. We call this feature 6PN (for “IPv6 Private Network”), and it means there’s zero security lockdown work required to deploy a database, Redis cache, or background job scheduler. Your app server will be able to talk to them right away. Nobody outside your organization will be able to talk to them at all.
-##### Network Segregation
-“Network Segregation” is the term an enterprise IT administrator at a big bank would describe 6PN. Yup, your networks are segregated. 
-##### Secure Network Architecture
-Sure, you could call 6PN that, too. Did we mention there are no security group rules to review? There are no security group rules to review. 
-##### Encryption At Rest
+
+### Network Segregation
+
+“Network Segregation” is the term an enterprise IT administrator at a big bank would describe 6PN. Yup, your networks are segregated.
+
+### Secure Network Architecture
+
+Sure, you could call 6PN that, too. Did we mention there are no security group rules to review? There are no security group rules to review.
+
+### Encryption At Rest
+
 Databases like Fly.io Postgres are built on Fly.io Volumes, our persistent storage feature. It works like a drive plugged in and mounted in your app instance. And those drives are block-level encrypted with AES-XTS. We manage the keys for the drives for you, using a token-based orchestration system that ensures the keys are only accessible from privileged processes on hosts actually running your app. Check off another HITRUST CSF requirement from your list!
 
 ## Availability
-##### High Availability
+
+### High Availability
+
 Scaling apps across geographic regions is, like, the whole point of the service? I think it’s the whole point? At any rate: it’s definitely a thing we do.
-##### DDoS Protection
-Fly.io isn’t a DDoS Protection provider. But our upstreams have sophisticated DDoS tools, including blackhole routing and traffic scrubbing, which get regular workouts. 
-##### Rolling Deployments
+
+### DDoS Protection
+
+Fly.io isn’t a DDoS Protection provider. But our upstreams have sophisticated DDoS tools, including blackhole routing and traffic scrubbing, which get regular workouts.
+
+### Rolling Deployments
+
 Confidently deploy your Fly.io apps without worrying that you’re going to break everything: we’ll do rolling deploys, with canaries and health-checks, so a known-good version of your app is always running.
-##### Advanced App Instance Recovery Space Modulator
+
+### Advanced App Instance Recovery Space Modulator
+
 If your app crashes or exits, we’ll relaunch the VM. We have the technology.
-##### Off-Site Backups
+
+### Off-Site Backups
+
 Anything stored persistently in a Fly.io volume is backed up on a regular schedule.
 
 ## More info
 
-You can check our [community](https://community.fly.io) or [our documentation](https://fly.io/docs/) for answers to your questions. If you can't find what you're looking for want to know more, [get in touch](mailto:sales@fly.io)!
-
+Our blueprint for [Going to production with healthcare apps](/docs/blueprints/going-to-production-with-healthcare-apps/) runs a developer or operations engineer through the process of evaluating Fly.io’s security for HIPAA healthcare apps, launching a pilot application, signing a BAA, and deploying to production.
 
+You can also check our [community](https://community.fly.io) for answers to your questions.
 
+If you can't find what you're looking for or want to know more, [get in touch](mailto:sales@fly.io).
diff --git a/about/index.html.markerb b/about/index.html.markerb
index 75da96df75..e3d8d44840 100644
--- a/about/index.html.markerb
+++ b/about/index.html.markerb
@@ -1,18 +1,37 @@
 ---
-title: "About Fly"
+title: "About Fly.io"
 layout: docs
 sitemap: true
 toc: false
 nav: firecracker
 ---
 
-This section is all about the things you also need to know about Fly as a user of the service:
+<figure>
+  <img src="http://github.com/static/images/accident-forgiveness.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon holding an umbrella to protect a bird from the rain" class="max-w-lg">
+</figure>
 
-* [_Pricing_](/docs/about/pricing/) : All about how the Fly service is priced.
-* [_Healthcare_](/docs/about/healthcare/) : Controls relevant to running healthcare apps on Fly.
-* [_Support_](/docs/about/support) : Who to contact and where to go when you need Fly support.
-* [_Security_](/docs/about/security) : All about how we handle security and security issues at Fly.
-* [_Open Source_](/docs/about/open-source/) : How we help those OSS projects that help us.
-* [_Using Our Brand_](/docs/about/brand/) : Assets and guidelines to help represent our brand.
-* [_Privacy Policy_](/legal/privacy-policy/) : Fly's policy on privacy, detailed here.
-* [_Terms of Service_](/legal/terms-of-service) : The legal terms of service for Fly users.
+More details about using and working with the Fly.io platform.
+
+* **[Pricing](/docs/about/pricing/):** Pricing for compute, storage, and all the Fly.io platform services.
+
+* **[Billing](/docs/about/billing/):** Learn how billing works on Fly.io.
+
+* **[Cost Management](/docs/about/cost-management/):** Read this guide to learn how Fly.io billing really works, how to estimate your costs, and what to watch out for, complete with real examples and gotchas.
+
+* **[Free Trial](/docs/about/free-trial/):** Find out about Fly.io's Free Trial.
+
+* **[Support](/docs/about/support):** Who to contact and where to go when you need Fly.io support.
+
+* **[Healthcare](/docs/about/healthcare/):** Controls relevant to running healthcare apps on Fly.io.
+
+* **[Engineering Jobs and Hiring](/docs/about/extensions/):** Learm more about our hiring process.
+
+* **[Open Source](/docs/about/open-source/):** How we help those OSS projects that help us.
+
+* **[Open Source](/docs/about/open-source/):** How we help those OSS projects that help us.
+
+* **[Using Our Brand](/docs/about/brand/):** Assets and guidelines to help represent our brand.
+
+* **[Privacy Policy](/legal/privacy-policy/):** Our policy on privacy, detailed here.
+
+* **[Terms of Service](/legal/terms-of-service):** The legal terms of service for Fly.io users.
diff --git a/about/merch.html.markerb b/about/merch.html.markerb
new file mode 100644
index 0000000000..858effd3c3
--- /dev/null
+++ b/about/merch.html.markerb
@@ -0,0 +1,28 @@
+---
+title: Fly.io Merchandise
+layout: docs
+nav: firecracker
+---
+
+<figure>
+  <img src="http://github.com/static/images/frankie-merch.png" alt="Fly.io Frankie Merchandise" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Fly.io Merchandise
+
+Looking for some superfly swag? We have some Fly merch available in our Redbubble shop. Enjoy!
+
+Visit our [Redbubble shop](https://www.redbubble.com/people/annieruygt/shop) to check out our latest merchandise.
+
+## Available Items
+
+Our Redbubble shop features a variety of Fly.io branded items including:
+- T-shirts
+- Hoodies
+- Stickers
+- Mugs
+- And more!
+
+## Contact
+
+For any questions about our merchandise, please contact us at [annie@fly.io](mailto:annie@fly.io). 
diff --git a/about/open-source.html.markerb b/about/open-source.html.markerb
index fce19b17ac..009099b036 100644
--- a/about/open-source.html.markerb
+++ b/about/open-source.html.markerb
@@ -2,6 +2,8 @@
 title: Fly.io and Open Source
 layout: docs
 nav: firecracker
+redirect_from: /open-source/
+
 ---
 
 <figure>
diff --git a/about/pricing.html.markerb b/about/pricing.html.markerb
index 14b0c5ec38..f243365603 100644
--- a/about/pricing.html.markerb
+++ b/about/pricing.html.markerb
@@ -5,56 +5,111 @@ sitemap: true
 nav: firecracker
 ---
 
-<img src="http://github.com/static/images/app-pricing.webp" srcset="http://github.com/service/http://github.com/static/images/app-pricing@2x.webp%202x " alt="A landscape painting with hot air balloons flying over a mountain range.">
+<figure>
+  <img src="http://github.com/static/images/pricing.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon demonstrating a pricing chart on a whiteboard" class="w-full max-w-lg mx-auto">
+</figure>
 
-## _How it works_
+## How it works
 
-Our pricing is designed to let you launch a small application for free, and scale costs affordably as your needs grow.
+Fly.io services are billed per organization, with [Linked Organizations](/docs/about/billing/#unified-billing) reporting resource usage to their parent Billing Organization. Plans get complicated, so we just charge based on usage. Pick and choose which pieces you need for your application; that's all you'll see on your invoice.
 
-Fly.io services are billed per organization. Organizations are administrative entities on Fly.io that enable you to add members, share app development environments, and manage billing separately. Billing is based on the resources provisioned for your apps, pro-rated for the time they are provisioned. Learn more about [billing](/docs/about/billing/).
+Organizations are administrative entities on Fly.io that let you add members, share app development environments, and manage billing. [Billing](/docs/about/billing/) is based on the resources provisioned for your apps, pro-rated for the time they are provisioned.
 
-## _Plans_
+Organizations may be subject to automated scaling limits to prevent abuse or to help with capacity planning. Email the address in the error message if you run into such a limit and it's getting in your way.
 
-All plans require a [credit card](/docs/about/billing/#payment-options). Your first organization starts on a free Hobby plan (subject to change), and any subsequent new organizations you create are on the $5/month Hobby Plan. Hobby plans are a straightforward pay-as-you-go option.
+All organizations (except for Linked Organizations) require a [credit card](/docs/about/billing/#payment-options) on file.
 
-We don't offer a "free tier." Instead, we offer some free resource allowances that apply to all plans, including the Hobby plan, and includes enough usage per month to run a small full-stack app, full-time, for free. 
+## Compute
 
-If you want to scale beyond the included free resources, you can pay for just what you need at the usage-based pricing listed below.
+We charge for started and stopped Machines differently. Attached GPUs are charged separately. For more details about how costs are calculated, see [Machine billing](/docs/about/billing/#machine-billing). To understand the difference between `performance` and `shared` CPU types in Machines, see [CPU performance](/docs/machines/cpu-performance).
 
-<div class="note icon">
-Your organization might be limited to prevent abuse or help with capacity planning.
-</div>
+### Started Fly Machines
 
-If you need more support or compliance options, you can upgrade to a [Launch, Scale, or Enterprise plan](https://fly.io/plans). These come with usage included and additional support options.
+<p>
+  <label for="region-select">Region: </label>
+  <select id="region-select" class="rounded-md shadow-sm border-gray-300 focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50">
+    <% data.pricing.regions.each do |r| %>
+      <option value="<%= r.code %>"><%= r.city %>, <%= r.country %> (<%= r.code %>)</option>
+    <% end %>
+  </select>
+</p>
 
-For details and to select a different plan, see [Plan Pricing](https://fly.io/plans).
+<script type="text/javascript">
+const regionMarkups = {
+  <% data.pricing.regions.each do |region| %>
+    "<%= region.code %>": <%= region.markup_ratio %>,
+  <% end %>
+};
 
-## _Free allowances_
+const regionSelect = document.getElementById("region-select");
 
-Resources included for free on all plans:
+regionSelect.addEventListener("change", function () {
+  document.querySelectorAll(".started-machines-pricing-matrix").forEach((matrix) => matrix.classList.add("hidden"));
+  document.getElementById(`started-machines-pricing-matrix-${regionSelect.value}`).classList.remove("hidden");
+});
+</script>
 
-* Up to 3 shared-cpu-1x 256mb VMs
-* 3GB persistent volume storage (total)
-* 160GB outbound data transfer
+The price of a running [Fly Machine](/docs/machines/) VM is the price of a named CPU/RAM preset, plus about <span id="ram-price">$5</span> per 30 days per GB of additional RAM.
 
-Additional resources are billed at the usage-based pricing detailed below.
+Here's the pricing for named presets and a few standard additional RAM configurations:
 
-## _Compute_
+<%= partial("shared/cpu_mem_machines_pricing") %>
 
-### Fly Machines
+<script type="text/javascript">
+const ramPriceSpan = document.getElementById("ram-price");
+const baselineRamPricePer30Days = 5;
+const formatter = new Intl.NumberFormat('en-US', {
+  style: 'currency',
+  currency: 'USD',
+  minimumFractionDigits: 0,
+  maximumFractionDigits: 2,
+});
 
-Pricing for [Fly Machines](/docs/machines/) VMs, which are also the virtual-machine building blocks of [Fly Launch](/docs/apps/) and [Fly Postgres](/docs/postgres/) apps.
+regionSelect.addEventListener("change", function () {
+  const selectedRegion = regionSelect.value; // regionSelect defined in landing/pages/shared/_cpu_mem_machines_pricing.html.erb
+  ramPriceSpan.textContent = formatter.format(baselineRamPricePer30Days * regionMarkups[selectedRegion]);
+});
+</script>
 
-<%= partial("shared/cpu_mem_machines_pricing") %>
+### Stopped Fly Machines
+
+For stopped Machines we charge only for the root file system (rootfs) needed for each Machine. Each 1GB of rootfs for a Machine stopped for 30 days is $0.15. The amount of rootfs needed is defined by your OCI image generated on your app plus a few [containerd](https://containerd.io/+external) tweaks on the underlying file system.
+
+### Machine reservation blocks
+
+You'll get a 40% discount when you reserve a block of compute time, either for `performance` Machines or `shared` Machines, in a specific region.
+Reservations apply to any number of Machines of the specified CPU class, in the specified region, in any of your organisation's apps.
+
+The available reservation sizes are:
+
+**Performance Machines**
+
+* $144/year for $20/month of usage
+* $1,440/year for $200/month of usage
+* $14,400/year for $2,000/month of usage
+
+**Shared Machines**
+
+* $36/year for $5/month of usage
+* $360/year for $50/month of usage
+* $3,600/year for $500/month of usage
+
+You pay the "per year" amount upfront, and each month receive a credit worth the "per month" amount. The credit does not rollover; it's only valid for the month in which it's granted. The credit applies only to CPU and additional RAM charges.
+
+There's no limit on the number or combinations of blocks that can be purchased. Reservations are backdated to the first day of the month in which they're purchased.
 
-For more details about how costs are calculated, see [Machine billing](/docs/about/billing/#machine-billing).
+For example, if you purchase a $36/year `shared` Machines block in `cdg`, you'll pay $36 upfront and receive $5/month of credits applicable to `shared` Machines in `cdg` for 12 months, starting with the month of the purchase. Amortised over 12 months, the $36 upfront cost is $3/month, which is a 40% discount on the $5/month of credits you receive.
 
-### GPUs and Fly Machines
+You can set up reservations via self-service in the billing section of your Fly.io [dashboard](https://fly.io/dashboard). They apply to usage starting on the 1st, so setting up reservations any time in the month will give you the credits the entire month.
 
-Pricing for a GPU-enabled Fly Machine is the price of a standard Fly Machine (see [Fly Machines pricing](#fly-machines)) plus the price of the attached GPU. GPU access requires a [Launch, Scale, or Enterprise plan](https://fly.io/plans).
+### GPU-enabled Fly Machines
+
+Pricing for a GPU-enabled Fly Machine is the price of a standard Fly Machine (see above) plus the price of the attached GPU. Like Machines, GPUs are billed by the second when the attached Machine is running.
 
 On-demand GPU pricing:
 
+* A10: $1.50/hr per GPU
+* L40S: $1.25/hr per GPU
 * A100 40G PCIe: $2.50/hr per GPU
 * A100 80G SXM: $3.50/hr per GPU
 
@@ -67,55 +122,167 @@ Reserved and dedicated options:
 
 * Discounted rates for reserved GPU Machines and dedicated hosts.
 
-## _Persistent Storage Volumes_
+## Managed Postgres
+
+The price of running Fly.io Managed Postgres depends on your selected Managed Postgres Plan and the amount of storage your Postgres cluster has. 
+
+Current pricing for Managed Postgres plans and storage is available [here](/docs/mpg#pricing).
+
+## Persistent Storage Volumes
+
+### Volumes
 
 [Fly Volumes](/docs/volumes/) are local persistent storage for Machines.
 
-* Free: 3GB of total provisioned capacity per organization
 * $0.15/GB per month of provisioned capacity
 
 [Volume billing](/docs/about/billing/#volume-billing) is pro-rated to the hour.
 
 You'll be charged for volumes that you create, whether they are attached to a Machine or not, including when an attached Machine is stopped.
 
-## _Network prices_
+### Volume Snapshots
+
+<% if Time.now.utc < '2026-03-01T00:00:00Z' %>
+<section class="callout">
+  **New charges**
+
+  <p class="mt-2">
+    Starting January 1st 2026, we're introducing charges for [volume snapshot](/docs/volumes/snapshots/) storage. You'll see the first charges on the invoice issued at the start of February 2026.
+  </p>
+
+  <p class="mt-2">
+    If you're an existing customer, you can check your usage in the **Billing** section of the [dashboard](https://fly.io/dashboard/personal/billing) on your Upcoming Invoice and in the Cost Explorer.
+  </p>
+</section>
+<% end %>
+
+* $0.08/GB per month
+* First 10GB free each month
+
+[Volume Snapshot billing](/docs/about/billing/#volume-snapshot-billing) is pro-rated to the hour.
+
+Automatic daily snapshots with 5 days retention are enabled by default on new volumes. This can be [adjusted](/docs/volumes/snapshots/#set-or-change-the-snapshot-retention-period) or [disabled](/docs/volumes/snapshots/#disable-automatic-daily-snapshots).
+
+Usage is calculated based on the total stored size of the snapshots, not the provisioned volume size. You're only charged for the actual data stored - if you've written 1GB to a 10GB volume, you'll be charged for around 1GB of snapshot storage.
+
+Snapshots for each volume are stored incrementally, so you'll only be charged for data that has changed since the previously stored snapshot.
+
+## Network prices
 
 ### Anycast IP addresses
 
-Each application receives a [shared IPv4 address](/docs/reference/services/#shared-ipv4) and unlimited [Anycast IPv6](/docs/reference/services/#ipv6) addresses for global load balancing.
+Each application receives a [shared IPv4 address](/docs/networking/services/#shared-ipv4) and unlimited [Anycast IPv6](/docs/networking/services/#ipv6) addresses for global load balancing.
 
 Dedicated IPv4 addresses are $2/mo.
 
 ### Managed SSL certificates
 
-We use Lets Encrypt to issue certificates, and donate half of our SSL fees to them at the end of each calendar year.
+We use Let's Encrypt to issue certificates, and donate half of our SSL fees to them at the end of each calendar year.
 
-* Single hostname certificates:
-  * Free for the first 10
-  * $0.10/mo for additional certificates
+* Single hostname certificates: $0.10/mo
 * Wildcard certificates: $1/mo
 
-### Outbound data transfer
+### Data transfer pricing
+
+We bill for data leaving your app destined for the public internet or for apps or Machines in other regions, including:
+
+* Data egress to the Internet, from Machine to edge server to Internet
+* Data transfer over private network between regions, from Machine to edge server and edge server to Machine
+* Data transfer to some extensions like Upstash Redis
 
-We bill for outbound data transfer from the region a VM is running in, inbound transfer is free.
+The following types of traffic are free:
 
-<%= partial("shared/network_pricing") %>
+* All inbound data transfer
+* Data transfer between apps or Machines in the same region (for organizations using granular data transfer rates)
+* Data transfer from apps without an assigned IP address (for organizations not using granular data transfer rates)
+
+Fly.io pricing is per region group for outbound data transfer. You'll see a more detailed breakdown of cost per region and per traffic type on your monthly invoice.
+
+<div class="note icon">
+**Important:** Organizations created after July 18 2024 are automatically opted-in to use the granular data transfer rates and are billed at a different rate for private network data transfer between regions, per the following table. Organizations not using granular data transfer rates are billed for all data transfer (excluding that listed as free above) at the "Egress to public internet" rate.
+</div>
+
+| Region groups | Egress to public internet cost | Private network cross-region transfer cost |
+| --- | --- | --- |
+| - North America<br>- Europe | $0.02 per GB | $0.006 per GB |
+| - Asia Pacific<br>- Oceania<br>- South America | $0.04 per GB | $0.015 per GB |
+| - Africa<br>- India | $0.12 per GB | $0.050 per GB |
+
+To opt-in to granular bandwidth pricing, go to the [**Organizations** page](https://fly.io/organizations) in the dashboard, click the organization name to change, then click **Switch to granular bandwidth pricing**. You won't be able to return to using the non-granular data transfer rates once you opt in.
+
+### Static Egress IPs for Machines
+
+Static egress IPs for Machines provide dedicated outbound IP addresses for your Machines. When you allocate a static egress IP, you'll get both an IPv4 and IPv6 address for this single price.
+
+* $0.005 per hour (~$3.60/month)
+* Machines do not have a static IP by default
+
+## Support
+
+[Community support](https://community.fly.io/) is included for all customers, regardless of usage level.
+You can get access to a support plan by purchasing a Standard ($29/month), Premium ($199/month), or Enterprise (starting at $2500/month) package in the **Support** section of your dashboard. For more about Support, see [Support at Fly.io](/docs/about/support/).
+
+## Fly Kubernetes
+
+[Fly Kubernetes](/docs/kubernetes/) (FKS) is a managed Kubernetes service that runs on Fly.io.
+
+* $75/month per cluster
+* Plus the cost of [compute](#compute) and [Fly volumes](#persistent-storage-volumes) that you create
+
+## Extensions
+
+Fly.io offers managed services operated by third parties, such as [Tigris Object Storage](/docs/tigris) and [Upstash Redis](/docs/upstash/redis/).
+
+When you provision their services, you become their customer, and you pay their list prices via your monthly Fly.io bill. Charges are updated daily in your Fly.io dashboard.
+
+You will not be billed separately for:
+
+* Machines running the services, which are hosted in the provider's account
+* IP addresses associated with the service
+* Bandwidth to Tigris Object Storage
+
+You **will** be billed separately for data transfer to these external third-party services. See our [data transfer pricing](#data-transfer-pricing) for details.
+
+## Unsupported Products
+
+### Unmanaged Fly Postgres (Unsupported)
+
+[Fly Postgres](/docs/postgres/) is a PostgreSQL database that you create and then manage yourself. Fly Postgres clusters are Fly Apps that consist of Machines, volumes, and any configured extra memory.
+
+The [Machine price](#compute) and [volume price](#persistent-storage-volumes) for Fly Postgres are the same as any other Machine and volume you'd run on Fly.io. Assuming the Machines are running all the time, the cost for the preset configurations is about $2/month for a single node cluster for dev projects and from about $82 to $164/month for a three-node production cluster. You don't need to keep the preset configurations, you can [scale your Fly Postgres Machines](/docs/postgres/managing/scaling/) to suit your workload at any time.
+
+## Discontinued Plans
+
+Fly.io no longer offers plans to new customers. If you purchased a Launch or Scale plan before October 7, 2024, you can remain on those plans unless you convert to Pay As You Go, delete your payment method, or otherwise stop using Fly.io.
+
+### Legacy Free allowances
+
+The following resources were included for free on the Hobby (deprecated), Launch, and Scale plans, and are still honored for any organizations that were on these plans before we sunset them:
+
+* Up to 3 shared-cpu-1x 256mb VMs
+* 3GB persistent volume storage (total)
 
+Outbound data transfer:
+* 100 GB North America & Europe
+* 30 GB Asia Pacific, Oceania & South America
+* 30 GB Africa & India
 
-## LiteFS Cloud
+### Paid Hobby plan with Free Trial credit 
 
-[LiteFS Cloud](/docs/litefs/cloud-backups) is a service that provides streaming
-backups and point-in-time restore for your SQLite-based applications that use
-[LiteFS](/docs/litefs).
+If you signed up for the now deprecated $5/month paid Hobby plan prior the release of the Pay As You Go plan, you got a one-time $5 free trial credit to let you test-drive Fly.io at no cost. When the free trial credit was used up, we automatically placed your organization on the $5/month Hobby plan, which included $5/month of usage and free allowances. There are no free allowances during the free trial. We'll send you an email when your free trial credit is used up and you won't be charged before that. The free trial credit doesn't expire and applies only to the default (“personal”) organization that we created for you on sign-up.
 
-- $5 per month for up to 10GB of database storage.
-- Additional $0.50/GB per month for database storage above 10GB.
+To change your plan to the Pay As You Go plan, go to the [**Organizations** page](https://fly.io/organizations) in the dashboard, click the organization name to change, then click **Choose Pay As You Go**. If you change your plan, you won't be able to return to the paid Hobby Plan.
 
+### Legacy (Free) Hobby plan
 
-## _Support_
+If you were on the free Hobby plan at the time that the paid Hobby plan became the default for new organizations, your plan is now called the Legacy Hobby plan. Your costs stay the same as they were, with no monthly subscription fee, and no included usage beyond the free resource allowances.
 
-[Community support](https://community.fly.io) is included for all customers, regardless of usage level.
+If you change your plan, you won't be able to return to the Legacy Hobby Plan.
 
-Email support is included with our [Launch, Scale, and Enterprise plans](https://fly.io/plans).
+## **Related reading**
 
-For more about Support, see [Support at Fly.io](https://fly.io/docs/about/support/).
+- [Billing for Fly.io](/docs/about/billing/) How invoicing, payment methods, and usage tracking work.
+- [Cost Management](/docs/about/cost-management/) Best practices for estimating, monitoring, and controlling your spend.
+- [Free Trial](/docs/about/free-trial/) What the Fly.io Free trial gives you and when billing begins.
+- [Organization Roles & Permissions](/docs/security/org-roles-permissions/) How org structure, permissions and billing interplay.
+- [Optimize Compute Costs: Fine‑tune your app](/docs/apps/fine-tune-apps/) Tuning machine size, memory/CPU, and stop‑/start behavior to reduce waste.
\ No newline at end of file
diff --git a/about/security.html.md b/about/security.html.md
deleted file mode 100644
index 48b595447a..0000000000
--- a/about/security.html.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Security at Fly.io
-layout: docs
-nav: firecracker
----
-
-Securing a major hosting platform like [Fly.io](http://Fly.io) is a hard problem, and we take it seriously.
-
-<div class="callout">
-**Reporting issues**: If you have a security concern, or believe you’ve found a vulnerability in any part of our infrastructure, please contact us. You can reach us at [**security@fly.io**](mailto:security@fly.io), and we can provide you with a Signal number if needed to convey sensitive information.
-</div>
-
-## Our Security Practice
-
-**Corporate Security (“CorpSec”)**
-
-CorpSec is the practice of making sure [Fly.io](http://Fly.io) team members have secure access to [Fly.io](http://Fly.io) company infrastructure, and that secured channels are the only exposed channels to [Fly.io](http://Fly.io). CorpSec controls are the primary concern of standards like SOC2.
-
-- Access to our services and applications is gated on a SSO Identity Provider.
-- We require strong, phishing-resistant 2FA in all enrolled IdP accounts.
-- We rely on IdP-backed WireGuard with strict, default-deny, role-based access controls to access internal applications.
-- We have centralized repositories of policy and audit controls, including team onboard and offboarding and access requests; we regularly audit access to internal systems.
-
-## Process Controls: Network/Infrastructure Security (“InfraSec”)
-
-InfraSec is the practice of ensuring a hardened, minimal attack surface for components we deploy on our network. Conventionally, modern InfraSec centers on “cloud security”; of course, we are ourselves a cloud provider, which makes the job more interesting.
-
-- We run on our own hardware deployed in secure data centers like Equinix.
-- Our platform networking runs over a WireGuard mesh with further BPF-based access controls. Everything is encrypted in transit, at multiple layers.
-- Remote management is largely automated, and fully audited; remote access is done through an IdP-backed cert-based SSH system with transcript-level audit trails.
-- [Fly.io](http://Fly.io) operates a large logging and metrics cluster (it’s a feature of our platform!).
-- Our internal client/server services are locked down further with Mutual TLS. 
-- We work with upstream traffic providers to perform automated and manual DDoS mitigation.
-- Compute jobs at [Fly.io](http://Fly.io) are virtualized using Firecracker, the virtualization engine developed at AWS as the engine for Lambda and Fargate. 
-- Customer information on databases and volumes at [Fly.io](http://Fly.io) is encrypted with the Linux LUKS block storage encryption secrets. 
-
-## Application Security (“AppSec”)
-
-AppSec is the practice of ensuring software is secure by design, secured during development, secured with testing and review, and securely deployed.
-
-- Our software is built in memory-safe programming languages, including Rust (for our Anycast forwarding path) and Golang (for our deployment and control plane). 
-- We make decisions that minimize our attack surface. Most interactions with [Fly.io](http://Fly.io) are well-described in a GraphQL API, and occur through flyctl, our open-source command-line tool.
-- We perform internal code reviews with a modern, PR-based development workflow, and engage external testing firms to assess our software security.
-
-## Vulnerability Remediation
-
-Vulnerabilities that directly affect Fly.io's systems and services will be patched or otherwise remediated within a timeframe appropriate for the severity of the vulnerability, subject to the public availability of a patch or other remediation instructions.
-
-**Severity: Timeframe**
-* Critical:	24 hours
-* High:	1 week
-* Medium:		1 month
-* Low: 3 months
-* Informational:	As necessary
-
-If there's a severity rating that accompanies a vulnerability disclosure, we'll generally rely on that as a starting point, but may upgrade or downgrade the severity in our best judgement. 
-
-
-## SOC2 and HIPAA
-
-[We have our SOC2 Type I](/blog/soc2-the-screenshots-will-continue-until-security-improves/) where we've documented a bunch of these controls. Additionally, we've detailed a number of controls for folks exploring [running HIPAA-compliant applications on our platform](/docs/about/healthcare).
-
-## Questions?
-
-[Email us!](mailto:security@fly.io)
\ No newline at end of file
diff --git a/about/support.html.md b/about/support.html.md
index f39618fa3f..1c3b6ab20c 100644
--- a/about/support.html.md
+++ b/about/support.html.md
@@ -2,10 +2,11 @@
 title: Support
 layout: docs
 nav: firecracker
-toc: false
 ---
 
-<img src="http://github.com/static/images/support.webp" srcset="http://github.com/service/http://github.com/static/images/support@2x.webp%202x " alt="An open laptop with a Fly.io sticker on it, sitting on the ground next to a coffee mug and a cute turtle.">
+<figure>
+  <img src="http://github.com/static/images/help.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon wearing a fireman hat, putting a ladder on a tree to save a cat" class="w-full max-w-lg mx-auto">
+</figure>
 
 Need support? We can help! Here's where to look.
 
@@ -25,15 +26,45 @@ All customers have access to our active [community forum](https://community.fly.
 
 Customers also frequently help each other out and share insights on running their apps on Fly.io. Especially helpful contributors can earn a special "Aeronaut" badge to signify their troubleshooting prowess, great advice, and exceptional kindness.
 
-## Email support
+## Billing and account support
 
-**Who can use this:** Customers on [Launch, Scale, and Enterprise plans](https://fly.io/plans).
+**Who can use this:** Everyone
+
+**Use this for:** Billing and account management issues.
+
+For questions about a specific invoice or account management issues, you can email us at [billing@fly.io](mailto:billing@fly.io).
+
+## Paid support plans
+
+**Find out more:** Want to learn more about our different support plans or ready to get started? Just head over to our [Support page](https://fly.io/support). We've got all the details there to help you choose what works best for you!
+
+### Email support
+
+**Who can use this:** Organizations who have purchased a Standard, Premium, or Enterprise Support package or organizations with legacy Launch or Scale plans. 
+
+**Use this for:**  Technical support for issues or questions specific to you.
+
+Our Standard, Premium, and Enterprise packages have access to email support. These plans come with an organization-specific address for emailing support questions, typically `<org-name>@support.fly.io`.
 
-**Use this for:**  Issues or questions specific to you.
+You can find your support address is in the [Fly.io dashboard](https://fly.io/dashboard). Select your organization, and look for your unique email address in the **Support** section. You'll also find a form to submit new support tickets, as well as an overview of recent support interactions.
 
-Our Launch, Scale, and Enterprise plans have access to email support. These plans come with an organization-specific address for emailing support questions, typically &lt;org-name&gt;@support.fly.io.
+### Support Portal
 
-Your support address is in the [Fly.io dashboard](https://fly.io/dashboard). Select your organization, and look for your Support email address in the Billing section.
+**Who can use this:** Organizations who have purchased a Standard, Premium, or Enterprise Support package or organizations with legacy Launch or Scale plans. Organizations with a Managed Postgres (MPG) database cluster also have access to our Support Portal for issues related to MPG.
+
+**Use this for:** Technical support for issues or questions specific to you.
+
+The Support Portal is a self-service portal for customers to submit support tickets, view recent support interactions, and track the status of their tickets. You can access it from your [Fly.io dashboard](https://fly.io/dashboard) by clicking the **Support** tab.
+
+## Managed Postgres Support
+
+We now offer [Managed Postgres (MPG)](https://fly.io/docs/mpg/overview/), a fully managed Postgres service with automated provisioning, daily snapshots, built-in high availability, global networking, and Prometheus-compatible metrics. MPG is currently available in a limited set of regions and supports up to 1 TB of storage, with an initial allocation cap of 500 GB. Managed Postgres customers have Support portal access for issues related to MPG.
+
+Note: If you need to run in unsupported regions, require more storage, or need custom configuration, you may still need to use an [unmanaged Postgres](https://fly.io/docs/postgres/getting-started/what-you-should-know/) app for now.
+
+## Support metrics
+
+The Fly.io Support team publishes our email support metrics to better set expectations regarding response times and help to you understand how we're doing. You can view these metrics in the public [Support Metrics Dashboard](https://fly.io/support).
 
 ## Working with support
 
@@ -48,6 +79,40 @@ Here are some things to include in your ticket:
 - Prepending `LOG_LEVEL=debug` to any flyctl command will provide insight into the lower-level API calls being made.
 - If you are sending us error messages or log output, it's best to send that as plain text in the body of the email (or upload a `.txt` or `.log` file for longer outputs), rather than attached screenshots of your terminal window.
 
-## Other questions?
-
-For questions about a specific invoice or account management issues, email us at [billing@fly.io](mailto:billing@fly.io).
+## Scope of Support
+
+<div>
+  <p class="mb-6">
+    This section highlights the products we actively work on and maintain, and therefore, the ones we are able to provide support for. While we can't offer direct support for your own code or the specific language or framework you use, here are some [guides to the most common frameworks](https://fly.io/docs/getting-started/get-started-by-framework/) used on Fly.io.
+  </p>
+
+
+  <div class="border-2 border-gray-200 rounded-lg">
+    <div class="grid grid-cols-2">
+      <div class="p-6 border-r border-gray-200">
+        <h3 class="font-bold mb-4">Supported Products</h3>
+        <ul class="space-y-2">
+          <li>**Networking**</li>
+          <li>**Machines** (including GPUs)</li>
+          <li>**Managed Postgres** (MPG)</li>
+          <li>**Apps**</li>
+          <li>**Launch/Deploy** (UI & CLI)</li>
+          <li>**Volumes**</li>
+          <li>**FKS**</li>
+          <li>**Security**</li>
+          <li>**Accounts & Billing**</li>
+          <li>**Extensions** (Tigris, Upstash, Depot)</li>
+          <li>**Monitoring** (metrics and logs)</li>
+        </ul>
+      </div>
+
+      <div class="p-6">
+        <h3 class="font-bold mb-4">Not Supported</h3>
+        <ul class="space-y-2">
+          <li>**LiteFS**</li>
+          <li>**Unmanaged Postgres**</li>
+        </ul>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app-guides/continuous-deployment-with-github-actions.html.md b/app-guides/continuous-deployment-with-github-actions.html.md
deleted file mode 100644
index eee8d33077..0000000000
--- a/app-guides/continuous-deployment-with-github-actions.html.md
+++ /dev/null
@@ -1,159 +0,0 @@
----
-title: "Continuous Deployment with Fly.io and GitHub Actions"
-layout: docs
-sitemap: false
-nav: firecracker
-categories:
-  - ci
-  - github
-  - guide
-priority: 10
-date: 2020-06-20
----
-
-<img src="http://github.com/static/images/continuous-deployment.webp" alt="A man writing code on a vintage desktop computer" class="rounded-xl">
-
-This guide works through setting up your app for continuous deployment to Fly.io from the app's GitHub repository.
-
-You'll start with an example application called [go-example](https://github.com/fly-apps/go-example). It's a simple, lightweight app that displays the Fly.io region that served the request.
-
-The first section is a speed-run through the steps to make the go-example app automatically deploy to Fly.io from GitHub. The next section loops back for a [longer look at each step](#a-longer-look-at-the-deployment-process).
-
-## Speed-run your way to continuous deployment
-
-1. Fork the [go-example](https://github.com/fly-apps/go-example) repository to your GitHub account.
-2. Clone the new repository to your local machine.
-3. Run `fly launch --no-deploy` from within the project source directory to create a new app and a `fly.toml` configuration file. 
-4. Type `y` to when prompted to tweak settings and enter a name for the app. Adjust other settings, such as region, as needed. Then click **Confirm Settings**.
-5. Still in the project source directory, get a Fly API deploy token by running `fly tokens create deploy -x 999999h`. Copy the output.
-6. Go to your newly-created repository on GitHub and select **Settings**.
-7. Under **Secrets and variables**, select **Actions**, and then create a new repository secret called `FLY_API_TOKEN` with the value of the token from step 5.
-8. Back in your project source directory, create `.github/workflows/fly.yml` with these contents:
-    
-    ```yaml
-    name: Fly Deploy
-    on:
-      push:
-        branches:
-          - master
-    jobs:
-      deploy:
-        name: Deploy app
-        runs-on: ubuntu-latest
-        steps:
-          - uses: actions/checkout@v3
-          - uses: superfly/flyctl-actions/setup-flyctl@master
-          - run: flyctl deploy --remote-only
-            env:
-              FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
-    ```
-
-      <div class="note icon">
-      **Note:** The `go-example`’s default branch is currently `master`. If you’re using a different app, yours might be `main`. Change the `fly.yml` file accordingly.
-      </div>
-
-9. Commit your changes and push them up to GitHub. You should be pushing two new files: `fly.toml`, the [Fly Launch](/docs/apps/) configuration file, and `fly.yml`, the GitHub action file.
-  
-Then the magic happens - The push triggers a deploy, and from now on whenever you push a change, the app will automatically be redeployed.
-
-If you want to watch the process take place, head to the repository and select the **Actions** tab, where you can view live logs of the commands running.
-
-## A longer look at the deployment process
-
-### `fly.toml` and the repository
-
-**Step 1** is a simple GitHub Fork; there's not a lot to say about that except that you need to do it, because you want control of the repository that you're deploying from.
-
-**Step 2** is just cloning the repository to your local system so that you can edit and push changes to it.
-
-**Steps 3 and 4** create a new app on Fly.io and a `fly.toml` configuration file to go into the repository.
-
-<div class="callout">
-A note about `fly.toml` in repositories: Usually, when Fly.io ships examples, we avoid putting the `fly.toml` file in the repository by including `fly.toml` in the `.gitignore` file. And users should be creating their own `fly.toml` with the `fly launch` command. When using GitHub Actions though, you want your `fly.toml` in the repository so that the action can use it in the deployment process.
-</div>
-
-### API tokens
-
-**Step 5** is about getting an API token. You can generate a deploy token to use to authorize a specific application. That's what `flyctl tokens create deploy -x 999999h` gives you. For a more powerful token that can manage multiple applications, run `flyctl auth token`.
-
-**Steps 6 and 7** make your new token available to GitHub Actions that run against your repository. You'll add the token as a secret in the repository's settings. Under the **Settings** tab, go to **Secrets and variables** and select **Actions**. Click on the green "New repository secret" button, enter the name as `FLY_API_TOKEN`, and copy the token as the secret.
-
-If you'd prefer an environment secret instead, then you need to list the environment you selected in your deploy step.  For example:
-
-```yaml
-deploy:
-    name: Deploy app
-    runs-on: ubuntu-latest
-    environment: production
-```
-
-### Building the workflow and deployment
-
-**Step 8** is the heart of the process, where you put in place a workflow. Now, GitHub has a UI which allows you to select and edit workflows, but you can also modify them as part of the repository. So you create `.github/workflows/fly.yml` - you'll likely want to `mkdir -p .github/workflows` to quickly create the directories - and load up the file with a GitHub Action recipe.
-
-Github Action recipe, line by line:
-
-```yaml
-name: Fly Deploy
-```
-
-This sets the displayed name for the action.
-
-```yaml
-on:
-  push:
-    branches:
-      - master
-```
-
-When should this action be run. There's lots of options but in this case, in response to any `push` to the repository's `master` branch. If your repository uses a default branch other than `master`, such as `main`, then you should change that here.
-
-```yaml
-jobs:
-  deploy:
-      name: Deploy app
-      runs-on: ubuntu-latest
-```
-
-So an action is made up of named jobs, in this case one to deploy the application. The jobs run on a virtual machine. This section gives the "deploy" job the name "Deploy app" and tells GitHub Actions to run it on a virtual machine with the latest version of Ubuntu on it. The next part is to set up the steps needed to complete this job.
-
-```yaml
-      steps:
-        - uses: actions/checkout@v3
-```
-
-The first step is one of the built in Actions steps. The step `uses` the `checkout@v3` action which checks out the repository into a directory on the virtual machine. You're now ready to deploy.
-
-```yaml
-        - uses: superfly/flyctl-actions/setup-flyctl@master
-        - run: flyctl deploy --remote-only
-```
-
-This step `uses` the superfly/flyctl-actions action. This is a GitHub action created by Fly.io which wraps around the `flyctl` command. The wrapper is invoked with the `deploy` argument which will take over the process of building and moving the application to the Fly.io infrastructure. It uses the settings from the `fly.toml` file to guide it and uses the `FLY_API_TOKEN` to authorize its access to the Fly.io GraphQL API.
-
-```yaml
-          env:
-            FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
-```
-
-This pulls the API token from GitHub's secrets engine and puts it into the environmental variables passed to the action.
-
-**Step 9** pushes your two new files to the repository: `fly.toml`, the Fly Launch configuration file, and `fly.yml`, the GitHub action file. The push triggers your first automatic deploy. The GitHub action now triggers a redeploy each time you push changes to your repo.
-
-## Conclusion and further reading
-
-And that's the deployment process. You can, of course, leverage the GitHub Actions environment to manage more intricate deployments, interact with other applications&mdash;say to send Slack messages on completion&mdash;or whatever else you can dream up.
-
-**Read:**
-
-* [Deploy Tokens](/docs/reference/deploy-tokens/)
-* [GitHub Actions Documentation](https://docs.github.com/en/actions)
-
-**See:**
-
-* [GitHub Actions for flyctl](https://github.com/superfly/flyctl-actions)
-
-
-
-
-
diff --git a/app-guides/custom-domains-with-fly.html.md b/app-guides/custom-domains-with-fly.html.md
deleted file mode 100644
index 31a7237d58..0000000000
--- a/app-guides/custom-domains-with-fly.html.md
+++ /dev/null
@@ -1,432 +0,0 @@
----
-title: Custom Domains and SSL Certificates
-layout: docs
-sitemap: false
-nav: firecracker
-categories:
-  - ssl
-  - custom domains
-  - guide
-date: 2020-07-20
----
-
-An application's brand is often encapsulated in its domain name and that in turn is wrapped with value. So being able to configure secure custom domains is essential.
-
-Fly.io offers a simple command-line process for manual configuration of custom domains and a GraphQL API for people integrating Fly custom domains into their automated workflows. Here, we'll be looking at both - and answering the question, which one should you use?
-
-## Teaching your app about custom domains
-
-Your application code needs to know how to accept custom domains and adjust the responses accordingly. If you're hosting content on behalf of your users, this typically means mapping the incoming hostname to a particular ID in your application database.
-
-When users make requests, their browser sends a `Host` header you can use to alter the behavior of your application. When you run your app server on Fly.io directly, just get the contents of the `Host` header to identify a request.
-
-If you're running your application on another provider, you will need to create a proxy application (like [NGINX](/docs/app-guides/global-nginx-proxy/)) to route traffic through Fly. Your application can then use the `X-Forwarded-Host` header to determine how to handle requests.
-
-## Creating a custom domain on Fly.io manually
-
-There's a question to ask and answer. Do you want to start accepting traffic immediately on your custom domain or do you want to have your domain ready with certificates when you set it to start accepting traffic, for example when you want to cut over from another platform to Fly.
-
-### Accepting traffic immediately for the custom domain
-
-In this scenario, we want the custom domain to point to the `nginxproxy` server which will allow unencrypted IPv4 and IPv6 connections. Again, there are two ways to do this. Using DNS's CNAME capability or setting the A and AAAA records.
-
-#### Option I: CNAME records
-
-CNAME records in DNS act like a pointer. If we add a CNAME record to our custom domain that points to our proxy name `nginxproxy.fly.dev` then requests for the custom domain's IP address would return the proxy's address and clients would then lookup the IP addresses for the proxy. 
-
-It's the quickest way to get set up, but there are catches. First, it is ever so slightly slower with that second look up. Second, it limits what you can do with the domain, especially if it's an "Apex domain" - CNAMEs are, according to DNS standards, meant to be the only record in a host's DNS records and so you can't add MX and other essential records to the DNS entry. If you aren't setting up an Apex domain, the CNAME is the quickest way to get going.
-
-#### Option II: A and AAAA records
-
-We can skip all CNAME concerns by setting A and AAAA records on your custom domain. Run `flyctl ips list` to see your app's addresses:
-
-```cmd
-flyctl ips list
-```
-```output
-  TYPE   ADDRESS                                CREATED AT
-  v4     77.83.143.105                          2020-03-02T14:59:13Z
-  v6     2a09:8280:1:659f:6cb7:4925:6bfd:90a3   2020-03-02T14:59:13Z
-```
-
-Create an A record pointing to your v4 address, and an AAAA record pointing to your v6 address. You're then free to make this an Apex domain as needed.
-
-#### Adding the certificate
-
-Once these settings are in place, you can add the custom domain to the application's certificates. If we are configuring example.com, then we would simply run:
-
-```cmd
-flyctl certs create example.com
-```
-
-If you are using [dedicated IPs](https://fly.io/docs/reference/services/#dedicated-ipv4) and want to add a wildcard domain, remember to place quotes around the hostname to avoid inadvertent shell expansion:
-
-```cmd
-flyctl certs create "*.example.com"
-```
-
-This will kick off the process of validating your domain and generating certificates. You can check on the progress if you run:
-
-```cmd
-flyctl certs show example.com
-```
-```output
-  Hostname                    = example.com
-  Configured                  = true
-  Issued                      = rsa,ecdsa
-  Certificate Authority       = lets_encrypt
-  DNS Provider                = dnsimple
-  DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.o055.flydns.net.
-  DNS Validation Hostname     = _acme-challenge.example.com
-  DNS Validation Target       = example.com.o055.flydns.net
-  Source                      = fly
-  Created At                  = 1m9s ago
-  Status                      = Ready
-```
-
-Configured should be true and Status will show ready when the certificates are available. The Issued field will show which types of certificates are available - RSA and/or ECDSA. Once they are issued, you'll be ready to run with your custom domain.
-
-### Configuring certificates before accepting traffic
-
-This process allows certificates to be issued before the domain is live and accepting traffic. Using a particular CNAME entry in the DNS allows Fly.io to validate the domain before issuing a certificate. 
-
-The process starts with adding the certificate to the application like so:
-
-```cmd
-flyctl certs create example.com
-```
-
-Again, if you are creating a wildcard domain, remember to place quotes around the hostname to avoid inadvertent shell expansion:
-
-```cmd
-flyctl certs create "*.example.com"
-```
-
-Now we have created the certificate, we need to ask for the CNAME entry that has to be set up. For this, we run `fly certs show`:
-
-```cmd
-flyctl certs show example.com
-```
-```output
-  Hostname                    = example.com
-  Configured                  = false
-  Issued                      = 
-  Certificate Authority       =
-  DNS Provider                = dnsimple
-  DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.o055.flydns.net.
-  DNS Validation Hostname     = _acme-challenge.example.com
-  DNS Validation Target       = example.com.o055.flydns.net
-  Source                      = fly
-  Created At                  = 0m9s ago
-  Status                      = 
-```
-
-The specific part to focus in here are the DNS Validation fields:
-
-```
-DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.o055.flydns.net.
-  DNS Validation Hostname     = _acme-challenge.example.com
-  DNS Validation Target       = example.com.o055.flydns.net
-```
-
-Basically, the Validation Hostname, when looked up, should send requests to the Validation Target, a Fly-generated validation service. To do this, add the contents of the Validation Instructions to your DNS records; that is create a CNAME record which points the _acme-challenge subdomain to the Validation target.
-
-Once you have done that, wait as the validation and certificate issuing happens (check in with `flyctl certs check`). When complete, you'll be able to turn on the traffic whenever you are ready. You'll be able to do that either by setting the CNAME or by setting the A and AAAA records as described previously.
-
-### Other commands
-
-Finally, we should point out the other `flyctl certs` commands which you will want to use.
-
-* `flyctl certs list` - Lists the hostnames which have been added to an application and for which certificates may have been obtained.
-* `flyctl certs check hostname` - Triggers a check on the domain validation and DNS configuration for the given host and return results in the same format as `flyctl certs show`.
-* `flyctl certs delete hostname` - Removes the hostname from the application, dropping the certificates in the process.
-
-## Automating the certificate process
-
-To illustrate how to automate the certificates API, we are going to show the `flyctl` command line and the equivalent GraphQL request, wrapped in a compact easy-to-read Node application from our [fly-examples/hostnamesapi](https://github.com/fly-apps/hostnamesapi) repository.
-
-### GraphQL API Notes
-
-**Endpoints**: The Endpoint for the Fly API is `https://api.fly.io/graphql`. 
-
-**Authentication**: All queries require an API token which be obtained by signing into the [Fly.io web dashboard](https://fly.io/dashboard/apps/), selecting **Account** ➡︎ **Settings** ➡︎ **Access Tokens** ➡︎ **Create Access Token**. Create a new token and carefully note the value; we suggest placing it in an environment variable such as `FLY_API_TOKEN` so it can be passed to applications. When used with the API, the token should be passed in an `Authorization` header with the value `Bearer <token value>`.
-
-**IDs and Names**: Applications can be referred to by name or by ID. Currently the Application ID and Name are interchangeable. This will change in a future semantically significant version. To see how to query for ID and Name, see [getappbyid.js](https://github.com/fly-apps/hostnamesapi/blob/master/getappbyid.js) and [getappbyname.js](https://github.com/fly-apps/hostnamesapi/blob/master/getappbyname.js) in the example repository.
-
-### Listing all the hosts of an application
-
-**With Flyctl**: `flyctl certs list`
-
-**With GraphQL**: The example is in the repository as [getcerts.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcerts.js). This request takes the application name as a parameter.
-
-```graphql
-query($appName: String!) {
-  app(name: $appName) {
-    certificates {
-      nodes {
-        createdAt
-        hostname
-        clientStatus
-      }
-    }
-  }
-}
-```
-
-**Example output**:
-
-```json
-{
-  "app": {
-    "certificates": {
-      "nodes": [
-        {
-          "createdAt": "2020-03-04T14:17:14Z",
-          "hostname": "example.com",
-          "clientStatus": "Ready"
-        },
-        {
-          "createdAt": "2020-03-05T15:28:41Z",
-          "hostname": "exemplum.com",
-          "clientStatus": "Ready"
-        }
-		  ]
-	  }
-  }
-}
-```
-
-This lists every host associated with the application. Each host may have up to two (RSA/ECDSA) certificates associated with it. See "[Reading a certificate from an application](#reading-a-certificate-from-an-application)" to see how to query the certificates associated with the hostnames.
-
-### Creating a certificate for an application
-
-**With Flyctl**: `flyctl certs create <hostname>`
-
-**With GraphQL**: The example is [addcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcerts.js). This request takes the application id and hostname as parameters.
-
-```graphql
-mutation($appId: ID!, $hostname: String!) {
-    addCertificate(appId: $appId, hostname: $hostname) {
-        certificate {
-            configured
-            acmeDnsConfigured
-            acmeAlpnConfigured
-            certificateAuthority
-            certificateRequestedAt
-            dnsProvider
-            dnsValidationInstructions
-            dnsValidationHostname
-            dnsValidationTarget
-            hostname
-            id
-            source
-        }
-    }
-}
-```
-
-
-**Example Output**:
-
-```json
-{
-  "addCertificate": {
-    "certificate": {
-      "configured": true,
-      "acmeDnsConfigured": true,
-      "acmeAlpnConfigured": true,
-      "certificateAuthority": "lets_encrypt",
-      "certificateRequestedAt": "2020-03-06T12:26:36Z",
-      "dnsProvider": "enom",
-      "dnsValidationInstructions": "CNAME _acme-challenge.codepope.wtf => example.com.o055.flydns.net.",
-      "dnsValidationHostname": "_acme-challenge.example.com",
-      "dnsValidationTarget": "example.com.o055.flydns.net",
-      "hostname": "example.com",
-      "id": "LO7FgYIy0sBZC8yuGNFKQH4QCq4ujMfJZumJCVNiQxhMq",
-      "source": "fly"
-    }
-  }
-}
-```
-
-The returned data here includes all the values needed to configure DNS records for pre-traffic validation.
-
-### Reading a certificate from an application
-
-**With Flyctl**: `flyctl certs show hostname`
-
-**With GraphQL**: The example is [getcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcert.js). This request takes the application name and hostname as parameters.
-
-```graphql
-query($appName: String!, $hostname: String!) {
-  app(name: $appName) {
-    certificate(hostname: $hostname) {
-      configured
-      acmeDnsConfigured
-      acmeAlpnConfigured
-      certificateAuthority
-      createdAt
-      dnsProvider
-      dnsValidationInstructions
-      dnsValidationHostname
-      dnsValidationTarget
-      hostname
-      id
-      source
-      clientStatus
-      issued {
-        nodes {
-          type
-          expiresAt
-        }
-      }
-    }
-  }
-}
-```
-
-**Example Output**:
-
-```json
-{
-  "app": {
-    "certificate": {
-      "configured": true,
-      "acmeDnsConfigured": true,
-      "acmeAlpnConfigured": true,
-      "certificateAuthority": "lets_encrypt",
-      "createdAt": "2020-03-04T17:17:39Z",
-      "dnsProvider": "enom",
-      "dnsValidationInstructions": "CNAME _acme-challenge.example.com => example.com.o055.flydns.net.",
-      "dnsValidationHostname": "_acme-challenge.example.com",
-      "dnsValidationTarget": "example.com.o055.flydns.net",
-      "hostname": "example.com",
-      "id": "4n8ikGIzjsm0s5VclwTDaSODtveu2xCZkHkKCaRilafGk",
-      "source": "fly",
-      "clientStatus": "Ready",
-      "issued": {
-        "nodes": [
-          {
-            "type": "ecdsa",
-            "expiresAt": "2020-06-02T16:17:51Z"
-          },
-          {
-            "type": "rsa",
-            "expiresAt": "2020-06-02T16:17:45Z"
-          }
-        ]
-      }
-    }
-  }
-}
-```
-
-Most of the output duplicates the details from adding a certificate, including the DNS validation settings. The difference here is the `issued` section which contains an array of nodes, each of which is the type and expiry date of certificates that have been issued against this host name. Here we see that ECSDA and RSA certificates have been issued.
-
-### Checking a certificate
-
-**With Flyctl**: `flyctl certs check hostname`
-
-**With GraphQL**: The example is [checkcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/checkcert.js). This request takes the application name and hostname as parameters. It is essentially the same as reading the certificate, but the presence of a request for the certificate's check value will start a validation process. The output is similar too.
-
-```graphql
-query($appName: String!, $hostname: String!) {
-  app(name: $appName) {
-    certificate(hostname: $hostname) {
-        check
-        configured
-        acmeDnsConfigured
-        acmeAlpnConfigured
-        certificateAuthority
-        createdAt
-        dnsProvider
-        dnsValidationInstructions
-        dnsValidationHostname
-        dnsValidationTarget
-        hostname
-        id
-        source
-        clientStatus
-        issued {
-          nodes {
-              type
-              expiresAt
-          }
-        }
-    }
-  }
-}
-```
-
-
-### Deleting a certificate
-
-
-**With Flyctl**: `flyctl certs delete hostname`
-
-**With GraphQL**: The example is [deletecert.js](https://github.com/fly-apps/hostnamesapi/blob/master/deletecert.js). This request takes the application name and hostname as parameters and will remove the hostname from the application.
-
-```graphql
-   mutation($appId: ID!, $hostname: String!) {
-        deleteCertificate(appId: $appId, hostname: $hostname) {
-            app {
-                name
-            }
-            certificate {
-                hostname
-                id
-            }
-        }
-    }
-```
-
-The GraphQL mutation returns the app name and the hostname and certificate id that was removed.
-
-**Example Output**:
-
-```json
-{
-  "deleteCertificate": {
-    "app": {
-      "name": "nginxproxy"
-    },
-    "certificate": {
-      "hostname": "example.com",
-      "id": "6AZc4AS6ysZgHPqFg7TGzIyofewuZnToxu6lUbBi8DHGQ"
-    }
-  }
-}
-```
-
-## Troubleshooting
-### Certificate creation or validation seems to hang, stall or fail
-
-Let's Encrypt™ is a free, automated, and open certificate authority that Fly.io uses to issue TLS certificates for custom domains. However, Let's Encrypt™ imposes certain rate limits to ensure fair usage. If you encounter issues when creating or validating a certificate for a custom domain on Fly.io, it's possible that you've hit these rate limits.
-
-The following [rate limits](https://letsencrypt.org/docs/rate-limits/) from Let's Encrypt™ apply:
-
-* **Certificates per Registered Domain**: 50 per week
-* **Duplicate Certificate limit**: 5 per week
-* **Failed Validation limit**: 5 failures per hostname, per hour
-
-Note that certificate renewals don’t count against your **Certificates per Registered Domain** limit.
-
-If you encounter issues when adding or validating a certificate for a custom domain on Fly.io, you can use the following methods to troubleshoot:
-
-* **Use [Let's Debug](https://letsdebug.net/)**: A diagnostic tool/website to help figure out why you might not be able to issue a certificate for Let's Encrypt™. Using a set of tests, it can identify a variety of issues, including: problems with basic DNS setup, problems with nameservers, rate limiting, networking issues, CA policy issues and common website misconfigurations.
-* **Wait and Retry**: If you've hit a rate limit, you'll need to wait until the rate limit window passes before you can successfully create or validate a certificate again. We don’t have a way to reset it. 
-
-Remember, the best way to avoid hitting rate limits is to use staging environments and domains for testing and development, and to carefully plan your certificate issuance to stay within the limits. Avoid failed validation by ensuring that your DNS records are correctly configured, with no conflicting records.
-
-If you're building a platform on top of Fly.io, and you expect that your users will frequently delete and then recreate the same resources within a short window, consider implementing "soft delete" logic into your platform that retains the Fly.io resources for a period of time, negating the need to recreate certs frequently.
-
-### I use Cloudflare, and there seems to be a problem issuing or validating my Fly.io TLS certificate
-
-If you're using Cloudflare, you might be using their Universal SSL feature which inserts a TXT record of `_acme_challenge.<YOUR_DOMAIN>` for your domain. This can interfere with our certificate validation/challenge and you should [disable](https://developers.cloudflare.com/ssl/edge-certificates/universal-ssl/disable-universal-ssl/#disable-universal-ssl-certificate) this feature.
-
-You can then verify that the change has propagated and the TXT record is no longer present by running `dig txt _acme-challenge.<YOUR_DOMAIN> +short`.
-
-## Wrapping up
-
-You have everything you need to either hand assign a custom domain to your Fly.io application or to create your own automated multi-domain proxy. Let your ideas take flight with Fly.io.
-
diff --git a/app-guides/edgedb.html.md b/app-guides/edgedb.html.md
index 01e4a92976..ec0177e26b 100644
--- a/app-guides/edgedb.html.md
+++ b/app-guides/edgedb.html.md
@@ -8,7 +8,7 @@ categories:
 redirect_from: /docs/getting-started/edgedb/
 ---
 
-[EdgeDB](https://www.edgedb.com) is a [graph-relational database](https://www.edgedb.com/blog/the-graph-relational-database-defined) that runs on top of Postgres and is designed as a spiritual successor to SQL. This guide explains how to perform a single-region deployment of EdgeDB with persistent storage. It will require two apps: one for Postgres and one for the EdgeDB container.
+[EdgeDB](https://www.edgedb.com+external) is a [graph-relational database](https://www.edgedb.com/blog/the-graph-relational-database-defined+external) that runs on top of Postgres and is designed as a spiritual successor to SQL. This guide explains how to perform a single-region deployment of EdgeDB with persistent storage. It will require two apps: one for Postgres and one for the EdgeDB container.
 
 ## Create the Postgres app
 
@@ -137,7 +137,7 @@ flyctl secrets set \
   --app my-other-app
 ```
 
-If you've [configured a Wireguard tunnel](https://fly.io/docs/reference/private-networking/) on your local machine, you'll be able to open a REPL to your new EdgeDB instance with the `edgedb` CLI.
+If you've [configured a Wireguard tunnel](https://fly.io/docs/networking/private-networking/) on your local machine, you'll be able to open a REPL to your new EdgeDB instance with the `edgedb` CLI.
 
 ```cmd
 edgedb --dsn edgedb://edgedb:mysecretpassword@myedgedb.internal:8080 --tls-security insecure
diff --git a/app-guides/fauna.html.md b/app-guides/fauna.html.md
index 7d0961e6fd..18ec1a9270 100644
--- a/app-guides/fauna.html.md
+++ b/app-guides/fauna.html.md
@@ -7,15 +7,15 @@ categories:
   - database
 ---
 
-[Fauna](https://fauna.com/) is a distributed relational database with a document data model, and delivered as an API. Databases created in Fauna automatically get three geographically distributed replicas with active-active writes and ACID compliance, making it a powerful complement to Fly.io in serving low latency reads and writes for dynamic global applications.
+[Fauna](https://fauna.com/+external) is a distributed relational database with a document data model, and delivered as an API. Databases created in Fauna automatically get three geographically distributed replicas with active-active writes and ACID compliance, making it a powerful complement to Fly.io in serving low latency reads and writes for dynamic global applications.
 
 ## Starter kit
 
-Fauna provides [starter kits](https://github.com/orgs/fauna-labs/repositories?q=fly-io-starter) to help you quickly launch an app on Fly.io, using Fauna as the database backend. Before you start, read the short section below to learn how Fauna and Fly.io makes for a great combination when building low latency, dynamic global applications.  
+Fauna provides [starter kits](https://github.com/orgs/fauna-labs/repositories?q=fly-io-starter+external) to help you quickly launch an app on Fly.io, using Fauna as the database backend. Before you start, read the short section below to learn how Fauna and Fly.io makes for a great combination when building low latency, dynamic global applications.  
 
 ## Region Groups
 
-A Fauna Region Group refers to the locality footprint of where the replicas are located, and allows you to control where your data resides, making it possible to comply with data locality legislation, such as the General Data Protection Regulation ([GDPR](https://gdpr-info.eu/)).
+A Fauna Region Group refers to the locality footprint of where the replicas are located, and allows you to control where your data resides, making it possible to comply with data locality legislation, such as the General Data Protection Regulation ([GDPR](https://gdpr-info.eu/+external)).
 
 ![Fauna Region Group](/docs/images/fauna_region_groups.png)
 
@@ -32,7 +32,7 @@ Currently, Fauna provides 2 choices of Regions Groups, US and EU. The table belo
 
 To take full advantage of Fauna's distributed footprint, you should deploy your app on 3 Fly.io regions as well, and as close as possible to the Region Groups' replicas. 
 
-For example, let's say you created your Fauna database in the US Region Group and you used the Fauna [Python Fly.io starter kit](https://github.com/fauna-labs/python-fly-io-starter) with the default configuration to create your Fly app. Your app will be in the `sjc` region, as determined by `primary_region` in the `fly.toml` config file. You can add Machines in the other closest US regions using this command:
+For example, let's say you created your Fauna database in the US Region Group and you used the Fauna [Python Fly.io starter kit](https://github.com/fauna-labs/python-fly-io-starter+external) with the default configuration to create your Fly app. Your app will be in the `sjc` region, as determined by `primary_region` in the `fly.toml` config file. You can add Machines in the other closest US regions using this command:
 
 ```
 fly scale count 2 --region ord,iad
diff --git a/app-guides/global-nginx-proxy.html.markerb b/app-guides/global-nginx-proxy.html.markerb
index b6030905fa..07aeeb88f7 100644
--- a/app-guides/global-nginx-proxy.html.markerb
+++ b/app-guides/global-nginx-proxy.html.markerb
@@ -56,7 +56,7 @@ Both server sections are set to listen on port 8080. The `server_name` directive
 
 ### Deploying NGINX to Fly
 
-We now need to create a slot for our new Fly app. Assuming you are signed up and logged in (if not see our [hands-on for getting started](/docs/hands-on/start/)), then we'll run this:
+We now need to create a slot for our new Fly app. Assuming you are signed up and logged in (if not see our [hands-on for getting started](/docs/hands-on/)), then we'll run this:
 
 ```cmd
 flyctl apps create
@@ -72,4 +72,4 @@ Our app will now be built and deployed onto the Fly infrastructure. When that's
 
 ### Choose your own adventure
 
-With the proxy app in place, you now have a foundation for adding features "at the edge". Maybe try HTTP caching in NGINX, or look at our [OpenResty guide and learn to write Lua](/docs/app-guides/openresty-nginx-plus-lua). Or if you're feeling extra spicey, let your customers [add their own domains](/docs/app-guides/custom-domains-with-fly/) to your application.
+With the proxy app in place, you now have a foundation for adding features "at the edge". Maybe try HTTP caching in NGINX, or look at our [OpenResty guide and learn to write Lua](/docs/app-guides/openresty-nginx-plus-lua). Or if you're feeling extra spicey, let your customers [add their own domains](/docs/networking/custom-domain/) to your application.
diff --git a/app-guides/graphql-on-fly-with-hasura.html.markerb b/app-guides/graphql-on-fly-with-hasura.html.markerb
index 62b60207d6..33335b7b92 100644
--- a/app-guides/graphql-on-fly-with-hasura.html.markerb
+++ b/app-guides/graphql-on-fly-with-hasura.html.markerb
@@ -39,7 +39,7 @@ For any Fly application, you need to reserve an app name. So let's create an app
 flyctl apps create
 ```
 
-**If you don't have `flyctl`, you'll need to install it. Check out our [Install Flyctl](/docs/hands-on/install-flyctl/) guide. If you haven't got a Fly account yet, run `flyctl auth signup` to get your own free account.**
+**If you don't have `flyctl`, you'll need to install it. Check out our [Install Flyctl](/docs/flyctl/install/) guide. If you haven't got a Fly account yet, run `flyctl auth signup` to get your own free account.**
 
 You will be asked for an app name at this point. Hit return to have one auto-generated for you. You'll see the app name when the create has been completed like this:
 
diff --git a/app-guides/livebook.html.markerb b/app-guides/livebook.html.markerb
index 0df39931a9..23c1d747b1 100644
--- a/app-guides/livebook.html.markerb
+++ b/app-guides/livebook.html.markerb
@@ -7,7 +7,7 @@ categories:
   - elixir
 ---
 
-In this guide we'll deploy [Livebook](https://livebook.dev/), the interactive Elixir notebook app, to a single Fly Machine using the [Fly Launch](/docs/apps/) approach. 
+In this guide we'll deploy [Livebook](https://livebook.dev+external), the interactive Elixir notebook app, to a single Fly Machine using the [Fly Launch](/docs/launch/) approach. 
 
 We'll give Livebook a 1GB [persistent volume](/docs/volumes/) on which to store notebooks and other data.
 
@@ -28,11 +28,11 @@ Prepare a directory for your Livebook app config and place a `fly.toml` file ins
 
 ```toml
 [build]
-  image = "ghcr.io/livebook-dev/livebook:0.11.3"
+  image = "ghcr.io/livebook-dev/livebook:0.13.0"
                                                # use a prebuilt Livebook Docker image
 
 [env]
-  ELIXIR_ERL_OPTIONS = "-proto_dist inet6_tcp" # enable ipv6 for Fly.io private networking
+  ERL_AFLAGS = "-proto_dist inet6_tcp"         # enable ipv6 for Fly.io private networking
   LIVEBOOK_DATA_PATH = "/data"                 # /data is the mount point of the persistent volume
   LIVEBOOK_HOME = "/data"
   LIVEBOOK_ROOT_PATH = "/data"
@@ -106,7 +106,7 @@ To use your Livebook, visit `https://<your-app-name>.fly.dev` in the browser, or
 
 You can test that your notebook was saved onto the persistent volume by running `fly apps restart` and clicking "Open" on the Livebook home page to find and open it from storage.
 
-## A note on `auto_stop_machines` and `auto_start_machines` settings
+## A note on auto start and stop settings
 
 The `auto_stop_machines` and `auto_start_machines` config options are set to `true` in the app config. The Fly proxy will shut down the Machine when there's nobody connected to it. Livebook does try to save even "unsaved notebooks," but principle you can lose data if it shuts down and you have not saved your work.
 
diff --git a/app-guides/minio.html.markerb b/app-guides/minio.html.markerb
index 86b85dcdbc..de378a98cd 100644
--- a/app-guides/minio.html.markerb
+++ b/app-guides/minio.html.markerb
@@ -10,17 +10,17 @@ categories:
 date: 2022-12-11
 ---
 
-Object storage is useful when your apps need access to unstructured data like images, videos, or documents. Amazon's S3 is an obvious solution, but you can also host your own S3-compatible object storage using the AGPLv3-licensed [MinIO](https://min.io/).
+Object storage is useful when your apps need access to unstructured data like images, videos, or documents. Amazon's S3 is an obvious solution, but you can also host your own S3-compatible object storage using the AGPLv3-licensed [MinIO](https://min.io/+external).
 
 We're going to set up a single instance of MinIO on Fly.io, backed by [Fly Volume storage](/docs/volumes/).
 
-A note: it's been observed that some features of the MinIO browser console are memory-intensive enough to crash a VM with 256MB of RAM. For even small-scale production use you'll probably need a larger (non-free) VM. 512MB seems to work for poking around and uploading small objects. (For perspective, [MinIO docs recommend a minimum of 128**GB** RAM](https://min.io/docs/minio/container/operations/checklists/hardware.html#minio-hardware-checklist) for deployment at scale.)
+A note: it's been observed that some features of the MinIO browser console are memory-intensive enough to crash a VM with 256MB of RAM. For even small-scale production use you'll probably need a larger (non-free) VM. 512MB seems to work for poking around and uploading small objects. (For perspective, [MinIO docs recommend a minimum of 128GB RAM](https://min.io/docs/minio/container/operations/checklists/hardware.html#minio-hardware-checklist+external) for deployment at scale.)
 
-This is a guide to a demonstration deployment of the official standalone MinIO Docker image, and isn't tuned in any way. Check out the [MinIO](https://min.io/docs/minio/linux/index.html) [docs](https://github.com/minio/minio/tree/master/docs) for more sophisticated use.
+This is a guide to a demonstration deployment of the official standalone MinIO Docker image, and isn't tuned in any way. Check out the [MinIO docs](https://min.io/docs/minio/linux/index.html+external) docs for more sophisticated use.
 
 ## Dockerfile 
 
-We'll use the official [minio/minio](https://hub.docker.com/r/minio/minio) Docker image, but with a custom start command. Here's the Dockerfile to build that: 
+We'll use the official [minio/minio](https://hub.docker.com/r/minio/minio+external) Docker image, but with a custom start command. Here's the Dockerfile to build that: 
 
 ```docker
 FROM minio/minio
@@ -61,7 +61,7 @@ Your app is ready! Deploy with `flyctl deploy`
 
 ## (Un)configure networking
 
-There's no need for this app to be accessible from the public internet, if you run your object storage within the same [Fly IPV6 private network](https://fly.io/docs/reference/private-networking/) as the app(s) that want to connect to it.
+There's no need for this app to be accessible from the public internet, if you run your object storage within the same [Fly IPV6 private network](https://fly.io/docs/networking/private-networking/) as the app(s) that want to connect to it.
 
 Delete the `[http_service]` block in `fly.toml`. Now the Fly proxy won't pass any requests to the app from outside your private network.
 
@@ -74,7 +74,7 @@ fly vol create miniodata --region lhr
 ```
 
 ```out
-Warning! Every volume is pinned to a specific physical host. You should create two or more volumes per application to avoid downtime. Learn more at https://fly.io/docs/reference/volumes/
+Warning! Every volume is pinned to a specific physical host. You should create two or more volumes per application to avoid downtime. Learn more at https://fly.io/docs/volumes/
 ? Do you still want to use the volumes feature? Yes
                   ID: vol_6vjd0dkm5ny038mv
                 Name: miniodata
@@ -117,7 +117,7 @@ fly deploy
 
 MinIO has a web interface. It's served on the port specified by `--console-address` in the Dockerfile, which we set to `9001`. We can access this panel over our private WireGuard network.
 
-One way to do this is to set up a [regular WireGuard tunnel](https://fly.io/docs/reference/private-networking/), and visit `http://my-minio.internal:9001` in the browser.
+One way to do this is to set up a [regular WireGuard tunnel](https://fly.io/docs/networking/private-networking/), and visit `http://my-minio.internal:9001` in the browser.
 
 A simpler way is to use flyctl's user-mode WireGuard to proxy a local port to the app:
 
@@ -134,7 +134,7 @@ Log into the admin panel with the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` va
 
 ## Using the `mc` MinIO Client
 
-You can connect to your MinIO with the `mc` command-line [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html).
+You can connect to your MinIO with the `mc` command-line [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html+external).
 
 MinIO listens for non-browser connections on port 9000, by default. If you're connecting using `fly proxy`, you'll have to proxy port 9000 to use `mc`. 
 
@@ -190,7 +190,7 @@ ENV MINIO_SERVER_URL="http://minio1.local:9000/"
 CMD [ "server", "http://minio{1...3}.local:9000/data", "--console-address", ":9001"]
 ```
 
-We're using [expansion notation](https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html#sequential-hostnames) to tell MinIO that there will be 3 nodes in the cluster.
+We're using [expansion notation](https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html#sequential-hostnames+external) to tell MinIO that there will be 3 nodes in the cluster.
 
 ### Disk Storage
 
@@ -245,7 +245,7 @@ fly scale count 3
 
 ### Private networking
 
-One of the great things about Fly.io is the [private networking](https://fly.io/docs/reference/private-networking/) we get for free. We'll use our Machines' private IPs to define hostnames in `/etc/hosts` which our nodes will use to communicate with each other.
+One of the great things about Fly.io is the [private networking](https://fly.io/docs/networking/private-networking/) we get for free. We'll use our Machines' private IPs to define hostnames in `/etc/hosts` which our nodes will use to communicate with each other.
 
 Get the private IPs of your Machines:
 
@@ -317,4 +317,4 @@ Create a bucket in one tab and then refresh the other tab. If everything is work
 
 ## What's next?
 
-This was a basic guide for getting an instance of MinIO deployed on Fly.io, scratching the surface of what you might want to do with an S3-compatible object store. You can use your MinIO bucket storage right from the web interface. Your apps can talk to it from within the same private network. [MinIO docs](https://min.io/docs/minio/linux/index.html) cover more advanced usage. 
+This was a basic guide for getting an instance of MinIO deployed on Fly.io, scratching the surface of what you might want to do with an S3-compatible object store. You can use your MinIO bucket storage right from the web interface. Your apps can talk to it from within the same private network. [MinIO docs](https://min.io/docs/minio/linux/index.html+external) cover more advanced usage. 
diff --git a/app-guides/multiple-processes.html.md b/app-guides/multiple-processes.html.md
index 37590b172c..9636248077 100644
--- a/app-guides/multiple-processes.html.md
+++ b/app-guides/multiple-processes.html.md
@@ -1,5 +1,5 @@
 ---
-title: "Running Multiple Processes Inside A Fly.io App"
+title: Multiple processes inside a Fly.io app
 layout: docs
 sitemap: true
 toc: true
@@ -10,15 +10,15 @@ categories:
 date: 2020-07-20
 ---
 
-This comes up a lot: how can you run multiple programs in an app on Fly.io? Recall that Fly.io apps are shipped to us in containers, usually built by Docker, and Docker has… opinions… about running multiple things in a container.
+<div class="callout">
+This guide discusses different ways to run multiple processes in your app. To learn about process groups in Fly Apps and the `[processes]` configuration in `fly.toml`, see [Run multiple process groups in an app](/docs/apps/processes/). For process group configuration with the Machines API, see the `config.processes` object in the [Machine config](docs/machines/api/machines-resource/#machine-config-object-properties).
+</div>
 
-Well, [we don't use Docker to run containers](https://fly.io/blog/docker-without-docker/). Your app is running in a VM, with its own kernel. You can do pretty much anything you want inside of it, including running as many programs as you like. Most of the time, the trick is just telling Docker how to do that.
+This comes up a lot: how can you run multiple programs in an app on Fly.io? Recall that Fly.io apps are shipped to us in OCI images, usually built by Docker, and Docker has… opinions… about running multiple things in a container.
 
-There are a couple different ways to run multiple processes in a Fly.io app. All of them address the first rule of programs running in Fly VM: when your entrypoint program exits, our `init` kills the VM and we start a new one. So at the end of the day, *something* has to keep running "in the foreground".
+Well, [we don't use Docker to run images](https://fly.io/blog/docker-without-docker/). Your app is running in a [Machine](/docs/machines/), a fast-launching VM with its own kernel. You can do pretty much anything you want inside of it, including running as many programs as you like. Most of the time, the trick is just telling Docker how to do that.
 
-For more information about process groups, refer to [Run multiple process groups in an app](/docs/apps/processes/).
-
-<div class="callout">Fly.io <u>[Machines](/docs/machines)</u> can run multiple processes</u> natively, no need for extra configuration. <u>[Examples here](https://community.fly.io/t/multi-process-machines/8375)</u>.</div>
+There are a couple different ways to run multiple processes in a Fly.io app. All of them address the first rule of programs running in a Fly Machine: when your entrypoint program exits, our `init` kills the Machine and we start a new one. So at the end of the day, *something* has to keep running "in the foreground".
 
 ### Setting the scene
 
@@ -50,9 +50,9 @@ Now, some options to actually run this stuff:
 
 ### Process groups
 
-This is the recommended way to run multiple processes. **This method runs each process in its own VM**. Examples of running multiple processes within a single VM are found below!
+[Process groups](/docs/apps/processes/) are the recommended way to run multiple processes. This method runs each process in its own Machine or group of Machines.
 
-Fly.io has the notion of [process groups](https://community.fly.io/t/preview-multi-process-apps-get-your-workers-here/2316). You can define multiple processes in your `fly.toml`, giving each a name. Each defined process runs in its own VM within the one app.
+You can define multiple process groups in your `fly.toml`, giving each a name. Each defined process runs in its own Machine or group of Machines within the one app.
 
 You can see that in action in the below (truncated) `fly.toml` file:
 
@@ -69,7 +69,7 @@ bar_web = "/app/server -bar"
   script_checks = []
 ```
 
-Here we define two processes: `web` and `bar_web`. Each command (e.g. `/app/server` and `/app/server -bar`) is setting the *command* passed to your Dockerfile *entrypoint*. That means your entrypoint needs to be able to handle a command being passed to it!
+Here we define two processes: `web` and `bar_web`. The command defined for each process group is setting the *command* passed to your Dockerfile *entrypoint*. That means your entrypoint needs to be able to handle a command being passed to it!
 
 Here's an example of such an entrypoint:
 
@@ -87,7 +87,7 @@ fi
 
 Note that under the `[[services]]` section of the `fly.toml` file, we define a service for process `web`. The `processes = [...]` array acts as a filter - it will apply only to the processes listed.
 
-See the [announcement post](https://community.fly.io/t/preview-multi-process-apps-get-your-workers-here/2316) for more details on scaling with multiple processes. Also note that it's a bit finnicky - it's best to create *new* apps with multiple processes. Adding them on top of existing apps (or removing them from apps that are using them) may cause some confusion. We're working on it!
+You can also scale Machines horizontally and vertically by process group. See the [process groups](/docs/apps/processes/) docs for details.
 
 ### Just use Bash
 
@@ -133,7 +133,7 @@ This works well enough to connect the app to Fly.io's Anycast network, so here's
 
 The other Docker documentation suggestion: use `supervisor`. `supervisor` is an actual process manager; it'll run in the foreground and manage all our processes and, most importantly, when our processes exit, `supervisor` will (configurably) restart it. 
 
-`supervisor` has [a lot of configuration options](http://supervisord.org/configuration.html). But because we're running on Fly.io, we mostly don't care about them; the platform is doing a lot of this work for us. So the `supervisor` configuration we want is pretty simple:
+`supervisor` has [a lot of configuration options](http://supervisord.org/configuration.html+external). But because we're running on Fly.io, we mostly don't care about them; the platform is doing a lot of this work for us. So the `supervisor` configuration we want is pretty simple:
 
 ```toml
 [supervisord]
@@ -183,7 +183,7 @@ foo: /app/server
 bar: /app/server -bar
 ```
 
-A Procfile manager I like a lot is [overmind](https://github.com/DarthSim/overmind). `overmind` is a Go program, so it's got a small runtime, and you could, if you were fussy, build a container that just takes the `overmind` binary and none of its build deps. We won't bother, though, since we're already bringing those deps in. So:
+A Procfile manager I like a lot is [overmind](https://github.com/DarthSim/overmind+external). `overmind` is a Go program, so it's got a small runtime, and you could, if you were fussy, build a container that just takes the `overmind` binary and none of its build deps. We won't bother, though, since we're already bringing those deps in. So:
 
 ```Dockerfile
 FROM golang
@@ -221,7 +221,7 @@ There are good reasons to run multiple programs in a single container, but somet
 
 If you're running multiple heavy-weight things in a single container, you might explore just running them as separate Fly.io apps. The advantage to doing this, apart from the apps not fighting over the same CPUs and memory, is that you can scale separate apps independently, and put them in different sets of regions.
 
-Fly.io apps can talk to each other over a [private network](https://fly.io/docs/reference/private-networking/) that's always available. They can find each other under the `.internal` top-level domain (if your apps are `foo` and `bar`, they'll be in the DNS as `foo.internal` and `bar.internal`). Because the network connection is private and encrypted, you can generally just talk back and forth without extra authentication until you know you need it; in other words, you can keep things simple.
+Fly.io apps can talk to each other over a [private network](https://fly.io/docs/networking/private-networking/) that's always available. They can find each other under the `.internal` top-level domain (if your apps are `foo` and `bar`, they'll be in the DNS as `foo.internal` and `bar.internal`). Because the network connection is private and encrypted, you can generally just talk back and forth without extra authentication until you know you need it; in other words, you can keep things simple.
 
 ### Maybe you don't need multiple processes
 
diff --git a/app-guides/mysql-on-fly.html.markerb b/app-guides/mysql-on-fly.html.markerb
index 262e920897..0769f7b553 100644
--- a/app-guides/mysql-on-fly.html.markerb
+++ b/app-guides/mysql-on-fly.html.markerb
@@ -27,12 +27,17 @@ mkdir my-mysql
 cd my-mysql
 
 # Run `fly launch` to create an app
-fly launch --no-deploy
+# Use the --no-deploy option since we'll make changes before first deploy
+# Use the --image option to specify a MySQL Docker image
+fly launch --no-deploy --image mysql:8.0.37
 ```
 
-You can name the app whatever you'd like. The name will become a hostname our application uses to connect to the database, such as `my-mysql.internal`.
+Type `y` when prompted to tweak the default app settings. Then, on the Fly Launch page:
 
-We used the `--no-deploy` option because we have some work to do before we deploy the app.
+- Name the app whatever you'd like. The name will become a hostname our application uses to connect to the database, such as `my-mysql.internal`.
+- If you're using MySQL 8, it's a good idea to add some additional RAM to the VM: we recommend selecting 2GB of VM Memory.
+
+Confirm the settings and return to your terminal.
 
 ## Configure the App
 
@@ -43,7 +48,7 @@ Let's create a volume straight-away. If you don't create a volume, you'll lose a
 fly volumes create mysqldata --size 10 # gb
 ```
 
-We also need to set some secrets required by the [MySQL container](https://hub.docker.com/_/mysql):
+We also need to set some secrets required by the [MySQL container](https://hub.docker.com/_/mysql+external):
 
 ```bash
 # Set secrets:
@@ -56,82 +61,94 @@ Save these secrets somewhere, because they're not accessible after you set them.
 
 Finally, edit the `fly.toml` file that `fly launch` generated.
 
-For apps using MySQL 8+:
-
 ```toml
-app = "my-mysql"
-kill_signal = "SIGINT"
-kill_timeout = 5
-
-# If copy/paste'ing, adjust this
-# to the region you're deploying to
+# Keep your own app name
+app = 'my-mysql'
+# Keep your own primary region
 primary_region = "bos"
 
+[build]
+  image = 'mysql:8'
+
+[[vm]]
+  cpu_kind = 'shared'
+  cpus = 1
+  memory_mb = 2048
+
+# The [processes] section is different for 8+, 8.4, and 5.7. Use the one that matches your version.
+# Use the following for versions 8 to 8.3:
 [processes]
-app = """--datadir /data/mysql \
-  --default-authentication-plugin mysql_native_password \
-  --performance-schema=OFF \
-  --innodb-buffer-pool-size 64M"""
+  app = """--datadir /data/mysql \
+    --default-authentication-plugin mysql_native_password"""
+
+# Uncomment and use the following for 8.4:
+# [processes]
+#  app = """--datadir /data/mysql \
+#    --mysql-native-password=ON"""
 
+# Uncomment and use the following for 5.7:
+# [processes]
+#  app = "--datadir /data/mysql"
+
+# Add the following sections for all versions
 [mounts]
-  source="mysqldata"
-  destination="/data"
+  source = "mysqldata"
+  destination = "/data"
 
 [env]
   MYSQL_DATABASE = "some_db"
   MYSQL_USER = "non_root_user"
-
-# As of 04/25/2023:
-# MySQL 8.0.33 has a bug in it
-# so avoid that specific version
-[build]
-  image = "mysql:8.0.32"
 ```
 
-There's a few important things to note:
+There are a few important things to note:
 
-1. We deleted the `[[services]]` or the `[[http_service]]` block and everything under it. We don't need it!
-1. We added the `[build]` section to specify an existing Docker image. We don't need to create a `Dockerfile` of our own.
+1. We deleted the `[[http_service]]` block and everything under it. We don't need it!
 1. In the `[env]` section, we added two not-so-secret environment variables that MySQL will need to initialize itself.
     * The `MYSQL_USER` here should be any user but `root`, which already exists.
 1. We added the `[processes]` section for the default `app` process, which lets us pass custom commands (overriding Docker's `CMD`).
-    * For MySQL 8+, you'll want to use the `mysql_native_password` password plugin.
-    * Also for MySQL 8+, to reduce memory usage, add the performance schema and buffer pool size flags. Note that `--performance-schema=OFF` is all one string.
-    * **Important**: For MySQL 5.7 and MySQL 8+, we set MySQL's data directory to a subdirectory of our mounted volume.
+    * For MySQL 8+, you'll want to use the `mysql_native_password` authentication plugin. As shown in the fly.toml above, there are different syntax for setting this plugin based on the MySQL version.
+    * If you're using **MySQL 5.7**, your `app` process can be simplified as shown in the `fly.toml` example above, as it uses `mysql_native_password` [by default](https://dev.mysql.com/doc/refman/5.7/en/native-pluggable-authentication.html#:~:text=client%20programs%20use-,mysql_native_password,-by%20default.%20The).
+    * **MySQL 8.0.32 to 8.3** must explicitly set this with the `--default-authentication-plugin` flag.
+    * Starting from **MySQL 8.4**, the `--default-authentication-plugin` option is [deprecated](https://github.com/docker-library/mysql/issues/1048#issuecomment-2088836076). If you're using 8.4+, you can make use of the `--mysql-native-password` flag instead.
+   
+<div class="important icon">
+**Important**: Set MySQL's data directory to a subdirectory of your mounted volume. Mounting a disk in Linux usually results in a `lost+found` directory being created. However, MySQL won't initialize into a data directory unless it's completely empty. That's why you need to use a subdirectory of the mounted location: `/data/mysql`.
+</div>
 
-If you're using MySQL 5.7, your `app` process can be simplified:
 
-```toml
-[processes]
-app = "--datadir /data/mysql"
+## Deploy the App
+
+We're now ready to deploy the MySQL app! Go ahead and run:
+
+```bash
+fly deploy
 ```
 
-<div class="callout">⚠️ Mounting a disk in Linux usually results in a `lost+found` directory being created. However, MySQL won't initialize into a data directory unless it's completely empty. Therefore, we use a subdirectory of the mounted location: `/data/mysql`.</div>
+After a minute of MySQL initializing itself (on its first run), you should now have an app running MySQL! 
 
-## Scale the App
+Your other apps can access the MySQL service by its name. In my case, I would use `my-mysql.internal` as the hostname. Any app that needs to access the database should set the hostname and username as environment variables, and create a secret for the database password.
 
-There's one more detail. MySQL 8+ has higher baseline resource demands than MySQL 5.7.
+## Debugging Possible Errors
 
-If you're using MySQL 8, it's best to add some additional RAM to the VM:
+### `mysqld: Table 'mysql.plugin' doesn't exist`
 
-```bash
-# Give the vm 2GB of ram
-fly scale memory 2048
-```
+This error is an indicator that the [mysql System Schema](https://dev.mysql.com/doc/refman/8.4/en/system-schema.html) inside the [MySQL data directory](https://dev.mysql.com/doc/refman/8.4/en/data-directory.html) is empty. This can happen due to different reasons. One of them is when a MySQL app is previously deployed with `--default-authentication-plugin`, and it gets re-deployed with the updated syntax `--mysql-native-password=ON`.
 
-This isn't necessary with MySQL 5.7.
+The quickest way to fix this is to revise the `--datadir` flag to a different directory from what was previously set:
 
-## Deploy the App
+```toml
+# Please revise the MySQL data directory to another location
 
-We're now ready to deploy the MySQL app! Go ahead and run:
+# For example if you had:
+[processes]
+app = "--datadir /data/mysql"
 
-```bash
-fly deploy
+# You can change the path to a different directory
+[processes]
+app = "--datadir /data/mysql_
 ```
+Changing the [MySQL data directory](https://dev.mysql.com/doc/refman/8.4/en/data-directory.html) will allow MySQL to completely initialize the new directory with a complete `mysql system schema.` Once done, redeploy your changes with `fly deploy`.
 
-After a minute of MySQL initializing itself (on its first run), you should now have an app running MySQL! 
-
-Your other apps can access the MySQL service by its name. In my case, I would use `my-mysql.internal` as the hostname. Any app that needs to access the database should set the hostname and username as environment variables, and create a secret for the database password.
 
 ## Access the database from outside
 
@@ -152,14 +169,14 @@ flyctl proxy 13306:3306 -a my-mysql
 Then connect to your MySQL server at `localhost:3306` and the username and password credentials from above:
 
 ```cmd
-mysql -h localhost -P 3306 -u non_root_user -ppassword some_db
+mysql --protocol=tcp -h localhost -P 3306 -u non_root_user -ppassword some_db
 ```
 
 ## Backups
 
 We'll take a snapshot of the created volume every day. We retain 5 days of snapshots.
 
-To restore a snapshot, make sure you have the latest version of the `fly` command, and then create a new volume using the `--snapshot-id` flag.
+To restore a snapshot, make sure you have the latest version of the flyctl, and then create a new volume using the `--snapshot-id` flag.
 
 ```bash
 # Get a volume ID
diff --git a/app-guides/nginx-at-the-edge.html.markerb b/app-guides/nginx-at-the-edge.html.markerb
deleted file mode 100644
index 15cda110e8..0000000000
--- a/app-guides/nginx-at-the-edge.html.markerb
+++ /dev/null
@@ -1,67 +0,0 @@
----
-title: Nginx at the edge
-layout: docs
-sitemap: false
-nav: firecracker
-date: 2020-01-10
----
-
-<%= partial "/docs/partials/obsolete_doc" %>
-
-Nginx is a lightweight and powerful proxy server. It runs exceptionally well close to end users, and devs can do a lot with it: everything from manage global redirect rules to full blown apps with OpenResty.
-
-## _Build an Nginx app_
-
-Fly runs apps bundled as Docker images. Go ahead and create a working directory for this guide, we'll use `nginx-example`.
-
-```cmd
-mkdir nginx-example
-```
-```cmd
-cd nginx-example
-```
-
-#### `./nginx.conf`
-
-Nginx needs a configuration file, here's a basic configuration for proxying requests to a Heroku application. Save this to your working directory as `nginx.conf`:
-
-```cmd
-cat nginx.conf
-```
-```output
-user nginx;
-worker_processes auto;
-
-error_log /dev/stdout info; # log errors stdout for Fly
-pid /var/run/nginx.pid;
-
-events {
-  worker_connections 1024;
-}
-
-http {
-  default_type  application/octet-stream;
-
-  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-    '$status $body_bytes_sent "$http_referer" '
-    '"$http_user_agent" "$http_x_forwarded_for"';
-
-  access_log /dev/stdout main; # log requests to stdout
-  sendfile on;
-  keepalive_timeout 65;
-  gzip on;
-
-  server {
-    listen 80;
-    server_name _;
-    keepalive_timeout 5;
-    location / {
-      proxy_set_header X-Forwarded-Host $http_host; # set x-forwarded-host from the original host header
-      proxy_redirect on; #rewrite redirects
-      proxy_pass https://example.herokuapp.com/; #proxy to heroku ap
-    }
-  }
-}
-```
-#### `./Dockerfile`
-
diff --git a/app-guides/planetscale.html.markerb b/app-guides/planetscale.html.markerb
index 8898c4db30..a569428b73 100644
--- a/app-guides/planetscale.html.markerb
+++ b/app-guides/planetscale.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Fly.io and PlanetScale
 layout: docs
-sitemap: false
 toc: false
 author: joshua
 categories:
@@ -14,13 +13,13 @@ date: 2022-05-24
 
 PlanetScale is a MySQL-compatible serverless database. It now supports read replicas so you can perform low-latency reads wherever your users are located. This guide walks you through setting up PlanetScale with Fly.io apps. 
 
-We'll work with a [sample Express app](https://github.com/fly-apps/nodejs-planetscale-read-replicas/) for the [Fly platform](https://fly.io) which uses a [PlanetScale](https://planetscale.com) database. 
+We'll work with a [sample Express app](https://github.com/fly-apps/nodejs-planetscale-read-replicas/+external) for the [Fly platform](https://fly.io) which uses a [PlanetScale](https://planetscale.com+external) database. 
 
 ## Create a database
 
 The sample app assumes a database already exists. You'll need to create that database before running the app. Since read-only regions can currently only be created using the PlanetScale UI, this guide does not use their CLI.
 
-[Sign in to PlanetScale](https://auth.planetscale.com/sign-in), creating an account if you don't already have one. You can use a free account to create a database however you will need to upgrade to their paid _Scaler_, _Team_,  or _Enterprise_ [plan](https://planetscale.com/pricing) if you would like to add read-only regions.
+[Sign in to PlanetScale](https://auth.planetscale.com/sign-in+external), creating an account if you don't already have one. You can use a free account to create a database however you will need to upgrade to their paid _Scaler_, _Team_,  or _Enterprise_ [plan](https://planetscale.com/pricing+external) if you would like to add read-only regions.
 
 Click on the black 'New database' button and pick 'Create new database'. Give it a name and choose its region. This is your **primary** database (we'll refer to it in multiple places later on). Choose the closest region to where you will deploy your app for the best performance:
 
@@ -87,9 +86,9 @@ Your database is now ready to be queried by our sample app!
 
 ## Run the app locally
 
-To run it locally you will need [NodeJS](https://nodejs.org/en/download/)
+To run it locally you will need [NodeJS](https://nodejs.org/en/download/+external).
 
-1. Clone the [`nodejs-planetscale-read-replicas`](https://github.com/fly-apps/nodejs-planetscale-read-replicas) repo.
+1. Clone the [`nodejs-planetscale-read-replicas`](https://github.com/fly-apps/nodejs-planetscale-read-replicas+external) repo.
 2. Run `npm install` to install its dependencies.
 3. Duplicate `.env.example`, naming it `.env`.
 4. The application needs to know about all the available regions. There are different ways this could be done. We've opted to use a single comma-separated string of connection strings. In the `.env`, set `DATABASE_URL` as _all_ of the connection URLs you have, separated by a comma. The **first** one should be the one for your **primary** (and possibly only) database. Follow it with those for any read-only regions you've added. It will look something like this. Note the comma between them:
@@ -105,7 +104,7 @@ You've successfully connected to a PlanetScale database!
 
 ## Deploy the app to Fly
 
-If you haven't already done so, [install the Fly CLI](https://fly.io/docs/hands-on/install-flyctl/) and  then [log in to Fly](https://fly.io/docs/getting-started/log-in-to-fly/).
+If you haven't already done so, [install the Fly CLI](/docs/flyctl/install/) and  then [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 We've added a few files to make this sample app ready to run on Fly: a `Dockerfile`, `.dockerignore` and `fly.toml`. The `Dockerfile` tells Fly how to _package_ the application. The `.dockerignore` file specifies the files/folders we want included (else it would include ones like `.env` that we do not want). The `fly.toml` file _configures_ the application. The Fly CLI can make that for you. But since we know which variables, ports, services and so on our app needs, we made one.
 
diff --git a/app-guides/run-a-global-image-service.html.markerb b/app-guides/run-a-global-image-service.html.markerb
index 5743ea7c04..f6748c7e07 100644
--- a/app-guides/run-a-global-image-service.html.markerb
+++ b/app-guides/run-a-global-image-service.html.markerb
@@ -1,5 +1,5 @@
 ---
-title: Run a Global Image Service
+title: Global Image Processing Service
 layout: docs
 sitemap: false
 nav: firecracker
@@ -13,7 +13,7 @@ image: https://fly.io/ui/images/image-service.webp
 date: 2020-05-10
 ---
 
-<figure class="flex ai:center jc:center w:full r:lg overflow:off mb:4">
+<figure class="flex ai:center jc:center w:full r:lg overflow:off mb:4 rounded">
   <img src="http://github.com/static/images/image-service.webp" alt="A hand holding scissors and cutting out paper for a scrapbook" class="w:full h:full fit:cover">
 </figure>
 
@@ -27,7 +27,7 @@ With Fly you can eliminate all that administrative load by letting Fly deploy a
 
 ## _What’s Imaginary_
 
-Let's start with [h2non/Imaginary](https://github.com/h2non/imaginary), a fantastically useful image processing application written in Go. Once configured, it lets you process images. The images can be posted to it or you can ask it to get an image from a remote server and all of this is controlled through a URL request to the Imaginary server.
+Let's start with [h2non/Imaginary](https://github.com/h2non/imaginary+external), a fantastically useful image processing application written in Go. Once configured, it lets you process images. The images can be posted to it or you can ask it to get an image from a remote server and all of this is controlled through a URL request to the Imaginary server.
 
 You can find all the source in the GitHub repository, but for this guide, we don't need to worry about that. We're going to use the developer-supplied Docker image to deploy it.
 
@@ -58,7 +58,7 @@ The third  `CMD` line contains the parameters we pass to the `imaginary` command
 
 ## _Testing Locally_
 
-You'll need to have Docker installed locally to test this locally. We won't go into the details of installing Docker - check out the [Docker site and guides](https://docs.docker.com/install/) for how to install. Assuming you've done this we can move on to testing.
+You'll need to have Docker installed locally to test this locally. We won't go into the details of installing Docker - check out the [Docker site and guides](https://docs.docker.com/install/+external) for how to install. Assuming you've done this we can move on to testing.
 
 #### Build a Docker Instance
 
@@ -100,7 +100,7 @@ For this you'll need flyctl, it's your CLI-powered remote control for your Fly a
 
 ### Installing `flyctl`
 
-If you've already installed `flyctl`, move on to the next step. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/).
+If you've already installed `flyctl`, move on to the next step. If not, hop over to [our installation guide](/docs/flyctl/install/).
 
 ### Sign In (or Up) for Fly
 
diff --git a/app-guides/run-a-private-dns-over-https-service.html.markerb b/app-guides/run-a-private-dns-over-https-service.html.markerb
index 0ccb973c07..08ff2ccfe8 100644
--- a/app-guides/run-a-private-dns-over-https-service.html.markerb
+++ b/app-guides/run-a-private-dns-over-https-service.html.markerb
@@ -9,6 +9,7 @@ tag:
   - dns
 date: 2020-04-10
 ---
+<%= partial "/docs/partials/obsolete_doc" %>
 
 ## _Why DNS over HTTPS?_
 
diff --git a/app-guides/supercronic.html.md b/app-guides/supercronic.html.md
deleted file mode 100644
index 6e640226d0..0000000000
--- a/app-guides/supercronic.html.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Crontab with Supercronic
-layout: docs
-sitemap: false
-nav: firecracker
-author: brad
-categories:
-  - cron
-date: 2022-11-19
-redirect_from: /docs/app-guides/superchronic/
----
-
-`crontab` is a little too opinionated for containers—it's a great little tool, but when run inside of containers it doesn't grab `ENV` vars how we'd like it to. Fortunately there's a Go binary called `supercronic` that's a drop-in replacement for containers.
-
-The good news is that it's pretty easy to get it running on Fly with a little bit of copy and pasting. Let's get to it.
-
-## Create a crontab file
-
-In the root of your project, add a `crontab` file.
-
-```
-touch ./crontab
-```
-
-If you need to run a job every 5 minutes, your `crontab` file would something like this:
-
-```
-*/5 * * * * echo "hello world!"
-```
-
-Check out [cron.help](https://cron.help) if you need a quick crontab syntax reference.
-
-## Install `supercronic` in the container
-
-The [latest releases for supercronic](https://github.com/aptible/supercronic/releases) are on [Github](https://github.com/aptible/supercronic), where they include copy pasta 🍝instructions for getting it in your Dockerfile. As of November 2022, the current version of `supercronic` is v0.2.1. You'll want to check the [releases page](https://github.com/aptible/supercronic/releases) for the latest version, but here's what it looks like now:
-
-```
-# Latest releases available at https://github.com/aptible/supercronic/releases
-ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64 \
-    SUPERCRONIC=supercronic-linux-amd64 \
-    SUPERCRONIC_SHA1SUM=d7f4c0886eb85249ad05ed592902fa6865bb9d70
-
-RUN curl -fsSLO "$SUPERCRONIC_URL" \
- && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
- && chmod +x "$SUPERCRONIC" \
- && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
- && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
-
-# You might need to change this depending on where your crontab is located
-COPY crontab crontab
-```
-
-After you put that in your Dockerfile, we're going to configure Fly to run only one instance of `supercronic`. Why? Because if you have a cronjob that does something like deliver emails to customers, you only want them to get that once. The last thing you want is them getting as many emails from your services that matches the number of instances you're running.
-
-## Setup a web & cron process
-
-At the bottom of the `fly.toml` file, add the following:
-
-```
-[processes]
-  # The command below is used to launch a Rails server; be sure to
-  # replace with the command you're using to launch your server.
-  web = "bin/rails fly:server"
-  cron = "supercronic /app/crontab"
-```
-
-Then we have to tell Fly that your `web` process matches up with a service by having this under the `[[services]].`
-
-```
-# Make sure there's only one `processes` entry under `[[services]]`
-[[services]]
-  processes = ["web"]
-```
-
-This change tells Fly that your `web` processes that you defined under `[processes]` will be exposed to the public internet. Your `cron` process won't be exposed to the public Internet because it doesn't need to!
-
-## Deploy & scale the new processes
-
-Now that we've added `supercronic` to our `Dockerfile`, put the `crontab` at the root of our project folder, and reconfigured the `fly.toml` file, we're ready to deploy to production.
-
-```
-$ fly deploy
-```
-
-Then we'll need to scale the processes so that we only run one virtual machine container with the `cron` process. Be sure to change `web` to whatever number you had before.
-
-```
-$ fly scale count cron=1 web=
-```
-
-That's it! If all went well you now have Cron running in a `cron` process in a Fly virtual machine. When you `fly deploy` it will get the latest code changes and reboot the virtual machines.
-
-# Resources
-
-- [https://github.com/fly-apps/supercronic](https://github.com/fly-apps/supercronic)
-- [https://cron.help](https://cron.help)
diff --git a/app-guides/the-dreaded-port-filter.html.markerb b/app-guides/the-dreaded-port-filter.html.markerb
deleted file mode 100644
index 8a04cf7e60..0000000000
--- a/app-guides/the-dreaded-port-filter.html.markerb
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: "The Dreaded Port Filter"
-layout: docs
-sitemap: false
-nav: firecracker
-author: thomas
-categories:
-  - firecracker
-date: 2020-11-03
-
----
-
-<div class="callout">
-**This is here for historical purposes only, and is not current**.
-You can use any port you'd like for Fly.io services, TCP or UDP. We'll probably just
-take this page down soon. There's nothing you need to know here anymore! Disregard
-The Dreaded Port Filter, for it is no more.
-</div>
-  
-Apps running on Fly.io have their own VMs, and full control of the network. But to accept incoming connections from the Internet, those apps need to register with Fly.io's Anycast CDN. Our Anycast CDN currently honors TCP connections on these ports:
-
-| Port | Application |
-|------|-------------|
-  25   | SMTP email 
-  53   | TCP DNS
-  80   | HTTP
-  443  | HTTPS
-  853  | DNS-over-TLS
-  5000 | We forget
-  8080 | HTTP
-  8443 | HTTPS
-  100xx| Random stuff
-  25565| Minecraft
-
-You light any of these ports up for your app by editing
-[the [[services]] section](/docs/reference/configuration/#the-services-sections) of
-its `fly.toml` configuration.
-
-You are doubtlessly wondering, "why *these* ports?". And the answer is: there is no good reason for this system, and we are actively at work attempting to destroy this monstrosity that we, in our own hubris, wrought upon ourselves. In the meantime:
-
-### If you want to use a port not on this list...
-
-Just ask us, on [community.fly.io](https://community.fly.io/). If you want to use a TCP port for your application, we should support it; you're doing us a favor by asking. 
-
-### If you want to use UDP ports not on this list...
-
-Go right ahead. UDP doesn't have a port filter.
-
-### If you're concerned about ports your apps use to talk between themselves on...
-
-Don't be! The port filter only applies to Fly.io's Anycast network, for incoming connections from the Internet. VMs in your organization can talk to each other on any random ports they'd like, so go ahead and book up a TimescaleDB database and point your applications to it on port 5432.
-
-  
-  
diff --git a/app-guides/udp-and-tcp.html.markerb b/app-guides/udp-and-tcp.html.markerb
deleted file mode 100644
index 83be6dec00..0000000000
--- a/app-guides/udp-and-tcp.html.markerb
+++ /dev/null
@@ -1,195 +0,0 @@
----
-title: "Running Fly.io Apps On UDP and TCP"
-layout: docs
-sitemap: false
-nav: firecracker
-author: thomas
-categories:
-  - networking
-date: 2021-12-07
-
----
-
-Fly.io tries to make it easy to run any containerized app on our platform, regardless of what protocols it talks over. That includes apps that rely on UDP in addition to TCP.
-
-Our UDP support can be a little tricky, and can catch you out, especially if your app uses both UDP and TCP --- as is the case with the most popular UDP protocols, most notably DNS. It should be easier to run things like DNS servers on Fly.io than it is! But it's not hard; there's just four gotchas, and this article walks you through them.
-
-## The Basic Idea
-
-Let's build a simple echo service. You can play the home version at [this GitHub repository](https://github.com/fly-apps/udp-echo-). We'll listen on port 5000, UDP and TCP, and just bat back whatever clients send us.
-
-Use `flyctl launch` to create a `fly.toml` file. Use it to wire up the ports.
-
-```toml
-[[services]]
-  internal_port = 5000
-  protocol = "udp"
-
-  [[services.ports]]
-    port = "5000"
-
-[[services]]
-  internal_port = 5000
-  protocol = "tcp"
-
-  [[services.ports]]
-    port = "5000"
-```
-
-We're going to build this silly app in Go (don't worry, it's trivial, you'll be able to follow it even if you aren't a gopher). It's going to be vanilla socket code. But before we get started, there are four gotchas you need to know about.
-
-* The UDP side of your application needs to bind to the special `fly-global-services` address. But the TCP side of your application can't; it should bind to `0.0.0.0`.
-
-* The UDP side of your application needs to bind to the same port that is used externally. Fly will not rewrite the port; Fly only rewrites the ip address for UDP packets.
-
-* We support IPv6 for TCP, but not currently for UDP.
-
-* We swipe a couple dozen bytes from your MTU for UDP, which usually doesn't matter, but in rare cases might.
-
-## Let's See Some Code
-
-You light up UDP and TCP with standard socket code. Usually, the only fussy bit will be the `fly-global-services` bind for UDP. Here's what that looks like in Go:
-
-```golang
-func main() {
-  // in other programming languages, this might look like:
-	//    s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)
-	//    s.bind("fly-global-services", port)
-
-	udp, err := net.ListenPacket("udp", fmt.Sprintf("fly-global-services:%d", port))
-	if err != nil {
-		log.Fatalf("can't listen on %d/udp: %s", port, err)
-	}
-
-	// in other programming languages, this might look like:
-	//    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
-	//    s.bind("0.0.0.0", port)
-	//    s.listen()
-
-	tcp, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
-	if err != nil {
-		log.Fatalf("can't listen on %d/tcp: %s", port, err)
-	}
-
-	go handleTCP(tcp)
-
-	handleUDP(udp)
-}
-
-```
-
-The handlers for this app are trivial and are textbook Go code; after the UDP bind, nothing else in your app will care about Fly.io.
-
-Here's TCP:
-
-```golang
-func handleTCP(l net.Listener) {
-	for {
-		conn, err := l.Accept()
-		if err != nil {
-			if errors.Is(err, net.ErrClosed) {
-				return
-			}
-
-			log.Printf("error accepting on %d/tcp: %s", port, err)
-			continue
-		}
-
-		go handleConnection(conn)
-	}
-}
-
-func handleConnection(c net.Conn) {
-	defer c.Close()
-
-	lines := bufio.NewReader(c)
-
-	for {
-		line, err := lines.ReadString('\n')
-		if err != nil {
-			return
-		}
-
-		c.Write([]byte(line))
-	}
-}
-```
-
-And here's UDP:
-
-```golang
-func handleUDP(c net.PacketConn) {
-	packet := make([]byte, 2000)
-
-	for {
-		n, addr, err := c.ReadFrom(packet)
-		if err != nil {
-			if errors.Is(err, net.ErrClosed) {
-				return
-			}
-
-			log.Printf("error reading on %d/udp: %s", port, err)
-			continue
-		}
-
-		c.WriteTo(packet[:n], addr)
-	}
-}
-```
-
-In a real Go app doing something like DNS, you might have a single thread reading messages off the UDP socket and passing them to a pool of workers over a buffered channel; you might not want to fork off a thread for every UDP message you receive. This is just an echo service, so we'll dispense with that detail.
-
-This program, [with a simple Dockerfile](https://github.com/fly-apps/udp-echo-/blob/main/Dockerfile) and the `fly.toml` configuration above, should just work on Fly.io. [Boot it up](https://fly.io/docs/flyctl/deploy/) and throw some UDP packets at it with netcat:
-
-```cmd
-echo hello world | nc -w1 -u udp-echo-sample.fly.dev 5000
-```
-```output
-hello world
-```
-
-## More On Those Four Gotchas
-
-### The `fly-global-services` Address
-
-For the most part, UDP "just works" on Fly.io, the way you'd expect it to.
-
-The thing about forwarding UDP that makes it different from HTTP is that UDP messages don't have HTTP headers. When a standard proxy receives an HTTP message and sends it to its target, it stashes the original source address in the headers, so the target knows who it's talking to. You can't generally do that with UDP messages. But you need to know who you're talking to in order to respond to a UDP message!
-
-We use ⚡️`eBPF magic`⚡️ to shuttle UDP packets across our forwarding fabric (I wrote that because it sounds cool) while transparently mapping source addresses. What that means for you is that you can generally just write a standard socket program that reads UDP messages and replies to them based on the source address of the packet.
-
-Here comes the first catch: the magic we're using to make this transparently work requires us to discriminate UDP traffic from TCP traffic. To receive UDP packets, your app needs to bind to the special `fly-global-services` address (that's it; that's the address). Just as importantly: **it needs to reply to messages using that address**.
-
-You usually need to **explicitly bind your UDP service to `fly-global-services`.** Sorry, but `0.0.0.0`, `*`, and `INADDR_ANY` generally won't do: Linux will use the wrong source address in replies if you use those.
-
-<div class="callout">If we didn't do this `fly-global-services` thing, our UDP proxying logic would also try to proxy your app's own DNS traffic; it can't otherwise tell the difference between UDP packets you're sending to respond to a user and UDP packets your app generates in the ordinary course of its business.</div>
-
-**But: TCP Can't Use `fly-global-services`**
-
-You can't bind your TCP service to `fly-global-services`; the TCP side of your app should probably bind to `*`.
-
-This is super annoying. You probably want to use the same configuration value for both UDP and TCP ports, but you have to be fussy about it on Fly.io. We're working on it!
-
-### UDP Won't Work Over IPv6
-
-Another thing that won't impact your code that you'll need to know about is that we don't currently support UDP over IPv6. The kernel forwarding code we run to make UDP work isn't IPv6 aware. This is not OK, and we're working on it, but it's a limitation you'll run into today.
-
-Every Fly.io app gets an IPv6 address, and that address will work fine for the TCP side of your app, for whatever that's worth.
-
-### You Might Need To Be Mindful Of MTUs
-
-An invariant on almost every network is the maximum packet size, the MTU. Typically, the MTU is 1500 bytes. If you exceed 1500 bytes, your packets will fragment. [You don't want to fragment](https://datatracker.ietf.org/doc/html/draft-mathis-frag-harmful-00).
-
-Fly.io takes a bite out of all of your packets for two purposes:
-
-1. We forward all traffic across a [WireGuard](https://www.wireguard.com/) mesh, and WireGuard eats 60 bytes of every packet.
-
-2. The UDP proxy forwarding system we use grabs another dozen bytes to record the original addresses of the packets --- the source address we saw when your client's packet hit our edge. You don't see these bytes; they're stripped off the packet before it's delivered to your app. But they're used in transit.
-
-In most cases this won't matter to you at all. Modern UDP protocols are designed to assume they have far less than 1500 bytes to work with, because there are all sorts of weird links on the Internet with smaller MTUs.
-
-But if you're doing something super-custom, it's best to assume you've got something more like 1300 bytes to work with, not 1500.
-
-### UDP Must Listen On The Same Port Externally And Internally
-
-Fly will only rewrite the IP addresses for UDP packets. The destination port for inbound packets will not be rewritten. That means if your applications receives UDP traffic on port 5000 externally, the application needs to bind to `fly-global-services:5000` in order to receive that UDP traffic.
diff --git a/reference/app-availability.html.markerb b/apps/app-availability.html.markerb
similarity index 80%
rename from reference/app-availability.html.markerb
rename to apps/app-availability.html.markerb
index 93f3082f8e..64a45518b3 100644
--- a/reference/app-availability.html.markerb
+++ b/apps/app-availability.html.markerb
@@ -1,16 +1,20 @@
 ---
 title: App Availability and Resiliency
 layout: docs
-sitemap: false
-nav: firecracker
+nav: apps
+redirect_from: /docs/reference/app-availability/
 ---
 
-A resilient app is resistant to events like hardware failures or outages. Redundancy, supported by monitoring and scaling, is one of the ways to make your app more resilient, and we provide some built-in features to make this easier.
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/migrating-from-aws.png" alt="Illustration by Annie Ruygt of a figure jumping from one mountian to another" class="w-full max-w-lg mx-auto">
+</figure>
 
-First, it's important to understand what your app needs to take care of.
+A resilient app is resistant to events like hardware failures or outages. Redundancy, supported by monitoring and scaling, is one of the ways to make your app more resilient, and we provide some built-in features to make this easier.
 
 ## What your app needs to do
 
+First, it's important to understand what your app needs to take care of.
+
 Since Fly Proxy does load balancing by default, you need to consider how your app handles:
 
 * session storage, so that users stay logged in when their session moves to a different server
@@ -18,7 +22,7 @@ Since Fly Proxy does load balancing by default, you need to consider how your ap
 
 <div class="callout">
 <p><b>A note about Fly Proxy</b>: 
-Fly Proxy does a lot of work in the background, applying handlers, managing traffic and load balancing, and managing connections to services. Fly Proxy also automatically starts and stops Machines based on traffic to your app. The proxy works for [process groups with services defined](/docs/getting-started/app-services/#services-routed-with-fly-proxy).
+Fly Proxy does a lot of work in the background, applying handlers, managing traffic and load balancing, and managing connections to services. Fly Proxy also automatically starts and stops Machines based on traffic to your app. The proxy works for [process groups with services defined](/docs/networking/app-services/#services-routed-with-fly-proxy).
 </div>
 
 For databases, you'll need to follow the specific recommendations for the database you're using, including how to set up clusters for replication and failover.
@@ -27,7 +31,7 @@ If you're deploying Fly Postgres, our un-managed database app, then you need to
 
 When you use [Fly Volumes](/docs/volumes/) with your app, your app needs to implement replication and backups. Volumes are block devices that live on a single disk array and get mounted directly by your Machine. There's no magic. And there's no built-in replication between volumes. If your app provides a clustering mechanism with data replication, like most databases do, we recommend you take advantage of that and run multiple instances with attached volumes. When possible, we place your app's volumes in different hardware zones within a region to mitigate hardware failures.
 
-This brings us to disaster recovery and being prepared. You should have backups of your data and understand how to recover that data if needed. Fly.io takes daily snapshots of volumes and stores them for 5 days. You can [restore a volume's data](/docs/reference/volumes/#restore-from-a-snapshot) from one of these daily snapshots. If your use case requires more frequent backups, then you'll need to set up tooling and processes to backup your volumes on the required schedule.
+This brings us to disaster recovery and being prepared. You should have backups of your data and understand how to recover that data if needed. Fly.io takes daily snapshots of volumes and stores them for 5 days by default. You can [restore a volume's data](/docs/volumes/volume-manage/#restore-a-volume-from-a-snapshot) from one of these daily snapshots. If your use case requires more frequent backups, then you'll need to set up tooling and processes to backup your volumes on the required schedule.
 
 ## Fly.io features for app resiliency
 
@@ -45,7 +49,7 @@ These features require or depend on your app configuration in the `fly.toml` fil
 
 ## Redundancy by default on first deploy
 
-Technically, the title of this section should be "Redundancy by default on first deploy or after scaling down to zero Machines". When you deploy your app for the first time (or after scaling down to zero Machines), you get some default redundancy configurations. These settings help you to deploy a recommended setup without having to think about it. If the defaults aren't what you're looking for, then you can still configure your app and processes the way you want. Learn more about [scaling Machine CPU and RAM](/docs/apps/scale-machine/) and [scaling the number of Machines](/docs/apps/scale-count/).
+You get redundancy by default on first deploy and when you deploy after scaling down to zero Machines. This feature helps you deploy a recommended setup without having to think about it. If the defaults in the following sections aren't what you're looking for, then you can still configure your app and processes the way you want. Learn more about [resilient apps and multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/), [scaling Machine CPU and RAM](/docs/apps/scale-machine/), and [scaling the number of Machines](/docs/apps/scale-count/).
 
 Here's what Fly Launch (the `fly launch` or `fly deploy` command) does, based on your app configuration:
 
@@ -79,9 +83,18 @@ The standby Machine doesn't consume resources or start up until it's needed.
 
 #### Remove a standby Machine
 
-When an app or process group has one Machine and one standby Machine, the standby Machine is destroyed first if you scale down to one Machine. The standby Machine isn't subsequently recreated when you [scale up or back down](/docs/apps/scale-count/) using `fly scale count`.
+To remove a standby Machine, run `fly status` and copy the ID of the Machine that displays the `†` symbol beside the process group name. For example:
+
+```
+PROCESS	ID            	VERSION	REGION	STATE  	ROLE	CHECKS	LAST UPDATED
+task†  	784e469a443e38	43     	yul   	stopped	    	      	2024-08-06T20:48:10Z
+```
+
+Then destroy the standby Machine with `fly machine destroy <machine id>`.
+
+If you destroy a standby Machine, it is not recreated when you [scale up or back down](/docs/apps/scale-count/) using `fly scale count`.
 
-If you add services to the process group in `fly.toml`, then the standby designation is removed from the standby Machine on the next deploy.
+If you add services for a process group in `fly.toml` that previously had no services, then the standby designation is removed from the standby Machine on the next deploy.
 
 #### Create a standby Machine
 
@@ -126,7 +139,7 @@ Default settings for new apps created using the `fly launch` command: automatica
 
 Default settings for some existing apps (or any apps that don't have these settings in `fly.toml`): automatically start but don't automatically stop Fly Machines.
 
-Get all the details about [automatically stopping and starting Machines](/docs/apps/autostart-stop/).
+Learn more about [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/) and [how to configure it](/docs/launch/autostop-autostart/).
 
 ## Health check-based routing
 
diff --git a/apps/app-handover-guide.html.md b/apps/app-handover-guide.html.md
new file mode 100644
index 0000000000..26dca973aa
--- /dev/null
+++ b/apps/app-handover-guide.html.md
@@ -0,0 +1,59 @@
+---
+title: App handover guide
+layout: docs
+nav: apps
+author: kcmartin
+date: 2025-07-03
+---
+
+<div class="callout">
+**If you're building an app for someone else and they’re going to run it themselves on Fly.io, you’ve got two good options. You can either start development inside their Fly.io organization, or build it in yours and move it over later. Here’s how both paths work, and what can get messy during the move.**
+</div>
+
+---
+
+### Option 1: Build in the customer’s org from day one
+
+The cleanest handoff is no handoff at all. Have the customer create their own Fly.io organization before you start building.
+
+1. **They create the organization and add a payment method.** Basic stuff. This is what Fly.io bills against.
+1. **They invite your devs to their org.** They can do this in the dashboard under “Team → Invite Member.” You now have access to deploy apps directly into their account.
+1. **You build inside their org.** Fly.io treats organizations as isolated namespaces, so there’s no awkward boundary crossing here. It’s just your team shipping code, in their environment.
+1. **They remove you when it’s over.** Or not—you can stick around for maintenance if that’s part of the deal.
+1. **What can get messy.** Make sure that the invited developer is not the only admin user in your customer's org. Double-check that your customer has at least two admins in their org.
+
+---
+
+### Option 2: Build in your org, then move the app to theirs
+
+Sometimes it’s easier to get going inside your own org—especially if you’ve got infra and tooling already set up. When the app is ready, you move it.
+
+Here’s how that works:
+
+1. **Build as usual in your organization.**
+1. **Have the customer invite one of your devs to their org.** This person needs to be in _both_ orgs to do the move.
+1. **Transfer the app** 
+1. Use `fly apps move <app-name> --org <target-org-name>` 
+1. Heads up: the move causes a couple minutes of downtime. It’s a good idea to schedule this when traffic is low, and inform your users of a maintenance window. 
+1. What moves automatically: 
+    - Machines and volumes (data included) 
+    - Secrets and environment variables 
+    - Certificates and domain names 
+    - LiteFS databases (as long as you’re using `$FLY_APP_NAME` for the Consul key) 
+1. What doesn’t move automatically: 
+    - **Postgres** **(unmanaged and managed):** Moving Postgres databases across orgs is not supported. You’ll need to spin up a new Fly Postgres app in the target org and restore from a volume snapshot. Or you can use `pgloader` to migrate the data. 
+    - **Upstash Redis:** This is tied to an org’s private network. You’ll need to provision a new DB in the new org. 
+    - **Tigris buckets:** You’ll have to delete the old Tigris bucket, recreate it in the new org, and copy the data over (try `s3sync`). Don’t forget to reset your app’s secrets. 
+    - **Sentry and other extensions**: Be sure to create fresh ones in the new org and reconfigure the app to use them.
+
+### Summary
+
+If you know up front that your customer will own the app long-term, starting in their org avoids a bunch of fiddly work later. But if you need to hand over an app from your org to theirs, Fly.io gives you enough tools to pull it off—just be ready to rewire a few things by hand.
+
+
+
+### Related reading
+
+[Fly.io billing](/docs/about/billing)
+
+[Move an app between orgs](/docs/apps/move-app-org)
diff --git a/apps/autostart-stop.html.markerb b/apps/autostart-stop.html.markerb
deleted file mode 100644
index 3cfe8c67db..0000000000
--- a/apps/autostart-stop.html.markerb
+++ /dev/null
@@ -1,121 +0,0 @@
----
-title: Automatically stop and start Machines
-objective:
-layout: docs
-nav: firecracker
-order: 65
----
-
-Fly Machines are fast to start and stop, and you don't pay for their CPU and RAM when they're in the `stopped` state. For Fly Apps with a service configured, Fly Proxy can automatically start and stop existing Machines based on incoming requests, so that your app can meet demand without keeping extra Machines running. And if your app needs to have one or more Machines always running in your primary region, then you can set a minimum number of machines to keep running.
-
-The auto start and stop feature also plays well with apps whose Machines [exit from within](#stop-a-machine-by-terminating-its-main-process) when idle. If your app already shuts down when idle, then the proxy can restart it when there's traffic.
-
-You might also be interested in learning about [scaling the number of machines](/docs/apps/scale-count/).
-
-## Configure automatic start and stop
-
-The auto start and stop settings apply per service, so you set them within the [[[services]]](/docs/reference/configuration/#the-services-sections) or [[http_service]](/docs/reference/configuration/#the-http_service-section) sections of `fly.toml`:
-
-For example:
-
-```toml
-...
-[[services]]
-  internal_port = 8080
-  protocol = "tcp"
-  auto_stop_machines = true
-  auto_start_machines = true
-  min_machines_running = 0
-...
-```
-
-Briefly, the settings are:
-
-* `auto_start_machines`: Whether Fly Proxy should automatically start Machines based on requests and capacity.
-* `auto_stop_machines`: Whether Fly Proxy should automatically stop Machines when the app is idle for several minutes.
-* `min_machines_running`: The minimum number of Machines to keep running in the primary region when `auto_stop_machines = true`.
-
-Concurrency limits for services affect [how automatic starts and stops work](#how-it-works).
-
-### Default values
-
-The default settings for apps that don't specify any auto start and stop settings in `fly.toml` are `auto_start_machines = true` and `auto_stop_machines = false`.
-
-When you create an app using the `fly launch` command, the default settings in `fly.toml` are:
-
-```toml
-...
-[http_service]
-  internal_port = 8080
-  force_https = true
-  auto_stop_machines = true
-  auto_start_machines = true
-  min_machines_running = 0
-...
-```
-
-### Recommended settings
-
-If your app already [exits when idle](#stop-a-machine-by-terminating-its-main-process), then you can set `auto_start_machines = true` and `auto_stop_machines = false` to have Fly Proxy automatically restart the Machines stopped by your app. 
-
-If your app doesn't exit when idle, then we recommend setting `auto_stop_machines` and `auto_start_machines` to the same value (either both `true` or both `false`) so that Fly Proxy doesn't stop Machines and never restart them. For example, if `auto_start_machines = false` and `auto_stop_machines = true`, then Fly Proxy automatically stops your Machines when there's low traffic but doesn't start them again. When all or most of your Machines stop, requests to your app could start failing.
-
-When `auto_stop_machines = true`, set `min_machines_running` to `1` or higher if you need to keep one or more Machines running all the time in your primary region. The `min_machines_running` value applies to the total number of Machines, not Machines per region. For example, if `min_machines_running = 1` and there's no traffic to your app, then Fly Proxy will stop Machines until eventually there is only one Machine running in your primary region.
-
-There's no "maximum machines running" setting, because the maximum number of Machines is just the total number of Machines you've created for your app. Learn more in the [How it works](#how-it-works) section.
-
-## How it works
-
-The Fly Proxy runs a process to automatically stop and start existing Fly Machines every few minutes.
-
-<div class="callout">
-The automatic start and stop feature only works on existing Machines and never creates or destroys Machines for you. The maximum number of running Machines is the number of Machines you've created for your app using `fly scale count` or `fly machine clone`. Learn more about [scaling the number of Machines](/docs/apps/scale-count/). 
-</div>
-
-### Fly Proxy stops Machines
-
-When `auto_stop_machines = true` in your `fly.toml`, the proxy looks at Machines running in a single region and uses the concurrency [`soft_limit` setting](/docs/reference/configuration/#the-http_service-section) for each Machine to determine if there's excess capacity. If the proxy decides there's excess capacity, it stops exactly one Machine. The proxy repeats this process every few minutes, stopping only one Machine per region, if needed, each time.
-
-If you have the [`kill_signal` and `kill_timeout` options](/docs/reference/configuration/#runtime-options) configured in your `fly.toml` file, then Fly Proxy uses those settings when it stops a Machine.
-
-Fly Proxy determines excess capacity per region as follows:
-
-* If there's more than one Machine in the region:
-  * the proxy determines how many running Machines are over their `soft_limit` setting and then calculates excess capacity: `excess capacity = num of machines - (num machines over soft limit + 1)`
-  * if excess capacity is 1 or greater, then the proxy stops one Machine
-* If there's only one Machine in the region:
-  * the proxy checks if the Machine has any traffic
-  * if the Machine has no traffic (a load of 0), then the proxy stops the Machine
-
-### Fly Proxy starts Machines
-
-When `auto_start_machines = true` in your `fly.toml`, the Fly Proxy restarts a Machine in the nearest region when required.
-
-Fly Proxy determines when to start a Machine as follows:
-
-* The proxy waits for a request to your app.
-* If all the running Machines are above their `soft_limit` setting, then the proxy starts a stopped Machine in the nearest region (if there are any stopped Machines).
-* The proxy routes the request to the newly started Machine.
-
-## When to stop and start Fly Machines automatically, or not
-
-If your app has highly variable request workloads, then you can set `auto_stop_machines` and `auto_start_machines` to `true` to manage your Fly Machines as demand decreases and increases. This could reduce costs, because you'll never have to run excess Machines to handle peak load; you'll only run, and get charged for, the number of Machines that you need.
-
-The difference between this feature and what's typical in autoscaling, is that it doesn't create new Machines up to a specified maximum. It automatically starts only existing Machines. For example, if you want to have a maximum of 10 Machines available to service requests, then you need to create 10 Machines for your app.
-
-If you need all your app's Machines to run continuously, then you can set `auto_stop_machines` and `auto_start_machines` to `false`.
-
-If you only need a certain number of your app's Machines to run continuously, then you can set `auto_stop_machines = true` and `min_machines_running` to `1` or higher.
-
-## Stop a Machine by terminating its main process
-
-Setting your app to automatically stop when there's excess capacity using `auto_stop_machines = true` is a substitute for when your app doesn't shut itself down automatically after a period of inactivity. If you want a custom shutdown process for your app, then you can code your app to exit from within when idle.
-
-Here are some examples:
-
-* [Shutting Down a Phoenix App When Idle](https://fly.io/phoenix-files/shut-down-idle-phoenix-app/): a post by Chris McCord on adding a task to an Elixir app's supervision tree that shuts down the Erlang runtime when there are no active connections.
-* For Rails apps, the `dockerfile-rails` generator provides a [--max-idle](https://github.com/rubys/dockerfile-rails#addremove-a-feature) option that exits after _n_ seconds of inactivity.
-* [A Tired Proxy in Go](https://github.com/superfly/tired-proxy) used in [Building an In-Browser IDE the Hard Way](https://fly.io/blog/remote-ide-machines/). [There's a community fork with more recent updates](https://community.fly.io/t/improved-tired-proxy-for-use-with-fly-machines/10584).
-* A minimal demo app in TypeScript/Remix: [code](https://github.com/fly-apps/autoscale-to-zero-demo) & [demo](https://autoscale-to-zero-demo.fly.dev/).
-
-As of `flyctl` v0.0.520, Fly Postgres [supports this too](https://community.fly.io/t/scale-to-zero-postgres-for-hobby-projects/12212).
diff --git a/reference/build-secrets.html.md b/apps/build-secrets.html.md
similarity index 88%
rename from reference/build-secrets.html.md
rename to apps/build-secrets.html.md
index 344cd82a9e..4828196696 100644
--- a/reference/build-secrets.html.md
+++ b/apps/build-secrets.html.md
@@ -1,11 +1,11 @@
 ---
 title: Build Secrets
 layout: docs
-sitemap: false
-nav: firecracker
+nav: apps
+redirect_from: /docs/reference/build-secrets/
 ---
 
-You can set [secrets](/docs/reference/secrets/) for your applications, but these are only available at _run-time_. They aren't available when building your Docker image without a little extra work.
+You can set [secrets](/docs/apps/secrets/) for your applications, but these are only available at _run-time_. They aren't available when building your Docker image without a little extra work.
 
 To make a secret available at build time,  we'll use [Docker secrets](https://docs.docker.com/develop/develop-images/build_enhancements/).
 
@@ -49,11 +49,11 @@ echo -n "secret_value" > mysecret.txt
 docker build --secret id=MY_SUPER_SECRET,src=mysecret.txt .
 ```
 
-## Automate the inclusion of build secrets using an ephemeral machine
+## Automate the inclusion of build secrets using an ephemeral Machine
 
 The above requires you to have access to the values of secrets and to
 provide those values on the command line. If this poses a problem, an
-alternative may be to create an ephemeral machine using the `fly console`
+alternative may be to create an ephemeral Machine using the `fly console`
 command to do the deployment.
 
 An example Dockerfile you can use for that purpose:
diff --git a/apps/concurrency.html.markerb b/apps/concurrency.html.markerb
new file mode 100644
index 0000000000..bfc57861c0
--- /dev/null
+++ b/apps/concurrency.html.markerb
@@ -0,0 +1,50 @@
+---
+title: Guidelines for concurrency settings
+layout: docs
+nav: apps
+redirect_from: /docs/reference/concurrency/
+---
+
+Concurrency settings are used by Fly Proxy for important things like [load balancing](/docs/reference/load-balancing/#load-balancing-strategy) and [autostop/autostart](/docs/launch/autostop-autostart/) for Machines.
+
+The following concurrency settings apply per Machine and per service in your app:
+
+`type`: Use `connections` or `requests` as the metric for app load concurrency.
+
+`hard_limit`: At or above this number, no new traffic goes to the Machine.
+
+`soft_limit`: At or above this number, traffic to the Machine is deprioritized. Traffic is only routed to the Machine if all Machines reach the soft limit.
+
+For Fly Launch apps, configure concurrency settings in the [[http_service.concurrency]](/docs/reference/configuration/#http_service-concurrency) or [[services.concurrency]](/docs/reference/configuration/#services-concurrency) sub-sections of your `fly.toml` file. If you're using the Machines API, then concurrency settings are per `service` in [the `config` object](/docs/machines/api/machines-resource/#machine-config-object-properties).
+
+## Default settings
+
+The default concurrency settings when not specified are a `soft_limit` of 20 and no `hard_limit`. Many apps can handle a few hundred concurrent connections or more. You can try out different concurrency settings and see how it affects performance and load balancing.
+
+`connections` is the default concurrency type.
+
+## How Fly Proxy handles concurrency
+
+Fly Proxy doesn't consider the exact number of concurrent connections or requests. From the proxy's point of view a Machine is handling between 0 and the soft limit, handling between the soft limit and the hard limit, or is at the hard limit. Along with region, this is how the proxy decides which Machine gets traffic.
+
+The proxy's view of a Machine's load is affected when the gap between the soft limit and the hard limit is small and/or the app's concurrent connections or requests oscillate between them more frequently. In that case, the proxy routes according to the settings, but the thresholds change too quickly and requests or connections end up being re-routed.
+
+General caveats:
+
+- If the limits are too high, then your Machines might not be able to process that much concurrently and your app could crash.
+- If the limits are too low, then the proxy is artificially limiting what your app can process.
+- If the soft and hard limit are too close, then there might not be enough “time” for the proxy to decide to load balance and the result could be multiple retries.
+
+## Connections or requests
+
+The decision to use `connections` or `requests` for concurrency depends on the type of app and its load.
+
+`requests` are HTTP requests and the recommended concurrency type for web services. Using `requests` for concurrency can prevent too many connections to your app and reduce latency; the proxy can temporarily pool and reuse connections.
+
+`connections` are TCP connections. Multiple requests can be sent over a connection, so you need to consider how your app handles that. If you use `connections` for web services, then the proxy opens a new connection for each HTTP request, which is why `requests` is a better setting for HTTP apps.
+
+## Concurrency limit tuning tips
+
+When tuning concurrency, try setting a relatively high `hard_limit`, or leave it unset to have no hard limit. If you do want to set a `hard_limit` to have more control over load balancing, then you might have to do an initial benchmark to estimate the maximum number of concurrent connections or requests that your app can handle. Then tune the `soft_limit` and [create more Machines](/docs/blueprints/resilient-apps-multiple-machines/) to optimize autostop/autostart and load balancing. Once your app is getting real-world traffic, you can continue to monitor your app and adjust the `soft_limit` further to suit your workload.
+
+Want a more detailed guide to concurrency limits? See this blueprint: [Setting Hard and Soft Concurrency Limits on Fly.io](/docs/blueprints/setting-concurrency-limits/).
diff --git a/apps/custom-domain.html.markerb b/apps/custom-domain.html.markerb
deleted file mode 100644
index c74988838a..0000000000
--- a/apps/custom-domain.html.markerb
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: Use a custom domain 
-layout: docs
-nav: firecracker
-order: 35
----
-
-When you create a Fly App, it is automatically given a `fly.dev` sub-domain, based on the app's name. This is great for testing, but when you want to go to full production you'll want your application to appear on your own domain and have HTTPS set up for you as it is with your `.fly.dev` domain. That's where the `fly certs` command comes in. But let's step back before we set up the TLS certificate, to the first step: directing traffic to your site.
-
-## Set a CNAME record
-
-The simplest option for directing traffic to your site is to create a CNAME record for your custom domain that points at your `.fly.dev` host. For example, if you have a custom domain called `example.com` and an app called `exemplum`, then you can create a CNAME record for `example.com`'s DNS that would look like:
-
-```
-CNAME @ exemplum.fly.dev
-```
-
-You'll need to configure this with your DNS provider. 
-
-Now, accessing `example.com` will tell the DNS system to look up `exemplum.fly.dev` and return its results. 
-
-## Set the A record
-
-The other option is slightly more complicated because it uses the IP address of the app, rather than its DNS name. The upside is that it is slightly faster.
-
-To start, you need the Fly IP address of your deployed application. To get that, use the `fly ips list` command.
-
-You'll need to configure the A record with your DNS provider. You need to add in an "A Record" for your domain that points to the IP address. Once this is done and propagated through the DNS system, you should be able to connect over unencrypted HTTP to using the domain name. Continuing the preceding example, that's the domain name: `http://example.com`.
-
-## Get certified
-
-To enable HTTPS on the domain, you need to get a certificate. Fly.io does that for you automatically.
-
-It starts with creating a certificate for your custom domain with the `fly certs add` command. For example:
-
-```cmd
-fly certs add example.com
-```
-```output
-  Hostname                    = example.com
-  Configured                  = true
-  Issued                      =
-  Certificate Authority       = lets_encrypt
-  DNS Provider                = enom
-  DNS Validation Instructions =
-  DNS Validation Hostname     =
-  DNS Validation Target       = example.com.5xzw.flydns.net
-  Source                      = fly
-  Created At                  = 0001-01-01T00:00:00Z
-  Status                      =
-```
-
-Running `fly certs add` starts the process of getting a certificate. 
-
-Run `fly certs show` to get the details needed for your next step. For example:
-
-```cmd
-fly certs show example.com
-```
-```output
-  Hostname                    = example.com
-  Configured                  = true
-  Issued                      = ecdsa, rsa
-  Certificate Authority       = lets_encrypt
-  DNS Provider                = enom
-  DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.5xzw.flydns.net.
-  DNS Validation Hostname     = _acme-challenge.example.com
-  DNS Validation Target       = example.com.5xzw.flydns.net
-  Source                      = fly
-  Created At                  = 1m24s ago
-  Status                      = Ready
-```
-
-The **DNS Validation Instructions** are an optional next step. For a short time (minutes) after we start the process of generating
-the first-ever certificate for your site, trying to load that site with an HTTPS URL will generate errors. If you'd like to make sure
-those errors aren't ever visible, you can use a DNS challenge to pre-generate the certificate. 
-
-To do that, you need to create a `CNAME` DNS record for a subdomain, `_acme-challenge`, of your domain (the DNS Validation host name)
-and point it at the DNS Validation Target. The process will depend on your DNS provider. Once complete, and the updated DNS data has propagated, that domain will be queried and confirm you have control of it. Certificates will be generated and installed and you'll be able to access your custom domain.
-
-## Related topics
-
-For a more detailed example of configuring custom domains, see the [Custom domains and SSL certificates](/docs/app-guides/custom-domains-with-fly/) guide.
diff --git a/apps/delete.html.markerb b/apps/delete.html.markerb
index c33e2f9008..2bd5cc117e 100644
--- a/apps/delete.html.markerb
+++ b/apps/delete.html.markerb
@@ -1,15 +1,13 @@
 ---
-title: Delete a Fly App
-objective: 
+title: Delete an app
 layout: docs
-nav: firecracker
-order: 110
+nav: apps
 ---
 
-You can scale an App right down to zero Machines if you like. But if you're done with an App forever, you can delete it using `fly apps destroy <app-name>`. 
+You can scale an app right down to zero Machines if you like. But if you're done with a Fly App forever, you can delete it using `fly apps destroy <app-name>`. 
 
-Once you destroy an App, you can no longer access any part of it, and you'll no longer be charged for any part of it either. This includes Machines, Volumes, IP addresses, Secrets, Docker images, and so on. 
+Once you destroy an app, you can no longer access any part of it, and you'll no longer be charged for any part of it either. This includes Fly Machines, Fly Volumes, IP addresses, secrets, Docker images, and so on. 
 
 <div class="warning icon">
-Here's a potential footgun: When you delete an App, you delete its Volumes. After you delete a Volume, you can't access the Volume snapshots. So if you want the data from an app's persistent storage, then get the data before you delete the app.
+Warning: When you destroy an app, you delete its volumes and volume snapshots. If you want the data from an app's persistent storage, then get the data before you destroy the app.
 </div>
\ No newline at end of file
diff --git a/apps/deploy.html.markerb b/apps/deploy.html.markerb
deleted file mode 100644
index 3182177997..0000000000
--- a/apps/deploy.html.markerb
+++ /dev/null
@@ -1,101 +0,0 @@
----
-title: Deploy a Fly App
-layout: docs
-nav: firecracker
-order: 30
----
-
-The `fly deploy` flyctl command builds your Fly App and spins it up on one or more Fly Machines, applying the configuration specified in a local `fly.toml` file. 
-
-Whether you've run [`fly launch`](/docs/apps/launch/) with the `--no-deploy` option, or want to apply changes to your deployed Fly App's source or configuration, you can make a new release by running 
-
-```cmd
-fly deploy
-``` 
-
-from the source directory of your project, where any app source code, project config, `fly.toml`, and Dockerfile are located.
-
-If you haven't deployed the app before, `fly deploy` creates one or two Machines for every [process group](/docs/apps/processes/) defined in the app's `fly.toml` file, depending on whether there are services and volumes configured. If you haven't explicitly defined any process groups, the first deployment gives you two Machines for redundancy. For more information about when Fly Launch creates one Machine or two Machines, refer to [Redundancy by default on first deploy](/docs/reference/app-availability/#redundancy-by-default-on-first-deploy).
-
-Subsequent deployments update the app's Machines as a group, with the latest local changes to the app's source and configuration. It's possible for a Fly App to have standalone Machines that aren't managed by `fly deploy`.
-
-
-## Configuration
-
-flyctl will look for a `fly.toml` file to find the name of the app to operate on, and for an app configuration to apply during deployment. Use `fly deploy -a <app-name>` to override the app name given in `fly.toml` and deploy the project in the current working directory to a different existing Fly App.
-
-There are [a number of other options](/docs/flyctl/deploy/) you can use with the `fly deploy` command.
-
-## The build
-
-`fly deploy` builds, or gets, the Docker image for the app, and refreshes Machines with the latest changes.
-
-Here's how `fly deploy` determines how to get the app's Docker image:
-
-1. If an image is specified, either with the `--image` option or in the `[build]` section of `fly.toml`, use that image, regardless of the presence of a Dockerfile in the working directory or the use of the `--dockerfile` option.
-2. Otherwise, check the [`[build]` section of `fly.toml`](/docs/reference/configuration/#the-build-section) and use the method specified there, whether it's a Dockerfile or a buildpack (but don't use buildpacks if you don't have to; they're brittle, bloated, and prone to change).
-3. Otherwise, if the `--dockerfile` flag supplies a path to a Dockerfile, use that Dockerfile to build the image. You read that right. The `--dockerfile` flag is looked at _after_ the `[build]` section of the config file. This will hopefully change soon.
-4. Otherwise, if there's a `Dockerfile` (named exactly `Dockerfile` or `dockerfile`) in the local working directory, use that Dockerfile for the build.
-
-## IP addresses
-
-If the app to be deployed is configured with an eligible HTTP `[[services]]` section, and it does not yet have [public IP addresses](/docs/reference/services/), `fly deploy` provisions a public IPv6 and a shared public IPv4 Anycast address. 
-
-## Machines not managed by Fly Launch
-
-Machines created using `fly deploy` (or as part of a deployment during `fly launch`), or by `fly clone`ing such a Machine, carry a piece of metadata marking them as belonging to Fly Launch. These machines are updated as a group on all subsequent `fly deploy` commands, as are Machines that existed on a Machines App at the moment that it was migrated to a V2 App.
-
-New Machines created using `fly machine run` don't have the V2 Apps metadata, and are not automatically managed by Fly Launch (`fly deploy`), so these Machines can have their own configuration different from that of the App, and can even be based on a different Docker image.
-
-## Volume mounts and `fly deploy`
-
-If a Machine has a mounted [volume](/docs/volumes/), `fly deploy` can't be used to mount a different one. You can change the mount point at which the volume's data is available in the Machine's file system, though. This is configured in the [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) of `fly.toml`.
-
-Learn more about [using Fly Volumes](/docs/volumes/).
-
-## `fly deploy` configuration in `fly.toml`
-
-Configure the following deployment behavior in the [`[deploy]` section](/docs/reference/configuration/#the-deploy-section) of `fly.toml`.
-
-### Release commands
-You can run a one-off [release command](/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment) in a temporary VM&mdash;using the successfully built release&mdash;before that release is deployed. This is good for, e.g., running database migrations. Keep in mind that these temporary VMs do not have access to any volumes you may have mounted in your apps.
-
-### Deployment strategy
-
-You can specify one of the following deployment strategies:
-
-* `rolling` (default): wait for each Machine to be successfully deployed before starting the update of the next one
-* `immediate`: bring all Machines down for update at once
-* `canary`: boot a single new Machine, verify its health, and then proceed with a rolling restart strategy
-* `bluegreen`: boot a new Machine alongside each running Machine in the same region, and migrate traffic to the new Machines only once all the new Machines pass health checks
-
-Learn more about [setting a deployment strategy](/docs/reference/configuration/#picking-a-deployment-strategy).
-
-
-```cmd
-fly deploy --strategy canary
-```
-```out
-...
-==> Building image
-Searching for image 'flyio/hellofly:latest' remotely...
-image found: img_z1nr0lpjz9v5q98w
-
-Watch your app at https://fly.io/apps/aged-water-8803/monitoring
-
-Creating canary machine for group app
-  Machine 328745da023e85 [app] update finished: success
-Canary machines successfully created and healthy, destroying before continuing
-machine 328745da023e85 was found and is currently in created state, attempting to destroy...
-Updating existing machines in 'example-app-8803' with canary strategy
-  [1/2] Machine 3287457df77785 [app] update finished: success
-  [2/2] Machine 91857266c41638 [app] update finished: success
-  Finished deploying
-...
-```
-
-## Not all changes require a new App release
-
-You can [add an IP address](/docs/reference/services/#ip-addresses) to an App, for example, without redeploying.
-
-Adding a [secret](/docs/reference/secrets/) to the App does require a restart, so `fly secrets set` triggers a new deployment.
diff --git a/apps/fine-tune-apps.html.markerb b/apps/fine-tune-apps.html.markerb
new file mode 100644
index 0000000000..5e037ec6f7
--- /dev/null
+++ b/apps/fine-tune-apps.html.markerb
@@ -0,0 +1,96 @@
+---
+title: Tips to fine-tune your app on Fly.io
+layout: docs
+nav: apps
+redirect_from: /docs/reference/fine-tune-apps/
+---
+
+It’s safe to assume Fly.io can support thousands of requests or connections per second and can keep hundreds of thousands of them live at any given moment. This  is even truer when the clients connect from multiple geographic locations.
+
+That settled, you can still use the following guidelines to gather data to fine-tune and optimize your app and configuration to run on Fly.io.
+
+## Fly.io metrics
+
+We have various ways to access metrics for Fly Proxy, your app, and Fly Machines. Learn more about [Fly Metrics](/docs/reference/metrics/).
+
+- Edge HTTP response time is the total time it takes to respond with the first HTTP response headers.
+- App HTTP response time is the same, but only considers your app’s response time, not the overhead of routing, load balancing, retries, and so on.
+
+CPU and memory resource usage are interesting, but are rarely the culprit unless you have everything else in your benchmark right. The application logic often is often the issue when it comes to excessive CPU and memory usage.
+
+## Routing
+
+Check which [Fly.io region](/docs/reference/regions/) you're reaching.
+
+The region you reach should be the fastest region for you, which may not be the closest geographically. You can use the debug.fly.dev server to check your region:
+
+```
+curl debug.fly.dev
+```
+
+Use `traceroute` or `mtr` to see the routing to Fly.io.
+
+For example:
+
+```
+traceroute debug.fly.dev
+```
+
+Check the base latency for the region you’re reaching:
+
+```
+ping debug.fly.dev
+```
+
+<div class="important icon">
+**Important**: Do you have a stable internet connection? `ping` can jitter quite a bit on bad routes.
+</div>
+
+## Application logic and performance
+
+Some common culprits of excessive CPU and memory usage are:
+
+- Using a single thread
+- Blocking
+- Various misconfigurations, for example, wrong or missing environment variables
+
+### HTTP response times
+
+Fly.io HTTP response time metrics measure how long it takes for your app to start responding with headers, not the response body.
+
+### Multithreading
+
+If your app has multiple threads, make sure that contention isn't an issue. You can also [scale CPU resources](/docs/apps/scale-machine/) as needed.
+
+## Fly.io configuration
+
+Some configuration settings that are more likely to affect app performance and benchmarking.
+
+### Machine sizing
+
+Right-size Machines to use more parallel processing. Learn more about [Machine sizing](/docs/machines/guides-examples/machine-sizing/#general-rules).
+
+### Concurrency settings for connections or requests
+
+Refer to our guidelines for [concurrency settings](/docs/reference/concurrency/).
+
+### Auto stop and start feature
+
+[Auto stop and start](/docs/launch/autostop-autostart/) can be turned off if you want to test the performance of your app without that variable.
+
+If you don’t turn off auto stop and start, then you’ll likely have some pretty high p99 values due to the initial cost of Fly Proxy queueing connections while waiting for the Machine to start.
+
+## Distributed systems
+
+Fly.io has rate limits and hard limits outside of the control of each app; these limits are per edge and per service. If you test from a single location, then you'll hit our rate limits much faster than if you test from multiple locations.
+
+Pay attention to how your benchmarking nodes are routing.  Inefficient routing adds latency and will skew your results. If incorrect routing is causing issues with your app testing or your production apps, then post in community or contact support (depending on you plan) and we'll look into it with our network providers.
+
+## Challenges with benchmarking
+
+You probably won’t be able to realistically benchmark your app for a combination of reasons, including:
+
+- Users will have a large variety of ISPs and be routed differently based on ad hoc peering agreements, sometimes in non-optimal ways.
+- It’s difficult to remove the Anycast routing factor from benchmarking; you have to live with it.
+
+In some cases, a better option might be to send part of your real traffic to Fly.io and then compare metrics.
diff --git a/apps/going-to-production.html.markerb b/apps/going-to-production.html.markerb
new file mode 100644
index 0000000000..7a173a7cc6
--- /dev/null
+++ b/apps/going-to-production.html.markerb
@@ -0,0 +1,130 @@
+---
+title: Going to production checklist
+layout: docs
+nav: apps
+redirect_from:
+  - /docs/going-to-production/
+  - /docs/going-to-production/the-basics/
+  - /docs/going-to-production/the-basics/production-databases/
+  - /docs/reference/going-to-production/
+---
+
+Use this checklist to help you set up a production environment on Fly.io.
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/outlook.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon waving to a bird sitting on a hour roof" class="max-w-lg">
+</figure>
+
+## Overview
+
+Moving an app from staging to production can expose unexpected failure modes: security holes, performance and scaling issues, or data loss. This checklist is meant to catch common pitfalls for apps on Fly.io, but it’s not a guarantee of production readiness. Not every item here will apply to your app, and you may have additional requirements that aren't listed. Use this as a foundation and adapt it to your needs. Think of this list as a scaffold, not a silver bullet.
+
+<div class="important icon">
+**Important:** The checklist is not exhaustive and does not guarantee production-readiness for your app. Apps can have unique requirements for production depending on the framework and type of app. Some items won't be applicable and there may be other considerations not listed here; you'll need to decide which checklist items work for your app.
+</div>
+
+## Security
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "sso", title: "Set up single sign-on for organizations", description: "Enable SSO on your organization to take advantage of Google or GitHub authentication security. Learn more about [Single sign-on for organizations](/docs/security/sso/)." },
+    { id: "isolation", title: "Isolate staging and production environments", description: "Use organizations to limit access to your production environment. Read this guide: [Staging and production isolation](/docs/blueprints/staging-prod-isolation/)." },
+    { id: "least-privilege", title: "Enforce least privilege access", description: "Use access tokens to allow only the minimum access level required by team members to your organization, apps, and Machines. Understand [access tokens](https://fly.io/docs/security/tokens/)." },
+    { id: "secrets", title: "Protect sensitive information", description: "Set secrets to store sensitive data and make them available as environment variables to your app. Read about [Secrets and Fly Apps](/docs/apps/secrets/)." },
+    { id: "exposure", title: "Make sure private services are not exposed", description: "Check that your private apps with services don't have public IP addresses. Run `fly ips list` and use `fly ips release` to release unnecessary public IPs. More detail is available in this `flyctl` reference: [`fly ips` commands](/docs/flyctl/ips/). Assign private apps a [Flycast address](https://fly.io/docs/networking/flycast/) instead." },
+    { id: "arcjet", title: "Use Arcjet application security for JavaScript apps", description: "Secure your app with rate limiting, bot protection, email validation, and defense against common attacks through our extension partner Arcjet. Read more about [Application Security by Arcjet](/docs/security/arcjet/)." }
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## Databases
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "production-grade-postgres", title: "Use Managed Postgres", description: "We recommend using [Fly.io's Managed Postgres](/docs/mpg/), our fully-managed database service that handles all aspects of running production PostgreSQL."},
+    { id: "test-backups", title: "Practice your disaster recovery plan", description: "Practice restoring your managed Postgres database from a backup before you actually need to. You can do this anytime from the Managed Postgres dashboard." }
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## App performance
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "machine-sizing", title: "Get Machine sizing right", description: "Most conventional production web apps require [performance CPUs](/docs/machines/cpu-performance/). Also make sure you have enough RAM for your app and/or enable [swapping to disk](/docs/reference/configuration/#swap_size_mb-option) to deal with brief spikes in memory use. Find out more details in our [Machine sizing guide](/docs/machines/guides-examples/machine-sizing/)."},
+    { id: "fine-tune-app", title: "Fine-tune your app", description: "Learn about optimizing your app on Fly.io. Read these tips to [fine-tune your app on Fly.io](/docs/apps/fine-tune-apps/)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## Availability, resiliency, and costs
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "multiple-machines", title: "Use multiple Machines for resiliency", description: "Make your app resilient to single-host failures with multiple Machines that stay stopped until you need them. Learn more in our guide: [Resilient apps use multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/)."},
+    { id: "add-regions", title: "Scale your app into more regions", description: "Scale your app in multiple regions closest to your app's users. Find out how to [Scale an app's regions](/docs/launch/scale-count/#scale-an-apps-regions)."},
+    { id: "autostop-autostart", title: "Use autostop/autostart to reduce costs", description: "Autostop/autostart lets you stop or suspend Machines when there's low traffic, saving on resource usage and costs. You get autostop/autostart by default with a new app, but you can configure it to optimize for your use case. Find out more: [Autostop/autostart Machines](/docs/launch/autostop-autostart/)."},
+    { id: "autoscale-by-metric", title: "Set up autoscaling by metric to reduce costs", description: "For apps that aren't running web services, use the autoscaler app to scale your app's Machines based on any metric, saving on resource usage and costs. Learn how to [Autoscale based on metrics](/docs/launch/autoscale-by-metric/)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## Networking
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "custom-domain", title: "Set up a custom domain", description: "Configure a certificate for your domain. Learn how to [use a custom domain](/docs/networking/custom-domain/)."},
+    { id: "ipv4", title: "Consider using a dedicated IPv4 address", description: "Completely eliminate the chance of blacklisted spammers causing problems for your app. There is a small [added cost](/docs/about/pricing/#anycast-ip-addresses) for dedicated IPv4 addresses. Read more about [Dedicated IPv4](/docs/networking/services/#dedicated-ipv4)."},
+    { id: "flycast", title: "Set up Flycast for private apps", description: "If you haven't already done so, give your private apps a Flycast address to communicate with them entirely on your private network. Find out about [Flycast - Private Fly Proxy services](https://fly.io/docs/networking/flycast/)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+
+## Monitoring
+
+<%= render ChecklistComponent.new(
+  items: [
+    
+    { id: "metrics", title: "Monitor your app with fully-managed metrics", description: "Use managed Prometheus and managed Grafana dashboards to monitor your app. Read about [Metrics on Fly.io](/docs/monitoring/metrics/)."},
+    { id: "sentry", title: "Use Sentry for Error tracking", description: "Our extension partner Sentry provides an application monitoring platform that helps you identify and fix software problems before they impact your users. Fly.io organizations get a year's worth of [Sentry Team Plan](https://fly.io/docs/monitoring/sentry/#sentry-plan-details) credits. Read how to configure [Application Monitoring by Sentry](/docs/monitoring/sentry/)."},
+    { id: "export-logs", title: "Export your logs", description: "Set up the Fly Log Shipper to aggregate your app’s logs to a service of your choice. Read more about [Exporting logs](/docs/monitoring/exporting-logs/)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## CI/CD
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "review-apps", title: "Generate review apps with GitHub Actions", description: "Automatically generate ephemeral review apps on Fly.io for each pull request (PR) using GitHub Actions. Learn more about [Git Branch Preview Environments on GitHub](/docs/blueprints/review-apps-guide/)."},
+    { id: "deploy-with-github-actions", title: "Deploy with GitHub Actions", description: "Set up your app for continuous deployment to Fly.io from the app’s GitHub repository. Find out how to use [Continuous Deployment with Fly.io and GitHub Actions](/docs/app-guides/continuous-deployment-with-github-actions/)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
+
+## Get support
+
+<%= render ChecklistComponent.new(
+  items: [
+    { id: "community", title: "Get answers in our community forum", description: "Check out our [community forum](https://community.fly.io/) to talk about your project and get help."},
+    { id: "email-support", title: "Consider a purchasing a support plan", description: "Standard, Premium, or Enterprise support packages are available to purchase. Learn more about [Support plans](https://fly.io/support)."}
+  ],
+  c: params[:c] || "",
+  o: params[:o] || "",
+  h: params[:h] || ""
+) %>
diff --git a/apps/index.html.markerb b/apps/index.html.markerb
index 2c315efe91..e6e43834bc 100644
--- a/apps/index.html.markerb
+++ b/apps/index.html.markerb
@@ -1,52 +1,51 @@
 ---
-title: "Fly Launch"
+title: "Apps on Fly.io"
 layout: docs
 toc: false
-nav: firecracker
+nav: apps
 ---
 
-Fly Launch is a collection of opinionated Fly.io platform features that help you configure and orchestrate your app as a unit. The following are some Fly Launch features:
-
-- the `fly launch` command to get started
-- the `fly.toml` file for app configuration
-- the `fly deploy` command to deploy all your app's Machines
-- the `fly scale` command for horizontal and vertical scaling
-
-You can also configure and manage Fly Machines individually; see the [Fly Machines](/docs/machines/) docs.
-
-Learn how to use Fly Launch:
-
-<ul class="outline-list">
-    <li>
-    <%= nav_link "Launch a New Fly App", "/docs/apps/launch/" %>
-    </li>
-    <li>
-    <%= nav_link "Deploy a Fly App", "/docs/apps/deploy/" %>
-    </li>
-    <li>
-    <%= nav_link "Get Information about an App", "/docs/apps/info/" %>
-    </li>
-    <li>
-    <%= nav_link "Add Volume Storage", "/docs/apps/volume-storage/" %>
-    </li>
-    <li>
-    <%= nav_link "Scale Machine CPU and RAM", "/docs/apps/scale-machine/" %>
-    </li>
-    <li>
-    <%= nav_link "Add or Remove Machines", "/docs/apps/scale-count/" %>
-    </li>
-    <li>
-    <%= nav_link "Automatically Stop and Start Machines", "/docs/apps/autostart-stop/" %>
-    <li>
-    <%= nav_link "Restart an App", "/docs/apps/restart/" %>
-    </li>
-    <li>
-    <%= nav_link "Run Multiple Processes in an App", "/docs/apps/processes/" %>
-    </li>
-    <li>
-    <%= nav_link "Delete an App", "/docs/apps/delete/" %>
-    </li>
-    <li>
-    <%= nav_link "Fly Launch Configuration Reference", "/docs/reference/configuration/" %>
-    </li>
-</ul>
+<figure>
+  <img src="http://github.com/static/images/apps-new-and-fun.png" alt="Illustration by Annie Ruygt of a green block with A written on it, followed by a database stack in a dancing move" class="max-w-xl">
+</figure>
+
+An app on Fly.io can be anything from a simple frontend web app to a complex arrangement of processes and Machines all doing their own thing. Check out the [Fly Apps overview](/docs/apps/overview/) for details.
+
+
+## Fly Launch
+
+_If you're looking to deploy an app on Fly.io, you probably want Fly Launch. Use Fly Launch to create your app and then manage the whole lifecycle, from starting to scaling to changing and redeploying._
+
+- **[Get started](/docs/getting-started/):** Launch your own app or try a demo app.
+
+- **[Use Fly Launch](/docs/launch/):** Learn how to create, configure, deploy, and scale your app.
+
+---
+
+## Secrets
+
+_Store sensitive data, like usernames and passwords, as secrets in your app. Secrets are made available to the app as environment variables._
+
+- [Set app secrets to be available at runtime](/docs/apps/secrets/)
+- [Mount secrets in your Dockerfile to be available at buildtime](/docs/apps/build-secrets/)
+
+---
+
+## Production apps
+
+_Get your app ready for production on Fly.io._
+
+- [Going to production checklist](/docs/apps/going-to-production/)
+- [App availability and resiliency](/docs/apps/app-availability/)
+- [Fine-tune your app](/docs/apps/fine-tune-apps/)
+- [Guidelines for concurrency settings](/docs/apps/concurrency/)
+
+---
+
+## Related topics
+
+- [Databases & Storage](/docs/database-storage-guides/)
+- [Networking](/docs/networking/)
+- [Monitoring](/docs/monitoring/)
+- [Security](/docs/security)
+- [Blueprints: Fly.io patterns for your projects](/docs/blueprints/)
diff --git a/apps/info.html.md b/apps/info.html.md
index ebf50a5b63..a17e5cf3a7 100644
--- a/apps/info.html.md
+++ b/apps/info.html.md
@@ -1,14 +1,16 @@
 ---
-title: Get Information about an App
-objective: 
+title: Get information about an app
 layout: docs
-nav: firecracker
-order: 15
+nav: apps
 ---
 
-Once your Fly App is launched, `flyctl` has various tools for getting information about it. You can also find a lot of information on your Fly.io [web dashboard](https://fly.io/dashboard).
+<figure>
+  <img src="http://github.com/static/images/docs-books.webp" alt="">
+</figure>
 
-## Find all your Apps
+Once your Fly App is launched, `flyctl` has various tools for getting information about it. You can also find a lot of information on your Fly.io [dashboard](https://fly.io/dashboard).
+
+## Find all your apps
 
 You can see a list of all your Fly Apps:
 
@@ -21,7 +23,7 @@ testrun       personal        deployed        machines        21h17m ago
 my-app        personal        suspended       machines        2023-11-15T23:33:07Z
 ```
 
-## App Overviews
+## App overviews
 
 If you want a brief app overview, including a list of Machines on that app with their current status, use `fly status`:
 
@@ -41,7 +43,7 @@ ID              STATE   REGION  HEALTH CHECKS           IMAGE
 
 As with many flyctl commands, if you leave off the `-a` flag, `fly status` will infer the app name from the `fly.toml` file in the working directory, if there is one.
 
-`fly machine list` yields a different set of information for each Machine, including the Machine's [internal IPv6 address](/docs/reference/private-networking/):
+`fly machine list` yields a different set of information for each Machine, including the Machine's [internal IPv6 address](/docs/networking/private-networking/):
 
 ```cmd
 fly machine list -a testrun
@@ -104,18 +106,19 @@ TCP             80 => 8080 [HTTP]       True
 
 ## Public IP addresses
 
-Find your app's public Anycast IPs with `fly ips list`.
+Find your app's public Anycast IPs and private Flycast IPs with `fly ips list`.
 
 ```cmd
 fly ips list
 ```
 ```out
-VERSION IP                      TYPE            REGION  CREATED AT           
-v6      2a09:8280:1::d285       public          global  2023-01-25T21:35:29Z
-v4      66.241.125.211          public (shared)           
+VERSION	IP                  	TYPE              	REGION	CREATED AT
+v6     	2a09:8280:1::2d:678b	public (dedicated)	global	Sep 1 2023 19:47
+v6     	fdaa:2:45b:0:1::23  	private           	global	Mar 16 2024 18:20
+v4     	66.241.124.63       	public (shared)   	      	Jan 1 0001 00:00
 ```
 
-Read more about [Public Network Services](/docs/reference/services/) and [Private Networking](/docs/reference/private-networking/).
+Read more about [Public networking](/docs/networking/services/) and [Private networking](/docs/networking/private-networking/).
 
 
 ## Check on it from inside
@@ -146,14 +149,13 @@ tmpfs             113224      0    113224   0% /sys/fs/cgroup
 /dev/vdb         1011672   2564    940500   1% /storage
 ```
 
-<div class="callout">If you are running an interactive command (like a shell, IEx, or the Rails console), you may need to use the `--pty` flag. This tells the SSH server to run the command in a pseudo-terminal. (If you're familiar with OpenSSH, this is like the `-t` flag for `ssh`.)</div>
+<div class="callout">If you are running an interactive command (like a shell, IEx, Django management command, or the Rails console), you may need to use the `--pty` flag. This tells the SSH server to run the command in a pseudo-terminal. (If you're familiar with OpenSSH, this is like the `-t` flag for `ssh`.)</div>
 
 
-## Inspect the Current Configuration of a Deployed App or Machine
+## Inspect the current configuration of a deployed app or Machine
 
 Machines can be configured individually, but Fly Launch applies the app's config on `fly deploy` to all Machines that are administered by the app. Display the app configuration in JSON format with `fly config show`.
 
-
 ### Show the app config
 
 ```cmd
@@ -269,4 +271,4 @@ fly logs -a testrun
 
 `fly logs` stays open, watching the logs, until you stop it (<kbd>ctrl-C</kbd>).
 
-You can also [ship logs to an external service](/blog/shipping-logs/).
+Learn more about [logging on Fly.io](/docs/monitoring/logging-overview/).
diff --git a/apps/launch.html.markerb b/apps/launch.html.markerb
deleted file mode 100644
index a206dde94f..0000000000
--- a/apps/launch.html.markerb
+++ /dev/null
@@ -1,92 +0,0 @@
----
-title: Launch a New App on Fly.io
-objective: 
-layout: docs
-nav: firecracker
-order: 10
-redirect_from: /launch/
----
-
-Fly Launch helps you configure and orchestrate your app. 
-
-To create a brand new app on Fly.io, run this command from the source directory of your project:
-
-```cmd
-fly launch
-``` 
-
-If you're in a hurry to try your first launch, we have a condensed [Hands-on](/docs/hands-on/) that launches a super-simple demo app. Or check out our [language- and framework-specific launch guides](/docs/languages-and-frameworks/).
-
-## Ingredients for a successful `fly launch`
-
-Here are the components of a successful launch, ready for the first deployment:
-
-* A way to get a Docker image that we can use to get your app running on a Machine.
-* A `fly.toml` file, created by `fly launch` or provided by you, for your app's Fly.io-specific [configuration](/docs/reference/configuration/).
-* Optional platform resources such as [public IP addresses](/docs/reference/services/), [Fly Volumes](/docs/reference/volumes), [app secrets](/docs/reference/secrets/), [Fly Postgres](/docs/postgres/) clusters, and integrated resources like [Upstash for Redis](/docs/reference/redis/).
-
-## Framework launch scanners
-
-Depending on your project, `fly launch` may be able to look at your app's source code and get through that [ingredient list](#ingredients-for-a-successful-fly-launch), straight to a ready-to-deploy Fly App. This is most likely to work for frameworks on which Fly.io has people specializing full time. Right now that's [Elixir/Phoenix](/docs/elixir/), [Laravel](/docs/laravel/), [Rails](/docs/rails/), and [Django](/docs/django/), but we also have launch guides for other [languages and frameworks](/docs/languages-and-frameworks/).
-
-Our best scanners furnish a Dockerfile from which your app's image will be built. Some of our terrible older scanners may invoke [buildpacks](/docs/reference/builders/#buildpacks), which tend to be slow and brittle.
-
-Running `fly launch` in a directory containing a working Django app (it happens to be the one from [our Django getting-started example](/docs/django/getting-started/)):
-
-```cmd
-fly launch
-```
-```out
-Scanning source code
-Detected a Django app
-Creating app in /flyio/hello-django
-We're about to launch your Django app on Fly.io. Here's what you're getting:
-
-Organization: MyName                 (fly launch defaults to the personal org)
-Name:         hello-django           (derived from your directory name)
-Region:       Amsterdam, Netherlands (this is the fastest region for you)
-App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
-Postgres:     <none>                 (not requested)
-Redis:        <none>                 (not requested)
-
-? Do you want to tweak these settings before proceeding? Yes
-...
-```
-
-The flyctl Django scanner has taken ownership of the launch. You can tweak the basic settings on the Fly Launch web page and then run 'fly deploy' to deploy the new app. Visit our [Django guide](/docs/django/getting-started/) to see how that story will end. (Spoiler: it has a happy ending.)
-
-## Custom launch
-
-You can nudge `fly launch` to better suit your project. 
-
-### Point to an image or use a Dockerfile to build
-
-Tell `fly launch` how you want to get the Docker image for your app, using either the `--image` or `--dockerfile` option, or by catching the Dockerfile launch scanner's attention with the presence of a [Dockerfile](/docs/languages-and-frameworks/dockerfile/) in your project source directory. The Dockerfile scanner doesn't do a lot of configuration, but it prevents other scanners from taking over.
-
-The actual Docker image build (or image pull) for a Fly App takes place during deployment. `fly launch` sets the stage by recording how to build, or get, the image, and both the first and all later deploys use that information.
-
-### Customize the configuration file
-
-You can provide your own `fly.toml` and `fly launch` will offer to copy that configuration to a new app. `fly.toml` sets a starting point for the app configuration, and in some cases a framework launch scanner might overwrite parts of it.
-
-There are also [a number of other options](/docs/flyctl/launch/) you can use to exert control over `fly launch`.
-
-If `fly launch` doesn't have a scanner that can set up your app automatically, it will still initialize a new Fly App in your Fly.io organization and provide you with a default app configuration that's a reasonable starting point for a simple web app. 
-
-You can also perform an entirely manual "launch", skipping all the launch scanners and full-service resource provisioning, using `fly apps create`, a hand-crafted (or copied) `fly.toml`, and step-by-step resource provisioning, followed by `fly deploy`.
-
-## After `fly launch`
-
-If you've run `fly launch` but haven't deployed yet (hint: you can do this with `fly launch --no-deploy`), or you deployed but want to make changes, then you can:
-
-* change your configuration
-* update your app source
-* change or provision platform resources such as [public IP addresses](/docs/reference/services/), [Fly Volumes](/docs/reference/volumes), [app secrets](/docs/reference/secrets/), [Fly Postgres](/docs/postgres/) clusters, or integrated resources like [Upstash for Redis](/docs/reference/redis/)
-
-And then deploy (or redeploy) with [`fly deploy`](/docs/apps/deploy/).
-
-After you deploy your app:
-
-* Check up on it using one or more of the techniques in [Get Information About an App](/docs/apps/info/). 
-* Get ready to [go to production](/docs/going-to-production/), read up on [app availability and resiliency features](/docs/reference/app-availability/), and learn how to [scale the number of Machines](/docs/apps/scale-count/) or [scale Machine CPU and RAM](/docs/apps/scale-machine/).
-* Go deeper and do even more, at a lower level, with [Machines](/docs/machines/).
diff --git a/apps/move-app-org.html.markerb b/apps/move-app-org.html.markerb
new file mode 100644
index 0000000000..0fa8635194
--- /dev/null
+++ b/apps/move-app-org.html.markerb
@@ -0,0 +1,48 @@
+---
+title: Move an app between organizations
+layout: docs
+nav: apps
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/migrating-from-aws.png" alt="Illustration by Annie Ruygt of a figure jumping from one mountian to another" class="w-full max-w-lg mx-auto">
+</figure>
+
+You might want to move an app to a new org to hand off your completed work to a client, to take advantage of a new pricing model, or to move a production app out of your personal organization.
+
+You can move an entire app with its resources to another organization with the `fly apps move` command. You'll need to be a member of both organizations to move an app.
+
+To move an app from one organization to another:
+
+```cmd
+fly apps move <app name> --org <target organization name>
+```
+
+<div class="important">
+**Fly Postgres:** You can't use the `fly apps move` command for Fly Postgres apps. To move a Postgres app to another organization, create a new Postgres app under the target organization, and then [restore the data from your current Postgres app volume snapshot](/docs/postgres/managing/backup-and-restore/#restoring-from-a-snapshot).
+</div>
+
+## App downtime
+
+Your app will have up to a few minutes of downtime while the move operation completes.
+
+## Resources moved with the app
+
+The following app resources are transferred to the new org automatically:
+
+- Fly Machines and Fly Volumes (including data)
+- environment variables and secrets
+- certificates and domain names
+- LiteFS databases (when `$FLY_APP_NAME` is used for your Consul key in `litefs.yml`)
+
+## Resources that you need to manually reconfigure
+
+The following extension services need to be reconfigured for the app after the move:
+
+- **[Upstash for Redis](/docs/upstash/redis/):** Upstash Redis is only available over an organization's private network. After you move the app, you'll need to provision a new database for the new org.
+- **[Tigris object storage](/docs/tigris/):** Before moving the app, you'll need to delete the bucket, then recreate it in the new org and set the new secrets. Billing for the new bucket will be tied to the new org.
+
+
+## Read more
+
+[App handover considerations and approaches](/docs/apps/app-handover-guide/)
\ No newline at end of file
diff --git a/apps/overview.html.markerb b/apps/overview.html.markerb
new file mode 100644
index 0000000000..b38c0b340f
--- /dev/null
+++ b/apps/overview.html.markerb
@@ -0,0 +1,62 @@
+---
+title: "Fly Apps overview"
+layout: docs
+toc: false
+nav: apps
+redirect_from: /docs/reference/apps/
+---
+
+A Fly App is an abstraction for a group of Fly Machines running your code on Fly.io. You can create and manage your app as a whole using [Fly Launch](/docs/launch/), but you can also have a Fly App with individual Machines running tasks or user code.
+
+For a quick primer on Fly Launch, Fly Machines, and Fly Apps, see [Fly.io essentials](/docs/getting-started/essentials/).
+
+## A Fly App can be almost anything
+
+From an admin point of view, a Fly App is just a group of Machines (with optional attached volumes) that belongs to one organization.
+
+From a developer point of view, a Fly App might be:
+
+* a fullstack application (or just part of one)
+* a database
+* a few Machines running tasks, or a bunch of Machines, all with different configs, doing things you want them to do
+* anything you can think of doing with fast-launching Machines, including [GPU Machines](/docs/gpus/) for AI/ML workloads
+
+All the apps in your organization can communicate over a [private network](/docs/networking/private-networking/), so it’s also possible to have multiple apps working together as one system.
+
+## Components of a Fly App
+
+Fly Apps include:
+
+* app configuration
+* provisioned resources
+* Anycast IP addresses
+* certificates
+* custom domains
+* secrets
+* Fly Volumes (optional)
+
+Fly Apps run on flyd. Learn more about how flyd works and how it came to be in the blog post: [Carving the Scheduler Out of Our Orchestrator](https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/).
+
+## Ways to create an app
+
+There might be an infinite number of potential apps you can run on Fly.io, but there are only a few ways to create one.
+
+### Create and deploy with Fly Launch
+
+Fly Launch is perfect for most apps and databases. Use Fly Launch to create your app and then manage the whole lifecycle, from starting to scaling to changing and redeploying. [Get started](/docs/getting-started/) with Fly Launch or learn more about using [Fly Launch](/docs/launch/) to create, configure, deploy, and scale your app.
+
+### Create an app manually
+
+Most of the time, all you need is [Fly Launch](/docs/launch/) to create and manage your app. But you can skip all the handy launch scanners and resource provisioning Fly Launch offers and use the `fly apps create` command or the Machines API to create an app and then piece it together.
+
+You can get a [`fly.toml` config file](/docs/reference/configuration/) from an example app or hand-craft one yourself. Or if you don't need app-wide config, you can use the Fly App to hold the Machines you plan to spin up individually based on a particular image.
+
+Using the `fly apps create` command is useful when deploying our [autoscaler app](/docs/launch/autoscale-by-metric/), or example apps created by others, that already have `fly.toml` and Dockerfiles ready to go.
+
+Creating apps with the Machines API might be the right choice if you want to create apps for your own users with pre-defined or custom `fly.toml` files.
+
+For more information, see the [`fly apps create` docs](/docs/flyctl/apps-create/) and the [create App resource docs](/docs/machines/api/apps-resource/#create-a-fly-app).
+
+<div class="note icon">
+**Tip:** When you [create a Machine with `fly machine run`](/docs/machines/flyctl/fly-machine-run/) without specifying an app to put it in, you automatically get a new app at the same time. This scenario might be useful when you're spinning up individual Machines on-demand for multiple users or tasks.
+</div>
diff --git a/apps/restart.html.markerb b/apps/restart.html.markerb
index f4841c89c0..6a5dc3a636 100644
--- a/apps/restart.html.markerb
+++ b/apps/restart.html.markerb
@@ -1,25 +1,27 @@
 ---
-title: Restart an App or a Machine
-objective: 
+title: Restart apps or Machines
 layout: docs
-nav: firecracker
-order: 70
+nav: apps
 ---
 
-Running `fly deploy` on an App creates a new release of the App, and restarts the Machines that it manages.
+<figure>
+  <img src="http://github.com/static/images/docs-mountains.webp" alt="">
+</figure>
 
-Sometimes you don't want to update anything; you just want to reboot and start the root file system afresh. (Yes, restarting wipes the ephemeral file system, just as a `fly deploy` or `fly machine update` will.)
+Running `fly deploy` on an app creates a new release of the app, and updates and restarts the Machines that belong to Fly Launch.
 
-## Restart every Machine in the App
+Sometimes you don't want to update anything; you just want to reboot and start the root file system afresh. Restarting wipes the ephemeral file system, just as a `fly deploy` or `fly machine update` will.
 
-`fly apps restart <app-name>` restarts all Machines in the App&mdash; Machines that belong to Fly Launch as well as any other standalone Machines you might have created within the App.
+## Restart every Machine managed by Fly Launch
 
-## Restart an Individual Machine
+`fly apps restart <app name>` restarts all Machines in the app that are managed by Fly Launch. In other words, all the Machines deployed with `fly deploy` and configured with `fly.toml`.
 
-If one particular Machine needs a kick, restart it using `fly machine restart`:
+## Restart individual Machines
+
+If one particular Machine needs a kick&mdash;or you want to restart an unmanaged Machine&mdash;then run `fly machine restart`:
 
 ```cmd
-fly machine restart <machine-id>
+fly machine restart <machine id>
 ```
 
-You can provide multiple `<machine-id>`s to restart several Machines in one command.
+You can provide multiple `<machine id>`s to restart several Machines in one command.
diff --git a/apps/scale-machine.html.markerb b/apps/scale-machine.html.markerb
deleted file mode 100644
index bdff051862..0000000000
--- a/apps/scale-machine.html.markerb
+++ /dev/null
@@ -1,210 +0,0 @@
----
-title: Scale Machine CPU and RAM
-objective: 
-layout: docs
-nav: firecracker
-order: 50
----
-
-[**`fly scale`**](/docs/flyctl/scale) commands apply VM memory and CPU settings to entire process groups in a Fly App. There are two subcommands for scaling these per-VM resources: `fly scale vm` applies a preset CPU/RAM combination; `fly scale memory` adjusts RAM relative to the preset's base RAM.
-
-You can scale an app even if it has crashed. Its VMs are restarted with the new specification.
-
-## Check the VM resources on an app
-Here's a simple web app with two Machines running in different regions: two in Toronto and one in Tokyo. All the app's Machines belong to the default process group, `app`, since I didn't explicitly configure any [processes](/docs/apps/processes/). 
-
-```cmd
-fly status
-```
-```out    
-App
-  Name     = testrun                                        
-  Owner    = personal                                   
-  Hostname = testrun.fly.dev                                
-  Image    = testrun:deployment-01GWZY7ZVJ2HNED4B0KZBPS3AQ  
-  Platform = machines                                   
-
-Machines
-ID              PROCESS VERSION REGION  STATE   HEALTH CHECKS           LAST UPDATED         
-148ed599c14189  app     3       yyz     started 1 total, 1 passing      2023-04-04T19:30:57Z
-32874400f35285  app     3       yyz     started 1 total, 1 passing      2023-04-04T19:33:44Z
-9080e6e1f94987  app     3       nrt     started 1 total, 1 passing      2023-04-04T19:31:22Z
-```
-
-`fly scale show` shows the CPU and RAM settings for all the Machines deployed using `fly deploy` under this app.
-
-```cmd
-fly scale show
-```
-```out
-VM Resources for app: testrun
-
-Groups
-NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
-app     3       shared  1       256 MB  nrt,yyz(2)
-```
-
-These Machines are running at the `shared-cpu-1x` preset scale, with a single shared vCPU and 256MB RAM. 
-
-## Select a preset CPU/RAM combination
-
-There are a number of VM size presets available. See the list of valid named presets with `fly platform vm-sizes`.
-
-Scale to a different preset using `fly scale vm`. In general, you should choose a named VM "size" based on your desired CPU type and scale; RAM can be increased separately.
-
-```cmd
-fly scale vm shared-cpu-2x
-```
-```out
-Updating machine 148ed599c14189
-  Waiting for 148ed599c14189 to become healthy (started, 1/1)
-Machine 148ed599c14189 updated successfully!
-Updating machine 32874400f35285
-  Waiting for 32874400f35285 to become healthy (started, 1/1)
-Machine 32874400f35285 updated successfully!
-Updating machine 9080e6e1f94987
-  Waiting for 9080e6e1f94987 to become healthy (started, 1/1)
-Machine 9080e6e1f94987 updated successfully!
-Scaled VM Type to 'shared-cpu-2x'
-      CPU Cores: 2
-         Memory: 512 MB
-```
-Check that the `app` process group has had this scale applied:
-
-```cmd
-fly scale show   
-```
-```out         
-VM Resources for app: testrun
-
-Groups
-NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
-app     3       shared  2       512 MB  nrt,yyz(2)
-```
-
-You can also confirm that an individual Machine's config matches this, using `fly machine status`:
-
-```cmd
-fly machine status 148ed599c14189
-```
-```out
-Machine ID: 148ed599c14189
-Instance ID: 01GX6Q2WE04M85XTHGPYGJK4X6
-State: started
-
-VM
-  ...                                       
-  Process Group = app                                        
-  CPU Kind      = shared                                     
-  vCPUs         = 2                                          
-  Memory        = 512                                        
-  ...
-```
-
-Looks good!
-
-## Add RAM
-
-If you are happy with the provisioned CPU resources, but want more memory, then use `fly scale memory` to top up the RAM.
-
-If your app crashes with an out-of-memory error, then scale up its RAM. Flyctl restarts the Machines to use the new setting.
-
-```cmd
-fly scale memory 4096
-```
-```out
-Updating machine 32874400f35285
-  Waiting for 32874400f35285 to become healthy (started, 1/1)
-Machine 32874400f35285 updated successfully!
-Updating machine 148ed599c14189
-  Waiting for 148ed599c14189 to become healthy (started, 1/1)
-Machine 148ed599c14189 updated successfully!
-Updating machine 9080e6e1f94987
-  Waiting for 9080e6e1f94987 to become healthy (started, 1/1)
-Machine 9080e6e1f94987 updated successfully!
-Scaled VM Type to 'shared-cpu-2x'
-      CPU Cores: 2
-         Memory: 4096 MB
-```
-
-```cmd
-fly scale show
-```
-```out
-VM Resources for app: testrun
-
-Groups
-NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
-app     3       shared  2       4096 MB nrt,yyz(2)
-```
-
-
-If you try to set an incompatible CPU/RAM combination through `fly scale memory`, flyctl will let you know. There's a list of allowed CPU/RAM combinations and their prices on [our Pricing page](/docs/about/pricing/). 
-
-
-## Scale by process group
-
-Use the `--process-group` option to specify the process group to scale, with either `fly scale vm` or `fly scale memory`.
-
-<div class="note icon">
-**Note**: The `--process-group` option is aliased to `-g` for faster command entry.
-</div>
-
-Here's an app with two process groups defined:
-
-```cmd
-fly scale show
-```
-```out
-VM Resources for app: mr18-2
-
-Groups
-NAME    COUNT   KIND    CPUS    MEMORY  REGIONS 
-worker  2       shared  1       512 MB  ams,yyz
-web     1       shared  1       512 MB  yyz   
-```
-
-Say the workers are constantly crunching data and need to be bigger. You can scale a single process group using the `--process-group` option:
-
-```cmd
-fly scale vm performance-2x --process-group worker
-```
-```out
-Updating machine 0e286561f35586
-No health checks found
-Machine 0e286561f35586 updated successfully!
-Updating machine 32873d9b012048
-No health checks found
-Machine 32873d9b012048 updated successfully!
-Scaled VM Type for 'worker' to 'performance-2x'
-      CPU Cores: 2
-         Memory: 4096 MB
-```
-
-Check the result: 
-
-```cmd
-fly scale show
-```
-```out
-VM Resources for app: mr18-2
-
-Groups
-NAME    COUNT   KIND            CPUS    MEMORY  REGIONS 
-worker  2       performance     2       4096 MB ams,yyz
-web     1       shared          1       512 MB  yyz 
-```
-
-## Machines not belonging to Fly Launch
-
-If an app has Machines not belonging to Fly Launch&mdash;that is, created using `fly machine run` or the Machines API, or `fly machine clone`d from such a Machine&mdash;`fly status` will warn you of their existence.
-
-The app-wide `fly scale` commands do not apply to these Machines, but you can scale any Machine individually with `fly machine update`:
-
-```
-fly machine update --vm-size shared-cpu-2x 21781973f03e89
-fly machine update --vm-memory 1024 21781973f03e89
-fly machine update --vm-cpus 2 21781973f03e89
-```
-
-Again, if you try to set an incompatible CPU/RAM combination through `fly machine update --vm-memory` or `fly machine update --vm-cpus`, flyctl will let you know.
diff --git a/apps/secrets.html.markerb b/apps/secrets.html.markerb
new file mode 100644
index 0000000000..16a46d2b5c
--- /dev/null
+++ b/apps/secrets.html.markerb
@@ -0,0 +1,100 @@
+---
+title: Secrets and Fly Apps
+layout: docs
+nav: apps
+redirect_from: /docs/reference/secrets/
+---
+
+## Overview
+
+You can specify secrets for your Fly App using the `fly secrets` command. Secrets allow sensitive values, such as credentials, to be passed securely to your Fly App. The secret is encrypted and stored in a vault. An app's secrets are available as environment variables at runtime on every Machine belonging to that Fly App, whether the Machine is managed by Fly Launch or not. 
+
+Data stored as secrets doesn't have to be sensitive; secrets are made available to the app as environment variables to use for whatever purpose you like.
+
+If you need secrets to be available when building your Docker image, see [Build secrets](/docs/apps/build-secrets/).
+
+## Architecture
+
+Secrets are stored in an encrypted vault. When you set a secret through `flyctl`, it sends the secret value through our API, which writes to the vault for your specific Fly App. The API servers can only encrypt; they cannot decrypt secret values. Secret values are never logged.
+
+When we launch a Machine for your app, we issue a temporary auth token to the host it runs on. The Fly.io agent on the host uses this token to decrypt your app secrets and inject them into your Machine as environment variables at boot time. When you destroy your Machines, the host environment no longer has access to your app secrets.
+
+<section class="warning icon">
+**Warning:** `flyctl` and our API servers are designed to prevent user secrets from being extracted. However, secrets are available to your application code as environment variables. People with deploy access **can** deploy code that reads secret values and prints them to logs, or writes them to unencrypted data stores.
+</section>
+
+## Working with Secrets
+### Set secrets
+
+The `fly secrets set` command sets one or more app secrets, then updates each Machine belonging to that Fly App. This involves a restart of the Machine and a consequent reset of its ephemeral file system.
+
+The following example sets a secret that's available as the `DATABASE_URL` environment variable within your application processes:
+
+<%= partial "docs/partials/set_secrets" %>
+
+To set, or update, a secret in the app's vault, but defer updating the Machines to later, use the `--stage` option. For example:
+
+```cmd
+fly secrets set DATABASE_URL=postgres://example.com/mydb --stage
+```
+
+In the preceding example, the staged secret will be available only on Machines that are started or updated after the `fly secrets set` command was run.
+
+The `secrets` command can also take secrets from `stdin`. For commands and options, see the [`fly secrets` docs](/docs/flyctl/secrets/) or run `fly secrets --help`.
+
+<section class="note icon">
+**Note:** You can update a machine by triggering a new release with `fly deploy`. Alternatively, the `fly secrets deploy` command will redeploy the current release with the staged secrets. This is helpful if you want to skip rebuilding the image from source code.</section>
+
+### List secrets
+
+List secrets that are set for your app. The list shows only the secret name; the value is not shown as it is a secret.
+
+For example:
+
+```cmd
+fly secrets list
+```
+```output
+      NAME     |              DIGEST              |  DATE
++--------------+----------------------------------+---------+
+  MY_SECRET    | b9e37b7b239ee4aefc75352fe3fa6dc6 | 17s ago
+  DATABASE_URL | cdbe3268a82bfe993921b9cae2a526af | 17s ago
+```
+
+For security reasons, we do not allow read access to the plain-text values of secrets.
+
+### Remove secrets
+
+Remove one or more secret values from your app by name.
+
+The following example removes two secrets from the app:
+
+```cmd
+fly secrets unset MY_SECRET DATABASE_URL
+```
+
+### Mounting Secrets as Files
+
+You can write a secret’s value directly to the machine's filesystem at startup using the `[[files]]` section in `fly.toml`. This is useful for things like private keys your app expects on disk.
+
+Secrets must be base64‑encoded. 
+
+Example:
+
+```cmd
+fly secrets set SUPER_SECRET=$(cat filename.txt | base64)
+```
+
+`secret_name`: The name of an app secret that’s been set with `fly secrets set`. The value of the secret will be written to the file. The referenced secret’s value must be base64 encoded.
+
+`guest_path`: The full path inside the Machine where the file will be written at boot.
+
+```toml
+[[files]]
+  guest_path = "/path/to/secret.txt"
+  secret_name = "SUPER_SECRET"
+```
+
+You can use this with other `[[files]]` entries, check the `fly.toml` [reference](/docs/reference/configuration/#the-files-section) for more details.
+
+
diff --git a/apps/trouble-host-unavailable.html.markerb b/apps/trouble-host-unavailable.html.markerb
index a539f9425d..451d4b8b41 100644
--- a/apps/trouble-host-unavailable.html.markerb
+++ b/apps/trouble-host-unavailable.html.markerb
@@ -2,9 +2,13 @@
 title: Troubleshoot apps when a host is unavailable
 objective: 
 layout: docs
-nav: firecracker
+nav: apps
 ---
 
+<figure>
+  <img src="http://github.com/static/images/docs-magnify.webp" alt="">
+</figure>
+
 Fly.io has multiple hosts (physical hardware) in every supported [region](/docs/reference/regions/). From time to time, a hardware failure, connectivity issues, or other factors will make a host unavailable. A single-host issue may cause a sustained or intermittent outage, or generally degraded performance, and this will disproportionately affect apps that run on a single Machine.
 
 A host can be down for an hour, or a day, or sometimes longer. 
@@ -40,7 +44,7 @@ For apps without volumes, you can bring up a new Machine by scaling to zero and
     ```
 
 <div class="note icon">
-**Note:** When you scale all your app's Machines to zero, the Machine size resets to shared-cpu-1x with 256MB of RAM. Use one of the `--vm-` options to size the Machines. For example: `fly scale count 2 --vm-size shared-cpu-4x`. See the [fly scale count docs](docs/flyctl/scale-count/) for options.
+**Note:** When you scale all your app's Machines to zero, the Machine size resets to shared-cpu-1x with 256MB of RAM. Use one of the `--vm-` options to size the Machines. For example: `fly scale count 2 --vm-size shared-cpu-4x`. See the [fly scale count docs](/docs/flyctl/scale-count/) for options.
 </div>
 
 
@@ -62,7 +66,7 @@ Volumes are pinned to physical hosts, so when there's a host outage the volume i
 
 1. Run `fly volumes list` and copy the volume ID.
 
-1. Run `fly volumes snapshots <volume id>` to list the volume’s snapshots and then copy the snapshot ID.
+1. Run `fly volumes snapshots list <volume id>` to list the volume’s snapshots and then copy the snapshot ID.
 
 1. Run `fly volumes create <volume name> --snapshot-id <snapshot id> -s <volume size in GB>`  to create a new volume from a stored snapshot.
 
@@ -72,7 +76,7 @@ Volumes are pinned to physical hosts, so when there's a host outage the volume i
 
 If you're running a high availability Postgres cluster with multiple nodes, a host issue impacting one of your nodes shouldn't cause an issue; by default we run each node on a separate host. If the host your primary node is on goes down, the cluster will fail over to a healthy node. 
 
-However, if your database is running on a single Machine, and you don’t have any replicas to fail over to, then you won’t be able to connect during the host outage. Similar to the single volume steps above, you can create a new Postgres app from your most recent volume snapshot using `fly postgres create --snapshot-id <snapshot_id>`. See [Backup, restores, & snapshots](/docs/postgres/managing/backup-and-restore/) for details.
+However, if your database is running on a single Machine, and you don’t have any replicas to fail over to, then you won’t be able to connect during the host outage. Similar to the single volume steps above, you can create a new Postgres app from your most recent volume snapshot using `fly postgres create --snapshot-id <snapshot_id> --image-ref <image-version>`. See [Backup, restores, & snapshots](/docs/postgres/managing/backup-and-restore/) for details.
 
 ## Prevent downtime when there's a single host issue
 
@@ -80,4 +84,7 @@ Fly.io strongly recommends running at least two Machines per app in your primary
 
 ## Related topics
 
+- [App availability and resiliency](/docs/reference/app-availability/)
+- [Resilient apps use multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/)
 - [Troubleshooting your deployment](/docs/getting-started/troubleshooting/)
+- [Fly.io error codes and troubleshooting](/docs/monitoring/error-codes/)
diff --git a/apps/volume-manage.html.markerb b/apps/volume-manage.html.markerb
deleted file mode 100644
index 569b7d00f2..0000000000
--- a/apps/volume-manage.html.markerb
+++ /dev/null
@@ -1,199 +0,0 @@
----
-title: Manage volume storage
-layout: docs
-nav: firecracker
-order: 40
----
-
-Manage Fly Volumes using the [`fly volumes`](/docs/flyctl/volumes/) command. 
-
-Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). Learn [how Fly Volumes work](/docs/reference/volumes/).
-
-<div class="note icon">**Note**: `fly volumes` is aliased to `fly volume` and `fly vol`.</div>
-
-## Create a volume
-
-Run:
-
-```cmd
-fly vol create <my_volume_name>
-```
-
-Use the `-r` option to set a [region](/docs/reference/regions/), or select a region when prompted.
-
-For options, refer to the [`fly volumes create` docs](/docs/flyctl/volumes-create/) or run `fly vol create -h`.
-
-To add a volume to your app, see [Add volume storage](/docs/apps/volume-storage/).
-
-## Access a volume
-
-You can access and write to a volume on a Machine just like a regular directory. 
-
-For Machines managed with Fly Launch, the `destination` under `[mounts]` in `fly.toml` is the path for the mounted volumes. 
-
-For Machines managed individually, specify the mount path in the `fly machine clone` command when you [clone a Machine and add a volume](/docs/apps/volume-storage/#add-a-volume-to-a-machine-clone).
-
-## Extend a volume
-
-You can extend (increase) a volume's size, but you can't make a volume smaller.
-
-1. Run `fly volumes list` and copy the ID of the volume to extend.
-
-1. Extend the volume size:
-
-    ```cmd
-    `fly vol extend <volume id> -s <new size in GB>`
-    ```
-
-1. (Optional) Check the new volume size in the Machine's file system:
-
-    ```cmd
-    fly ssh console -s -C df
-    ```
-
-    Example output:
-    ```out 
-    ? Select VM:  [Use arrows to move, type to filter]
-    > yyz: 4d891de2f66587 fdaa:0:3b99:a7b:ef:8cc4:dc49:2 withered-shadow-4027           
-    Connecting to fdaa:0:3b99:a7b:ef:8cc4:dc49:2... complete
-    Filesystem     1K-blocks   Used Available Use% Mounted on
-    devtmpfs          103068      0    103068   0% /dev
-    /dev/vda         8191416 172752   7582852   3% /
-    shm               113224      0    113224   0% /dev/shm
-    tmpfs             113224      0    113224   0% /sys/fs/cgroup
-    /dev/vdb         2043856   3072   1930400   1% /storage
-    ```
-
-    In the preceding example, the volume is mounted under `/storage` and has been resized to from 1GB to 2GB. The `df` command shows disk space in 1K blocks by default. Use the `-h` flag to return a more human-readable format.
-
-For options, refer to the [`fly volumes extend` docs](/docs/flyctl/volumes-extend/) or run `fly vol extend -h`.
-
-## Create a copy of a volume (Fork a volume)
-
-Create an exact copy of a volume, including its data. By default, we place the new volume on a separate physical host in the same region.
-
-<div class="important icon">
-**Important:** After you fork a volume, the new volume is independent of the source volume. The new volume and the source volume do not continue to sync.
-</div>
-
-1. Run `fly volumes list` and copy the ID of the volume to fork.
-
-2. Fork the volume:
-
-    ```cmd
-    fly volumes fork <volume ID>
-    ```
-
-    Example output:
-    ```out
-           ID: vol_grnoq5796wwj0dkv
-         Name: my_volume_name
-          App: my-app-name
-       Region: yyz
-         Zone: 511d
-      Size GB: 3
-   Encrypted: true
-  Created at: 12 Oct 23 18:57 UTC
-    ```
-
-3. (Optional) Attach the volume to a new Machine by cloning with `fly machine clone <machine id> -r <region code> --attach-volume <volume id>:<destination mount path>` or [use `fly scale count`](/docs/apps/scale-count/#scale-an-app-with-volumes) to create a new Machine that picks up the unattached volume.
-
-For options, refer to the [`fly volumes fork` docs](/docs/flyctl/volumes-fork/) or run `fly vol fork -h`.
-
-## Restore a volume from a snapshot
-
-We take daily snapshots and keep them for five days. 
-
-1. Run `fly volumes list` and copy ID of the volume to restore.
-
-1. List the volume's snapshots:
-
-    ```cmd
-    fly vol snapshots <volume id>
-    ```
-
-    Example output:
-    ```out
-    Snapshots
-    ID                 	SIZE    	CREATED AT
-    vs_MgLAggLZkYx89fLy	17638389	1 hour ago
-    vs_1KRgwpDqZ2ll5tx 	17649006	1 day ago
-    vs_nymJyYMwXpjxqTzJ	17677766	2 days ago
-    vs_R3OPAz5jBqzogF16	17689473	3 days ago
-    vs_pZlGZvq3gkAlAcaZ	17655830	4 days ago
-    vs_A9k6age3bQov6twj	17631880	5 days ago
-    ```
-
-1. Restore from the volume snapshot into a new volume of equal or greater size:
-
-    ```cmd
-    fly volumes create <volume name> --snapshot-id <snapshot id> -s <volume size in GB>
-    ```
-
-    Example output:  
-    ```out
-    ? Select region: Sydney, Australia (syd)
-            ID: vol_mjn924o9l3q403lq
-          Name: pg_data
-          App: my-app-name
-        Region: syd
-          Zone: 180d
-      Size GB: 3
-    Encrypted: true
-    Created at: 02 Aug 22 21:27 UTC
-    ```
-
-For options, refer to the [`fly volumes snapshots` docs](/docs/flyctl/volumes-snapshots/) or run `fly vol snapshots -h`.
-
-## Clone a Machine with a volume
-
-Clone a Machine with a volume to create a new Machine in the same region with an empty volume. Use the `-r` option to clone the Machine into a different [region](/docs/reference/regions/).
-
-1. Run `fly status` and copy the Machine ID of the Machine to clone.
-
-1. Clone the Machine:
-
-    ```cmd
-    fly m clone <machine id>
-    ```
-
-1. List volumes to check the result:
-
-    ```cmd
-    fly volumes list
-    ```
-
-    Example output showing two volumes with attached Machines:
-    ```out
-    ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT     
-    vol_ez1nvxkwl3jrmxl7    created data    1GB     lhr     4de2    true            91851edb6ee983  39 seconds ago
-    vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  7 minutes ago
-    ```
-
-<div class="note icon">
-<b>Note:</b> `fly machine clone` doesn't write data into the new volume.
-</div>
-
-For options, refer to the [`fly machine clone` docs](/docs/flyctl/machine-clone/) or run `fly m clone -h`.
-
-## Destroy a volume
-
-<div class="warning icon">
-<b>Warning:</b> When you destroy a volume, you permanently delete all its data.
-</div>
-
-1. Run `fly volumes list` and copy ID of volume to destroy.
-
-2. Destroy the volume:
-
-```cmd
-fly vol destroy <volume id>
-```
-
-For options, refer to the [`fly vol destroy` docs](/docs/flyctl/volumes-destroy/) or run `fly vol destroy -h`.
-
-## Related topics
-
-- [Fly Volumes overview](/docs/reference/volumes/)
-- [Add volume storage](/docs/apps/volume-storage/)
-- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
\ No newline at end of file
diff --git a/apps/volume-storage.html.markerb b/apps/volume-storage.html.markerb
deleted file mode 100644
index 4dbcdc416a..0000000000
--- a/apps/volume-storage.html.markerb
+++ /dev/null
@@ -1,187 +0,0 @@
----
-title: Add volume storage
-layout: docs
-nav: firecracker
-order: 30
----
-
-Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). Learn [how Fly Volumes work](/docs/reference/volumes/).
-
-## Launch a new app with a Fly Volume
-
-Use [Fly Launch](/docs/apps/) to create a new app with one Machine and an attached volume, and then clone the Machine to scale out.
-
-1. Launch a new app from your project source directory, specifying `--no-deploy` so it does not deploy immediately:
-
-    ```cmd
-    fly launch --no-deploy
-    ```
-
-1. After the app is created, add a [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) in the app's `fly.toml`, where `source` is the volume name and `destination` is the directory where the volume should be mounted on the Machine file system. For example:
-
-    ```toml
-    [mounts]
-      source="myapp_data"
-      destination="/data"
-    ```
-
-1. Deploy the app:
-
-    ```cmd
-    fly deploy 
-    ```
-
-1. [Confirm that the volume is attached to a Machine](#confirm-the-volume-is-attached-to-a-machine).
-
-1. (Recommended if your app handles replication) Clone the first Machine to scale out to two Machines with volumes:
-
-    ```cmd
-    fly machine clone <machine id>
-    ```
-
-    List volumes to check the result:
-
-    ```cmd
-    fly volumes list
-    ```
-
-    Example output showing two volumes with attached Machines:
-    ```out
-    ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT     
-    vol_ez1nvxkwl3jrmxl7    created data    1GB     lhr     4de2    true            91851edb6ee983  39 seconds ago
-    vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  7 minutes ago
-    ```
-
-<div class="warning icon">
-<b>Warning:</b> `fly machine clone` doesn't write data into the new volume.
-</div>
-
-## Add volumes to an existing app
-
-Add a volume to an app created with [Fly Launch](/docs/apps/).
-
-1. Add a [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) in the app's `fly.toml`, where `source` is the volume name and `destination` is the directory where the volume should be mounted on the Machine file system. For example:
-
-    ```toml
-    [mounts]
-      source="myapp_data"
-      destination="/data"
-    ```
-
-1. Run `fly status` to check the [regions](/docs/reference/regions/) of the Machines and then create the volume in the same regions as your app's Machines. For example:
-
-    ```cmd
-    fly volumes create <volume name> -r <region code>
-    ```
-
-1. Repeat step 2 for each Machine in the process group. If you create an app using the `fly launch` command, then the app will usually have two Machines in the `app` process by default.
-
-1. Deploy the app:
-
-    ```cmd
-    fly deploy 
-    ```
-
-1. [Confirm that the volume is attached to a Machine](#confirm-the-volume-is-attached-to-a-machine).
-
-## Add a volume to an unmanaged Machine
-
-For Machines that aren't managed with Fly Launch (`fly.toml` and `fly deploy`), you can create a volume and attach it when you clone a Machine. You can also [clone a Machine with a volume](/docs/apps/volume-manage/#clone-a-machine-with-a-volume) to get a new Machine with an empty volume.
-
-1. Create the volume in the same region as your app. For example:
-
-    ```cmd
-    fly volumes create <volume name> -r <region code>
-    ```
-
-1. Clone one of your app's Machines (with no volume) and attach the volume you just created:
-
-    ```cmd
-    fly machine clone <machine id> -r <region code> --attach-volume <volume id>:<destination mount path>
-    ```
-
-    `destination-mount-path` is the directory where the volume should be mounted on the file system.
-
-    For example:
-
-    ```cmd
-    fly machine clone 148eddeef09789 -r yyz --attach-volume vol_8l524yj0ko347zmp:/data
-    ```
-
-1. Repeat the preceding steps as needed to create more Machines with volumes.
-
-1. [Confirm that the volume is attached to a Machine](#confirm-the-volume-is-attached-to-a-machine).
-
-1. (Optional) Destroy the Machine used to create the clone:
-
-    ```cmd
-    fly machine destroy <machine id>
-    ```
-
-## Confirm the volume is attached to a Machine
-
-Use flyctl to check the status of volumes and Machines.
-
-### List the Machines
-
-List Machines to check attached volumes:
-
-```cmd
-fly machine list
-```
-
-Example output:
-
-```out
-1 machines have been retrieved from app my-app-name.
-View them in the UI here
-
-my-app-name
-ID            	NAME        STATE   REGION	 IMAGE                	IP ADDRESS                    	VOLUME              	CREATED             	LAST UPDATED        	APP PLATFORM	PROCESS GROUP	SIZE
-328773d3c47d85	my-app-name	stopped	yul   	flyio/myimageex:latest	fdaa:2:45b:a7b:19c:bbd4:95bb:2	vol_6vjywx86ym8mq3xv	2023-08-20T23:09:24Z	2023-08-20T23:16:15Z	v2          	app          	shared-cpu-1x:256MB
-```
-
-### List the volumes
-
-List volumes to check attached Machines:
-
-```cmd
-fly volumes list
-```
-
-Example output:
-
-```out
-ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT    
-vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  3 minutes ago
-```
-
-### SSH into the Machine
-
-View the volume in the Machine file system:
-
-```cmd
-fly ssh console -s -C df
-```
-
-Example output showing a 1GB volume mounted at `/data`:
-
-```out
-? Select VM: lhr: 5683606c41098e fdaa:0:3b99:a7b:7e:3155:9844:2 nameless-feather-6339
-Connecting to fdaa:0:3b99:a7b:7e:3155:9844:2... complete
-Filesystem     1K-blocks   Used Available Use% Mounted on
-devtmpfs          103068      0    103068   0% /dev
-/dev/vda         8191416 172748   7582856   3% /
-shm               113224      0    113224   0% /dev/shm
-tmpfs             113224      0    113224   0% /sys/fs/cgroup
-/dev/vdb         1011672   2564    940500   1% /data
-```
-
-The volume is mounted in the directory specified by the `destination` field in the `[mounts]` section of the `fly.toml` file, or the `attach-volume` option for cloned Machines.
-
-## Related topics
-
-- [Fly Volumes overview](/docs/reference/volumes/)
-- [Manage volume storage](/docs/apps/volume-manage/)
-- [`mounts` section](/docs/reference/configuration/#the-mounts-section) in the `fly.toml` Fly Launch configuration file
-- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/blueprints/autoscale-machines.html.md b/blueprints/autoscale-machines.html.md
new file mode 100644
index 0000000000..628ad55bcf
--- /dev/null
+++ b/blueprints/autoscale-machines.html.md
@@ -0,0 +1,117 @@
+---
+title: Autoscale Machines
+layout: docs
+nav: guides
+redirect_from: /docs/blueprints/autoscale-machines-like-a-boss/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/autoscale-machines.png" alt="Illustration by Annie Ruygt of two machines dancing and one standing still" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+You have an app with services that's configured to [automatically start
+and stop Machines based on traffic demand](/docs/launch/autostop-autostart/). But the traffic to your app changes
+significantly during the day and you don't want to keep a lot of stopped
+Machines during the period of low traffic.
+
+This guide will take you through the process of configuring the
+[`fly-autoscaler` app](/docs/launch/autoscale-by-metric/) in conjunction with 
+[Fly Proxy autostop/autostart](/docs/launch/autostop-autostart/) to 
+always keep a fixed number of Machines ready to be quickly started 
+by Fly Proxy.
+
+## Configure autostop/autostart
+
+First, if you haven't already done so, configure the app to allow Fly Proxy to automatically start and
+stop or suspend Machines based on traffic demand. The autostop/autostart settings apply
+per service, so you set them within the `[[services]]` or `[http_service]`
+sections of `fly.toml`:
+
+```toml
+...
+[[services]]
+  ...
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 0
+...
+```
+
+With these settings Fly Proxy will start an additional Machine if all the
+running Machines are above their concurrency `soft_limit` and stop running
+Machines when the traffic decreases. You can set Machines to `"suspend"` rather than
+`"stop"`, for even faster start-up, but with some [limitations on the type of Machine](https://community.fly.io/t/new-feature-in-preview-suspend-resume-for-machines/20672#current-limitations-and-caveats-8).
+
+In the next section you'll configure
+and deploy `fly-autoscaler` to ensure that the app always has a spare stopped
+Machine for Fly Proxy to start.
+
+## Configuring and deploying fly-autoscaler
+
+`fly-autoscaler` is a metrics-based autoscaler that scales an app’s Machines
+based on any metric. You can configure it to ensure that there is always
+additional Machine available for Fly Proxy to start if the traffic increases.
+
+First, create a new Fly.io app that will run the autoscaler.
+
+```
+$ fly apps create my-autoscaler
+```
+
+Create a deploy token so that the autoscaler app has permissions to scale your
+target app up and down:
+
+```
+$ fly tokens create deploy -a my-target-app
+$ fly secrets set -a my-autoscaler --stage FAS_API_TOKEN="FlyV1 ..."
+```
+
+Create a read-only token so that the autoscaler app has access to a Prometheus instance:
+
+```
+$ fly tokens create readonly
+$ fly secrets set -a my-autoscaler --stage FAS_PROMETHEUS_TOKEN="FlyV1 ..."
+```
+
+Configure your autoscaler `fly.toml` like this:
+
+```toml
+app = "my-autoscaler"
+
+[build]
+image = "flyio/fly-autoscaler:0.3.1"
+
+[env]
+FAS_PROMETHEUS_ADDRESS = "https://api.fly.io/prometheus/my-org"
+FAS_PROMETHEUS_METRIC_NAME = "running_machines"
+FAS_PROMETHEUS_QUERY = "count(fly_instance_up{app='$APP_NAME'})"
+
+FAS_APP_NAME = "my-target-app"
+FAS_CREATED_MACHINE_COUNT = "min(running_machines + 1, 10)"
+FAS_INITIAL_MACHINE_STATE = "stopped"
+
+[metrics]
+port = 9090
+path = "/metrics"
+```
+
+With this configuration, the autoscaler will create a new stopped Machine as
+soon as all available Machines are running (but never more than 10), and will destroy extra stopped
+Machines if more than one Machine is stopped.
+
+Make sure you are using autoscaler version 0.3.1 or newer for
+`FAS_INITIAL_MACHINE_STATE` configuration option to work.
+
+And finally, deploy the autoscaler, using the `--ha` option to deploy only one Machine:
+
+```
+$ fly deploy --ha=false
+```
+
+## Related reading
+
+- [Autoscale based on metrics](/docs/launch/autoscale-by-metric/)
+- [Autostop/autostart Machines](/docs/launch/autostop-autostart/)
+- [Autostop/autostart private apps](/docs/blueprints/autostart-internal-apps/)
diff --git a/blueprints/autostart-internal-apps.html.md b/blueprints/autostart-internal-apps.html.md
new file mode 100644
index 0000000000..9f9c9c96e4
--- /dev/null
+++ b/blueprints/autostart-internal-apps.html.md
@@ -0,0 +1,123 @@
+---
+title: Autostart and autostop private apps
+layout: docs
+nav: guides
+---
+
+<figure>
+  <img src="http://github.com/static/images/autostart-internal-apps.png" alt="Illustration by Annie Ruygt of Frankie the balloon having a picnic with an app and eating strawberries" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+You have a private, or internal, app that communicates only with other apps on your [private network](/docs/networking/private-networking/). This private app might be a database, authentication server, or any other "backend" app that you don't want exposed to the public Internet. You want the app's Machines to stop when they're not serving requests from your other apps, and start again automatically when needed.
+
+To use Fly Proxy autostop/autostart you need to configure services in `fly.toml`, like you would for a public app. But instead of using a public Anycast address, you assign a Flycast address to expose those services only on your private network.
+
+This guide focuses on using autostop/autostart to control Machines based on incoming requests. But when you use Flycast for private apps you also get other [Fly Proxy features](/docs/reference/fly-proxy/) like geographically aware load balancing.
+
+Learn more about [Flycast](/docs/networking/flycast/).
+
+## Create a new private app with a Flycast address
+
+When you run `fly launch` to create a new app, it automatically assigns your app a public IPv6 address and a shared public IPv4 address. If you know your app won't need to be reachable from the Internet, you can inform Fly Launch to assign a Flycast private IPv6 address instead:
+
+```
+fly launch --flycast
+```
+
+Next steps: [Configure and deploy a private app](#configure-and-deploy-a-private-app).
+
+## Use Flycast for an existing app
+
+If you already have an app and you want to make it private and use Flycast, it's important to make sure you remove the app's public IP addresses.
+
+### Add a Flycast address
+
+```
+fly ips allocate-v6 --private
+```
+
+### Remove public IP addresses
+
+List your IPs to check whether your app has public IP addresses:
+
+```
+fly ips list
+```
+
+Example output:
+
+```
+VERSION	IP                  	TYPE              	REGION	CREATED AT
+v6     	2a09:8280:1::2d:1111	public (dedicated)	global	Sep 1 2023 19:47
+v6     	fdaa:2:45b:0:1::11  	private           	global	Mar 16 2024 18:20
+v4     	66.241.124.11       	public (shared)   	      	Jan 1 0001 00:00
+```
+
+This example app has public IPv4 and IPv6 addresses. These public addresses are automatically assigned to an app with services on the first deploy.
+
+Copy the public IP addresses and run the `fly ips release` command to remove them from your app:
+
+```
+fly ips release <ip address> <ip address> ...
+```
+
+For example:
+
+```
+fly ips release 2a09:8280:1::2d:1111 66.241.124.11
+```
+
+Next steps: [Configure and deploy a private app](#configure-and-deploy-a-private-app) below.
+
+## Configure and deploy a private app
+
+Whether you're creating a new app or making an existing app private, there are a few things you'll need to check or configure.
+
+### Add services in your `fly.toml` config file
+
+If your app was private, you might not have configured an `[http_services]` or `[services]` section in `fly.toml` because you didn't want it reachable through the public Internet. Now that you removed the public IPs, you can safely add services to allow access to the app on your private network and enable Fly Proxy to control Machines and load balance traffic.
+
+Here's an example `fly.toml` snippet:
+
+```toml
+[http_service]
+  # the port on which your app receives requests over the 6PN
+  internal_port = 8081
+  # must be false - Flycast is http-only
+  force_https = false
+  # Fly Proxy stops Machines based on traffic
+  auto_stop_machines = "stop"
+  # Fly Proxy starts Machines based on traffic
+  auto_start_machines = true
+  # Number of Machines to keep running in primary region
+  min_machines_running = 0
+  [http_service.concurrency]
+    type = "requests"
+    # Fly Proxy uses this limit to determine Machine excess capacity
+    soft_limit = 250
+```
+
+<div class="important icon">
+**Important:** Set `force_https = false`; Flycast only works over HTTP. HTTPS isn't necessary because all your private network traffic goes through encrypted WireGuard tunnels.
+</div>
+
+Learn more about [app configuration](/docs/reference/configuration/) and [Fly Proxy autostop/autostart](/docs/launch/autostop-autostart/).
+
+### Make sure your app binds to `0.0.0.0:<port>`
+
+To be reachable by Fly Proxy, an app needs to listen on `0.0.0.0` and bind to the `internal_port` defined in the `fly.toml` configuration file.
+
+### Deploy the app 
+
+Run `fly deploy` for the configuration changes to take effect.
+
+Other apps in your organization can now reach your private app using the [Flycast](/docs/networking/flycast/) IP address or the `<appname>.flycast` domain.
+
+## Related reading
+
+We've talked about Flycast in some past blog posts:
+
+- [Deploy Your Own (Not) Midjourney Bot on Fly GPUs](https://fly.io/blog/not-midjourney-bot/)
+- [Scaling Large Language Models to zero with Ollama](https://fly.io/blog/scaling-llm-ollama/)
diff --git a/blueprints/bridge-deployments-wireguard.html.md b/blueprints/bridge-deployments-wireguard.html.md
new file mode 100644
index 0000000000..e2dace868a
--- /dev/null
+++ b/blueprints/bridge-deployments-wireguard.html.md
@@ -0,0 +1,119 @@
+---
+title: Bridge your other deployments to Fly.io
+layout: docs
+sitemap: true
+nav: guides
+author: xe
+categories:
+  - networking
+date: 2024-05-27
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/bridge-deployment.png" alt="Illustration by Annie Ruygt of a figure with wings and a ship some balloons and planes" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Sometimes you can recreate production on Fly.io without any issues. Other times you need to be able to incrementally move things over. Fly.io [has private networking](/docs/networking/private-networking/) by default for apps in the same organization, but you can also easily connect your existing external servers to this private network. This lets you use your private network as a way to incrementally move services over.
+
+Say you have an existing service on AWS or a database with RDS that needs to be accessed over RDS. You can use that AWS instance to pivot traffic from your Fly Machines to those other services. You can also go the other way and access your Fly apps (such as [an instance of Ollama](https://fly.io/blog/scaling-llm-ollama/)) from AWS, your laptop, or any other self-hosted server you have in your arsenal. Or maybe you're making a tool for a support team, and it needs to hit that one database on prem.
+
+Fly.io private networks use [WireGuard](https://www.wireguard.com/) internally, and when you connect other computers to that network, you do connect to them over WireGuard. WireGuard is used by many people for many reasons, but the primary use is a "site-to-site" VPN like this. This won't route all of your traffic through Fly.io's gateway servers, but it will give you internal access to your private network from anywhere.
+
+## Weaving the networks together
+
+Make sure you have [WireGuard](https://www.wireguard.com/install/) installed on your target server. Their [install page](https://www.wireguard.com/install/) has more details, but on an Ubuntu server all you need to do is:
+
+```docker
+sudo apt -y install wireguard
+```
+
+Once that's done, you're off to the races!
+
+On your laptop, make the config for the target server with `fly wireguard create`. You'll need the following information:
+
+- The organization you want to join that server to (such as `personal`, or your company's name).
+- The region you want to create the peer in: you should choose [the closest region to the target computer](/docs/reference/regions/).
+  - If you're really not sure which region is the closest, here's a magic command you can try: `curl -Iso /dev/null -w '%header{fly-request-id}' https://fly.io | cut -d- -f2`.
+- The name you want to use for that computer on your Fly network, such as the hostname.
+- A path to put the generated WireGuard config, such as `~/fly0.conf` to drop it as `fly0.conf` in your home directory.
+
+For example, I'm going to create a peer in my personal organization for my server named `phantoon`. I live in Ottawa, so the closest datacenter to me is `yyz`. The command to create my peer will look like this:
+
+```docker
+fly wireguard create personal yyz phantoon ~/fly0.conf
+```
+
+The `fly0.conf` file contains all the configuration WireGuard needs to set up a tunnel, namely:
+
+- The private key for the node
+- The local IPv6 address the node should use
+- The DNS server for your private network
+- Addresses, IP ranges, and public keys for the WireGuard gateway
+
+Copy `fly0.conf` to `/etc/wireguard` on the target computer:
+
+```docker
+scp ~/fly0.conf root@phantoon.local:/etc/wireguard/fly0.conf
+```
+
+Then connect to the computer (likely over SSH) and enable WireGuard to start on boot:
+
+```docker
+ssh root@phantoon.local
+systemctl enable --now wg-quick@fly0.service
+```
+
+This will create an interface named `fly0`:
+
+```docker
+$ ip addr show fly0
+4: fly0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/none
+    inet6 fdaa:0:641b:a7b:9285:0:a:1b02/120 scope global
+       valid_lft forever preferred_lft forever
+```
+
+Now try to ping the Machines API server `_api.internal`:
+
+```docker
+$ ping _api.internal -c 4
+PING _api.internal (fdaa:0:641b::3) 56 data bytes
+64 bytes from fdaa:0:641b::3: icmp_seq=1 ttl=64 time=10.4 ms
+64 bytes from fdaa:0:641b::3: icmp_seq=2 ttl=64 time=39.2 ms
+64 bytes from fdaa:0:641b::3: icmp_seq=3 ttl=64 time=83.7 ms
+64 bytes from fdaa:0:641b::3: icmp_seq=4 ttl=64 time=123 ms
+```
+
+This means that you can successfully query any [`.internal` addresses](/docs/networking/private-networking/#fly-io-internal-dns) for apps and Machines in your organization. Congrats, you're in!
+
+## Accessing workloads outside of your private network
+
+To access a workload outside of your private network (such as a secret store), use the DNS name `peername._peer.internal`. For example, to access the node `phantoon` from your Fly apps, connect to `phantoon._peer.internal`:
+
+```docker
+$ ping phantoon._peer.internal
+PING phantoon._peer.internal (fdaa:0:641b:a7b:9285:0:a:1b02) 56 data bytes
+64 bytes from phantoon._peer.internal (fdaa:0:641b:a7b:9285:0:a:1b02): icmp_seq=1 ttl=62 time=24.4 ms
+64 bytes from phantoon._peer.internal (fdaa:0:641b:a7b:9285:0:a:1b02): icmp_seq=2 ttl=62 time=37.6 ms
+64 bytes from phantoon._peer.internal (fdaa:0:641b:a7b:9285:0:a:1b02): icmp_seq=3 ttl=62 time=85.4 ms
+64 bytes from phantoon._peer.internal (fdaa:0:641b:a7b:9285:0:a:1b02): icmp_seq=4 ttl=62 time=197 ms
+```
+
+## Homework
+
+Getting ping working should be good enough to get you started, but here's some optional homework in case you want to see what you can really do with this:
+
+- Connect your laptop/workstation to your private network with the same flow (you may need to install the GUI WireGuard app if you use Windows or macOS).
+- Expose Prometheus metrics on port 9195 of your app and then grab the current metrics with `curl yourapp.internal:9195/metrics` on your laptop.
+- Install Postgres on your laptop somehow. Configure your app to connect to that Postgres database on your laptop over WireGuard.
+- Connect a few other computers to your private network. Install a Minecraft server on one of them and play together.
+
+Hint: you may need to allow private network addresses through your firewall. Check the documentation of your firewall tool of choice and allow traffic from `fly0` through as if it's an "internal" interface.
+
+## Related Reading
+
+- [Jack into your private network with WireGuard](https://fly.io/docs/blueprints/connect-private-network-wireguard/) A guide showing how to connect a laptop or external server to your Fly.io private network via WireGuard.  
+- [Private Networking](https://fly.io/docs/networking/private-networking/) Overview of Fly’s internal IPv6 mesh (6PN), how apps talk to each other privately, and how WireGuard‑based tunnels integrate.  
+- [Custom Private Networks](https://fly.io/docs/networking/custom-private-networks/) How to isolate tenants, apps, or services by creating separate private networks inside your organization — relevant when bridging external infrastructure.
\ No newline at end of file
diff --git a/blueprints/cell-based.html.md b/blueprints/cell-based.html.md
new file mode 100644
index 0000000000..7700190cf6
--- /dev/null
+++ b/blueprints/cell-based.html.md
@@ -0,0 +1,255 @@
+---
+title: Cell-based architecture
+layout: docs
+nav: guides
+author: rubys
+categories:
+  - shared-nothing
+  - cell-based
+  - machines
+  - routing
+toc: false
+status: alpha
+published: false
+---
+
+Previously know as
+[shared-nothing-architecture](https://en.wikipedia.org/wiki/Shared-nothing_architecture),
+the concept was rediscovered and rebranded as
+[cell-based](https://docs.aws.amazon.com/wellarchitected/latest/reducing-scope-of-impact-with-cell-based-architecture/what-is-a-cell-based-architecture.html)
+by Amazon.
+
+This blueprint shows you how to implement a scenario where each user of your
+application is assigned a new Machine.  These Machines, by default, will
+automatically stop when not in use and be restarted when accessed, so the
+primary expense will be for volumes and actual usage.
+
+<div class="warning icon">
+**Warning**: if you follow this example, applications will be deployed without
+their databases being replicated.  This exposes your application to volume and
+Machine failures.  Backups become your responsibility.  Some approaches to
+addressing this requirement are listed at the <a href="#backups">bottom of this
+page</a>.
+</div>
+
+The example given here will be based on Rails, but the approach applies to all
+frameworks.
+
+## Start With a Single Machine Application
+
+If you don't have one, the following will do:
+
+```
+rails new blog --css tailwind
+cd blog
+bin/rails generate scaffold Post title:string body:text
+fly launch --name blog-$USER-$RANDOM
+```
+
+Feel free to substitute a different name for your application.
+
+## Configure Your Routes
+
+Modify `config/routes.rb`.  Wrap your routes with:
+
+```ruby
+scope ENV.fetch("http://github.com/FLY_MACHINE_ID", "") do
+...
+end
+```
+
+If present, move `get "up"` line outside of this block.
+
+Uncomment the `root` line.
+
+Your final result will look something like this:
+
+```ruby
+Rails.application.routes.draw do
+  scope ENV.fetch("http://github.com/FLY_MACHINE_ID", "") do
+    resources :posts
+    # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
+
+    # Defines the root path route ("/")
+    root "posts#index"
+  end
+
+  # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
+  # Can be used by load balancers and uptime monitors to verify that the app is live.
+  get "up" => "rails/health#show", as: :rails_health_check
+end
+```
+
+What this will do is place your entire application, minus the health check
+endpoint, into a namespace when deployed to fly.io.  Access to your application
+will need to be prefixed by your Machine id.  When run in environments where
+the `FLY_MACHINE_ID` environment variable is not set, no prefix is required.
+
+You can get a list of Machine ids using:
+
+```
+fly machines list -q
+```
+
+## Starting a Second Machine
+
+In order to prepare for a multiple Machine deployment, we are going to need to
+ensure that each request is routed to the correct Machine.  We can accomplish
+this via middleware that makes use of the
+[fly-replay](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header)
+response header.
+
+Place the following into `config/initializers/fly_router.rb`:
+
+```ruby
+if ENV["FLY_MACHINE_ID"]
+  class FlyInstanceRouter
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      segments = env["PATH_INFO"].split('/')
+      instance = segments[1]
+
+      if instance =~ /^[0-9a-f]{14}$/ and instance != ENV["FLY_MACHINE_ID"]
+        return [409, {"Fly-Replay" => "instance=#{instance}"}, [""]]
+      end
+
+      @app.call(env)
+    end
+  end
+
+  Rails.application.config.middleware.use(FlyInstanceRouter)
+end
+```
+
+Deploy this change using `fly deploy`, then use the following command to create
+a second Machine:
+
+```
+fly machine clone
+```
+
+At this point, you have two instances of the blog application, each on its own
+Machine, with its own volume and sqlite3 database.
+
+Note that [fly machine clone](https://fly.io/docs/flyctl/machine-clone/) has a
+number of options that can be used to specify such things as the region, vm
+sizes, and whether the volume requires a unique zone.
+
+Regions, in particular, can enable you to put both applications _and_ data
+close to users.
+
+## Optimizing your routes
+
+This section is optional, and depends on a unique feature of Rails'
+[Hotwire](https://hotwired.dev/) implementation.
+
+At this point, many requests will end up making two hops: first to a nearby
+Machine then to the desired Machine.  This increases latency of responses,
+particularly when it is necessary to wake two Machines to process the first
+request.
+
+Not much can be done to avoid this for the first request, but subsequent
+requests can route to the correct Machine using the `fly-force-instance-id`
+request header.
+
+Place the following into `app/javascript/controllers/fly_router_controller.js`:
+
+```js
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="fly-router"
+export default class extends Controller {
+  connect() {
+    console.log('fly router connected')
+    this.instance = this.element.dataset.instance;
+
+    document.documentElement.addEventListener(
+     'turbo:before-fetch-request',
+     this.beforeFetchRequest
+    )
+  }
+
+  disconnect() {
+    document.documentElement.removeEventListener(
+     'turbo:before-fetch-request',
+     this.beforeFetchRequest
+    )
+  }
+
+  beforeFetchRequest = event => {
+    console.log('injecting ' + this.instance);
+    event.detail.fetchOptions.headers['fly-force-instance-id'] = this.instance;
+  }
+}
+```
+
+Finally, modify the `<body>` line in `app/views/layouts/application.html.erb`:
+
+```erb
+  <body<% if ENV['FLY_MACHINE_ID'] %> data-instance="<%= ENV['FLY_MACHINE_ID'] %>" data-controller="fly-router"<% end %>>>
+```
+
+Deploy this change using `fly deploy`.
+
+## Next steps
+
+The above merely amounts to a proof of concept.  A production application will
+likely make use of one or more of the following:
+
+ * While putting the Machine id into the URL path is effective,
+   it isn't very ergonomic.  A better solution would be have a registry of
+   paths and their associated Machines.
+ * Implementing routing in middleware gets the job done, but
+   separating this out to a separate process using an application like
+   [`nginx`](https://nginx.org/en/) can have a number of advantages:
+    * `fly-replay` is limited to request payloads of one megabyte or less,
+      which would affect features like file uploads.  A [reverse
+      proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
+      might be a better solution.
+    * support for custom subdomains as an alternative to path namespaces and
+      scopes.
+    * authentication and serving static assets can be performed outside of your
+      application.
+    * Add-ons like [Phusion Passenger](https://www.phusionpassenger.com/) can
+      enable you to run multiple instances of your application in one Machine.
+ * Monitoring becomes more crucial when you have hundreds or even dozens of
+   independent Machines.  Fly.io will combine your logs and while this
+   addresses many problems, it doesn't help deal with logs that are missing due
+   to application or network problems.  Consider having applications emit a
+   heartbeat, and write monitoring software that looks for missing heartbeats
+   and reports them as issues.  [Sentry](https://fly.io/docs/monitoring/sentry/)
+   can help here.
+ * While applying updates when all of the services for a single Machine are
+   self contained is an easier problem then upgrading potentially
+   interdependent services running live in production, it does come at a cost:
+   a blue/green deployment is not possible so a focus on reducing startup times
+   is necessary.
+ * Consider building an administrative web based interface for your
+   application.  User registration and Machine assignments are likely coupled
+   in your workflow.  While Fly.io provides a <a
+   href="https://fly.io/docs/machines/working-with-machines/">Machines API</a>,
+   you can go a long way with old-fashioned scripting using the <a
+   href="https://fly.io/docs/flyctl/">flyctl</a> command.
+
+See [Showcase
+Architecture](https://github.com/rubys/showcase/blob/main/ARCHITECTURE.md) for
+an example of an application running in production that implements many of
+these ideas.
+
+## Backups
+
+As mentioned above, backups are crucial.  Items to explore:
+
+ * [LiteFS](https://fly.io/docs/litefs/) - Distributed SQLite.  By itself, it
+   supports failover situations naturally.  Additional [disaster
+   recovery](https://fly.io/docs/litefs/backup/) options are available.
+ * Sqlite3 databases are just files.  Build a separate application to host
+   backups and have your application periodiacally POST copies there.
+ * [Rsync](https://rsync.samba.org/) is a utility available with Linux
+   distributions that can be used to efficiently copy changes between Machines.
+ * Run multiple Machines per cell so that you get the full benefits of
+   traditional high availability configurations.  If you have implemented an
+   admin web UI, you can automate the deployment of new clusters easily.
diff --git a/blueprints/connect-private-network-wireguard/index.html.md b/blueprints/connect-private-network-wireguard/index.html.md
new file mode 100644
index 0000000000..fa33cdd38d
--- /dev/null
+++ b/blueprints/connect-private-network-wireguard/index.html.md
@@ -0,0 +1,147 @@
+---
+title: Jack into your private network with WireGuard
+layout: docs
+sitemap: true
+nav: guides
+author: xe
+categories:
+  - networking
+date: 2024-06-14
+---
+
+<center><iframe width="600" height="315" src="https://www.youtube-nocookie.com/embed/4NcvlIlIlso?si=DPbDPwzlRTQFx0hB" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></center><br />
+
+Every [Fly.io](http://Fly.io) organization comes with a [private network](https://fly.io/docs/networking/private-networking/) that lets all your apps connect to each other. This is super convenient when you need to have microservices call each other’s endpoints or use [Flycast](/docs/networking/flycast/) to let your private apps turn off when you’re not using them. However, this isn’t just limited to your apps. You can jack into this network with WireGuard.
+
+This blueprint shows you how to create a WireGuard peer to your private network and connect to it so that you can access it from anywhere.
+
+## Prerequisites
+
+To get started, you need to have the following:
+
+- A [fly.io](http://fly.io) account
+- `flyctl` installed (https://fly.io/docs/hands-on/install-flyctl/)
+- The [WireGuard client](https://www.wireguard.com/install/) installed
+
+## Steps
+
+To create a WireGuard peer, you need the following information:
+
+- The organization you want to create the peer in, such as your personal organization.
+- The [Fly.io region](/docs/reference/regions/) that’s closest to you.
+- The name of the peer, such as your computer’s hostname.
+- A filename to save the configuration to.
+
+```
+$ fly wg create --help
+Add a WireGuard peer connection to an organization
+
+Usage:
+  fly wireguard create [org] [region] [name] [file] [flags]
+```
+
+You can figure out your list of organizations with `fly orgs list`:
+
+```
+$ fly orgs list
+Name                 Slug                 Type
+----                 ----                 ----
+Xe Iaso              personal             PERSONAL
+devrel-demos         devrel-demos         SHARED
+```
+
+You can figure out which region is nearest you with `fly platform regions` or by checking the [regions page](https://fly.io/docs/reference/regions/) in the documentation:
+
+```
+$ fly platform regions
+```
+
+With all this in mind, let’s assemble the command. Each of these steps is going to build up the command, but don't hit enter until it's all done.
+
+Start with the base command `fly wireguard create`:
+
+```
+$ fly wireguard create
+```
+
+I want to create this in my personal organization, so I’ll enter in personal for the organization name.
+
+```
+$ fly wireguard create personal
+```
+
+I’m in Ottawa, so I’m using the Montreal region `yul`.
+
+```
+$ fly wireguard create personal yul
+```
+
+My computer’s hostname is Camellia, so I’ll use that as the peer name.
+
+```
+$ fly wireguard create personal yul camellia
+```
+
+Finally I want to save this as camellia.conf so that WireGuard can load it.
+
+```
+$ fly wireguard create personal yul camellia camellia.conf
+```
+
+Then run the command (you can hit enter now), and once it’s done open up the WireGuard app.
+
+Import the tunnel from the configuration file and then turn it on. macOS may prompt if you want the WireGuard app to manage VPN connections. If it does, hit accept, otherwise you won’t be able to get into your network.
+
+<video width="886" height="574" controls autoplay loop style="margin-bottom: 2rem;">
+  <source src="http://github.com/wireguard-activate.mp4" type="video/mp4">
+  Your browser does not support the video tag.
+</video>
+
+The above video shows how you import a WireGuard config on macOS. Here's a summary of the steps:
+
+- Click on the "Import tunnel(s) from file" button.
+- Select the configuration file you saved earlier.
+- Click on the "Activate" button.
+- macOS will ask you if you want to allow the WireGuard app to manage VPN connections. Click "Allow" if you trust it.
+
+On a Linux system you can use [wg-quick](https://www.man7.org/linux/man-pages/man8/wg-quick.8.html+external):
+
+```sh
+wg-quick up camellia.conf
+```
+
+To test the connection, ping `_api.internal` (on macOS you need to run `ping6 _api.internal` because it's an IPv6 address):
+
+```
+$ ping6 _api.internal -c4
+PING6(56=40+8+8 bytes) fdaa:3:9018:a7b:9285:0:a:602 --> fdaa:3:9018::3
+16 bytes from fdaa:3:9018::3, icmp_seq=0 hlim=64 time=9.741 ms
+16 bytes from fdaa:3:9018::3, icmp_seq=1 hlim=64 time=49.103 ms
+16 bytes from fdaa:3:9018::3, icmp_seq=2 hlim=64 time=97.667 ms
+16 bytes from fdaa:3:9018::3, icmp_seq=3 hlim=64 time=14.726 ms
+
+--- _api.internal ping6 statistics ---
+4 packets transmitted, 4 packets received, 0.0% packet loss
+round-trip min/avg/max/std-dev = 9.741/42.809/97.667/35.111 ms
+```
+
+To test the connection with an instance of [Ollama](https://ollama.com), you can fire it up with the following commands in an empty folder (don't forget to delete it after!):
+
+```
+fly launch --from https://github.com/fly-apps/ollama-demo --no-deploy
+fly ips allocate-v6 --private
+fly deploy
+```
+
+Then you can set the `OLLAMA_HOSTNAME` environment variable to the hostname of the instance you just created (it will be something like `xe-ollama.flycast`), and then run the following commands:
+
+```
+export OLLAMA_HOST=http://xe-ollama.flycast
+ollama run llama3 "Why is the sky blue? Explain in a single sentence."
+```
+
+And then the model will reply with something like this:
+
+> The sky appears blue because of a phenomenon called Rayleigh scattering, where shorter wavelengths of light (like blue and violet) are scattered more than longer wavelengths (like red and orange) by tiny molecules of gases like nitrogen and oxygen in the Earth's atmosphere.
+
+And there you go! You're in your private network and can access all your apps and Machines like they were right next to you.
diff --git a/blueprints/connect-private-network-wireguard/wireguard-activate.mp4 b/blueprints/connect-private-network-wireguard/wireguard-activate.mp4
new file mode 100644
index 0000000000..96cbdaeaa7
Binary files /dev/null and b/blueprints/connect-private-network-wireguard/wireguard-activate.mp4 differ
diff --git a/blueprints/connecting-to-user-machines-http-flow.svg b/blueprints/connecting-to-user-machines-http-flow.svg
new file mode 100644
index 0000000000..148bd9de69
--- /dev/null
+++ b/blueprints/connecting-to-user-machines-http-flow.svg
@@ -0,0 +1 @@
+<svg aria-roledescription="flowchart-v2" role="graphics-document document" viewBox="-0.058135986328125 0.15433883666992188 592.1434326171875 592.482177734375" style="max-width: 3840px; background-color: white; max-height: 3840px;" class="flowchart" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" width="100%" id="my-svg"><style>#my-svg{font-family:arial,sans-serif;font-size:14px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#my-svg .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#my-svg .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#my-svg .error-icon{fill:#ffffff;}#my-svg .error-text{fill:#000000;stroke:#000000;}#my-svg .edge-thickness-normal{stroke-width:1px;}#my-svg .edge-thickness-thick{stroke-width:3.5px;}#my-svg .edge-pattern-solid{stroke-dasharray:0;}#my-svg .edge-thickness-invisible{stroke-width:0;fill:none;}#my-svg .edge-pattern-dashed{stroke-dasharray:3;}#my-svg .edge-pattern-dotted{stroke-dasharray:2;}#my-svg .marker{fill:#000000;stroke:#000000;}#my-svg .marker.cross{stroke:#000000;}#my-svg svg{font-family:arial,sans-serif;font-size:14px;}#my-svg p{margin:0;}#my-svg .label{font-family:arial,sans-serif;color:#333;}#my-svg .cluster-label text{fill:#000000;}#my-svg .cluster-label span{color:#000000;}#my-svg .cluster-label span p{background-color:transparent;}#my-svg .label text,#my-svg span{fill:#333;color:#333;}#my-svg .node rect,#my-svg .node circle,#my-svg .node ellipse,#my-svg .node polygon,#my-svg .node path{fill:#ffffff;stroke:#000000;stroke-width:1px;}#my-svg .rough-node .label text,#my-svg .node .label text,#my-svg .image-shape .label,#my-svg .icon-shape .label{text-anchor:middle;}#my-svg .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#my-svg .rough-node .label,#my-svg .node .label,#my-svg .image-shape .label,#my-svg .icon-shape .label{text-align:center;}#my-svg .node.clickable{cursor:pointer;}#my-svg .root .anchor path{fill:#000000!important;stroke-width:0;stroke:#000000;}#my-svg .arrowheadPath{fill:#000000;}#my-svg .edgePath .path{stroke:#000000;stroke-width:1px;}#my-svg .flowchart-link{stroke:#000000;fill:none;}#my-svg .edgeLabel{background-color:#E9E9F1;text-align:center;}#my-svg .edgeLabel p{background-color:#E9E9F1;}#my-svg .edgeLabel rect{opacity:0.5;background-color:#E9E9F1;fill:#E9E9F1;}#my-svg .labelBkg{background-color:rgba(233, 233, 241, 0.5);}#my-svg .cluster rect{fill:#ffffff;stroke:hsl(0, 0%, 90%);stroke-width:1px;}#my-svg .cluster text{fill:#000000;}#my-svg .cluster span{color:#000000;}#my-svg div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:arial,sans-serif;font-size:12px;background:#ffffff;border:1px solid hsl(0, 0%, 90%);border-radius:2px;pointer-events:none;z-index:100;}#my-svg .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#my-svg rect.text{fill:none;stroke-width:0;}#my-svg .icon-shape,#my-svg .image-shape{background-color:#E9E9F1;text-align:center;}#my-svg .icon-shape p,#my-svg .image-shape p{background-color:#E9E9F1;padding:2px;}#my-svg .icon-shape rect,#my-svg .image-shape rect{opacity:0.5;background-color:#E9E9F1;fill:#E9E9F1;}#my-svg .node .neo-node{stroke:#000000;}#my-svg [data-look="neo"].node rect,#my-svg [data-look="neo"].cluster rect,#my-svg [data-look="neo"].node polygon{stroke:url(#my-svg-gradient);filter:drop-shadow( 0px 1px 2px rgba(0, 0, 0, 0.25));}#my-svg [data-look="neo"].node path{stroke:url(#my-svg-gradient);stroke-width:1;}#my-svg [data-look="neo"].node .outer-path{filter:drop-shadow( 0px 1px 2px rgba(0, 0, 0, 0.25));}#my-svg [data-look="neo"].node .neo-line path{stroke:#000000;filter:none;}#my-svg [data-look="neo"].node circle{stroke:url(#my-svg-gradient);filter:drop-shadow( 0px 1px 2px rgba(0, 0, 0, 0.25));}#my-svg [data-look="neo"].node circle .state-start{fill:#000000;}#my-svg [data-look="neo"].statediagram-cluster rect{fill:#ffffff;stroke:url(#my-svg-gradient);stroke-width:1;}#my-svg [data-look="neo"].icon-shape .icon{fill:url(#my-svg-gradient);filter:drop-shadow( 0px 1px 2px rgba(0, 0, 0, 0.25));}#my-svg [data-look="neo"].icon-shape .icon-neo path{stroke:url(#my-svg-gradient);filter:drop-shadow( 0px 1px 2px rgba(0, 0, 0, 0.25));}#my-svg :root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}</style><g><marker orient="auto" markerHeight="14" markerWidth="10.5" markerUnits="userSpaceOnUse" refY="7" refX="7.75" viewBox="0 0 11.5 14" class="marker flowchart-v2" id="my-svg_flowchart-v2-pointEnd"><path style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 0 0 L 11.5 7 L 0 14 z"/></marker><marker orient="auto" markerHeight="14" markerWidth="11.5" markerUnits="userSpaceOnUse" refY="7" refX="4" viewBox="0 0 11.5 14" class="marker flowchart-v2" id="my-svg_flowchart-v2-pointStart"><polygon style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" points="0,7 11.5,14 11.5,0"/></marker><marker orient="auto" markerHeight="14" markerWidth="10.5" markerUnits="userSpaceOnUse" refY="7" refX="11.5" viewBox="0 0 11.5 14" class="marker flowchart-v2" id="my-svg_flowchart-v2-pointEnd-margin"><path style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 0 0 L 11.5 7 L 0 14 z"/></marker><marker orient="auto" markerHeight="14" markerWidth="11.5" markerUnits="userSpaceOnUse" refY="7" refX="1" viewBox="0 0 11.5 14" class="marker flowchart-v2" id="my-svg_flowchart-v2-pointStart-margin"><polygon style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" points="0,7 11.5,14 11.5,0"/></marker><marker orient="auto" markerHeight="14" markerWidth="14" markerUnits="userSpaceOnUse" refX="10.75" refY="5" viewBox="0 0 10 10" class="marker flowchart-v2" id="my-svg_flowchart-v2-circleEnd"><circle style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"/></marker><marker orient="auto" markerHeight="14" markerWidth="14" markerUnits="userSpaceOnUse" refY="5" refX="0" viewBox="0 0 10 10" class="marker flowchart-v2" id="my-svg_flowchart-v2-circleStart"><circle style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"/></marker><marker orient="auto" markerHeight="14" markerWidth="14" markerUnits="userSpaceOnUse" refX="12.25" refY="5" viewBox="0 0 10 10" class="marker flowchart-v2" id="my-svg_flowchart-v2-circleEnd-margin"><circle style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"/></marker><marker orient="auto" markerHeight="14" markerWidth="14" markerUnits="userSpaceOnUse" refY="5" refX="-2" viewBox="0 0 10 10" class="marker flowchart-v2" id="my-svg_flowchart-v2-circleStart-margin"><circle style="stroke-width: 0; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"/></marker><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="7.5" refX="17.7" viewBox="0 0 15 15" class="marker cross flowchart-v2" id="my-svg_flowchart-v2-crossEnd"><path style="stroke-width: 2.5;" class="arrowMarkerPath" d="M 1,1 L 14,14 M 1,14 L 14,1"/></marker><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="7.5" refX="-3.5" viewBox="0 0 15 15" class="marker cross flowchart-v2" id="my-svg_flowchart-v2-crossStart"><path style="stroke-width: 2.5; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 1,1 L 14,14 M 1,14 L 14,1"/></marker><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="7.5" refX="17.7" viewBox="0 0 15 15" class="marker cross flowchart-v2" id="my-svg_flowchart-v2-crossEnd-margin"><path style="stroke-width: 2.5;" class="arrowMarkerPath" d="M 1,1 L 14,14 M 1,14 L 14,1"/></marker><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="7.5" refX="-3.5" viewBox="0 0 15 15" class="marker cross flowchart-v2" id="my-svg_flowchart-v2-crossStart-margin"><path style="stroke-width: 2.5; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 1,1 L 14,14 M 1,14 L 14,1"/></marker><g class="root"><g class="clusters"/><g class="edgePaths"><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MTM5LjU2OTg1NDczNjMyODEyLCJ5Ijo2Mi4zODc1Njc1MjAxNDE2fSx7IngiOjEzOS41Njk4NTQ3MzYzMjgxMiwieSI6OTcuOTI1MjQ3MTkyMzgyODF9LHsieCI6MTM5LjU2OTg1NDczNjMyODEyLCJ5IjoxMzMuNDI1MjQ3MTkyMzgyOH1d" data-id="L_A_B_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_A_B_0" fill="none" stroke-width="1" stroke="#000" d="M139.0273565325703 62.210476700923564 C139.0024002577626 69.48963073998148, 140.05466883934704 76.69682654436961, 139.18589097479204 97.81438388112085 M139.52655682646758 62.40773162506068 C139.66607912169002 75.27966361526211, 139.2212323906241 87.5641274170109, 139.37069865650338 97.8079931362561 M139.66605660153527 98.39094135822833 C139.58376223847932 106.6111304848589, 140.04012878956752 115.84859037333644, 139.40351441792617 129.79778697883904 M139.27283400468613 98.05327109840206 C139.318227857357 108.86784551808599, 139.56633290858616 120.12782618809835, 139.38550657107479 129.4761112294413"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MTM5LjU2OTg1NDczNjMyODEyLCJ5IjoyMDkuMTgzMTQzNjE1NzIyNjZ9LHsieCI6MTM5LjU2OTg1NDczNjMyODEyLCJ5IjoyNDQuNjgzMTQzNjE1NzIyNjZ9LHsieCI6MjM1LjQ3MDc2Nzk3NDg1MzUyLCJ5IjoyODIuOTA5NjYwNDQ4NTU5NzV9XQ==" data-id="L_B_C_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_B_C_0" fill="none" stroke-width="1" stroke="#000" d="M139.20577845254388 209.15519063574413 C140.1839756010628 218.09820106120404, 139.90494148613854 226.66672840805506, 139.7772084596565 235.4220284231677 M139.37393831988874 208.98373483686368 C139.4319809734438 217.64106076695126, 139.9153857083195 225.54438111235675, 139.6963616710309 235.94606292326927 M139.56985473632812 235.77250654160122 C139.14747012602277 241.17830252011493, 141.92992497717188 245.6749739172991, 148.0148773791648 247.49020746721135 M139.48977930665117 235.38703193191537 C139.72537730652908 241.97020402592042, 142.57141160647797 245.6785232460289, 148.12214036514143 247.86395403195078 M147.77555003437658 247.5171263386905 C171.86399528766634 257.68253079635406, 195.46947958744397 267.0862779150007, 232.18685446081955 281.2280888782372 M147.75381773170085 247.95585357364362 C177.2033828030895 260.0250759245962, 206.45864670662536 271.4317384211816, 231.98810150971605 281.53061296028835"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MjgzLjQ4OTE3MzM5MTQ2ODc0LCJ5IjozMzMuODk4NDYwMzg4MTgzNn0seyJ4IjoyNjYuOTM5NTQ0Njc3NzM0NCwieSI6MzY5LjM5ODQ2MDM4ODE4MzZ9LHsieCI6MjgzLjQ2ODU4MTIxNTgzNzcsInkiOjQwNC44OTg0NjAzODgxODM2fV0=" data-id="L_C_D_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_C_D_0" fill="none" stroke-width="1" stroke="#000" d="M283.6608049689376 333.9945684851993 C280.4874718648348 341.34728234203493, 276.612460639192 348.6909433695185, 272.2739120830284 359.09312931923296 M283.6325026843143 334.1561612870374 C279.84816844196206 342.2511837182844, 276.03011218385933 349.9588695387603, 271.74184647196773 358.5684244594128 M271.94210201661775 358.6676585918279 C268.0788702608237 366.40990459914104, 268.16895478695375 372.563553480698, 271.574945100525 380.31089471817836 M271.7213890214354 358.6129458212777 C268.3891544411427 365.7791109371944, 268.138328139655 373.3799455607033, 272.4520032976651 380.25504777478443 M271.91696081469297 380.603937909209 C275.5207609332121 387.4045461204662, 278.3164370739354 393.60341942163467, 281.46145103843435 401.5231325566566 M272.0632978205666 379.85354588143804 C274.6808495327264 386.17156197392745, 277.5596066042317 391.78173896734387, 281.8885936232497 401.09939033338793"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MjUyLjMxNjE0MjY4NzkxNjc0LCJ5Ijo0NTguNzY5MTQ5NzgwMjczNDR9LHsieCI6MTk0LjcyOTA5OTI3MzY4MTY0LCJ5Ijo0OTQuMjY5MTQ5NzgwMjczNDR9LHsieCI6MTk0LjcyOTA5OTI3MzY4MTY0LCJ5Ijo1MzAuMjAwOTkwNjc2ODc5OX1d" data-id="L_D_E_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_D_E_0" fill="none" stroke-width="1" stroke="#000" d="M252.0038715909692 458.5355772924463 C237.610570175804 468.13012848608753, 223.2473089184489 476.4241688463431, 203.00054347692952 488.40805396833537 M252.19611945578018 459.04457114007255 C234.1883748957321 469.88655926089217, 215.74328192097167 481.0110175413035, 203.53593805780508 488.74576343226767 M203.46053694380316 488.8865842080202 C197.43941902656115 492.5380319399342, 194.51841977269154 497.63750413299493, 194.6139458920884 504.9070930901578 M203.08515886509448 488.8508554866878 C197.90071301479227 492.30541333568425, 195.38979419335186 497.94492025082394, 194.61390990849978 504.0070607105746 M195.031782196046 504.3526148558857 C194.81552837857 512.0715184817992, 195.04483937240224 520.7685823358293, 194.577024085756 526.0334122057166 M194.61329327443872 504.3924260447995 C194.56637736652513 510.2266947333358, 194.71751745650337 515.7628048315937, 194.62815897314988 526.2603188972473"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6NDUyLjQ0OTg1OTYxOTE0MDYsInkiOjYyLjQyNTI0NzE5MjM4MjgxfSx7IngiOjQ1Mi40NDk4NTk2MTkxNDA2LCJ5Ijo5Ny45MjUyNDcxOTIzODI4MX0seyJ4Ijo0NTIuNDQ5ODU5NjE5MTQwNiwieSI6MTMzLjU5NDY4MDc4NjEzMjh9XQ==" data-id="L_F_G_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_F_G_0" fill="none" stroke-width="1" stroke="#000" d="M452.6001988560493 62.983514111830225 C452.08408829529185 76.70375763928186, 452.6832913642269 90.7202500987052, 452.80548055625127 97.62520849024635 M452.4895047910909 62.70869630437503 C452.4638291275868 75.12505425215522, 452.36899953560913 87.33850743669448, 452.49716795168456 97.90830187598742 M452.1086823224331 98.49236818731725 C452.86614643674295 105.48612256633224, 451.8763144713843 111.8355864760505, 452.8645867529878 129.6614094726868 M452.7141390921994 97.796768093718 C452.5289481066178 109.99846529133934, 452.5445827665116 121.94653456850378, 452.5112991091993 129.83697031778252"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6NDUyLjQ0OTg1OTYxOTE0MDYsInkiOjIwOS4wMTM3MTAwMjE5NzI2Nn0seyJ4Ijo0NTIuNDQ5ODU5NjE5MTQwNiwieSI6MjQ0LjY4MzE0MzYxNTcyMjY2fSx7IngiOjM1Ni41NDg5NDYzODA2MTUyMywieSI6MjgyLjkwOTY2MDQ0ODU1OTc1fV0=" data-id="L_G_C_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_G_C_0" fill="none" stroke-width="1" stroke="#000" d="M452.998136212764 208.59509122954805 C452.87852473869566 216.7960557045978, 451.9855198078794 223.3836217406009, 452.20416903826225 235.21870969548604 M452.4499292904026 209.25441017233373 C452.7638176787521 214.70622805299897, 452.4550546246376 220.13255080680412, 452.3148263774376 235.6441496331509 M452.4498596191406 235.77250654160122 C452.8271886175976 241.49857730906308, 449.1268828554407 245.95618066286934, 444.73673640351365 248.3256064234683 M452.2445819330148 235.65938850203844 C451.7995290177176 241.33975113910287, 450.2000164149622 245.40634295085408, 443.72018446957856 247.66687346983392 M444.5953655549593 247.68943378154725 C424.6190517505884 256.06367701750105, 405.344320063359 263.883497187559, 359.73811636246023 281.6815015760087 M444.32504120408447 248.22981005165488 C414.264989937083 260.18671283287443, 384.4335886676879 271.6581476400444, 360.24439118918775 281.62810564230733"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MzA4LjUzMDU0MDk2NCwieSI6MzMzLjg5ODQ2MDM4ODE4MzZ9LHsieCI6MzI1LjA4MDE2OTY3NzczNDQsInkiOjM2OS4zOTg0NjAzODgxODM2fSx7IngiOjMwOC41NTExMzMxMzk2MzExLCJ5Ijo0MDQuODk4NDYwMzg4MTgzNn1d" data-id="L_C_D_2" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_C_D_2" fill="none" stroke-width="1" stroke="#000" d="M308.7465901440837 334.0380061151885 C312.14731747238085 341.15769608495634, 315.5364317789703 348.4825310924103, 320.46353882884574 358.1163973869552 M308.2784829024612 333.9884125353449 C311.9561980943899 341.41322149905335, 315.1904882270571 348.1781196363297, 320.3002234988595 358.937399421729 M320.077612338851 358.6676585918279 C323.442832321764 365.745200121406, 323.502844342675 372.61419055989296, 320.1863459320551 380.53674243149345 M320.40433177504127 358.9653610881226 C323.05058300443187 365.9955679279881, 323.9411472550694 373.20606966017033, 320.60525561215593 380.4407204335763 M319.93700521835586 380.6263714243437 C316.8632212600747 387.81419949312885, 312.88271369847587 395.9970609682431, 310.28475239098145 401.71023074238786 M320.3022064361021 380.31355632947464 C317.51330209810845 385.69781998701893, 315.0607059438184 391.5522939163977, 310.5377317272706 401.02766038565375"/><path marker-end="url(#my-svg_flowchart-v2-pointEnd)" data-points="W3sieCI6MzM5LjcwMzU3MTY2NzU1MiwieSI6NDU4Ljc2OTE0OTc4MDI3MzQ0fSx7IngiOjM5Ny4yOTA2MTUwODE3ODcxLCJ5Ijo0OTQuMjY5MTQ5NzgwMjczNDR9LHsieCI6Mzk3LjI5MDYxNTA4MTc4NzEsInkiOjUyOS43NjkxNDk3ODAyNzM0fV0=" data-id="L_D_H_0" data-et="edge" data-edge="true" style="" class="edge-thickness-normal edge-pattern-solid transition edge-thickness-normal edge-pattern-solid flowchart-link" id="L_D_H_0" fill="none" stroke-width="1" stroke="#000" d="M339.47692243382306 458.7847928295105 C357.34488161719173 470.040628494972, 375.1248078665608 480.44951969873034, 388.1486610890411 489.0569446478575 M339.6600512586482 458.4921419427873 C354.8321935679858 468.10684841060805, 370.30484163679955 477.4788123406403, 388.843226079164 488.77588938110875 M388.5591774116656 488.8865842080202 C393.8465932823157 492.25408681107785, 397.56115797580094 497.47634929971366, 397.85526175285185 505.00800327880336 M388.7648191943092 488.41186323729136 C395.04826096384556 492.46448033881575, 397.68777331011927 497.51454226253475, 397.744073015096 504.0309995181849 M396.9158940635771 504.71203876558553 C397.1533905486559 509.3472139460855, 397.9140619625335 513.0641619487938, 397.63070048825153 525.9694472967054 M397.29211506920416 504.39971895519756 C397.13511995204726 513.2654890989896, 397.2867585830228 521.6218865820898, 397.4810870084636 525.7669065583805"/></g><g class="edgeLabels"><g transform="translate(139.56985473632812, 97.92524719238281)" class="edgeLabel"><g transform="translate(-29.5625, -10.5)" data-id="L_A_B_0" class="label"><foreignObject height="21" width="59.125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>Arrives at</p></span></div></foreignObject></g></g><g transform="translate(139.56985473632812, 244.68314361572266)" class="edgeLabel"><g transform="translate(-44.3515625, -10.5)" data-id="L_B_C_0" class="label"><foreignObject height="21" width="88.703125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>Sets fly-replay</p></span></div></foreignObject></g></g><g transform="translate(266.9395446777344, 369.3984603881836)" class="edgeLabel"><g transform="translate(-19.0703125, -10.5)" data-id="L_C_D_0" class="label"><foreignObject height="21" width="38.140625"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>replay</p></span></div></foreignObject></g></g><g transform="translate(194.72909927368164, 494.26914978027344)" class="edgeLabel"><g transform="translate(-46.6953125, -10.5)" data-id="L_D_E_0" class="label"><foreignObject height="21" width="93.390625"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>match port 443</p></span></div></foreignObject></g></g><g transform="translate(452.4498596191406, 97.92524719238281)" class="edgeLabel"><g transform="translate(-29.5625, -10.5)" data-id="L_F_G_0" class="label"><foreignObject height="21" width="59.125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>Arrives at</p></span></div></foreignObject></g></g><g transform="translate(452.4498596191406, 244.68314361572266)" class="edgeLabel"><g transform="translate(-44.3515625, -10.5)" data-id="L_G_C_0" class="label"><foreignObject height="21" width="88.703125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>Sets fly-replay</p></span></div></foreignObject></g></g><g transform="translate(325.0801696777344, 369.3984603881836)" class="edgeLabel"><g transform="translate(-19.0703125, -10.5)" data-id="L_C_D_2" class="label"><foreignObject height="21" width="38.140625"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>replay</p></span></div></foreignObject></g></g><g transform="translate(397.2906150817871, 494.26914978027344)" class="edgeLabel"><g transform="translate(-50.5859375, -10.5)" data-id="L_D_H_0" class="label"><foreignObject height="21" width="101.171875"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" class="labelBkg" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"><p>match port 9090</p></span></div></foreignObject></g></g></g><g class="nodes"><g transform="translate(139.56985473632812, 35.212623596191406)" data-look="handDrawn" data-et="node" data-node="true" data-id="A" id="flowchart-A-0" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-97.50081716088042 -25.130582583501585 C-97.50081716088042 -25.130582583501585, -97.50081716088042 -25.130582583501585, -97.50081716088042 -25.130582583501585 M-97.50081716088042 -25.130582583501585 C-97.50081716088042 -25.130582583501585, -97.50081716088042 -25.130582583501585, -97.50081716088042 -25.130582583501585 M-97.24312280462038 -17.54099350960624 C-94.76161701870821 -20.155481794125144, -92.31021660735125 -22.907996147208827, -90.8158951817815 -26.083720470964135 M-97.16827250608664 -18.192655888142156 C-94.63340762253037 -20.715732470191792, -92.65510872914668 -23.588638325934145, -90.56689914655331 -25.436003294719672 M-96.67020090171579 -9.7478233257264 C-94.03501842946007 -15.897626506540547, -88.89688022177519 -20.998257125711792, -82.88279775518798 -25.391124991136493 M-97.09226062190868 -10.628223760822996 C-92.85671695273541 -14.824400943186248, -88.72993385395412 -19.402899850504028, -84.32696298485405 -24.92163145123422 M-98.37726800653815 -1.5691793284234543 C-93.49715877199796 -7.176560699833724, -88.33410852229939 -14.916947325738768, -78.10257789561958 -26.385798157641737 M-96.72496584100838 -2.4735837222687027 C-90.03954905332398 -11.346369630467015, -80.90861612990511 -20.224673971515923, -77.2545837849283 -26.229983839519022 M-98.12925883682468 4.107555304452809 C-89.15450472084878 -4.978366073146358, -77.10176490326111 -16.610740023329797, -70.1567723067335 -24.470634383776165 M-98.07005192932583 4.821077406787073 C-87.38369314279393 -6.6737514473607815, -76.04117255005298 -18.38719807931961, -70.21606202926935 -26.2335957108898 M-97.1198686100917 13.337936359007216 C-85.17724935476522 -1.1269035255641984, -75.0373872989519 -14.122632358905875, -64.60124485291668 -25.915901687904235 M-97.503461850984 12.558228458870818 C-86.91280040878158 1.1438132329802841, -77.29731956174508 -11.27678511291423, -63.862568710045025 -25.846479724004602 M-98.32499808664681 20.387373589541802 C-83.58710672511786 5.383439392067067, -71.53960508756077 -8.15224861992614, -58.07658298496424 -24.648462045889115 M-97.64765796667028 20.11662918098239 C-83.40699268247988 3.4651381623611783, -67.9808688161012 -12.255114699744489, -56.93707322885649 -25.74373525020378 M-95.88250609706522 24.444779759048615 C-82.93139493321928 9.59323242240579, -70.37464766890831 -4.433156324715758, -51.0320903493328 -24.909114204420437 M-95.11672535274836 26.23111834668687 C-82.663365152491 11.917477928983669, -70.03022567342911 -2.841484830031796, -51.12373667472906 -25.886140163889078 M-88.93789688423878 25.49255814763567 C-75.77214679552023 9.517877040715119, -62.23795787637464 -5.506182868055294, -45.63004117747262 -25.533441534719188 M-89.28240998037805 26.05359396460493 C-72.6153533623345 6.431309470450859, -54.48504413451427 -13.265706460181839, -43.8180845241467 -25.964712766149773 M-80.92964355234132 26.159055120672583 C-66.60091091194126 7.502298764145083, -47.33088098380049 -13.631364183260398, -36.25438685605111 -25.16442307643363 M-82.43978262453516 25.252569349969658 C-67.75687865576653 9.516858174863403, -52.52082978945263 -7.761178468056637, -37.66745764169391 -26.306699929127603 M-74.66066531100252 26.11090891822117 C-58.938597423269236 9.211257607281588, -45.01898034138886 -9.60309651875803, -30.787977875916987 -26.656904891861778 M-75.02507675154826 26.33649164039175 C-62.40166785023208 9.430260096749546, -47.66811152431669 -6.132798817024516, -31.190711961444798 -25.87162611835503 M-68.2270290724889 25.755812429502203 C-55.468255401601624 9.901336205211605, -41.0809154808021 -5.073365398677145, -25.685847729791277 -25.36708397124031 M-68.44953167015694 26.687299895041054 C-53.57604112018761 7.9775785715705005, -39.24899604800827 -9.377843846163175, -24.167179585084885 -25.524759433774435 M-61.68191692447004 26.447669771055207 C-45.01656069158146 7.518713860505439, -31.43446726565354 -11.013414554855947, -18.04989156766254 -24.958932207926974 M-62.3031353394014 26.02764450159964 C-45.305575904626984 7.105188172517279, -28.130431533090537 -12.161258477225408, -17.749600312824214 -26.256906874026136 M-56.609390329069235 25.295111282426493 C-38.57260040946157 6.460216149902807, -22.512554764328364 -12.15153791411371, -11.813286046170731 -24.523054153101846 M-55.20564177537629 25.707366034247464 C-39.54211391158204 6.337283881971623, -21.337798359741594 -14.271786648489218, -11.25445990583393 -25.96538063352129 M-50.02086040019854 25.360907264005327 C-31.911207057931225 6.2285579957324915, -15.164960830937012 -12.261987490001802, -4.581717432132237 -24.30327360095502 M-49.646340606634936 26.749415483970605 C-40.12646137497366 14.865305058422354, -31.210837981425634 5.488887557403183, -3.979549251856223 -25.36038925014003 M-43.389665337912405 25.906867511285103 C-26.863529326485843 9.403524048946329, -11.85598079039039 -7.045097754969187, 2.0778236547261226 -24.86977812321721 M-42.4454830751019 26.03426678962187 C-31.344489462829053 12.385250265624345, -18.903068960802955 -1.3623062063255393, 2.3036586613428094 -25.736608081573483 M-36.30319029026116 25.003133621046242 C-23.358263129248513 9.615703361045824, -9.951449049436922 -3.766381335973927, 9.068362889625261 -25.441125987669093 M-35.70020017601481 26.16049343350936 C-26.90541617539399 14.661634870401121, -16.428408706556777 3.448949567571682, 8.614944152888604 -24.906340505441996 M-30.245533979120154 26.13161881725778 C-21.700635888357763 14.926100325387761, -11.61851546631495 6.7444256109654, 16.491914410026755 -24.73700115826902 M-29.93982168724894 26.193597627870048 C-17.571885780269934 11.52422894194026, -4.604265888348852 -3.6514362259724638, 15.342526989011283 -25.41695457531251 M-21.094936757474123 26.33862101892019 C-8.832041360493164 11.193121287307747, 3.597688925905432 -1.7740887654397388, 23.542499174366228 -25.857174912040826 M-21.790029290168512 26.297936095983044 C-11.314800927168347 12.536258590375168, 0.7662813401183843 -1.5407585847120773, 21.864547434733776 -25.610733122478017 M-16.394587072174296 26.714594866588026 C0.00802138059548041 6.919411825862194, 13.703823504857773 -10.806275624093358, 29.794753144788523 -24.72807781753185 M-15.509025588673902 25.509921342593504 C-3.869886783127059 12.645458000644789, 6.975041029109611 -0.3960848482932299, 27.966229686365676 -25.96113285042467 M-10.030011853727961 26.302996805194596 C2.4633676897252785 13.33624961788387, 12.862592506210603 2.0411906680189023, 33.796753481437456 -25.16861092906693 M-9.034516122508691 25.708986816454782 C3.647281288323344 10.447959875608904, 17.585731305491276 -6.7337444455557325, 35.04656081155474 -24.595059298947316 M-1.7797117732100343 25.94895920475677 C8.350475407671244 14.442196609516776, 19.091508379175462 2.0266348037529314, 42.93354091862402 -24.558156034660207 M-2.763395021988668 25.15410530848689 C10.778377519544518 10.09639527488795, 24.87927196157276 -6.193448904596715, 42.53098313515868 -25.3654267141991 M5.165891967829824 25.379571247071656 C20.331395790912286 9.152546220510574, 34.546178057347134 -8.867983187733877, 47.20195847028424 -25.87423618939753 M3.2561472934268325 26.206914004811637 C14.327594159655643 13.575681356114456, 25.228002044597503 1.0718576947398288, 49.02957748717875 -25.80450288111728 M8.939044716658033 27.189538233651326 C20.460396698705036 14.967204946333851, 30.607750770471245 2.4252995631085508, 54.21008509822498 -26.15904221227806 M10.921408429521959 26.36094944320456 C27.74537722219718 5.691397619565679, 44.14835523782421 -13.607225634462303, 54.81981620886882 -24.777075042911715 M16.716277599105183 25.62774552548918 C32.186198554187484 7.808244077212122, 46.7980393287009 -9.239770546645726, 61.21679140671206 -26.064881173358057 M18.030491900691757 25.473023649046564 C32.203603401184886 8.614075554145389, 46.35093019409748 -7.440057149149839, 61.72787019821464 -26.165931477195958 M22.610353338716575 26.73060763613442 C37.349801336652696 10.247628597580727, 51.66359446210204 -7.3674360954024785, 67.09028855381698 -26.303343165562755 M23.05191311649053 25.719325235535205 C39.863891326836004 7.726992086769716, 55.35716184735813 -9.659388504769787, 69.04030271809268 -26.034954897308197 M30.596494328219595 27.4518996112727 C44.86469909506871 10.348533515914653, 57.47802858318944 -3.582642948700925, 76.02928965189246 -23.914609788806118 M29.542854740115633 25.58785886515875 C46.45598027063995 7.206279692512511, 64.19567672562737 -11.668141042707266, 75.42328375336791 -25.355778508233247 M38.149162968268925 25.21482672287724 C50.368229000807325 10.80425423461154, 64.20044765202589 -5.713136834129138, 82.89519544860461 -26.89798682042317 M37.04122566287399 25.93637315191044 C50.93715169096045 10.296632521088313, 65.21826198149284 -6.529022276870764, 81.97015967816502 -25.777801195253474 M43.29827389382729 25.025665802663088 C58.700453732984144 6.820862278104988, 74.32760669473643 -8.989391247832806, 89.02402363054178 -24.29762310659449 M43.09587330925151 26.381954827074015 C52.679094111603746 15.123172264180264, 62.824125115279244 3.3081827778507273, 87.72596120618373 -25.595572841794354 M51.20383330127996 24.94225211606115 C67.54100246627897 5.5630649851612, 84.90619805100631 -13.975166265986731, 93.95836576083836 -24.501272082076486 M49.5142133685876 26.001704019682798 C67.01131280469197 6.3963197671317555, 84.09703188615984 -12.98947274952633, 95.8946436319833 -26.03255573878148 M56.29991674950192 25.425199869430514 C68.20865649450185 13.16173066920271, 81.14577312581076 -1.0937868458660627, 97.50041207012148 -20.422324489876807 M57.69913727818322 25.995820385320584 C70.36669729154985 11.330063761012216, 82.56892228829538 -3.5007291316630136, 97.2045275609237 -20.404933873814812 M62.20009866754269 25.634580840112577 C74.57701880326547 15.510382341304519, 81.75148699957222 4.802465589252579, 96.51101753800971 -13.133738106789199 M62.86065199586276 26.244925271055337 C76.06433695547658 11.842379895264584, 88.02714365351403 -1.8781170833399115, 97.0695194775346 -13.943179173208033 M70.62111643280718 26.20102817077566 C78.58142572576308 15.797839433868084, 89.01609540434303 6.012304293656995, 97.46264995348601 -4.764902574043588 M70.37514475874654 26.079346012829383 C80.90978129382313 13.057973209783153, 90.89334283262563 1.4562583480547, 97.29063254655371 -5.837282082567362 M78.08461045042637 26.441843392378452 C81.51847933725233 21.226714992633585, 86.1263064263849 14.071994746142845, 97.09052198720082 2.2584390533585736 M76.49943203999057 26.23430809838609 C84.49116395286887 17.19755534064248, 91.48867860097516 8.256887416273806, 97.46601810704878 2.4742882301216733 M83.7423610678072 26.65829320207522 C85.59474284573763 22.91390972878242, 90.44522941560867 18.5684313516381, 98.4651199887889 10.66074691097532 M83.71315244791441 26.464080876052826 C87.16845390865818 20.844734241858667, 92.42228179449064 15.89269059894563, 97.8389879494801 8.719298345507951 M90.3912929108768 25.795800367614934 C93.16745934584387 22.22119084923646, 95.32271548213 19.78167993739418, 97.19333978254207 17.045366662700832 M90.52240403612699 25.42816541226017 C93.07566437495285 22.392841109333588, 95.29873101540379 19.730333583299306, 97.59721238852521 17.359161001762857 M96.75965668022927 25.81932724614658 C96.82612841090749 25.6208861075161, 97.02000053494585 25.443366254551073, 97.42616541646473 24.986548989087485 M96.75489955009341 25.812482507940036 C96.99396837520244 25.51744248685329, 97.25967271303868 25.174704904890426, 97.39366979806569 25.046947868329188"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-98.23690304673562 -26.71576846648809 C-22.98379805188633 -24.74308208044044, 51.0683765982995 -24.063550903393157, 98.33184220348265 -24.94086009344196 M-96.51283707629247 -25.312790166085502 C-49.08297596936609 -26.67537106971415, -0.7317216638482599 -26.466939718024243, 97.10710545869162 -25.83828695609051 M97.17982575041862 -26.69099233808639 C97.34749833557248 -8.280999122248888, 97.77554042798297 9.123774066167384, 98.19649514401513 24.668812220812818 M97.02423084080252 -25.14609658265098 C96.55599096361269 -12.739501184497888, 97.836896913582 -0.009325416133869446, 96.81297739709706 25.51051244457333 M96.88156285420975 25.80227460452183 C23.296845895753954 24.01810545213128, -52.176438203234845 24.957227954660063, -97.86341810411946 26.66624913091185 M96.52471940009595 25.11654873501614 C47.01644201516956 25.790059828223473, -3.0284492400291096 26.64142871524513, -97.61272025479416 25.223259105349488 M-97.37886734504559 26.870521213868848 C-97.74835539317685 13.528933164667333, -96.59959974499009 2.912541162057932, -95.86491510734086 -26.236894339094107 M-97.6779944776364 25.833131976288684 C-97.08779368614994 14.22302093723551, -96.91910026433207 4.32855308860356, -97.17473815172283 -25.33913953470701"/></g><g transform="translate(-67.1796875, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="134.359375"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>Public HTTP Request</p></span></div></foreignObject></g></g><g transform="translate(139.56985473632812, 171.30419540405273)" data-look="handDrawn" data-et="node" data-node="true" data-id="B" id="flowchart-B-1" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-129.92250048120195 -36.08915299800012 C-129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012 M-129.92250048120195 -36.08915299800012 C-129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012 M-129.87797567258792 -28.54317028922965 C-127.29535324477393 -31.203067477656614, -125.76432150080774 -34.11111652629987, -123.44889448203637 -35.37110115081026 M-129.74091619496323 -28.287109579267558 C-128.79885377206352 -30.409598832735224, -127.0133201421381 -31.788609812042015, -123.84762680373666 -35.56427955839113 M-131.62798633693316 -20.31507940842721 C-124.75286640691886 -24.20266691061896, -120.83225021639161 -30.03495061803817, -115.91523024679678 -35.875892780201205 M-129.9474220922187 -19.993574012987906 C-126.7363952333056 -24.00273702552415, -123.59065202189188 -27.562680998109773, -116.65457019059832 -36.7581699675869 M-128.59532842979732 -14.196018657961668 C-123.37392048228001 -22.26155068748291, -115.46729076753257 -29.561937331913093, -108.93994122272804 -36.408290659490305 M-129.29248573224893 -12.990577779709541 C-124.05288846424214 -19.43438222430716, -119.02659685586279 -26.950129880901194, -109.50700789279018 -36.408484468842936 M-130.27779544453807 -6.957500099229479 C-121.48563519119669 -14.922286646849313, -114.0063517174219 -23.517128473017085, -103.78475872780155 -35.214266965462194 M-129.2276266571606 -5.62562195145871 C-121.62399184137963 -15.236641901988609, -113.82227100681578 -23.999206959003327, -103.23406261272605 -35.720624731893956 M-129.03434052155217 2.3975171414065737 C-119.37997777575114 -12.82324850801894, -106.43861164665987 -25.017049417171247, -97.51072976783965 -35.938897467597414 M-129.83257112583732 2.191178242131536 C-119.69586044956768 -9.36988941253142, -109.66811115614388 -20.644148521573406, -96.71098119098336 -36.41382727466496 M-130.29605065282155 11.293026810728847 C-120.93274495911379 0.8619504672259831, -113.30283750880625 -9.606744336435627, -90.66139172886295 -34.94795004786018 M-129.61340247888688 9.854905180567519 C-116.67160355005669 -5.425586546382425, -102.80271475784467 -20.54786669706933, -89.81247668451844 -35.52357530954402 M-130.82479424227938 16.002329063530183 C-120.50691684976682 4.315561686714165, -109.59137528681886 -7.128892542449902, -83.50433877338057 -36.37178606059827 M-129.41747442223266 17.322791429216505 C-119.00913459536511 4.607537725251796, -108.13914989891768 -8.36944911306053, -84.27346886691257 -36.21649166808683 M-129.23949400037958 23.918470796369615 C-111.76557142694962 3.9141690267875466, -91.59625354417523 -18.76411042247573, -76.00266889134598 -36.40844686746016 M-129.94584641244282 25.361020578504608 C-113.51600494094951 7.038532860287753, -97.02121248504031 -12.3440395928719, -76.0834292146864 -36.35839154158267 M-129.3938196014012 33.009295011555615 C-109.7731267242857 10.304292836115875, -90.72020347771439 -12.768355685769569, -69.25446610258247 -35.57817404521626 M-130.43780839015892 32.8436937890005 C-114.85982326228749 14.370179923725818, -98.4068351346255 -3.9482349121378117, -69.87289726419846 -35.80194232312099 M-127.95809391295592 36.56065788906334 C-101.97298428652775 8.205064299859343, -78.00101923925874 -18.636264574704413, -63.21270913682443 -36.55436023330903 M-127.13939418334618 36.177045184514824 C-110.09290591795738 15.831515703007383, -92.02145865213663 -4.970734123048671, -64.47144444712978 -36.3226996391958 M-119.9559660516695 37.26079736131199 C-103.75342898453465 16.867614319605398, -85.82328587691946 -5.487062939511992, -57.62119820208365 -36.31022431568048 M-120.16542589753625 36.44272892354035 C-98.15108101423854 10.947001542189428, -76.11179903763167 -14.700369319001721, -56.56732571603996 -35.752995456269716 M-114.82013358342536 36.313592541375314 C-94.30626748187645 15.91065857237866, -78.12320601798642 -5.3832023423082305, -50.617401330669686 -36.89170770470322 M-113.26897235965733 35.84734511946814 C-95.1238939176141 14.158158136507375, -76.25807303910341 -7.155851369438064, -50.16920291793087 -35.59239354485395 M-106.35304552536125 36.182168893064095 C-87.39128255075565 13.561370332967044, -66.92063377344054 -8.771731352747034, -45.31566904504589 -35.01790422841304 M-106.84915904073196 37.3160193242208 C-85.28478903669463 11.191449695358568, -63.20469067432278 -14.555800054970284, -43.51420742751714 -36.261114988122934 M-100.28210304484612 36.99817721116125 C-82.11278775303656 16.23595463380912, -62.471184659176565 -5.60355684254323, -35.82568132225653 -36.34990148910056 M-100.69885920831587 36.76509235327946 C-81.63672030650568 14.827385886899977, -64.23908747851193 -6.107997249029443, -36.94694931874408 -36.37280503535486 M-92.43157223966963 37.241765229451424 C-75.97861111383075 16.96142204689212, -56.599193859415905 -3.153853074802297, -31.349473103006737 -36.75159553970569 M-93.18092171475433 35.89994747730725 C-71.28787998794455 11.621486360196451, -50.13499970914938 -14.219995051116049, -30.02469808515904 -36.62591046567244 M-86.17347010592421 37.09024465827976 C-69.26484871580456 14.931221668192855, -49.577898848798824 -7.989242262382815, -24.018751532633207 -34.83645491145801 M-86.6092139426943 37.109196127581185 C-65.28102936269741 11.38385872379975, -42.64638237916126 -13.696574883834145, -23.800557259801334 -35.24510965982277 M-79.13631232031031 35.06505969300679 C-66.49188421253022 20.908264889001394, -51.798310989933285 3.9928307185371095, -18.24884952312799 -35.02424011960477 M-80.49412842892526 35.61125165678623 C-57.22937393963765 9.237126064411145, -33.81966183025945 -16.57444208097849, -17.83266789416251 -35.697900070593796 M-74.88394239641559 37.225435765717314 C-50.01462427472435 11.138425789341067, -26.592465485512946 -17.476986898408114, -10.288135052489475 -36.927728760258844 M-74.14830649785134 36.3836988419694 C-59.26701783190001 21.682083017986397, -46.662336854626055 5.849116163346035, -10.925358480317115 -35.522921679200934 M-68.59418996155641 37.31175379886311 C-49.330503608510554 16.765453904428608, -33.113458171003394 -3.9716516877946737, -4.099855260125035 -36.07276127276522 M-68.03192141780401 36.65852310437217 C-44.478672083596074 10.592888361104073, -21.810504433904487 -15.132203206609269, -4.341730088601098 -35.576845972421665 M-61.33268127472061 35.132118354478 C-37.657235531114885 9.82130031289445, -12.219552907503665 -20.403161579179635, 3.8126650994474116 -36.94408841560205 M-59.80719379991638 36.621723144736876 C-35.95722740733645 8.528151718973806, -12.009116884259042 -19.425171769882397, 1.9775767300893603 -35.65007281038041 M-53.1751453132694 36.65534209235529 C-40.452720656322754 19.63320986135304, -24.135860077474717 3.316314235204205, 10.35581168013083 -36.32469109685698 M-53.65490140259566 35.941438026077854 C-33.404933474221686 13.475972941199021, -12.532752308768409 -10.931930803809905, 9.392694607215684 -35.19805923154337 M-48.609122902142936 38.215160877049364 C-21.120753713562223 7.229543222460542, 2.880005554309266 -21.625485522501187, 17.038951774853746 -37.391150771190865 M-47.94432168227884 37.32615071993067 C-29.893374368533102 14.431117003695983, -10.523202218882574 -6.566503770594879, 16.03803425612916 -36.99624654205371 M-39.57261574813731 37.04311916463643 C-20.54486945737744 12.785824879812322, 1.1556955956398434 -12.9071851087687, 21.379090961727766 -35.4704950234449 M-40.888108267973266 36.639059311845116 C-22.709810807364335 16.11853655673196, -3.8382541214264374 -4.636288606748917, 22.67974155989865 -35.483482207295374 M-35.126269400580206 37.0194905493777 C-15.422567793292668 15.653718476936406, 1.815785984914767 -4.901462358826737, 28.750228806625252 -34.87872609752004 M-33.41742011798645 36.983600093917985 C-20.664542992927917 21.76995710014245, -5.824897188429178 5.291656402077904, 28.662696761362934 -35.94847377303327 M-26.987664636495555 38.072188758196106 C-13.394787075545722 20.346352712840833, -1.5604083502619792 6.394298192527682, 35.29491647331479 -37.26802798879552 M-27.632854347767605 37.20697712529937 C-12.468648019809544 19.70617437859443, 2.98288902660692 2.5111899144072902, 35.74410005489135 -36.80001507153844 M-19.282333278615624 35.61082123875072 C-1.4210563548241304 14.91249416752786, 16.72801098154993 -6.774726478884422, 41.17939420397901 -35.937738798279305 M-20.941994324143792 36.3712777895627 C-2.3395269978426696 14.548334760024318, 16.12061344068686 -6.4608256377657245, 41.987987578087655 -35.799612887722056 M-14.746361636825112 35.511996823399166 C5.912706290335221 14.808722186624932, 25.382999735079252 -9.370948894938719, 48.69816209249249 -34.443926770945474 M-14.694683214656326 36.09581243034474 C2.0732219435833743 17.388529281609177, 18.633474045725823 -2.3641436389746957, 48.4952544996841 -36.067577865509435 M-7.086409198465154 36.20044922965277 C14.359071041190088 11.547168347689638, 35.3179919468368 -12.538139867363887, 56.28900207930964 -37.542737441354745 M-7.515313154621318 36.64625505160751 C14.87255881213179 11.569426685724977, 36.3703540121123 -12.2692831818291, 56.027574665228386 -36.78838155428775 M-0.7545606264279529 36.18495871905002 C22.56620041409978 10.548712363820053, 44.23748594132705 -15.818572912030893, 61.30678337157656 -34.88036751835785 M-0.1556305528726829 36.492066395087306 C22.091465283039003 9.810680240686576, 45.46202156285852 -16.649601734914825, 62.4908362141173 -36.40327606039942 M5.74405280387654 35.64558315186728 C21.187305458054222 18.207600886280446, 37.021862852119334 1.0598015535219916, 68.53286525454125 -36.28688330648336 M6.161627140712339 36.27740731856771 C19.77597329730529 21.12385580711936, 33.02215377371401 5.434492726813482, 67.9767989721216 -35.40285507795439 M12.742544416604021 36.54326172404629 C32.35151387568731 12.110104274456752, 52.20560455576205 -11.80733564615746, 76.50532288299145 -36.28502142433204 M13.014047849937699 35.52155488910187 C32.37645135871104 13.717172163433238, 53.20146068681872 -9.896059250553531, 75.56350929368456 -35.685778662819615 M20.115789942434176 35.2643265667458 C44.75449996525838 6.950409533847935, 68.30687379126901 -20.376085125395115, 82.09208357478312 -34.9798452078302 M19.59050539722528 36.72824818977726 C34.646614673744565 17.035138025779084, 51.70023584481764 -1.646420786491775, 81.62497852707963 -35.62689285730918 M25.587569100922885 35.638130115416466 C46.346716173046225 10.621527379342703, 68.48755238877929 -13.154808719710026, 88.21360608885651 -36.709673577056044 M25.289454753732336 36.60795424342637 C43.94554519259072 16.707404069946534, 60.920697619193774 -4.557443526916354, 89.00313697890037 -35.164232932801994 M32.42203130487118 34.91264216686164 C47.49820208023714 17.96736612855914, 62.21234127934833 1.3559858892534555, 94.15436389808048 -37.29348730641828 M32.608364376058304 36.14820362923536 C57.98012115524446 7.514795446312281, 82.67343378967837 -21.06487944763305, 95.19331757880256 -36.356874920166476 M38.61352461459194 37.40962167266984 C60.02584959767645 10.290470731690935, 84.6197006454999 -15.90021178589331, 102.85997052272488 -35.27256376569856 M38.48075434053528 35.81364733780584 C58.03040955335974 14.553724386663996, 76.74879115332226 -6.841849147756892, 102.33502177790047 -36.00276005353671 M46.37622176513474 37.389078994824835 C65.53698306995916 15.441899314223805, 84.42497044749045 -7.4780421626595786, 107.39062305517996 -36.592738887944485 M45.80818783889438 36.47605370927091 C64.08501398512716 16.11446482842817, 82.36631215896014 -5.099619108191132, 108.52763746112345 -35.51708919479033 M51.80708668572941 36.14056891113691 C71.33571879116361 13.515109102278277, 90.5017105913705 -8.272774865543061, 115.93838539355107 -35.175266614623844 M51.78353343120622 36.849527301011435 C76.58802026435356 7.6261481879534925, 101.43825319414069 -20.173837618703374, 114.82198841829646 -35.77858568366019 M58.3852675980541 35.80953807663261 C83.69545635776731 9.180559861693498, 105.42733560909446 -17.19979095709404, 120.4365377471395 -36.7310218106655 M58.97108286787346 36.07447487021737 C74.55897510420438 18.03059046743909, 91.60090073302254 -1.5517096525294085, 121.75031507361402 -36.20422742408728 M66.41288459333322 35.982035481342926 C85.38634135415862 14.849031557832706, 104.0600146949261 -5.793849846238255, 126.98757471517331 -36.96349883631116 M64.59812450537238 36.858384758622456 C86.38835499015386 12.756940372448467, 107.51827887289687 -11.84112566372787, 128.33764099937625 -36.01099442200335 M70.85637202658106 35.443730708253916 C88.5266417138903 16.88050001791851, 107.59705163785908 -3.1131247331285516, 131.5117287962293 -31.502820523022102 M72.00456268150307 36.23633655208608 C95.99333315889648 9.656102439747222, 118.39235712087316 -16.516853773898834, 130.43072086929493 -30.76568098510695 M79.59821821545256 37.53678081175155 C95.72001770373271 14.830125860085362, 114.7926146807408 -5.835205845747259, 129.5571055935083 -22.169165412576014 M77.89257341194273 36.19456730190336 C94.35714945848882 19.177544981932414, 109.48583574427107 1.6411615830784911, 130.32359467302882 -22.621574398437012 M84.30822203553176 36.57281001821567 C102.77574102459891 14.84380247646202, 120.35657860398447 -6.1294667086017425, 131.27048731928244 -15.61799822830025 M84.92817137283149 36.513887412777706 C100.71162379140948 18.961328241675062, 116.28542557954816 0.22209307186849325, 131.25128092043252 -16.102535068207615 M92.95483801482261 34.97359067586008 C100.99030537216547 25.449774544020002, 111.19795566387693 16.013741485963646, 131.26272934735746 -7.6086046548882225 M92.40456470047391 36.00475149454646 C102.25395400068375 24.652789197055952, 113.08766896239617 13.232202093312953, 131.34268530958877 -7.927815047720129 M97.77674235218598 37.667007146382815 C105.19927198926561 27.253404718947547, 113.23326528632009 19.68337047790686, 129.40673184881678 0.13046120830259644 M97.90823466073378 36.377978746775014 C109.48706120149724 24.071161477148426, 119.20680204969523 11.32901967761842, 130.2439765451583 -0.8656330628209246 M105.17232847991755 37.79202959527092 C110.6863105773634 30.04309274345313, 117.89858668563855 21.47781389050067, 130.53323126711743 8.101995896060881 M104.58386977521195 36.3802667437617 C113.2342898248866 26.278878732844166, 122.71012619633963 16.86797578118707, 129.89710551801184 6.835204227574747 M113.0674371910736 36.40101683277933 C116.44310836654137 30.584227384901446, 121.18317565969642 27.08184656180568, 130.3363894279253 13.795011013133166 M112.25963079052707 36.269051353225606 C115.32965472166788 32.21505227026679, 119.36623799490063 28.2857740645046, 129.63517197108737 15.578834594937565 M119.6100537529699 37.04144120992889 C121.93922573984034 30.46395203902683, 126.98617870007062 26.5019223159912, 129.50197338979976 21.870790709532564 M117.94581441021506 36.32120505494525 C121.51765713387671 32.84167576015886, 124.05410804450395 29.738149298131233, 131.24971979230006 22.27020401095912 M124.6671693257767 36.7671761218226 C126.26889305187481 34.84189017410076, 128.90123659737404 31.27245279496125, 130.82938017154476 29.663811081159047 M124.65138535333551 36.60090893549136 C126.9316304824124 34.78311089259667, 128.9560448892639 32.4612231633022, 130.673104709313 30.099163560598523"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-129.37211069324982 -35.02172581286044 C-67.96688564813867 -35.45268660597646, -6.189059472030056 -36.67013823584516, 129.16069121480274 -36.48751184482124 M-129.869605013097 -35.993689601632575 C-50.44213000263979 -36.95272515010694, 29.79006908381645 -36.842284918494414, 130.34354572661152 -36.034401711058194 M128.6380824625329 -36.183489328227836 C131.2849254235859 -13.655444699256995, 129.24457661337738 7.785095797655454, 129.83301151066877 37.263632454986826 M130.42907862522307 -36.12373012938429 C129.35787801859567 -18.481046283148945, 129.9457221070838 -1.43490928440984, 129.5557020147061 35.81274914355555 M129.2471604835546 35.46476430695556 C46.323051140310604 35.42875673753813, -37.392415447867506 34.8220451709127, -130.9573536494436 35.02358738922396 M129.5810237183469 35.62183280393166 C54.64565785628373 34.558897565492884, -21.641427366359576 34.801627182691746, -129.59627337660055 36.36450183384988 M-130.4139222925646 34.932424602324936 C-128.88466864344417 10.005954213287309, -130.40284846139244 -16.223612814409954, -129.8546768329356 -36.908341454988 M-129.79470818374372 35.62758720043977 C-130.1429941912959 11.774240298949122, -130.6394678337365 -13.170586813696975, -130.3096247139562 -36.252829841819725"/></g><g transform="translate(-100, -21)" style="" class="label"><rect/><foreignObject height="42" width="200"><div style="display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>Router App: llm-router.fly.dev:443</p></span></div></foreignObject></g></g><g transform="translate(296.0098571777344, 307.0408020019531)" data-look="handDrawn" data-et="node" data-node="true" data-id="C" id="flowchart-C-3" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-59.45060262295085 -25.179360548337527 C-59.45060262295085 -25.179360548337527, -59.45060262295085 -25.179360548337527, -59.45060262295085 -25.179360548337527 M-59.45060262295085 -25.179360548337527 C-59.45060262295085 -25.179360548337527, -59.45060262295085 -25.179360548337527, -59.45060262295085 -25.179360548337527 M-58.73328368897457 -18.284430691083568 C-56.23622706411707 -21.359769601574914, -54.103160269637385 -24.199894970640184, -52.357357956543915 -26.05534241720767 M-59.22650475829135 -18.0032801469629 C-56.84183334358367 -20.170709851497907, -54.89945895003808 -22.485372481464374, -52.563351913268605 -25.52121795731022 M-58.40643740648526 -9.02266257307858 C-57.08394017622408 -14.715137425808239, -54.318997936182136 -17.40854523171117, -46.1144848588131 -25.484302267426845 M-59.200824681883525 -10.22665726137132 C-54.08911839647591 -16.014840534819243, -50.317086919755695 -20.74693153269731, -45.70859432325726 -25.264755526067077 M-60.08425188918291 -3.3421975778923336 C-51.63627643593138 -11.614505805015048, -44.62401797439216 -19.934897718600435, -39.73876533553319 -24.860014218189256 M-59.76423283595597 -2.36142471878372 C-55.258372768869904 -7.975450994573784, -50.325018937134985 -13.197610694466903, -39.332987951168846 -24.764178910884837 M-59.89951788757539 5.672272155582438 C-49.89624503037394 -6.843045642224544, -40.85209626149353 -18.630450716666743, -33.29882258194062 -24.259803671980066 M-59.40189364510237 5.5870374852816065 C-49.41056262248515 -6.829999098267209, -39.140943673184175 -18.263011309681403, -32.15634553955351 -26.012551957386872 M-58.15155417657851 13.077429919640785 C-48.645222573370766 1.0142612049438529, -40.83150256170684 -9.972729264763524, -26.370200026364746 -26.024783627249796 M-58.43273332007015 11.667563433347489 C-50.671566840497995 2.203448435109098, -41.80355031816974 -7.378375993556472, -26.074282819429357 -25.845938203562017 M-60.327247407215296 21.086607252197197 C-51.099133618380286 9.470869393464028, -41.37295027398598 0.6367733506167021, -19.86497803458581 -24.617990193933075 M-59.231170223439406 20.57860760154472 C-49.34729786585823 8.669772238292198, -39.85176946252995 -2.129208745007238, -18.91193314436255 -26.024442211867267 M-57.44771888515715 24.394911745095158 C-39.80021042527684 6.602040726216435, -25.303250650318994 -12.929357560973468, -12.570044988809117 -26.519681131990048 M-56.762970581301865 25.68015102591087 C-42.34857631643874 9.181615052778692, -27.01509105888271 -9.127466401267322, -12.406895505279522 -25.894353371869464 M-51.635280875374285 25.356362385957578 C-33.8153258487553 5.34480409365665, -16.530853447449168 -11.222907272768085, -4.913815968946047 -24.087255034873536 M-50.301063973293665 26.563175031776478 C-33.76690888865815 6.345390984735453, -17.24347160685506 -12.506595490774929, -6.741485896462876 -25.420185024999775 M-43.86797413886378 25.82498764128935 C-32.48385918772241 14.206570949445252, -23.555571934037314 -0.1545180351406824, 1.7489686314912314 -26.863889239661056 M-44.54188918935197 26.06473196161921 C-32.273977789927066 13.100925695541822, -21.475925114165328 -0.5978087505625247, 1.4308054177921585 -26.34952510886542 M-38.83100300492119 26.66806071690798 C-21.195611051594728 6.787130728760892, -4.8825455888763685 -9.55658648649664, 8.488921117755835 -26.729830055162708 M-37.18273964739056 25.624421235579398 C-22.760211260466896 8.349999453543218, -7.478998721535743 -9.067465075898738, 7.114495086705282 -25.910594000612086 M-29.86998679430185 25.85725515767334 C-21.59759629459185 14.734282649143601, -11.779097825847323 1.7949615488751638, 12.583586855724825 -24.878445486970616 M-30.633736630437323 26.32957073024718 C-19.987368544755586 13.770133689609324, -10.255998850424813 2.3025360856785966, 14.057512828499277 -25.293198135354558 M-24.215659395140474 25.970700755521055 C-9.663823016126615 7.893115056159118, 4.115204254946801 -6.154770678223619, 19.294212540273655 -24.97356672832293 M-24.381735356323798 26.201644712380983 C-9.040737692861292 9.208937052370322, 4.189478674301931 -7.347349800752315, 21.03483000690823 -25.169086280673085 M-17.8364166100089 26.062410358668885 C-4.917269191023755 11.695584784903426, 4.219545951712969 -1.2445101105798098, 28.200352930578184 -26.021251734350503 M-16.995198284624102 26.310930155846282 C-1.1592418669902993 6.985606467151518, 14.430637747229877 -11.94953660839704, 27.11755491220209 -25.50810313705155 M-11.319162452090037 25.741605903657348 C-1.0871444628887903 14.924185422637024, 11.433749780773292 1.8095918517217524, 33.372254633500106 -25.318520283656564 M-11.546714460397556 25.417099088925504 C0.3637264878666193 13.294838650145135, 11.83797949258209 0.5599308909952698, 33.556128790811634 -24.862870479215275 M-4.26487388305985 25.41665769238778 C4.910996100099741 13.21494744043563, 15.094119691977166 1.6484406645476088, 39.57848912608267 -25.35014292408054 M-4.2705637982457265 26.069348109037858 C11.330246062440782 7.497245656352721, 25.955412117991152 -9.289944102762394, 40.16611021144442 -25.82353277785553 M3.304546431104619 24.704325629033576 C9.799832087942526 14.087920955857223, 19.30602380257927 5.6388078373911386, 46.86151650923088 -26.14393377158235 M1.5935658458627522 25.5903932042608 C15.895143935785425 9.426323344695493, 30.319473576159506 -6.858013163467614, 47.372228892213954 -25.638098971523075 M8.180113165466022 26.174465389573417 C18.363132075907078 14.811395831640743, 28.96063700576662 1.7565518218440863, 54.08560818176306 -25.65814825524736 M9.011035234458106 25.453187613723024 C26.711932256393773 5.190665214937792, 43.48386022208536 -15.095146017779587, 52.713559271441945 -24.654088957577414 M16.778168280237203 24.512143073952625 C28.180436145386466 12.570857691133597, 41.21603055109533 -3.470387709899141, 58.85690147141521 -24.665231794781995 M15.17186503733537 25.802150123557418 C27.25448076047883 12.045920989201347, 39.76071583367614 -2.0968583027284753, 60.068484718811526 -25.64473289829995 M21.962380390636913 26.450921973388095 C31.346559564886366 16.624894164388387, 38.92763051156343 6.3906628207398075, 60.57667808727205 -15.823573436861135 M22.3023244027638 26.341965781670538 C32.16294447549721 13.67379818816893, 43.00835203062252 1.8244719120713948, 59.90011925005539 -17.528704350618252 M28.604211447108394 25.41391915404413 C35.3495219696421 18.368637276961877, 43.18797670578937 8.382913955924248, 60.238110138815884 -11.435761605362652 M28.69673203880996 26.612658961210073 C38.89617363232195 13.67352403707782, 49.37496887880229 1.3560771662661824, 59.421718119958896 -10.743648357893656 M35.58280536290359 26.22667646823384 C42.05596762385657 17.043901877774825, 49.10985158424379 12.282299509739406, 60.7509300636713 -1.3321096324482693 M36.073424106159166 25.48062904448579 C44.70738314412958 14.543661278009964, 55.18277700118631 2.802043244445482, 59.60247102816751 -2.4611427731993816 M41.786050302018026 25.610226556458308 C46.970617541460385 19.36747200729765, 51.81745180247829 14.177400012087215, 59.89523218873743 6.353063377348079 M41.763187760147105 25.245234340273228 C46.024890772388844 21.38831488518067, 49.65556420822862 16.065390707104143, 59.306170911214664 5.90150158830076 M48.698742851881526 26.51812041874416 C51.9358330195982 22.08876520651282, 57.52128375591346 15.305075846661758, 59.18854955164799 12.922215708042284 M48.22161752374946 26.28184551875996 C51.42506885876855 21.718829937420097, 54.737535586545825 18.69753687287343, 59.2368646392999 12.734004238961678 M55.078541611438084 25.28046949428545 C56.96635699701167 23.19352084844256, 58.5185018182987 21.40160257887621, 60.34832159225219 20.563647902232294 M55.25840702722208 25.820741702015184 C56.82888682363753 24.250558054014473, 57.61204783276825 23.10184864914511, 59.97629310184972 20.136233206133713"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-58.222885986181474 -25.234597464170232 C-27.9373888296561 -25.40117575150503, 2.2936015066914477 -25.188865851047535, 59.954188523901536 -24.18617966544712 M-59.054584906302026 -25.301804164098616 C-32.13702255755221 -25.46034351293516, -5.454211345241577 -25.477524782940268, 59.46884954336618 -25.779458239501373 M58.387094549007976 -24.108967945551797 C58.592567599032485 -10.285491066683065, 58.5461691819639 5.660851853158954, 58.16227603023821 26.851426624604905 M58.586599823103874 -25.463831562463145 C59.974414900140765 -9.311057040866073, 58.84186705408228 6.518462100151827, 59.22524407972225 25.198291385521866 M60.07807909022389 25.4091255234337 C33.26594369969108 25.451878952701932, 6.4010215810886955 26.165751315411047, -60.00462557302302 25.453785394700763 M58.7340408676524 25.335512598255796 C16.699426671364915 25.64117950810013, -26.401951508067945 24.596569549787795, -59.55484515634846 24.860740724261056 M-59.10777267567253 25.317675551704248 C-57.56972213386854 4.190442426386887, -59.32878924098623 -14.427312320338222, -59.613419972647414 -25.36458156160033 M-59.22664855586966 25.30478666456336 C-59.753919681242834 8.669982513904317, -58.603528616480034 -8.153161381762148, -58.534646277483354 -25.270433106372245"/></g><g transform="translate(-29.171875, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="58.34375"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>Fly Proxy</p></span></div></foreignObject></g></g><g transform="translate(296.0098571777344, 431.8338050842285)" data-look="handDrawn" data-et="node" data-node="true" data-id="D" id="flowchart-D-5" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-105.50690071684697 -25.46509987380783 C-105.50690071684697 -25.46509987380783, -105.50690071684697 -25.46509987380783, -105.50690071684697 -25.46509987380783 M-105.50690071684697 -25.46509987380783 C-105.50690071684697 -25.46509987380783, -105.50690071684697 -25.46509987380783, -105.50690071684697 -25.46509987380783 M-106.22310710679308 -17.276221312607895 C-104.17321287286474 -19.845154227720165, -102.47304091082125 -21.85464544623982, -98.9531709100944 -24.556693783053706 M-105.4225916369236 -17.890527820177265 C-103.69012373940615 -19.711532318547945, -102.09812110514835 -21.740605162235813, -99.21681286428694 -25.35540374160881 M-104.5472686613412 -10.821222205878977 C-103.29755745034427 -13.511266548128422, -98.36212395251725 -17.257341888995295, -92.98438291040128 -26.444405635314716 M-104.77684199782603 -10.194575978586842 C-100.92903398609944 -16.040427303413924, -96.06516485951703 -20.63262744768984, -91.81849952262714 -26.180861159935457 M-104.24489860818639 -2.4983592774426024 C-99.65923934977407 -10.43965908933095, -92.58329966079017 -19.175306461819176, -84.54182372823628 -25.762142170778457 M-105.570831151328 -3.160927739927849 C-99.85724539651514 -9.688736613030501, -93.95619388854604 -16.122186680009698, -85.72717605152557 -25.66279920605233 M-105.55652257197669 4.804247022787561 C-99.52534950973016 -4.253010169225789, -90.75101360550305 -10.808622697598715, -77.90530994271215 -25.83418381187517 M-105.71936816847085 4.603377690311261 C-97.15581615599702 -4.621254812864262, -88.74026987079819 -13.846347761941033, -78.58114721954534 -25.72450338719515 M-106.21932868427454 11.577795371273883 C-96.33054747461267 1.411224410667602, -84.5573734251655 -12.335501709994578, -71.06651328415096 -25.08508024070014 M-105.38883386604697 12.243706015749474 C-96.83190611735644 1.9745822267352682, -87.11182145807635 -9.534389656225686, -72.64963368358646 -25.638526723805246 M-105.98767697441994 21.019064075516376 C-91.99124302154182 5.306760509454701, -78.9878882215534 -9.618710682242945, -65.30805174458634 -25.868145791623636 M-104.50831068644054 19.74352691783227 C-96.61457636851536 9.849768924817807, -87.94941734575742 0.30418840506939177, -65.51102681149132 -25.95986771394456 M-104.68095441832932 26.451215365538353 C-88.50537993285023 10.087892887754766, -73.77499843675338 -6.999318940710984, -58.95970337872867 -25.968748195963823 M-103.73742993222575 25.800242569198385 C-86.99640458876776 5.4711164539179435, -69.83133361294333 -13.84448466546843, -59.87238883990395 -25.29539194053099 M-95.63357651150996 24.809235381897736 C-80.8993320544841 9.31874878731091, -67.77716426558189 -8.500688725047269, -51.0484241359021 -26.178925522856435 M-96.3277577046722 25.72434268239576 C-84.38221057013291 10.311666231728118, -71.83202204870703 -4.16910001912236, -52.11401156733596 -25.137136815638232 M-91.67710615958971 25.024644836451305 C-78.00364769364319 9.215846670010105, -62.51113945639468 -4.527272784240897, -46.78176741199497 -25.909923284276744 M-90.74334054393512 25.53796092988326 C-81.16456570092201 14.5202172670797, -71.51261032612611 3.533107444832809, -46.604392985973476 -25.159058514805462 M-84.5784401390069 26.770373893730905 C-72.3830501803832 12.267555752535612, -60.84025446570927 -2.3488850193666866, -38.216357352344794 -24.62162783351627 M-84.05875723513266 26.849754465781704 C-67.35060093693315 7.137748417190114, -51.04155072361291 -10.893129822727907, -39.31408561963072 -25.77551679235552 M-77.2393625603926 25.870060168484596 C-64.88002801883682 12.292432487239573, -54.060814367535826 -1.7550693282911958, -32.77238293667252 -24.434626743732583 M-76.43883881121587 26.397163233225516 C-67.06769895247922 14.514594968488128, -56.63817478007094 2.6110809699118804, -33.13237891156549 -25.228074760621123 M-69.43322390972853 24.986345021997415 C-57.76212171650677 11.241372057275031, -44.271267852962026 -4.241209511885313, -26.125290214277243 -26.272828582313462 M-70.94279450460245 25.822518146860574 C-53.25362329891254 6.96500705900241, -37.127847099489806 -12.465573100012135, -25.850604087419562 -25.228755022974486 M-62.329325777330865 25.942519971935127 C-54.94007372464274 12.697182156043459, -44.68128001344976 1.387088389447888, -18.913909572580256 -25.008608472948286 M-64.25217857687134 25.84177272531565 C-49.321621771035645 9.003860394289285, -34.30924964266154 -9.276489056533368, -18.656541616894163 -25.82241053699365 M-58.352351058588674 25.198623895162648 C-46.02784826657253 14.431184047299004, -35.47576882104042 1.6464163403059746, -12.231620041352773 -24.85153608156759 M-57.212451476986544 26.138115952028226 C-40.500344511489644 7.5391485192002845, -24.729149480892712 -11.529454557953457, -12.012281776364222 -25.929954219701777 M-50.64870397151587 26.61901997809637 C-35.95057287861002 8.795990868343008, -21.507224619604198 -7.7390636353484314, -6.374668383399001 -25.16859441469848 M-51.09095886781387 26.37651873716558 C-40.6644085482047 14.747354260295674, -30.770268550526307 2.593186771271095, -5.699420615263049 -25.916334360882168 M-43.86074749217532 24.123959992548546 C-29.362542042664536 7.663888547339858, -12.862063943906337 -9.105898232200767, 1.873124331178749 -24.81562005098178 M-43.93441617896402 24.887554771053775 C-27.498423302616537 6.7185782972271895, -11.562174279421999 -12.059417988362938, 1.2761387469392536 -26.01400395536338 M-37.03459700539238 26.640449036763837 C-26.71069793502202 13.201685739487274, -15.091846957629333 -2.4974479790564272, 7.644279668767688 -26.398149330184168 M-37.9729399732418 26.27663917505989 C-24.04491122294564 10.441236050860931, -12.219056903142054 -4.420644768775782, 7.560381934445365 -25.501075844407005 M-29.950739272477147 25.266564199190682 C-21.192517457276416 16.183933131985707, -13.041639374694572 6.107786180866683, 13.451097573874826 -26.39286826376495 M-31.621651880618412 26.345067260588646 C-19.885386574286073 12.48780288064815, -7.395371049318382 -0.848430580696313, 13.099777685670954 -24.609399651872835 M-22.972541602101824 25.04417645414588 C-8.967883914726977 6.634129121823267, 7.7404719755184965 -12.518194405031858, 21.197037624716682 -25.877063437846605 M-24.017578718785483 25.32651308015656 C-12.918438979570025 12.45240384346441, -1.4768581682748787 0.24940945245235596, 20.930552085980384 -25.63136986342501 M-18.276683300787255 24.904433491395956 C-3.976514520424365 11.500521159809193, 6.54313730645171 -2.696638522197887, 25.9564662321791 -24.939688221102145 M-17.913072621742398 26.4100723847299 C-0.1531904587824416 5.500785136943623, 18.14637992477784 -14.105516886765075, 27.34940395272378 -26.054127746382672 M-12.300071738285737 27.109141559261616 C2.5373536492829056 10.549494336620388, 17.719220340348127 -6.962135926681434, 32.06592570664254 -25.21963201955922 M-11.41023820972641 26.51154974628233 C5.133103203950937 7.525970237952024, 21.15251370592366 -10.399532533661887, 33.21208750121484 -25.70179656756772 M-4.464022834395355 24.223276697454597 C11.339872742479319 7.576927403837225, 29.501537363502734 -11.39796903595369, 41.729076669340124 -24.705749635948656 M-3.8179585272569114 24.979246833978483 C6.273142533150724 14.69201574463931, 15.61939052160156 2.2815155833319363, 40.96029052973786 -26.252543361516327 M2.3586344697598793 26.09408185660581 C17.25710560512647 8.950126576913188, 31.61212195594924 -4.986617387017433, 45.984034095841345 -25.217782906606534 M2.8549010867242086 25.239514547143898 C19.375915111614233 5.842370094872593, 37.42214787326802 -14.344042679658065, 46.46257658165093 -25.269600326075093 M8.251944027923807 26.207832174350678 C24.327894766553552 7.523513231579264, 41.6794174626836 -12.144274197547228, 53.30652665456605 -25.11390288556602 M8.449074041544725 25.82538880476788 C23.740010618453937 9.546580507136262, 37.73802456111541 -8.320681471519803, 53.22796750248629 -25.199963836767502 M14.55460230678513 25.087050376853245 C29.904192450019263 8.302562960964515, 46.15566043649902 -8.61774486013658, 59.35939908816126 -24.818080720790523 M15.79769184593187 26.181897273448538 C25.723973201302325 13.510980601792143, 37.08461003779519 1.2688959019603379, 60.49358315145033 -26.38601879465747 M21.85929609615873 25.79699190103592 C32.692201061701006 14.52924969431926, 42.70299493303986 2.3372922707302015, 66.03153677095403 -24.137338118251108 M22.40141603786423 26.402942717430623 C39.16570799802171 6.017114089258704, 56.262175139990774 -14.228386817596322, 67.04339540522832 -25.572731423323994 M27.46100952093996 27.42628110816957 C39.94656511945208 11.417298823468611, 52.04764414763811 -0.5906845154717493, 74.1959229705974 -23.896411907610442 M29.189008941264866 26.23197925911079 C41.049886724471364 11.198630786031773, 54.99945945422119 -5.019080522378136, 72.46646223307815 -25.23289110199445 M36.833981899831024 24.357028200013307 C49.11462091315579 8.971485759057689, 62.923191948875825 -4.59964611216437, 80.58292269112447 -25.340980487585938 M36.25642309336214 25.89410293622993 C49.4716714242435 9.575448380562356, 64.04525624723394 -6.7540159059013956, 80.21433372943169 -25.062639413143316 M40.897894213073 26.2116595537229 C56.39800906354556 7.483816813316411, 72.48418774581616 -10.865589233333617, 87.29157124462799 -24.13323870666846 M41.87496570108302 25.33647139861434 C59.05801155392993 6.523248754374122, 75.18526946571401 -12.768482833487457, 86.92809160642803 -24.960768359148652 M48.173571088240934 26.556951660594255 C64.85038513282326 7.125226567061617, 81.87512658546096 -11.614599850931256, 91.68255706435275 -26.147333872243678 M48.072087840920666 26.376540980644673 C60.07036043533843 12.4736254481025, 71.76959019719318 -1.0047251602221274, 93.35348739445443 -25.765465919739253 M55.07690879057 24.524418608823627 C64.57307636589132 14.813591882376631, 74.91355012575129 4.242230762380297, 100.49275335493589 -25.30287583871321 M55.55841122508824 24.99438876461784 C64.48125069362099 14.223328366023146, 74.47626875821001 3.1451400979004305, 100.32952970354506 -25.241272986412728 M62.224884731061614 27.25100838231998 C71.98163371767193 13.621585825351145, 81.04535127841407 1.6480257408003598, 104.39392429877496 -23.311235715428545 M61.67679377680968 26.5482732249321 C77.05950621653432 7.879231479140328, 90.97747666619104 -9.209762196575214, 105.40551864412747 -24.47561735880322 M68.18806284529231 25.763047882181468 C82.08844262632154 10.40466555002899, 96.33996644265058 -3.8903164676076667, 107.34766416558229 -17.084838896701996 M67.94475300868255 25.792134421450868 C75.76934370139689 17.02115807209345, 84.41634359142739 7.626199409335472, 106.47775195444514 -18.122001437716275 M74.55093845359612 24.489613153117045 C82.02647989519178 15.999025269474405, 89.24923718101917 7.197251289131551, 104.73722356277955 -8.74289849511317 M75.22512301931171 26.201209258271128 C87.17381619969544 11.826361004475427, 97.84583801329231 -0.23095026777759498, 105.7123543991851 -9.940689812733655 M82.0804588044296 25.953051844322815 C89.97656275234424 17.833641446537456, 94.80463950268708 10.165952076184107, 105.64462123844116 -2.5566811963802545 M82.07617391459641 25.2635991399128 C88.50975779259714 17.145219810442196, 95.75234406101156 9.827569951039063, 105.588477734162 -2.5980615226581434 M86.92912207101645 24.945741763001863 C93.52189895576893 19.069083785751474, 101.13554779319055 12.065954907653653, 105.00313461793519 4.465580514289673 M88.18389919000926 25.89766565064217 C92.43567076203502 20.657888165260328, 96.80861205415454 15.861799831084895, 106.24295480906905 5.364428781434054 M94.76900097178599 24.593803385373416 C100.4278239653496 19.742002096657995, 103.05926866693848 15.455814904084546, 105.1367716316827 12.69560894381571 M95.37071252964498 26.05843926426298 C97.93973038600546 21.953402583677036, 101.83053083372126 18.720022489981847, 105.78869864808595 12.781739782447895 M101.13196514330346 26.14978790871777 C103.17424080040503 24.10494700008359, 105.22145322821412 21.978270592664074, 106.08725308042177 20.84460930367748 M101.69532183173992 25.776258912201722 C102.87287058890428 24.589879542178185, 104.23467149696764 22.98852527609331, 106.10307197441067 20.729470932948345"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-105.8085711039826 -25.4278973808425 C-27.686658441483956 -23.839465624721537, 49.098449009541625 -23.503651914357224, 106.51862512362149 -24.856526792101132 M-104.99327091045008 -25.615745013812298 C-50.98012724445291 -24.77001556961194, 1.9161130201854748 -24.583189942375803, 105.35512651867423 -24.984799214469348 M105.48289666038698 -25.027684627133496 C106.61218954085511 -15.13542736281149, 104.5971700354685 -3.8049442215933733, 105.2154386413239 25.035174170974745 M105.61292451495608 -25.899116540788018 C104.87737862854345 -11.295803785030452, 105.03070831495042 2.9255890126208985, 105.87183875034691 25.695912346967607 M104.81360288440284 25.729763489027945 C37.531060887135204 26.40158183875849, -31.514458832078816 25.931521386528026, -106.12861559325474 26.10429193758675 M104.98402299678426 25.273068403915005 C41.6809028596232 25.339992223305654, -21.72295746105093 25.29367111711217, -105.09247848281498 24.917751205621006 M-105.59652280312321 26.738723532627 C-105.58138747315492 8.047458942191044, -106.0729046724527 -10.554340512142916, -104.77903332437512 -25.294490569827477 M-104.86568326477034 25.971630179832992 C-105.14483832177065 10.876402572774786, -104.62071276763453 -3.4617554277366924, -105.60379307588715 -25.639021316734983"/></g><g transform="translate(-75.4765625, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="150.953125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>User App: llm-user-1234</p></span></div></foreignObject></g></g><g transform="translate(194.72909927368164, 557.0693016052246)" data-look="handDrawn" data-et="node" data-node="true" data-id="E" id="flowchart-E-7" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-61.66857477083583 -25.782401327990897 C-61.66857477083583 -25.782401327990897, -61.66857477083583 -25.782401327990897, -61.66857477083583 -25.782401327990897 M-61.66857477083583 -25.782401327990897 C-61.66857477083583 -25.782401327990897, -61.66857477083583 -25.782401327990897, -61.66857477083583 -25.782401327990897 M-61.20056275048709 -17.41843434729606 C-60.67607356633385 -19.245963711077312, -59.51206100062289 -20.79147890399496, -55.68158590649475 -25.84549855604956 M-61.71869811907271 -17.992343705509423 C-59.53479759495304 -20.8318909458054, -57.01095657127801 -23.69590134267348, -55.52895079120564 -25.706334610023788 M-61.30444169911496 -11.160831164922191 C-59.36868187990029 -13.148990168787028, -57.12368024344378 -15.926115972131056, -50.05164955619438 -25.274717753098123 M-62.68647297016896 -9.847381094054231 C-57.360160670449616 -15.533890266670873, -52.69185627566006 -19.54922642129919, -48.42657863946495 -25.106736930171223 M-62.88794156571968 -2.6373184338155804 C-56.801310341482136 -8.763498176080471, -52.038476581671695 -14.177179605878695, -40.50044923303245 -25.774042946692393 M-61.48157342123053 -2.0381550909946573 C-55.643479166072005 -9.462891863876038, -49.35418476196369 -18.209626695851814, -41.3294201822582 -26.357484942676955 M-62.664725060768575 4.473725845418043 C-49.88708615060074 -7.696393899808342, -41.65018808897741 -18.07496980111079, -34.51285575148923 -25.447661635959363 M-61.211784762239404 5.219135674090303 C-56.706958234502835 -1.877407146665718, -50.430879636760196 -8.363854425851281, -35.265241839675475 -26.00494279449454 M-62.58076268563596 12.368621467482225 C-52.31355327930389 1.000128488817294, -40.67428715534662 -9.412814674211166, -28.871894040739384 -24.93277562860976 M-61.37579704875258 12.1669271894915 C-49.31553384517221 -1.882856080544316, -36.63057597986723 -16.972146336835287, -29.14806046220903 -24.779291107534196 M-62.630479335385225 19.85095567237593 C-52.945361798451124 9.939293449842369, -43.20928085221996 -0.879543987917958, -21.810473251426682 -24.863508603022172 M-61.5094373352148 21.008012546942613 C-53.6103654361807 10.964629316777529, -44.83776243500613 0.4781380824603565, -21.469314055095047 -26.174216210172947 M-60.163702142936124 25.11579592979432 C-52.134924838073665 15.97709707578027, -41.13516760193722 4.167623682902138, -15.930874549797288 -25.50005415080976 M-59.66914459679608 26.211554358844023 C-49.62204444876393 13.714296408091826, -40.011334758843596 1.6141372800943992, -15.967794681994864 -25.774536241099376 M-53.67441678703311 26.90806731072836 C-41.57725779765169 12.179102405231703, -30.741893395503382 0.28842825173982645, -7.775823646587516 -24.654003978820256 M-54.291612792725026 26.62181617974654 C-37.73424192320795 7.647370028372094, -20.92133967682388 -11.433186526031454, -8.628697873381212 -25.345312394616776 M-47.99638699313375 26.40025883508214 C-31.16308643308819 6.380314477468318, -13.921981160142337 -13.32271400187774, -2.6042738577118802 -24.812380061715466 M-46.81308673248255 26.279979309688173 C-29.86262966610425 6.127839488924324, -12.549811971657789 -14.19018899687305, -2.300677583545012 -25.26690907800737 M-41.122621977222984 26.62457198340017 C-24.26476695451661 6.714671446635861, -5.833104676459761 -13.00635795232287, 4.8455873530634435 -26.579705438578227 M-39.65724238174185 25.589747103055743 C-25.560176980278456 9.482061027783768, -12.403376118018484 -7.030651359590672, 4.442667376819794 -25.673890336854935 M-33.295134094499964 26.70467710952769 C-16.937537823511935 6.995248592368329, 2.544430672751591 -13.264802209742715, 10.991598467762202 -25.272816753262983 M-34.28477612059546 25.78284708117697 C-22.813489908263435 11.937854935297612, -10.25817948554671 -1.2358040472447254, 11.320042515768716 -24.964495645790095 M-27.713919005461886 24.58649778872948 C-14.004184905414663 12.718656369463423, -3.798004931231259 -2.2503634393958833, 17.572303357827867 -25.349420857272754 M-26.82811570893899 26.18762274859437 C-17.10398574907329 13.822327155669214, -6.411368441831636 2.6417787051029573, 18.296345942672875 -26.000666023934166 M-21.35353131688303 25.987506075751856 C-3.2165555704032545 5.783935329687061, 15.062401185252813 -14.649164195776919, 24.961687475323682 -24.411195435390855 M-19.877602932045846 26.56322996747615 C-9.044509665077758 12.857454359800121, 2.7607414083606607 -0.9549398987332075, 23.682308160994772 -26.0450280653839 M-13.742981806052486 25.599695619323434 C-5.374363266381977 14.631340177000265, 2.8063305832819156 5.27623946839232, 29.7251574755864 -25.94069637178878 M-13.429828940389612 25.569817470617984 C-3.534571008290944 14.358138794066182, 5.930509954742233 2.082999420708522, 30.635021402967947 -24.923825955587454 M-7.611561208877304 24.321366298911997 C6.167577945185304 12.544520659032038, 17.447614032797144 -3.0420797626130494, 38.06969690086149 -24.402471852183652 M-7.6132475876783445 26.19164535456221 C4.0938975259519745 13.270511464012168, 15.405642834609305 -0.13942980886346945, 37.21824057071818 -26.033954976198554 M-1.667535304291606 25.556417746068117 C13.589846845157062 7.770680781540258, 29.942660330124628 -7.589373297731365, 44.110193609431974 -24.757778218570692 M-1.2205946871774886 25.505103369590067 C11.340360150824916 13.070004145398864, 23.313392000993474 -1.1253691853801602, 43.61071601114716 -25.15466193001932 M7.1309250291293145 27.07892428844442 C18.939308147016177 11.71948265376315, 31.40115698133653 -0.514393458136591, 50.66194618254787 -26.157623493721637 M5.330891577661759 26.652333127012934 C16.298027629824478 13.134971560893975, 27.827264249332693 1.6647195688517658, 51.06039707011709 -25.204574148314318 M14.07390914692738 25.047738994667803 C30.31574707901896 5.4349888328766776, 47.21994507619387 -13.712563043091265, 56.30352009325849 -25.857921272478286 M13.142319210921412 25.244377230703904 C25.35403696639587 11.948039823438124, 38.21303800966979 -3.38025709273746, 57.593763967953045 -25.31093976145267 M19.20020883118133 25.66214763658366 C29.759542668800215 11.228029985926774, 43.45169181674005 -0.2925249042410145, 62.133688213122106 -22.955192663954456 M19.14543513154757 25.29404241858162 C29.585650598699097 13.823424255555246, 40.38355504422689 1.1204459859096032, 61.92115816275099 -24.174896688862358 M27.109844739284593 25.974826487538696 C35.46902231890135 15.52381564503696, 44.236630652136505 3.5105183830416755, 62.142022297785324 -14.891001081722452 M26.924712256791686 25.28180101133055 C35.22856596674512 15.829267424875953, 43.6842664379446 5.891385389090679, 62.01508518586988 -15.68828599086542 M33.01137711118789 27.10999576168392 C41.313983981083126 15.312605268700484, 51.924529086244554 3.902600741363319, 61.92396237074594 -9.183819954296263 M32.64280160296806 26.093298372111793 C42.30792458480681 14.522998926933072, 51.85833054695024 3.0988925333400537, 62.4997508520647 -7.761397458315166 M38.87435355337848 24.62832955949594 C46.41693673655174 16.3290236194656, 55.860985425743074 7.584585185716309, 60.68037166262698 -1.1512410701046365 M39.19568399400678 25.508831493034695 C45.34656509399716 17.713310348182567, 52.38038743559196 10.621796629652122, 61.641693154416835 -0.47272439627967555 M45.76598132666208 25.134170112481982 C48.08642545698515 20.40647061861582, 53.97406623384927 18.094667399662573, 61.17679794623456 5.310995672700891 M45.76101696370861 26.166353483126414 C51.419314854709434 19.871885945559278, 57.19752606301713 14.051605258671543, 62.718927183506615 6.452176486436594 M52.97404828244274 25.58565833732637 C55.112960039684864 21.971307855624858, 58.403714920243424 19.438980719333227, 62.149649145616486 14.912544875649374 M52.62060196567054 25.82939923342377 C55.589982101132854 22.449684289916345, 58.98476624674959 18.116376430837143, 62.165794179725886 14.014253111964358 M59.22712396916435 25.8687105885986 C60.413519179690574 24.499255324101405, 60.950406382631684 23.248926975892996, 61.97970738303544 22.444313572867163 M59.019763414185284 25.910763432333308 C59.984610820081045 24.7036322589283, 61.17603352212686 23.53618435498667, 62.36002196847129 22.29319967729488"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-63.2831750397149 -26.626625787834104 C-32.56001156144868 -26.15401361824204, -4.859073302668331 -25.23793923194074, 61.4596358339506 -25.260209354430053 M-62.386549767870555 -25.711686320303365 C-36.322135962321475 -26.778203179178025, -10.155163805835128 -25.96307316163252, 61.82761160830349 -25.38260457528469 M61.513152766534844 -26.283087708418684 C63.01466867173682 -9.175942063547739, 61.71639672559529 7.446234580015158, 62.631227109384525 24.88032285849908 M61.785718401489085 -25.870927739745145 C61.08015051500571 -13.853330432538487, 61.132861370190554 -1.494709352114906, 61.61848792656288 26.05580799742838 M60.91038685938794 26.73091688656805 C13.54664937518381 24.721719964180547, -35.93604892563336 23.997886705890448, -61.66863646090178 25.954023788651046 M62.36355806922853 25.198752499050663 C36.126290541995864 26.146095001113657, 9.690002916644746 25.334764257545707, -62.28850393821227 25.857477791273794 M-61.57796063867234 24.939112103764614 C-60.439517988838006 5.107676575844042, -62.472072364680436 -15.551340682376015, -61.97861494438843 -25.216073638528776 M-62.32579958210492 25.744212333975614 C-62.50055026138179 6.842732799469434, -62.43134542398816 -12.973432063489815, -61.35718546879558 -25.19753475188695"/></g><g transform="translate(-31.9140625, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="63.828125"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>public:443</p></span></div></foreignObject></g></g><g transform="translate(452.4498596191406, 35.212623596191406)" data-look="handDrawn" data-et="node" data-node="true" data-id="F" id="flowchart-F-8" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-99.7054396239885 -25.722018659224375 C-99.7054396239885 -25.722018659224375, -99.7054396239885 -25.722018659224375, -99.7054396239885 -25.722018659224375 M-99.7054396239885 -25.722018659224375 C-99.7054396239885 -25.722018659224375, -99.7054396239885 -25.722018659224375, -99.7054396239885 -25.722018659224375 M-100.0696717388507 -17.957276291602483 C-96.86633765404453 -20.298140177955727, -95.47663603194363 -23.937956959961948, -93.5723190330961 -25.208357141589552 M-100.17221792086985 -17.722653364317196 C-98.59189110530866 -19.6836316799638, -96.77949446759267 -21.84671372147098, -93.2679792166694 -25.57136377404059 M-100.05469050888273 -10.366909180919777 C-95.82685461298573 -14.766571120610333, -92.40594925975905 -19.163015328017114, -87.46174947450754 -25.701007424584077 M-100.24096007505258 -9.872191799244378 C-96.24633760487826 -14.465010189455054, -92.94842117540765 -17.913112440421976, -86.55380628176529 -25.467072696867124 M-100.4992278483424 -1.665079793012842 C-94.41725434040308 -9.80061630224433, -90.02331244708569 -16.601650803778718, -79.07440992293193 -24.63548639729142 M-100.86348734760092 -2.121547907806123 C-93.34301333205097 -9.780835745030354, -86.73328504289161 -18.61253161107714, -80.04423978526985 -26.17757524629831 M-100.04882888460666 4.680807314587935 C-88.3212658916603 -7.6508046080197465, -78.43173493377824 -19.647155854716104, -73.27623691182029 -24.45872144180621 M-99.48749849620731 5.127951537192312 C-92.61312486250056 -3.289870623907188, -85.47006499287293 -12.16036330491087, -72.80735538218809 -25.08218129065216 M-100.1570873197127 13.915066806974574 C-90.87300263598874 3.728186354958958, -81.93863088965142 -7.828277121991776, -66.94457354717906 -25.178984395729522 M-99.43720009918977 12.934574296624234 C-91.87500478521864 2.1338775719110235, -82.31430371282251 -7.657635780478246, -66.80543957546467 -24.810350716572223 M-99.03480556805363 19.911521010872583 C-88.61110712364957 4.705171750307574, -73.44708119111999 -9.921699565968167, -60.5661107239147 -24.49200770085643 M-100.18391105228389 19.700390345129552 C-84.76377920447322 2.8558172494954945, -69.53241406827081 -14.275853346179101, -60.48597334513264 -25.31935601150397 M-97.94338722182987 24.590009001059126 C-81.16158739748559 8.195386921058628, -67.32323737257641 -9.507547847341833, -52.871856554239464 -25.650584390174497 M-97.93352562570858 25.575059950344997 C-87.07945452482777 12.94610297409405, -75.5285937985184 -0.007084994048943152, -53.704061109925796 -26.02568591233176 M-91.12954065053964 26.717527738658777 C-75.92978191952861 8.941518557976467, -62.3799558735032 -6.498901004805808, -47.65146603663586 -23.782113142412065 M-91.90159903769234 25.870582277884225 C-82.04192072676207 14.722891503996815, -72.15950265301123 3.716526665932613, -47.32105941289273 -25.506194836791977 M-86.16242169537125 25.223724055711614 C-71.64518862944276 13.27213925231624, -59.75318363426703 -1.060536053244324, -39.74707872215685 -24.54293040262647 M-84.74842482667627 25.8621990284782 C-72.79712090633765 11.246880622086643, -60.63459004523417 -1.6266526216841368, -40.25600411956269 -25.764197407566872 M-77.53902525458818 26.846481692714175 C-67.55543548927733 11.306619715265317, -55.37861875513134 -0.3974083352564767, -33.184082665740036 -26.12997056818345 M-78.85361210700763 25.663908254535222 C-62.15424669984754 6.854938412130399, -45.44456914849 -10.609472127901235, -34.451788143867105 -25.406457697282235 M-71.91294250093492 25.847213959814937 C-61.146769518446284 14.117983940448545, -50.92727076859737 2.8171300843092464, -26.846872950408365 -27.058283949907413 M-72.4146914840846 25.601089575145966 C-58.84925591635699 11.22692757694114, -45.325397043055396 -4.262529004960658, -26.199573404653187 -25.33446516380796 M-64.75349768911919 25.682612849831848 C-49.89151081157806 8.434441537108668, -36.37434198247617 -6.0740924053241185, -20.1356749806712 -26.755503592089795 M-65.5638259513814 25.584377637043666 C-49.96937082245819 7.7151666063092215, -34.61250323669123 -9.21646830276238, -20.851685782626856 -25.62530185333422 M-58.03006940490359 25.03992239765688 C-44.30524661166246 12.182606871632235, -33.68589807386842 -3.702821845644153, -15.275982293615048 -25.380776641135306 M-59.07288992855953 25.42936503458072 C-47.985336636434404 14.296095637712478, -36.59202077425803 1.5645453158373517, -14.020254479737257 -25.609752457338637 M-50.430864206186165 24.184151707074868 C-38.10164487125074 11.88456298561131, -26.25721204527367 -2.010488107814248, -6.190936091124658 -25.5334910070515 M-51.72168939547753 25.473547872708668 C-39.73497743906027 11.362450776353338, -27.07288496857147 -2.1749607151424675, -7.068658703158713 -25.89003816553283 M-45.989308359509366 25.525792841299825 C-33.52986112104349 14.821006074874445, -23.97552627683141 1.3082518312167146, 0.5802703647422305 -25.17038018603052 M-44.37607787293834 25.061059816654996 C-26.82221662059222 4.731755025736398, -8.897231799141972 -14.78449947740292, -0.20762518042596756 -25.351107368180916 M-38.782032569051374 26.01341966255574 C-24.997624167735083 10.06709491789425, -9.965510474534309 -6.319355105666381, 5.76079547297117 -25.103832942958263 M-38.49626476566807 25.3569974258703 C-27.129974152409712 12.791538554751629, -16.023367466157744 -0.1967982578655597, 6.286720023428628 -25.56814803638551 M-30.752811364845435 26.44898776897766 C-14.94002296782408 9.031361978597984, -0.8038232258849975 -11.204485324643704, 12.434351945505474 -26.43971286001244 M-31.8116342699666 25.66689361975076 C-15.66007316048889 7.162751915678823, 0.6368139626115731 -12.604867597412927, 12.865317883429729 -25.66699394910305 M-26.097727358736417 26.982277410452483 C-16.52427702014748 13.63046054995952, -6.099560790797181 4.429700559898671, 18.918599701438975 -25.867661974709616 M-25.553479152572965 26.067150067544578 C-7.814316458126406 5.061233426068351, 10.3129206525165 -15.376122788029704, 19.281643902530682 -26.06004396108484 M-18.584026373408797 25.69660325989663 C-8.65301602340916 13.359193429907439, 4.3308755165605595 -0.8007694465535338, 24.6187476034461 -25.851892448325806 M-18.215531337947528 26.520373844756474 C-5.020865592706422 11.586236278435114, 7.605228901570519 -4.326430037770313, 25.32073606911073 -25.007835212385487 M-11.897850332914894 24.63199539662377 C0.20374826820641082 12.453957100286544, 11.447934335788792 -3.858869499130353, 32.83999513591193 -26.972115771701954 M-12.092596958486839 25.31118173591671 C0.9372470181921205 10.560502367066379, 13.818809935402518 -3.605745602044862, 32.635223845085086 -25.170160630429514 M-5.520018299320558 25.12496117865681 C10.36116374565657 7.858296920005851, 24.636024192167362 -10.609018591302197, 38.04000303681348 -24.886681203124596 M-5.793269483238376 26.42745245993481 C7.3868894488282635 11.777644346594098, 20.151936911024837 -3.3834159467539062, 39.45557171330504 -25.09606764157206 M1.4555779571691219 27.366960768176654 C15.378305642379146 10.298030904813517, 28.77955637265127 -5.605485022158595, 46.8101296324651 -24.826975187731534 M1.3877763891127728 26.55463206155276 C17.628773737552038 6.792388437155359, 33.022112828914004 -11.500466965749263, 44.938927140422884 -25.561445621330865 M7.6411068200854135 26.7049914432083 C23.181727351778978 8.91027534366324, 39.68234123700264 -10.273899672269328, 52.64813900799635 -27.045337215512955 M8.13010412714186 26.165599871979442 C20.52171257655426 11.014805306771986, 33.163826620983535 -2.8565414442299786, 52.82273499508556 -26.301806354803983 M15.136192637568321 24.701348111238364 C25.44539517456775 11.756792549602643, 36.51233093538738 -0.09326332353692457, 59.445070184200986 -24.84967897967345 M14.258699819438688 25.642443850634702 C24.958978262397153 13.894992798195062, 36.252520193243384 1.327194218319507, 58.898269750902216 -25.537817570776703 M21.655855752578287 26.203718816291556 C30.25349580191937 15.048998823777044, 40.87801881679827 5.347180286634948, 64.1236942989619 -25.155089416661784 M20.914784998369672 25.448294134319564 C30.24433613184258 15.571980341401494, 39.37839604856593 4.602227371783067, 65.32682980966776 -25.538972498133983 M27.883382564293456 25.243953689194456 C42.9193265849157 9.746567066228033, 57.539033760405566 -7.924124476053078, 73.75063085828387 -27.055201861036352 M27.461624154314844 26.162923928807324 C39.69060254850112 11.33536335940851, 52.25708888873107 -2.832724620016041, 72.98702248420722 -25.61681352921698 M33.10080362783002 25.066104875933586 C45.72867333593602 11.668218662646598, 59.13375701672742 -2.6397393141603898, 78.38780410802649 -24.681467836288316 M33.84828434778053 25.705599312719492 C48.55361738685766 9.560489930772059, 62.67104444653445 -6.6035183912551965, 79.54140219912063 -25.906905188504552 M41.04765979843485 25.773612744915088 C51.788799273459674 12.871455613874081, 62.90043085704171 3.319734788212135, 86.65846750891473 -25.833137351459506 M41.159325726016334 25.639991001948268 C55.72236142384086 8.501408127524254, 69.968356916907 -8.484247983766185, 85.71080515153666 -24.610327697828954 M47.22646272681913 26.215834093577268 C59.14631142126331 13.770566634685053, 72.41417926673954 -2.1977100035932184, 93.37754700756498 -24.529360352167295 M48.0220325008547 25.74303476463257 C58.164010926993576 13.882774416782533, 69.0225871787519 1.4384928791981562, 91.71862304761302 -26.00205893745966 M54.392625758007405 25.487494340653527 C67.89515443131715 11.05347690023822, 80.67979499420426 -6.074251955011084, 99.20521442046721 -26.688714486216664 M54.37468837810655 25.319192410640238 C69.75184825873639 8.111307445736484, 85.06714144569928 -10.090344682371486, 99.31328033850113 -25.031654210151185 M59.20315686969677 26.34166206909957 C67.22230361208624 15.93760115402754, 75.85916371696372 6.032620708731384, 100.85487276106983 -17.808664985601833 M61.097333938271326 26.242848782099934 C70.39886142427372 14.525361381699309, 80.80102739811639 3.5314028416865098, 100.45903457503813 -19.416442080777255 M68.15793087206242 26.277846480988348 C77.74446192680304 14.233790982590532, 84.83591663054317 3.710428983578157, 99.04364372442993 -12.006342085681775 M67.88680067288533 26.09808886250092 C79.0551472448781 12.97596624729463, 89.38415848933296 0.2626645960880083, 99.7633367454946 -11.829737848886516 M74.61134408061791 25.485442031634598 C82.02449360408016 18.125189932305823, 89.00510218934329 8.929366048030932, 101.58375523739325 -5.12779614273773 M74.60422663619751 26.32883826837806 C79.95717794896154 19.322890791732526, 85.96939008583537 11.604231182852999, 99.60807132515582 -4.39450469259278 M79.07721129189571 26.618582910878466 C84.90487528416672 20.594107790803637, 90.52333851667115 14.100904596937838, 101.38715745591017 2.5928760497773093 M80.66992600192252 26.859813036719636 C86.88930319120662 19.30105923758618, 91.84616568319932 13.0302146123839, 100.5362576651542 3.7020224478559385 M88.75688272028756 26.21097122739597 C91.66531524441565 20.790514009582463, 94.9161336951324 16.541434486156618, 100.51202150299737 12.497444858140653 M87.36386326225363 26.32318887897314 C91.54291329888294 21.76151068358304, 95.13998701792734 16.413266616545805, 100.45398629113818 11.661782900713353 M93.93188133720302 26.031278585114208 C95.76585091393466 23.633264709964877, 97.3726681475139 21.84744791174263, 100.17045571180854 18.861354323601798 M93.62651954997192 25.73152886670964 C95.95714927564642 23.891826438267152, 97.69459006043942 21.50789871206081, 99.55928499390507 19.204798647428813"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-99.73585274463653 -25.167456128096816 C-38.62626435753845 -27.147418297106945, 22.579464644448038 -24.84946851733073, 98.86599768240757 -26.376579181672835 M-99.88246396293857 -24.908512806943413 C-37.39929565460561 -25.457568602177034, 25.0794477440908 -24.29048281959048, 99.69745911822766 -25.89285852938795 M98.99495352533523 -24.590682770981488 C98.88622508221405 -12.632936175300376, 99.72001454499056 1.7111124295794533, 99.19884874472832 25.48099454166311 M99.43857291377557 -25.173592516560216 C99.8911449385393 -12.461600660413065, 99.23690857946484 -0.7801498730078371, 99.23181645985147 25.20173472379863 M99.541556234582 26.284005088544546 C23.88635196553313 27.140116882014176, -51.84360903500087 26.160558163661296, -100.03265255776573 26.73579258070398 M99.90793792782208 25.318962396178275 C29.886977663422794 25.01399603463995, -40.715595738347176 25.085313425302353, -100.08441711691032 25.10502151908309 M-99.0758938531849 24.287682600787505 C-100.57804260719513 12.094103096576637, -98.55251922247469 -1.7315061939422773, -99.6575060100835 -24.38589100607601 M-99.26768441907527 25.472499704575753 C-99.6589454901113 12.166410264708032, -100.02218313135941 -2.442114403894193, -99.41257059134058 -25.698543465352234"/></g><g transform="translate(-69.8984375, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="139.796875"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>Private HTTP Request</p></span></div></foreignObject></g></g><g transform="translate(452.4498596191406, 171.30419540405273)" data-look="handDrawn" data-et="node" data-node="true" data-id="G" id="flowchart-G-9" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-129.92250048120195 -36.08915299800012 C-129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012 M-129.92250048120195 -36.08915299800012 C-129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012, -129.92250048120195 -36.08915299800012 M-130.33012439338097 -28.50899733705978 C-128.43976315536517 -31.58587622246875, -125.85255517831159 -33.65355824830286, -122.94265664252032 -35.81929777091846 M-130.31462239949272 -28.08888172865757 C-127.47765779632628 -30.78649301159364, -125.16217436469168 -33.41209168011462, -123.30987669570038 -36.00083804759399 M-129.0281213432305 -20.607970959459664 C-126.21192827946844 -23.98522379217836, -123.3093030009392 -30.171049391913574, -117.52859775306746 -37.00538409358522 M-130.4338390102369 -20.129205459683295 C-127.33330566842804 -24.56708677996773, -124.10516688306949 -28.228000437672232, -116.32972549751356 -36.37337322863563 M-129.99141737631345 -12.167988357059153 C-122.62970791248759 -21.507276454272343, -114.55404271493975 -32.17814511330597, -110.59235836055504 -35.60056475259473 M-129.37444165553825 -12.88152976356039 C-124.83016753992713 -20.399302795468447, -119.42883327205558 -25.919131453350936, -109.98974485904382 -36.442393536859676 M-129.32444679324615 -5.386074407916045 C-123.35927307303085 -14.75727301350781, -113.93136509332851 -23.676445811180503, -104.95876015335483 -36.89464371252574 M-129.49274588755299 -5.74481992495447 C-120.1150805527657 -16.75929893685579, -110.96990865210381 -28.333634367264203, -103.92118130351979 -35.311373191574596 M-130.98482864285987 1.96066187818816 C-121.5346413328879 -7.724102731040723, -112.71017968543048 -18.79563013806996, -96.69139354661907 -35.48010903744757 M-129.56714368822028 2.265050230641295 C-123.50943017529873 -6.5391350215951425, -114.85812223046516 -14.300061711118884, -95.94071830006256 -36.68043625787449 M-130.47227554177678 9.254299657979676 C-122.37437756871768 -0.9084827976673266, -114.8080976752783 -10.066539515616155, -91.58753160049038 -35.0740887530142 M-130.12479206276276 9.413218795213597 C-117.57677582491776 -4.578726660846177, -104.22409366737536 -18.928894029144498, -90.06196502044791 -35.47261725659244 M-129.0267270643729 18.018168171046092 C-118.84778982099277 5.858168717440619, -109.92237516011576 -7.804680494254416, -83.69516383769003 -36.099898396727404 M-130.32987516953773 16.668108062810344 C-119.51949086054047 5.867301733394344, -108.3616306769493 -6.033132319556849, -83.54491964097521 -35.092299752029106 M-128.73912626156198 26.177377245037647 C-114.94201981304437 8.305304918638715, -102.16708019125032 -5.942252682225202, -76.43917493164898 -37.30608824059524 M-130.1546790438355 24.99093334076567 C-109.60835450942798 1.27705480878347, -89.06596299781654 -21.92028881909543, -76.35886019898841 -35.76343395682442 M-129.8885636508028 32.75052316675784 C-107.5011207812605 7.2370148329014246, -87.51186377086867 -14.924931647398758, -71.6922439745471 -34.805125842837384 M-129.4469385833524 32.510150470815084 C-106.08999138949166 5.811966550414179, -82.8395079882031 -21.826652863143426, -69.86127333551016 -36.090344977250645 M-126.79652425272226 36.40846214296781 C-109.92107994095963 18.677959668183377, -95.5089436150353 0.46243238526923547, -65.01635564610586 -35.058633967381844 M-127.45549187673505 36.72898322790378 C-114.02445191405181 20.979296373665772, -100.64437290306566 6.306561137001006, -64.44410707984417 -35.80916933831898 M-120.0035355661185 36.4106171440218 C-103.1723904576562 16.57379552929167, -86.61905250165256 -0.608178977035927, -57.39911530019814 -36.202439410503445 M-120.44954613843953 35.81175006883438 C-95.62635346627015 7.195636886662502, -71.07602148161608 -21.07136269270201, -57.15193147079802 -35.72583053560553 M-113.68218573450422 36.46548591487903 C-93.60820795688753 14.446064771175589, -73.83237898408366 -10.324054503854986, -51.39931475237735 -35.47026436655418 M-113.16492033679049 36.7903583230063 C-97.46990790421846 17.003599666446213, -81.4601960285639 -0.9952879677939119, -50.98908626914488 -35.66584996101008 M-108.46900652306468 36.72982053145164 C-85.4106410692836 12.161900875966161, -63.785110408569395 -13.811119762610092, -43.298298835104305 -35.08013467579175 M-107.50939639981566 36.957022309670755 C-94.46975285870892 21.072745936498574, -80.0503276924845 6.045845218352273, -43.8195254288249 -35.07500645250981 M-100.16481105493907 36.157557252245375 C-82.91106730832716 17.084211421913835, -68.06586122409651 -0.6892430668818309, -36.72584293916642 -36.23548724098151 M-100.30513538643089 35.96338488966056 C-84.18787845335913 18.724684339731652, -67.46027615239117 -0.210732696977948, -37.49369880141379 -36.51472578416726 M-93.03772649410784 35.92055771358963 C-79.88698008259944 21.201996278452757, -65.4599034095296 4.442897831789095, -31.15542216836011 -35.19018157758908 M-93.68038471258835 36.79377410528741 C-75.37299861320476 15.04476135532841, -57.08595550735741 -5.113518864069826, -30.855477648296937 -35.671243194479935 M-86.32756664621344 35.849605348852826 C-66.13629724611465 13.433023831962396, -45.435254017352335 -10.932820806344788, -24.086426903262595 -35.58702226478678 M-87.16550337196882 36.82890713648165 C-70.40506668361205 16.538290815338275, -53.20633441209883 -2.2836045427966276, -24.62895751640926 -35.787900892115296 M-79.40005539169184 35.274023188135004 C-61.287924230390566 14.587592621334922, -43.09614747493443 -8.415926080042736, -18.269456662570608 -34.80556283215172 M-80.58301558736152 35.848809236614336 C-65.58643115212921 18.603681659249034, -50.260189971979 1.6904466575913815, -17.6988618861122 -36.867220264092445 M-73.3174582488104 37.670446350137524 C-53.64089384246215 12.680874746678615, -33.887539654651476 -8.90673434563684, -10.793623374240045 -35.00384257570504 M-74.16692595040887 37.01600466678213 C-59.73358495479506 21.077903431376846, -46.058793317204646 4.413578206101102, -11.479349173780063 -35.47681573976051 M-67.84553506972148 35.886415807931094 C-52.88287016629607 21.506503346966625, -39.72188074284904 3.6843221826049106, -3.975446645558877 -34.59274018004306 M-67.21766907194217 36.47479527810198 C-50.05773781091093 16.735570949386506, -33.965402468027634 -2.7798770255325933, -4.305186936393381 -35.208832968393494 M-59.76639690965467 35.779670336724244 C-36.26125083180163 7.097087870693887, -9.354627815999626 -19.726259420361508, 1.5722709327508426 -37.39284366693478 M-59.86875528415498 36.792332221419066 C-46.910101037888445 20.616198500605048, -32.07269816421928 5.248054077180149, 2.0758078222818126 -35.70612010219233 M-54.83898890021408 36.765887234217246 C-29.792009821331817 9.889887402385359, -8.138652704204492 -14.751283024435297, 9.624126398946396 -35.43101145320098 M-53.54298655276598 36.68879025157055 C-36.611686507798915 17.824616723720577, -19.429223496659272 -1.9624356550988302, 9.461148039256564 -36.40215073864449 M-46.79605578605873 36.67173511672298 C-28.416483283760375 15.247737526746217, -13.586891727187371 -3.8675575664539177, 16.182007241306835 -35.95692258790717 M-47.00707229490033 36.81009421517392 C-34.98776793133533 22.197105169314945, -21.732294972346594 6.726714417793358, 16.51195956954995 -36.65406650215384 M-41.85368155501194 36.53883767522271 C-16.28569276664791 8.440028293740335, 6.710774276206685 -18.896451315705193, 22.023710781700363 -35.61587419075012 M-40.883142290122905 36.69895079589756 C-27.571782856071017 21.01784296284741, -14.000326830627788 5.509938376239133, 22.2554730688916 -35.74951067182428 M-34.79239459078196 35.83010338403794 C-10.580902692809726 10.91611450788116, 12.428467183507266 -16.11752622930292, 28.202296096068228 -35.5638423872835 M-34.011529571613664 36.69200018716048 C-18.32675667569175 19.32136213153814, -4.304859227795078 2.292298280777987, 29.513010751851947 -35.540023415534144 M-27.23143334706099 37.13178542626979 C-9.659125302895905 18.602312844306, 7.482572761062443 -3.2131624591792796, 34.74917859529216 -36.762121806033754 M-28.056721698568243 36.47435693115435 C-10.12934945591544 16.27369924445658, 6.084662815255192 -2.539655991948023, 35.69696585447604 -36.06190932157946 M-20.550452779430717 37.3624311246941 C-7.131812238688303 19.871878581646676, 10.43206163552852 1.628785867839522, 43.08667276485937 -36.33406780215556 M-20.065261709279948 36.32275544399774 C-5.519562257983442 19.513269484396186, 9.555643334098354 0.7189791733194054, 42.97414897246469 -36.52749207002042 M-12.866592618877274 35.93375494749988 C0.7816335418901779 20.361425560995972, 13.826081187762501 5.176200272055641, 49.129201872981064 -34.492908326704395 M-14.040515430961177 36.26623342024377 C8.208988732950179 11.744901529528262, 28.697285413444387 -13.461173809714237, 49.21592921668554 -35.76761529524948 M-7.2837952288001215 36.25997581929222 C17.357202453424616 8.573337348668785, 42.16867550114938 -19.795815671933784, 54.879344509306954 -37.09607497984018 M-7.835717138684051 36.302092937706846 C16.954018462194234 9.316170104666696, 39.753667542827785 -17.375561005482275, 56.081407770066406 -36.903465797438145 M-0.9552604012782252 37.45012709520676 C22.38205405179109 10.594941983138808, 42.93003693936327 -15.435083010997202, 63.343554927851386 -36.777502756390625 M-0.15531434028946056 35.778345565800706 C17.84938421747345 14.563376126448627, 37.43012060007664 -7.369987845478366, 62.19933826289376 -35.538904059286025 M6.251577345133198 35.51863552820606 C22.392094692614766 19.371297957017326, 37.20205641566918 1.013526685038226, 68.19963471532817 -35.86133543926498 M5.848998549957532 36.54145707097105 C26.399928775986762 12.123451814420376, 48.12626075677185 -12.09657628053647, 68.65048083400463 -35.191729556090685 M12.996113257591842 35.9183336839156 C31.054032005186542 15.51477880469881, 49.53623824708025 -6.598369181838698, 75.97266338767486 -35.468572201835094 M13.203423472946945 36.53821085134217 C33.25640552653042 12.669882964312492, 52.75879630337644 -11.248615944471467, 75.25707416732875 -36.40585645969128 M19.47869200908192 35.849621790436856 C39.20240330719204 13.930590831384674, 59.95589354194933 -10.562021547475608, 80.91547404235688 -35.58546913673454 M19.74026634231305 36.92116665798364 C41.55399977649133 11.000220908306012, 63.71496413641833 -15.858910336551576, 82.17031316835181 -35.593350300814286 M25.030144188278065 37.18288015620861 C49.20767620157792 8.525377120900732, 73.3689192821935 -17.12711098398944, 87.32452686280176 -35.49014182638572 M25.43445980584844 37.005269812173445 C48.600201902853925 9.32659311416868, 72.00701601436548 -17.231922712158433, 88.43222981323245 -35.56595453937934 M32.75723800217744 35.86024769180065 C49.479746268335475 17.57043986584819, 63.58713963930436 2.2779906005275015, 94.29663365047027 -36.95036594857547 M32.16266572694623 36.84181330768648 C53.87920653873161 11.590962997259107, 76.22036389668959 -13.028964945935282, 96.10520857064598 -35.62838347030096 M39.9946013978212 37.14389953502897 C54.45404683922559 19.087054138270133, 69.79433854819253 0.08642766336811153, 102.6595098697842 -36.9834722744684 M38.65012695460632 36.68842915801251 C53.282138043927986 19.61288983356644, 69.36770685916818 2.132207083631169, 101.36022655959084 -35.667719982388924 M45.86466280240406 38.026182984802325 C69.31118570823773 9.763289650730528, 91.7243596077999 -18.30032274732835, 107.19169052352598 -36.23329066667612 M45.6819174630087 36.2988067791648 C68.86772626371047 10.461497743736226, 91.80412412786004 -17.785859514879704, 108.41600622380031 -35.051111484253205 M51.950323369539724 37.119363472230845 C66.49579615444581 19.408589515746858, 82.16693538483639 1.8811264636571792, 115.49246242498707 -36.674784373297655 M51.70862642854437 36.37096198753973 C74.67384061020942 11.491662156226306, 96.48113905839809 -13.949658745043047, 114.67322597839548 -35.9077585983123 M58.37113636195263 36.05120584574729 C79.51207835409616 10.27780999949859, 103.49857471524628 -14.013603851558655, 122.432101077266 -36.01941651570903 M58.54546590647905 35.99962771300986 C80.7225127498204 11.636415518409988, 103.1652592120903 -13.98280275969912, 121.80953660937736 -35.654595448531694 M66.2400265191061 36.16647699105536 C86.69488700415344 13.60084308515603, 106.38644160894383 -11.418914496626885, 127.45556225666896 -36.67458185868402 M65.74357551333743 37.37119596022102 C84.4756734133108 15.151762587095151, 103.60743978178938 -7.1691564869287, 127.54835290587333 -36.06474479443051 M71.57694740271552 35.251107135678396 C85.45958755495478 22.421542609875498, 99.7526445564044 4.563680115039612, 130.61759502339348 -31.74684296417101 M72.45592232679834 36.74762589237341 C89.87677582629657 16.57836116395718, 106.28301992055064 -2.6717920665880603, 130.89912034551836 -30.560546969339022 M77.71714834762155 36.373328800594734 C90.48541256179645 22.281947983295815, 105.52971325645713 7.2526487052517705, 129.74549018383547 -23.21380771990895 M78.01920469818317 36.31077667941296 C96.08666651941513 16.628617961328366, 112.97361033340519 -3.83846015648568, 129.74065757847086 -22.527607883798446 M86.2099002101589 36.883918124163465 C102.58371364608064 17.00381438498464, 120.01010222616557 -2.566438298691482, 131.6354640361717 -16.534173025314285 M84.29285190306607 36.16893140925061 C102.02618831043556 17.544351551751287, 118.10110208427749 -0.43919446345221363, 130.88732532558586 -15.94275213395785 M92.89118669596726 34.90015146576949 C104.22812298677178 23.17855692408834, 114.54485183127464 12.4783138471958, 130.47491682355349 -7.428671394742478 M92.26610288763293 36.79620302831301 C103.55922928361564 22.153084191759334, 116.73783847097731 8.14929794391586, 130.74187426653063 -7.9624622757879715 M98.65490170778762 35.38513898937423 C109.03459374379507 23.07437710577736, 121.50050623258275 9.710977066013967, 130.97268897364333 -0.14018122730241417 M98.09157153506392 37.0201541021831 C108.8412778261195 24.16707849644432, 119.58609434849531 12.747635020395679, 130.46212410696353 -0.7411424817220474 M105.1938866836504 35.575898712671645 C110.0777228404316 31.387090494554393, 114.81600923169245 24.118791071172108, 131.0778694204024 7.048777402920744 M104.90353030550496 36.165576738488525 C113.23710373470794 27.890555156533377, 120.88715605726829 18.63672991768479, 130.12581679190262 6.748298569693223 M110.49241354098724 36.195623925568285 C117.70846019552964 30.511474849989284, 122.46592256015796 24.4720254316716, 130.1693954802294 14.3650210526454 M112.54267917628849 36.71420085162044 C117.29623427816867 30.886517019695916, 122.16549569609138 24.361793172485385, 130.48160101926493 14.817281379020836 M117.6005094976422 35.64107756783207 C120.7997340179164 32.79291303251616, 124.58036929619155 28.52242826571903, 130.66235148398079 23.3943960577144 M117.88746062635862 36.099418578783705 C120.85979659646733 33.55173906751874, 123.31649766480949 31.220605993912084, 130.5209826893391 22.59983727337449 M124.56279293509253 36.83747948352347 C126.61661785913229 34.67873669108046, 127.80878249078283 32.95664508083507, 129.98219457892495 29.45045083576064 M124.60035908107456 36.97889413880601 C126.86001049831695 34.127899162500455, 129.07493281941046 31.807137310381176, 130.90217447548238 29.874121943012767"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-130.38688198343766 -36.28206189553645 C-33.69758029463626 -36.648808214462726, 64.02120870519478 -35.88187075259005, 129.47568022738866 -35.582133586415225 M-130.16721556455317 -36.07610756763166 C-31.06726224169465 -34.904379450560235, 68.45734086539916 -34.65088220925353, 130.48117943070704 -35.964664111794214 M131.0750851163487 -35.929323902261444 C130.97849807473096 -15.160127029138536, 130.3032186489889 4.745895287453104, 128.85914006143872 35.68103935873588 M130.61242761256867 -36.05556927252023 C129.65515635856082 -13.314773271428285, 129.88603455905994 10.25756903659688, 130.38879151112303 36.13835944179928 M128.93789126386218 34.92841333610086 C45.026510737988126 35.08686662271412, -38.79580043980158 34.37331477485128, -129.38677759855295 35.5727845256447 M129.7823436532108 35.479111848969 C65.9207579514602 36.05448839737031, 1.1011352797076586 36.01336647556358, -130.47640740838935 35.928240918539196 M-128.69305856768813 35.082601931064005 C-130.14900197704168 12.64404868812726, -130.58478168643745 -12.607758464746858, -129.04920965637183 -37.28895441390647 M-130.106156789707 36.18411812957685 C-128.95969932463785 14.54558595206312, -129.77986863775266 -7.160906752853074, -129.80055266583716 -36.316127862968436"/></g><g transform="translate(-100, -21)" style="" class="label"><rect/><foreignObject height="42" width="200"><div style="display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>Management Gateway: llm-gateway.flycast:9090</p></span></div></foreignObject></g></g><g transform="translate(397.2906150817871, 557.0693016052246)" data-look="handDrawn" data-et="node" data-node="true" data-id="H" id="flowchart-H-15" class="rough-node default"><g style="" class="basic label-container"><path stroke-dasharray="0 0" fill="none" stroke-width="4" stroke="#ffffff" d="M-88.55388130068332 -25.303207856232714 C-88.55388130068332 -25.303207856232714, -88.55388130068332 -25.303207856232714, -88.55388130068332 -25.303207856232714 M-88.55388130068332 -25.303207856232714 C-88.55388130068332 -25.303207856232714, -88.55388130068332 -25.303207856232714, -88.55388130068332 -25.303207856232714 M-88.72822415828723 -18.679248830870883 C-86.37778520214248 -20.623354403094115, -83.70429827440053 -24.282007306733494, -82.17421618429475 -25.363641831356922 M-87.71623741186309 -18.334865171993158 C-86.50350215914008 -19.86828699064177, -85.73603028276985 -21.229396006164773, -81.76267062430861 -25.932223821174404 M-88.5326043541891 -9.140774987402281 C-83.16427373744035 -16.7843568496795, -79.4212731140523 -20.287569724792114, -75.27511867698922 -26.84491204544334 M-88.5715779182811 -9.976282098583605 C-85.40361936954773 -13.790832771820986, -80.87194943018794 -17.721610091388104, -74.63540061194065 -25.344620813633156 M-88.03312601029621 -2.6949670249927524 C-79.52418474844865 -12.686577577475624, -72.61123228044403 -19.368639202497754, -67.69005390398789 -23.902762992487478 M-89.02569818404373 -2.787954913167942 C-82.66005716847607 -8.307921306462235, -78.00263129958618 -14.124391561523572, -69.20158754761688 -24.849714114588487 M-87.34993436505941 5.637247984451572 C-81.32420382910838 -2.623712653607929, -73.57966141805176 -9.9920912165925, -62.76279673372354 -25.61052972408838 M-88.71215384462768 4.685415600641018 C-78.58659865515199 -6.172402842418583, -69.64005414963202 -17.2268719139411, -61.85389742417416 -25.807668663428014 M-88.64325604229981 11.3644292307266 C-76.59862353098308 -0.680178699181328, -64.88455024978894 -14.14581531326048, -54.08663841127502 -26.747053643149467 M-88.61712553712978 12.376965343206267 C-76.4716339000826 -0.9663804860719492, -66.23016044455647 -12.595929247605726, -55.47422411836746 -25.034358077694844 M-87.3065822888312 18.835095367111286 C-79.51394339661226 11.515519374245558, -70.91752816227175 1.0526023454085562, -48.31178578284188 -24.63835597204956 M-88.18700383327023 19.947405520964526 C-77.41883335148188 8.360410082826416, -67.55012110971535 -4.032263326480448, -48.39389532421906 -24.897894514066753 M-85.40766202721511 26.75069489486118 C-74.82057846584276 13.397588509088058, -63.69229739811857 0.1422131445665029, -41.89253577826532 -25.318705254529142 M-86.32137306181347 25.385126432768377 C-72.26944405443665 9.640805815682105, -57.562548660301154 -7.460438932314275, -41.25167550567739 -25.81528683428439 M-78.78515227593265 26.914739592696836 C-63.45465125032988 7.080488407567275, -47.758220440137194 -12.484828760891066, -36.75083626690804 -24.579289147014087 M-80.17481277076091 26.166542882663535 C-64.91436683016447 8.835964460055655, -49.09960987709835 -9.259724662593728, -34.780490951819125 -25.328168987224796 M-72.58730090490815 27.376773674212306 C-56.31334170890707 7.146459301425302, -39.44347209429869 -11.68318778108557, -29.0280704633064 -25.115044580232702 M-73.33214036224483 25.420432897933974 C-62.84873669801097 14.681094581508253, -52.313196885333554 2.5368741079137616, -28.34607784025274 -24.85210701358382 M-66.83903433279708 26.659435488509786 C-55.637261254225706 14.349606964900849, -44.6827345561757 2.635254565518514, -22.87623467194624 -24.8530477629783 M-66.50501955509262 25.620214448750502 C-52.42015014975818 8.544620348148143, -36.290996465508634 -8.740019076412548, -22.526485565700703 -26.109456054794315 M-59.90441277896851 24.52105791016713 C-42.49425802321168 6.1514076093240835, -27.99465977438819 -11.117813407616795, -14.32572213735203 -25.321207003374923 M-60.22693756312677 25.952916546188426 C-43.781232166026925 7.501632532901185, -28.00646974756061 -10.203722192449082, -15.839833760961703 -26.092392738714654 M-52.40230569601279 26.963387807040288 C-38.7416020608332 8.188696433995064, -24.388766758992404 -9.770879448813439, -10.442098075160285 -25.5561822654329 M-53.43235139191634 25.67807542632471 C-42.720924637210736 13.99246809544793, -32.25179046613104 2.117479788487308, -9.038843839827546 -24.972771288732233 M-45.934256841981885 25.603010849597254 C-32.15456708490014 10.37425113218553, -19.65534569834193 -4.413729651166236, -2.991728893313966 -26.44646586667564 M-46.36951152123472 26.337480838630707 C-32.3685846268238 8.42420679433573, -17.142353434519592 -8.482385454878278, -1.456533948402262 -25.990120422127927 M-41.64257768185302 25.052421709100056 C-24.565761470425375 6.04389499676011, -7.9572252151330485 -10.385897058514345, 3.301747279508315 -25.500910974216705 M-40.42649626871074 26.594374752466724 C-27.33737641871776 12.110606300314373, -14.980493335419887 -2.9754593908006597, 4.22808896235119 -24.739857778933928 M-32.98040728954476 25.797955161083106 C-18.920612130890497 10.200504649269686, -4.501388832466591 -9.413503944087873, 9.463946526391883 -24.097278759744025 M-34.02880734695822 25.840533189716204 C-24.047520250916477 15.399442344590305, -14.254046426094822 4.203668957616825, 11.261678019731043 -25.17852690963551 M-25.774733045728453 25.628612452771385 C-13.240954895432381 9.165355902389942, 1.6992677058701149 -7.906039946243363, 16.410074275235537 -27.03303202558149 M-26.971595489415158 25.09377070062347 C-9.464632485664863 6.2473688952985205, 7.698610298417366 -14.219809031580581, 17.49213480684144 -25.941109998874406 M-21.51318090920742 25.548850707392234 C-10.798626587851318 15.970402812568164, -0.8063890918497023 3.8979175143614584, 25.222751835534048 -24.148776007318666 M-19.907709836376483 26.340044966280132 C-3.3820216130238805 6.42030630853381, 13.49611382795343 -13.26824212582933, 24.266482202318393 -25.168524682289586 M-14.074630630736978 27.567273686855618 C2.214418407568945 10.101121876444367, 16.985471528767842 -9.372735696861191, 30.934371301352236 -25.246724288980563 M-13.601334430233166 25.557302831046602 C0.8856425535573067 8.790448150745366, 14.735147933216911 -7.579731953341629, 30.32026923182315 -25.100866680308354 M-6.436917144995816 25.507026404543826 C11.052386992559523 4.111350310134606, 26.948372717981222 -15.690809327046262, 36.92271067562677 -24.505858777218872 M-7.28955843022233 25.92575546511225 C5.686160539407225 12.688487598353303, 17.427098905252482 -1.801580346660465, 37.484309882704636 -25.250975302670014 M-0.41929775689276905 25.67481024468403 C17.004634084717186 6.181510491173857, 32.012447606743144 -13.805990091258046, 44.69547146229426 -24.42695202259917 M-0.7706828831983883 25.439525236703002 C15.66244649948658 6.774325316022045, 32.692991463141716 -12.461787132003053, 43.59945949304377 -25.06067521636662 M5.1344317419098875 25.54430394321963 C22.16854797532483 8.293302174356267, 36.216662051359 -8.923616623100303, 49.90337387902406 -24.858413234260354 M5.107215619771582 26.277237730971304 C17.039716221987906 13.08986393529097, 28.9613383408659 0.4685405282636206, 50.584507023992984 -25.29923548424629 M13.25753510805609 25.59117368897506 C26.81063107090891 8.44860763538297, 42.94906409540528 -10.016842758752665, 57.370334725597765 -26.75765210404687 M12.338760292649217 25.546627970293628 C23.697212770621242 13.868008974314442, 34.18495225351214 1.079123566930289, 57.100184637845594 -24.968604767493314 M18.567426421464994 25.536247616442353 C30.488496996921555 11.669094300839332, 42.02747939265633 -1.3765963452794825, 63.57853492239978 -26.40551165705468 M19.013087532984976 26.477865754663537 C32.474923284599384 10.798892617153047, 45.366223416381985 -4.1520119005073965, 63.79501886877408 -25.293465569874304 M27.61397853764747 24.389792104838882 C41.597101250354456 9.252752650864883, 53.40269153859312 -7.800675827187425, 70.3008246274057 -25.962283710571114 M26.276401135007838 25.522596979737617 C42.084189440167705 7.631253757271358, 56.747479426383684 -9.462680554289449, 70.8967305221453 -25.835827455610698 M32.90999227634509 27.036310328649893 C46.7484864196012 11.274482383024614, 59.32758892557503 -4.681143640842265, 76.63423949169558 -26.749792168954112 M32.93117058923026 25.893919862099878 C46.2658710244027 10.239544830255769, 58.89957834241781 -4.324434420168703, 77.90534644852312 -25.02671133751396 M39.99445148243304 26.366891073092905 C53.202757873972075 8.557803470853571, 69.98682307066056 -7.848361137881226, 84.58604607347483 -25.5772159835761 M39.49596135406737 25.535914150436465 C50.60039187075233 13.029215336543768, 61.33950800301959 -0.771487544994087, 83.12199569434277 -24.658736087147087 M44.78693465135203 25.138653442286103 C60.69208943221474 9.348841537700809, 75.06130498453516 -7.25522555525339, 87.53900270535674 -23.211819697067764 M45.652815342681066 25.919849551459404 C61.81978090481936 7.92906159499441, 75.95472299939098 -8.938111561469304, 88.92449085879758 -23.409870286860354 M53.203136065820246 26.296224409296485 C64.78810814237048 10.459857754282377, 77.91241792936115 -3.519689288563781, 87.84747358058692 -14.395910639135487 M53.114835263817156 25.472397255718654 C60.66102727861447 16.306686289869386, 68.53790670962357 7.6645386701402165, 87.92652732613452 -15.691404460229645 M57.579220124551355 26.30457181389806 C69.76661300641769 15.2252602924316, 77.93723625660921 4.346185486680873, 87.92809442334693 -9.880148851830429 M58.47460178181161 26.292839276294306 C70.7967020258263 11.71001134475107, 83.25054926846914 -1.9585248492448266, 88.42962943893757 -8.49794369424772 M65.13419128865606 26.169240145135724 C71.73051462196895 17.546030818108928, 76.98825466029253 12.191411684449681, 89.65982234134849 -1.291717070132693 M66.6203158534769 25.30107870761746 C74.01060437231222 16.203364920661723, 81.51433272304736 6.546814895055461, 88.91013104395915 -0.34551040319724136 M71.94559704542762 24.48194975349767 C75.26590273043595 22.269660978497182, 79.48430326412348 15.103998926094993, 88.58082046752877 8.003156823487334 M71.78019740173971 25.22727156701039 C76.07763980196428 21.15229300834733, 79.60394180560178 17.875991630226217, 88.89948108217976 7.329766616744745 M79.63664035967372 25.59191033935999 C81.28788585340898 23.54465033073943, 81.94342420905147 21.975502923339228, 88.23270292636981 14.51207974082115 M78.49748069379099 26.198039868610476 C80.40099098994386 23.728329617011816, 82.67875852997676 21.896725346887905, 88.15794086310898 14.37320352443768 M85.61083931015807 25.631606161657235 C86.86019909111945 24.663222469260326, 87.7780596681866 22.900491881469293, 89.07420460467881 21.89441510989403 M85.95971358656394 25.663333918170252 C87.04983138960614 24.3638144691841, 87.95527679897573 22.797985963069788, 89.19918373719466 21.911169710647815"/><path fill="none" stroke-width="1.3" stroke="#000000" d="M-87.07613280912597 -26.14727711230493 C-45.626448114044855 -25.03823843906184, -4.975942989736776 -26.06622571813277, 88.97167026671131 -24.38626916691591 M-88.45102952452551 -24.934844071984507 C-39.12119444587036 -25.001435421859473, 11.284842923219081 -25.264657061625, 88.509061140752 -25.73068042944385 M89.56689384844054 -26.24616923521855 C87.89195049828106 -11.738810654858291, 88.87551672785187 3.3091248074666715, 88.71425894721463 26.48511522880294 M88.83539544197208 -25.071966504137823 C88.70731189466787 -12.238786871242661, 87.75514160191499 0.13152558987473334, 88.32919303632852 26.104127533008505 M89.24328741956087 24.79823160285102 C18.986605155037097 27.348763962762924, -48.88330168437918 27.631065772159047, -88.19800227457185 24.539417400715408 M88.85935684787171 25.220371044713186 C31.38240562484515 24.464851717573485, -26.208523093950927 25.297850010027872, -88.8520675262501 25.15764130357782 M-87.97784804110753 26.035888269055857 C-87.4616268183575 14.16562422812854, -88.57848563035967 -0.09601199095367918, -89.4611057382698 -24.693264290530095 M-88.16283313760431 25.024917522138605 C-88.85255370666624 8.687032963146823, -88.44120620437356 -7.489333740637351, -88.76313304216917 -25.453043923876983"/></g><g transform="translate(-58.3828125, -10.5)" style="" class="label"><rect/><foreignObject height="21" width="116.765625"><div style="display: table-cell; white-space: normal; line-height: 1.5; max-width: 200px; text-align: center;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel"><p>management:9090</p></span></div></foreignObject></g></g></g></g></g><defs><filter width="130%" height="130%" id="drop-shadow"><feDropShadow flood-color="#000000" flood-opacity="0.06" stdDeviation="0" dy="4" dx="4"/></filter></defs><defs><filter width="150%" height="150%" id="drop-shadow-small"><feDropShadow flood-color="#000000" flood-opacity="0.06" stdDeviation="0" dy="2" dx="2"/></filter></defs><linearGradient y2="0%" x2="100%" y1="0%" x1="0%" gradientUnits="objectBoundingBox" id="my-svg-gradient"><stop stop-opacity="1" stop-color="#0042eb" offset="0%"/><stop stop-opacity="1" stop-color="#eb0042" offset="100%"/></linearGradient></svg>
\ No newline at end of file
diff --git a/blueprints/connecting-to-user-machines.html.md b/blueprints/connecting-to-user-machines.html.md
new file mode 100644
index 0000000000..290a74cdb6
--- /dev/null
+++ b/blueprints/connecting-to-user-machines.html.md
@@ -0,0 +1,164 @@
+---
+title: Connecting to User Machines
+layout: docs
+nav: guides
+date: 2025-04-02
+---
+
+<figure>
+  <img src="http://github.com/static/images/connecting-to-users.png" alt="Illustration by Annie Ruygt of a bird holding hands with a computer" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+When running machines for end users, a common challenge is efficiently managing and routing requests to these machines. This guide outlines the recommended approach for connecting to user machines on Fly.io.
+
+## Typical Stack
+
+- **Coordinator**: Your app that manages machines on behalf of end users. This can also function as the Router.
+- **Router**: An app that relays requests to user machines. This can be the same as the Coordinator.
+- **User App**: Apps assigned to specific users on isolated networks.
+- **User Machine**: Machine(s) in those apps.
+
+## HTTP Services
+
+A typical setup includes two services:
+- A **management** HTTP service (`port 9090`) for tasks such as:
+  - Sending LLM generated code changes
+  - Health checks
+  - Metrics requests
+- A **public** HTTP service (`port 4443`) for:
+  - Live Previews
+  - LLM <-> MCP Server Connectivity
+  - Deployed User Apps
+
+### HTTP Request Processing
+
+![HTTP Request Flow](/docs/blueprints/connecting-to-user-machines-http-flow.svg)
+
+This diagram illustrates how HTTP requests are processed:
+- Public HTTP requests arrive at your router app, which issues a fly-replay to a specific user app. The Fly Proxy then replays the request to the target app, matching the service based on the inbound request port.
+- Private HTTP requests arrive at an internal management gateway, which is not accessible from the internet. The same replay process gets that request to the user app on the specified port, matching the service based on the inbound request port.
+
+## Using fly-replay
+
+The recommended mechanism for connecting to user machines over HTTP is the `fly-replay` response header. This works by instructing our global proxy to reroute the request to a specific machine. If the machine is not running, the proxy will start it. This approach works for any kind of HTTP request, including WebSockets. Since our proxy manages the entire request, your router app is no longer a point of failure after it sends the `fly-replay` header.
+
+### Port Matching
+
+When using fly-replay, the proxy matches the incoming request's port to the target service's public port. For example:
+- A request to port 80 will be routed to a service configured with `port: 80`
+- A request to port 9090 will be routed to a service configured with `port: 9090`
+
+This means your router app needs to receive requests on the same ports that your target services are configured to use. For example, to connect to a management API on port 9090, the router must receive the request on port 9090.
+
+### Private Network Router Example
+
+The [private-network-router](https://github.com/fly-apps/private-network-router) example shows how to build a router that can handle multiple services. It uses flycast to keep management APIs private while still allowing routing to them. The router:
+
+1. Receives requests on any port
+2. Determines the target app and machine based on the request
+3. Sends a `fly-replay` response header with parameters like `app` and `instance` to route the request to the correct app and machine. For more details on the parameters, see the [fly-replay documentation](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header).
+
+This pattern allows you to:
+- Keep management APIs private by running them with flycast
+- Route requests to multiple services from a single router
+- Maintain security by not exposing management ports directly to the internet
+
+## Authentication
+
+Validation of replayed requests should happen within the user machine. We recommend using the `state` mechanism in fly-replay for this purpose:
+
+1. **Create a preshared key for each user app** and set it as an app secret.
+2. When issuing a replay, set the header: `fly-replay: app=<app>,state=<key>`.
+3. On the user machine, parse the `fly-replay-src` header. This header contains fields such as `instance`, `region`, `t`, and `state` (see [fly-replay documentation](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header)).
+4. Check the `state` value in `fly-replay-src` against the preshared key for the app. If it matches, the request is validated.
+
+See the [TypeScript example below](#example-authenticating-a-replayed-request-in-typescript) for a practical implementation of this validation.
+
+## Antipatterns
+
+- **flycast, <app>.fly.dev, and Dedicated IPs**: These are meant for permanent apps that need to communicate with each other. They and involve more moving parts than simply routing with `fly-replay`. More moving parts mean more potential for issues.
+- **TCP or UDP**: Avoid using raw TCP or UDP when communicating with end user machines. If necessary, consider running Tailscale containers alongside your code.
+
+## Example Service Configuration
+
+Here's an example service configuration for a machine that includes both a management service and a standard public HTTP service:
+
+```json
+{
+  "services": [
+    {
+      "name": "management",
+      "internal_port": 9090,
+      "ports": [
+        {
+          "port": 9090,
+          "handlers": ["http"]
+        }
+      ]
+    },
+    {
+      "name": "public",
+      "internal_port": 8080,
+      "ports": [
+        {
+          "port": 80,
+          "handlers": ["http"]
+        }
+      ]
+    }
+  ]
+}
+```
+
+This configuration sets up:
+- A management service listening internally on port 9090 and exposed on port 9090
+- A public service listening internally on port 8080 and exposed on port 80
+Both services will automatically start when needed and stop when idle.
+
+### Example: Authenticating a Replayed Request in TypeScript
+
+Here's a simple example of how you might authenticate a replayed request in a TypeScript HTTP handler using the `fly-replay-src` header and a preshared key:
+
+```typescript
+// Example preshared key for the app (in practice, load from env or secret store)
+const PRESHARED_KEY = process.env.PRESHARED_KEY;
+
+function parseFlyReplaySrc(header: string | undefined) {
+  if (!header) return {};
+  return Object.fromEntries(
+    header.split(',').map(pair => {
+      const [key, value] = pair.split('=');
+      return [key.trim(), value?.trim()];
+    })
+  );
+}
+
+async function authenticateReplay(request: Request): Promise<boolean> {
+  const flyReplaySrc = request.headers.get('fly-replay-src');
+  const params = parseFlyReplaySrc(flyReplaySrc);
+  return params.state === PRESHARED_KEY;
+}
+
+// Example usage in a fetch handler
+addEventListener('fetch', (event) => {
+  event.respondWith(handleRequest(event.request));
+});
+
+async function handleRequest(request: Request): Promise<Response> {
+  if (!(await authenticateReplay(request))) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+  // ...handle the authenticated request...
+  return new Response('OK');
+}
+```
+
+This code checks the `fly-replay-src` header, parses out the `state` value, and compares it to the preshared key. If it matches, the request is authenticated. 
+
+## Related reading
+
+- [Per‑User Dev Environments with Fly Machines](/docs/blueprints/per-user-dev-environments/) Find out how to run isolated, on‑demand environments for each user.
+- [Observability for User Apps](/docs/blueprints/observability-for-user-apps/) Learn about how to gather logs and telemetry from per‑user apps/machines once you’ve routed traffic to them.
+- [Dynamic Request Routing with fly‑replay](/docs/networking/dynamic-request-routing/) Learn about the `fly‑replay` header and dynamic request routing.
\ No newline at end of file
diff --git a/blueprints/connecting-to-user-machines.mmd b/blueprints/connecting-to-user-machines.mmd
new file mode 100644
index 0000000000..140b97d23c
--- /dev/null
+++ b/blueprints/connecting-to-user-machines.mmd
@@ -0,0 +1,10 @@
+graph TD;
+    A[Public HTTP Request] -->|Arrives at| B[Router App: llm-router.fly.dev:443]
+    B -->|Sets fly-replay| C[Fly Proxy]
+    C -->|replay| D[User App: llm-user-1234]
+    D -->|match port 443| E[public:443]
+    
+    F[Private HTTP Request] -->|Arrives at| G[Management Gateway: llm-gateway.flycast:9090]
+    G -->|Sets fly-replay| C
+    C -->|replay| D
+    D -->|match port 9090| H[management:9090] 
\ No newline at end of file
diff --git a/blueprints/deno-kv-litefs.html.markerb b/blueprints/deno-kv-litefs.html.markerb
new file mode 100644
index 0000000000..59ae1c52d2
--- /dev/null
+++ b/blueprints/deno-kv-litefs.html.markerb
@@ -0,0 +1,152 @@
+---
+title: Deno KV with LiteFS Cloud
+layout: docs
+published: false
+nav: firecracker
+author: jesse
+date: 2024-05-28
+---
+
+<%= partial "/docs/partials/docs/litefs_sunset" %>
+
+## Problem
+
+If you're porting an app from Deno Deploy to Fly.io, you may hit a bit of a snag: if it was built with [Deno KV](https://deno.com/blog/kv), a _traditionally_ FoundationDB backed K/V store made for Deno Deploy, there's no obvious way to easily run Deno KV at scale on Fly.io. You _could_ use [denoland/denokv](https://github.com/denoland/denokv) on Fly.io, but due to an alignment of the stars there happens to be an easier way.
+
+Deno KV can actually be backed by an SQLite DB stored on disk in a cache folder, and you can specify the path of this DB with the parameter to `Deno.openKv( <here> )`.
+
+This means you can do something like this to get Deno KV to use an arbitrary SQLite DB:
+
+```typescript
+const kv = await Deno.openKv("/any/path/i/want.db");
+```
+
+Now, Fly.io has some special features for SQLite users, namely [LiteFS Cloud](https://fly.io/docs/litefs/speedrun), a distributed file system that transparently replicates and backs up SQLite databases across all your instances. The magic here is that you can just treat it like a local on-disk SQLite database but behind the curtain it’s doing all the work to replicate your DB.
+
+## Setting up LiteFS
+
+Firstly, you need to add a `litefs.yml` file to your project, and make sure it gets included in the Dockerfile.
+
+Here’s an example:
+
+```yml
+fuse:
+  dir: "/litefs"
+
+data:
+  dir: "/var/lib/litefs"
+
+exit-on-error: false
+
+proxy:
+  addr: ":8080"
+  target: "localhost:8081"
+  db: "db"
+  passthrough:
+    - "*.ico"
+    - "*.png"
+
+exec:
+  - cmd: "deno run -A main.ts"
+
+lease:
+  type: "consul"
+  advertise-url: "http://${hostname}.vm.${fly_app_name}.internal:20202/"
+  candidate: ${FLY_REGION == PRIMARY_REGION}
+  promote: true
+
+  consul:
+    url: "${FLY_CONSUL_URL}"
+    key: "litefs/${FLY_APP_NAME}"\
+```
+
+This is 99% the [sample config](https://github.com/superfly/litefs-example/blob/main/fly-io-config/etc/litefs.yml), only changing the exec command to a Deno one.
+
+<div class="important icon">
+It's not immediately clear based on the example config, but your app needs to listen on "target" (:8081) and your service/http_service in fly.toml needs to listen on "addr" (:8080). This is because part of LiteFS acts as a proxy, so you need the fly-proxy to send requests to LiteFS which then forwards them on to your app.
+
+If you’re not able to change your application’s port, make sure `target` is set up correctly then change `addr` and `fly.toml` to something other than `:8080`.
+
+</div>
+
+Once you've added the config, you just need to make your app look for the SQLite DB in the right location. For Deno KV, that looks like this:
+
+```typescript
+const kv = await Deno.openKv(Deno.env.get("DB_LOCATION"));
+```
+
+Where `DB_LOCATION` is set to `/litefs/my.db` in `fly.toml` under `[env]`.
+
+Now, if you’re deploying to Fly.io, you’re almost ready to go. [Here’s where to look if you’re not running on Fly.io](https://fly.io/docs/litefs/getting-started-docker/).
+
+## Creating a LiteFS Cloud cluster
+
+For a more in-depth article, check out [Getting Started with LiteFS on Fly.io](https://fly.io/docs/litefs/getting-started-fly/).
+
+Head over to the [LiteFS section](https://fly.io/dashboard/personal/litefs) of the dashboard and create a cluster, **make a note of the auth token** (you’ll need it later).
+
+### Dockerfile
+
+You need to add the dependencies for LiteFS to your Dockerfile:
+
+```docker
+# for alpine-based images
+RUN apk add ca-certificates fuse3 sqlite
+
+# or for debian/ubuntu-based images
+RUN apt-get update -y && apt-get install -y ca-certificates fuse3 sqlite3
+```
+
+And copy in the LiteFS binary:
+
+```docker
+COPY --from=flyio/litefs:0.5 /usr/local/bin/litefs /usr/local/bin/litefs
+```
+
+And update the `ENTRYPOINT`/`CMD`:
+
+```docker
+ENTRYPOINT litefs mount
+```
+
+Now you're ready to launch your Fly app!
+
+```bash
+# Create a volume
+$ fly volumes create litefs --size 10
+
+# Create your app without deploying
+$ fly launch --no-deploy
+
+# Attach the Fly.io provided Consul server to your app.
+$ fly consul attach
+
+# Set the secret for LiteFS cloud, replace the example value with your token from earlier
+$ fly secrets set LITEFS_CLOUD_TOKEN=yoursecrettoken
+```
+
+Update your `fly.toml` to mount the LiteFS volume:
+
+```
+[mounts]
+  source = "litefs"
+  destination = "/var/lib/litefs"
+```
+
+Aaannnndddd, Deploy!
+
+```
+fly deploy
+```
+
+Your reward for running all those commands should be a running app with LiteFS! Let us know if you run into friction using LiteFS with Deno KV or any other client, you can reach out on [the Fly Community](https://community.fly.io/).
+
+### Scaling
+
+Deploying just one node using LiteFS doesn’t actually _do much_, so try scaling outwards! You can add a few Machines in regions close to your users like this:
+
+```
+fly scale count 3 -r yyz,ewr,waw
+```
+
+This will automatically add volumes and Machines to [scale your app](/docs/apps/scale-count/#scale-an-apps-regions) out and around the world!
diff --git a/blueprints/going-to-production-with-healthcare-apps.html.md b/blueprints/going-to-production-with-healthcare-apps.html.md
new file mode 100644
index 0000000000..aa78b1096d
--- /dev/null
+++ b/blueprints/going-to-production-with-healthcare-apps.html.md
@@ -0,0 +1,187 @@
+---
+title: Going to Production with Healthcare Apps
+layout: docs
+nav: guides
+redirect_from: /docs/blueprints/going-to-production-with-hipaa-apps
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/production-healthcare.png" alt="Illustration by Annie Ruygt of a balloon doctor using stethescope on an app" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Fly.io was built by security researchers from the ground up to be both productive and secure, making it a great home for HIPAA-compliant production healthcare applications for productive teams that ship often.
+
+This guiide runs a developer or operations engineer through the process of evaluating Fly.io's security for HIPAA healthcare apps, launching a pilot application, signing a Business Associate Agreement (BAA), and deploying to production.
+
+## HIPAA and Fly.io Primer
+
+The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any company that processes protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
+
+Fly.io takes a "principle of least privilege" approach to security. Here are the highlights of what healthcare app developers get out of the box on Fly.io:
+
+### Data Protection and Encryption
+
+HIPAA requires that PHI be encrypted both in transit and at rest to prevent unauthorized access:
+
+- **In Transit**: Fly.io uses [WireGuard](https://fly.io/blog/our-user-mode-wireguard-year/) to encrypt data as it moves between networks, ensuring compliance with HIPAA's transmission security requirements.
+- **At Rest**: Fly.io ensures data at rest is secured on [encrypted NVMe user volumes](/docs/volumes/), aligning with the encryption standards required by HIPAA for storage security.
+
+### Access Control
+
+Access to PHI must be limited to authorized personnel only, which is managed through:
+
+- **Network Isolation**: Each application on Fly.io runs within its own private network by default, reducing the risk of unauthorized access.
+- **Secrets Management**: Fly.io provides a [secrets manager](/docs/apps/secrets/) for storing and handling API credentials and environment variables securely, ensuring that sensitive information is accessible only to authorized applications.
+- **Isolated Application Environments**: Fly.io allows organizations to create separate organizations for different environments, ensuring that production environments are isolated from test and staging environments.
+- **Workload Isolation:** [Docker workloads on Fly.io are isolated at the kernel hardware level through the Firecracker VM runtime](https://fly.io/blog/fly-machines/). These workloads are hosted in secure data centers on Fly.io's dedicated hardware, ensuring HIPAA compliance by minimizing the risk of unauthorized access and maintaining strict control over PHI data.
+
+### Audit Controls
+
+HIPAA demands that you implement hardware, software, and procedural mechanisms that record and examine activity in systems containing PHI:
+
+- **Logging and Monitoring**: Fly.io allows organizations to monitor and log access and usage, helping comply with HIPAA’s information system activity review requirements.
+- **Version-Controlled Configuration**: Fly.io uses a Dockerfile and fly.toml configuration file for managing application deployments. These files can be checked into version control systems, like Github, allowing for comprehensive audit trails of infrastructure changes. This capability supports HIPAA's mandates for traceability and accountability in the modification and management of systems handling PHI.
+
+### Data Integrity
+
+To comply with HIPAA, entities must ensure that PHI is not altered or destroyed in an unauthorized manner:
+
+- **Data Storage and Backup**: Fly.io’s infrastructure provides robust data integrity controls, including [regular snapshots](/docs/volumes/volume-manage/) of [encrypted volumes](/docs/volumes/overview/#volume-encryption) to prevent data loss.
+- **Reproducible Deployments**: Fly.io's use of Docker ensures that application deployments are reproducible and can be locked down to a mostly read-only state. This reduces the likelihood of unauthorized modifications to application environments, meeting HIPAA's requirements for protecting PHI from unauthorized alteration or destruction.
+
+### Physical Security
+
+Physical access to data centers where PHI is stored must be controlled:
+
+- **Data Centers**: Fly.io hosts services in secure data centers with restricted access, surveillance, and environmental controls, ensuring the physical security of the hardware that stores and processes PHI.
+- **Regional Data Control**: Fly.io allows users to control the [physical region](https://fly.io/docs/reference/regions/) where data is stored and processed using simple commands, facilitating compliance with data residency requirements of HIPAA by ensuring PHI is stored within designated secure regions, such as the United States.
+
+There's more detail at [https://fly.io/docs/about/healthcare](https://fly.io/docs/about/healthcare/) and [https://fly.io/security](https://fly.io/security). If you have additional questions about Fly.io's security infrastructure & practices, please [reach out](mailto:sales@fly.io).
+
+## Launch pilot application
+
+The fastest way to deploy a pilot application is to run through the [Fly.io Speedrun](https://fly.io/speedrun/).
+
+If your free demo account doesn't have enough resources for your pilot application, you may [upgrade to a paid plan](https://fly.io/docs/about/pricing/) or [contact us](mailto:sales@fly.io) to make other arrangements.
+
+### Specify deployment regions
+
+Fly automatically detects which of its 30+ regions around the globe is closest to you as your default data region.
+
+If the default region is not where you want to host your application, run `fly platform regions` to see the most recent list of regions.
+
+```bash
+fly platform regions
+NAME                        	CODE	GATEWAY	GPUS	CAPACITY	LAUNCH PLAN+
+
+North America
+Ashburn, Virginia (US)      	iad 	✓      	✓   	164
+Chicago, Illinois (US)      	ord 	✓      	      385
+Dallas, Texas (US)          	dfw 	✓      	      426
+Los Angeles, California (US)	lax 	✓      	      635
+San Jose, California (US)   	sjc 	✓      	✓     2399
+Secaucus, NJ (US)           	ewr                     233
+Toronto, Canada             	yyz 	✓      	      70
+# ... Lots more regions...
+```
+
+Then select your desired region:
+
+```
+$ fly regions add ord
+```
+
+And remove undesired regions as well:
+
+```bash
+$ fly regions remove sin
+```
+
+Your application will automatically be deployed to the regions specified and communications between regions happen over a private, encrypted WireGuard network.
+
+### Add API keys and credentials to the Secrets Manager
+
+Fly.io's [secret manager stores](/docs/apps/secrets/) your application's API credentials and secrets in a secure vault. The contents remain encrypted and are only available from running Machine instances as environment variables.
+
+### Talk to our solution architects if you have questions
+
+If at any time during your evaluation of Fly you have questions about the infrastructure, security, or service terms you can ask in the community forums or [email Fly.io with your questions](mailto:sales@fly.io).
+
+## Deploy to production
+
+Once you've evaluated Fly.io and have a BAA, it's time to go to production. The remainder of this guide will walk you through how to setup an isolated production environment, control access, and deploy your application.
+
+### Sign a Business Associate Agreement (BAA)
+
+When you're ready to start deploying HIPAA apps, you'll need to do some paperwork (don't worry, we use digital signatures) to make sure everything is compliant.
+
+- [Choose the Compliance Package](https://fly.io/compliance) that includes HIPAA/BAA documents.
+- Sign in to the dashboard and request a signed BAA at [https://fly.io/dashboard/personal/compliance](https://fly.io/dashboard/personal/compliance) or [contact us](mailto:sales@fly.io) and we'll help.
+
+### Provision an isolated production environment
+
+Ensure the production environment to be separate from the test and staging environments used to test this application.
+
+Fly uses "organizations" to control access to "applications". Since production environments require their own access control, we'll create a new organization that will contain all of our production applications.
+
+```bash
+# Replace $MYORG with the name of your organization
+$ fly orgs create $MYORG-production
+```
+
+You'll walk through the steps of creating a new organization within Fly.io. You'll also have to add a new payment method and select the appropriate plan for the new organization. If you need help during this process or have questions about how a plan spans multiple organizations, [please reach out](mailto:sales@fly.io).
+
+### Invite team members to production environment
+
+Grant access to team members who may have access to the production environment:
+
+```bash
+$ fly orgs invite somebody@$MYORG.com --org $MYORG-production
+```
+
+### Launch application
+
+Next, ensure you have a `fly.toml` file for each environment:
+
+```bash
+$ cp fly.toml fly.staging.toml
+$ mv fly.toml fly.production.toml
+```
+
+Run `fly launch` to provision the production environment.
+
+```bash
+# Replace $MYAPPNAME with the name of your app
+$ fly launch --name $MYAPPNAME-production --path fly.production.yml --org $MYORG-production
+An existing fly.toml file was found for app $MYAPPNAME
+? Would you like to copy its configuration to the new app? (y/N) y
+```
+
+You'll be asked to copy the configuration file. Select `y` assuming you want to use the same settings from the `fly.toml` file that was formerly staging. You'll want to commit these `fly.toml` files to your repo.
+
+If you run into problems during or after deploy you can run `fly logs --path fly.production.yml` to see errors your application may be logging.
+
+### Create SSL certificate and custom domain
+
+Next, point a domain name to the new production environment via `fly certs`.
+
+```bash
+$ fly certs add myappname.com --path fly.production.yml
+```
+
+The output of the command includes the information you need to update DNS records to point to the application on Fly.io
+
+### Deploy application
+
+Finally run `fly deploy --path fly.production.yml` to deploy your application, then open your application in your browser to ensure that it's up and running.
+
+## Wrap-up
+
+Fly.io is a secure, productive platform for deploying HIPAA-compliant healthcare applications. The platform provides the necessary security controls and features to ensure that PHI is protected in accordance with HIPAA requirements while giving development teams the flexibility to ship often and scale quickly.
+
+## Related reading
+
+- [Healthcare apps on Fly.io](/docs/about/healthcare/) Overview of how Fly.io supports HIPAA‑compliant apps, including encryption, network isolation, and audit‑controls.
+- [Going to production checklist](/docs/apps/going-to-production/) A general production‑readiness checklist for apps on Fly.io.
\ No newline at end of file
diff --git a/blueprints/index.html.md b/blueprints/index.html.md
new file mode 100644
index 0000000000..02af045ab7
--- /dev/null
+++ b/blueprints/index.html.md
@@ -0,0 +1,68 @@
+---
+title: Guides (Blueprints)
+layout: docs
+toc: true
+nav: guides
+---
+
+A growing library of guides for running, designing, and deploying all kinds of apps on Fly.io. Whether you're just getting started or looking for new ideas, these are real-world patterns you can learn from and build on.
+
+## Architecture Patterns
+
+Guides for the structure your app on Fly.io. Layouts, tradeoffs, moving parts.
+
+- [Resilient apps use multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/)
+- [Getting Started with N-Tier Architecture](/docs/blueprints/n-tier-architecture/)
+- [Shared Nothing Architecture](/docs/blueprints/shared-nothing/)
+- [Session Affinity (a.k.a. Sticky Sessions)](/docs/blueprints/sticky-sessions/)
+- [Multi-region databases and fly-replay](/docs/blueprints/multi-region-fly-replay/)
+- [Deploying Remote MCP Servers](/docs/blueprints/remote-mcp-servers/)
+
+
+## Deployment & Developer Workflow
+
+Stuff you set up once and adjust when you ship code. Includes previews, base images, staging, and Docker wrangling.
+
+- [Seamless Deployments on Fly.io](/docs/blueprints/seamless-deployments/)
+- [Rollback Guide](/docs/blueprints/rollback-guide/)
+- [Git Branch Preview Environments on Github](/docs/blueprints/review-apps-guide/)
+- [Staging and production isolation](/docs/blueprints/staging-prod-isolation/)
+- [Per-User Dev Environments with Fly Machines](/docs/blueprints/per-user-dev-environments/)
+- [Using base images for faster deployments](/docs/blueprints/using-base-images-for-faster-deployments/)
+- [Managing Docker Images with Fly.io's Private Registry](/docs/blueprints/using-the-fly-docker-registry/)
+
+
+## Networking & Connectivity
+
+Connecting things. Public apps, private services, bridging deployments, SSH, and WireGuard.
+
+- [Run private apps with Flycast](/docs/blueprints/private-applications-flycast/)
+- [Jack into your private network with WireGuard](/docs/blueprints/connect-private-network-wireguard/)
+- [Bridge your other deployments to Fly.io](/docs/blueprints/bridge-deployments-wireguard/)
+- [Connecting to User Machines](/docs/blueprints/connecting-to-user-machines/)
+- [Run an SSH server](/docs/blueprints/opensshd/)
+
+## Scaling, Performance & Observability
+
+Make it fast. Make it reliable. Monitor what's happening.
+
+- [Observability for User Apps](/docs/blueprints/observability-for-user-apps/)
+- [Autoscale Machines](/docs/blueprints/autoscale-machines/)
+- [Autostart and autostop private apps](/docs/blueprints/autostart-internal-apps/)
+- [Setting Hard and Soft Concurrency Limits](/docs/blueprints/setting-concurrency-limits/)
+- [Using Fly Volume forks for faster startup times](/docs/blueprints/volume-forking/)
+- [Going to Production with Healthcare Apps](/docs/blueprints/going-to-production-with-healthcare-apps/)
+
+
+## Background Jobs & Automation
+
+How to run periodic tasks, long-running jobs, infrastructure automation, and the things that run when you’re asleep.
+
+- [Building Infrastructure Automation without Terraform](/docs/blueprints/infra-automation-without-terraform/)
+- [Deferring long-running tasks to a distributed work queue](/docs/blueprints/work-queues/)
+- [Task scheduling guide with Cron Manager and friends](/docs/blueprints/task-scheduling/)
+- [Crontab with Supercronic](/docs/blueprints/supercronic/)
+
+
+
+
diff --git a/blueprints/infra-automation-without-terraform.html.md b/blueprints/infra-automation-without-terraform.html.md
new file mode 100644
index 0000000000..0625b42aac
--- /dev/null
+++ b/blueprints/infra-automation-without-terraform.html.md
@@ -0,0 +1,173 @@
+---
+title: Building Infrastructure Automation without Terraform
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-08-05
+---
+
+<figure>
+  <img src="http://github.com/static/images/building-infrastructure-automation.png" alt="Illustration by Annie Ruygt of a Frankie the balloon working on automation at his computer" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+We don’t have a Terraform provider anymore, and that’s intentional. It’s not a great fit for how our platform works. This guide is about how to get a Terraform-like experience using the tools that do fit.
+
+If you're used to defining infrastructure declaratively, using templated variables, repeatable workflows, a single source of truth, you can absolutely have that on Fly.io. But you’ll get there by thinking a little differently: using tools built around our actual primitives instead of trying to bend them to fit a plan/apply model. If you're looking for a good path forward, you've got options.
+
+This guide walks through two options for automating Fly.io deployments without Terraform.
+
+The first uses `flyctl` and GitHub Actions. It’s what we recommend for most users: push to `main`, your app gets deployed. No infra state to manage, no VMs to track. Just code and Git.
+
+The second uses the Machines API directly. It’s more work, but gives you full control over each virtual machine. You’ll need this if you’re doing custom orchestration like rolling deploys across regions, temporary environments, or using fine-tuned scaling logic.
+
+We’ll show you how both approaches work and help you figure out which one makes sense for your setup.
+
+---
+
+## The easy way: `flyctl` + GitHub Actions
+
+This is the path most Fly.io apps take, and it’s what we recommend. You write code, you push to `main`, your app gets deployed. It’s quick to set up, and it abstracts away the VM lifecycle stuff unless and until you want it.
+
+Here’s the gist:
+
+1. Get your app running on Fly.io
+1. Push the code to a GitHub repo
+1. Wire up a GitHub Actions workflow that calls `flyctl deploy`
+
+That’s it. Here’s what setting that up looks like.
+
+### Step 1: Generate a deploy token
+
+```
+fly tokens create deploy --app <app-name>
+```
+
+Treat that token like a password. Copy it somewhere safe—you’ll need it for GitHub.
+
+### Step 2: Add it to your GitHub repo
+
+In GitHub:
+
+- Go to your repo > Settings > Secrets and variables > Actions
+- Add a new secret named `FLY_API_TOKEN`
+- Paste in the deploy token
+
+### Step 3: Write the workflow file
+
+Drop this into `.github/workflows/fly.yml` in your repo:
+
+```
+name: Fly Deploy
+
+on:
+  push:
+    branches:
+      - main  # or your default branch
+
+jobs:
+  deploy:
+    name: Deploy app
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+      - run: flyctl deploy --remote-only
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+```
+
+Push that file, and your next `git push` to `main` will kick off a deployment. You can watch it happen in the Actions tab.
+
+The `--remote-only` flag tells `flyctl` to build your image on Fly.io’s remote builders, so your CI environment doesn’t need Docker.
+
+From here on out, you’ve got continuous deployment. Push to `main`, app goes live.
+
+A realistic example: you’re running a Rails app backed by Postgres and Redis, deployed to `iad` and `lhr`. It lives in a monorepo, and you want each push to `main` to trigger a deployment. The `flyctl` + GitHub Actions setup gets you continuous deployment. You'll handle the supporting infrastructure  imperatively (think databases, IP addresses, scaling): `fly pg create`, `fly redis create`, `fly scale count`, `fly ips allocate`, and so on. The platform keeps track of what you’ve configured, so you don’t need to re-declare it every time.
+
+<div class="callout">
+**Tip:** If you want a repeatable setup, you can script your commands into a bash file. Just be aware: that script will be linear and imperative, not declarative or idempotent like a Terraform plan.
+</div>
+
+---
+
+## The harder way: The Machines API
+
+This is the route for teams who were doing more than `terraform apply`. If you had logic layered into your infra automation like canary deploys, ephemeral environments, controlling exactly which VM runs where, you’ll want to look at the Machines API. It’s lower-level, but more powerful. Think of it as Fly.io’s bare-metal interface. No `plan`, no `state`, no `graph`, just HTTP.
+
+You can use it to:
+
+- Spin up new Machines in specific regions
+- Roll out changes a Machine at a time
+- Build custom scaling logic
+- Tear down and rebuild environments on demand
+
+This is what Fly.io’s own orchestration tools use under the hood. You can spin up Machines, wire them together, and orchestrate them across regions, just like we do. You've got all the same knobs and levers we use internally, and you can build exactly the kind of workflow your setup needs.
+
+### What you're working with
+
+The Machines API is a REST interface. It speaks JSON over HTTPS. You authenticate using a [Fly.io API token](https://fly.io/docs/security/tokens/), ideally a deploy token scoped to your app or organization. Pass it as a `Bearer` token in the `Authorization` header. If you've used GitHub Actions to deploy with `flyctl`, it's the same kind of token.
+
+Each Fly App is a namespace. You can create as many Machines (VMs) as you want in an App. Each Machine runs a Docker image, has a region, some resource settings, and a lifecycle: create → start → stop → destroy.
+
+You don’t need special tooling to use it. `curl` works. So does `fetch`, `requests`, `httpie`, or whatever HTTP client you like in Go or Rust or Python. Everything you might script with `flyctl`, like creating databases, setting scale counts, can also be done via the Machines API. It’s more verbose, but gives you full control and makes it easier to integrate infrastructure setup into a larger orchestration flow.
+
+### Example: spin up a Machine with curl
+
+```
+export FLY_APP_NAME="your-app-name"
+export FLY_API_TOKEN="your-fly-token"
+
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "https://api.machines.dev/v1/apps/$%7BFLY_APP_NAME%7D/machines" \
+  -d '{
+    "region": "sjc",
+    "config": {
+      "image": "nginx",
+      "guest": {
+        "cpu_kind": "shared",
+        "cpus": 1,
+        "memory_mb": 256
+      }
+    }
+  }'
+```
+
+The response includes the ID of the new Machine. You can then start, stop, or destroy it by hitting `/machines/{id}` with the appropriate verb.
+
+### When to reach for the API
+
+Most apps don’t need this. But if you’re building something dynamic, like spinning up short-lived browser-based dev environments or launching ephemeral multiplayer game servers, then you’ll want this kind of control.
+
+Some of our favorite real-world uses:
+
+- A “run this one function on a new machine” pattern, demoed in [this JS repo](https://github.com/fly-apps/fly-run-this-function-on-another-machine). It boots a new Machine in-region, runs a job, and tears it down. Works like serverless, but with a full VM and no cold starts.
+- A minimal Go client for the Machines API, [`sosedoff/fly-machines`](https://github.com/sosedoff/fly-machines), has helpers to create, update, and destroy Machines programmatically. If you’re replacing Terraform logic with your own Go-based orchestration, this is a good lightweight example. For something more comprehensive, check out our official fly Go SDK, [`superfly/fly-go`](https://github.com/superfly/fly-go), for tighter integration with the platform.
+
+The Machines API doesn’t lock you into a flow, we just give you the primitives.
+
+**Still not sure? Here's the comparison.**
+
+| Feature | `flyctl` + GitHub Actions | Machines API |
+| --- | --- | --- |
+| Best for | Standard apps, CI/CD | Custom infra, dynamic environments |
+| Setup time | Fast | Slower |
+| Complexity | Low | High |
+| Control | Abstracted (`deploy`, `scale`) | Full (`create`, `start`, `destroy`) |
+| Official support | Fully supported & recommended | Fully supported & documented |
+
+## One last thing
+
+We know it sucks when a tool you relied on gets deprecated. Terraform made a lot of things feel clean and declarative. But when it comes to the Machines API specifically, Terraform was always working at a bit of a mismatch since it tries to express an inherently imperative lifecycle in a declarative model. The Machines API gives you fine-grained control and flexibility that didn’t map cleanly to Terraform's abstractions. With a little effort, you can build exactly what you need, and avoid being boxed in by someone else’s idea of what an app should look like.
+
+If you're rebuilding that tooling now, let us know what you're working on. We might be able to help, or at least learn something from it.
+
+## Related Reading
+
+- [Continuous Deployment with flyctl and GitHub Actions](https://fly.io/docs/launch/continuous-deployment-with-github-actions/) Walk‑through on wiring CI/CD with Fly.io + GitHub Actions.
+- [Access Tokens for Fly.io](https://fly.io/docs/security/tokens/) Deep dive into token scopes, permissions, and best practices for automation workflows.
+- [Working with the Machines API](https://fly.io/docs/machines/api/working-with-machines-api/)  Reference guide for automating at the VM/“machine” level (the lower‑level alternative to flyctl).
+- [App Configuration (`fly.toml`)](https://fly.io/docs/reference/configuration/) Details on how your app config file works, which is often part of your automation setup.
\ No newline at end of file
diff --git a/blueprints/multi-region-fly-replay.html.md b/blueprints/multi-region-fly-replay.html.md
new file mode 100644
index 0000000000..5f933657bd
--- /dev/null
+++ b/blueprints/multi-region-fly-replay.html.md
@@ -0,0 +1,114 @@
+---
+title: Multi-region databases and fly-replay
+layout: docs
+nav: guides
+---
+
+<figure>
+  <img src="http://github.com/static/images/multi-region.png" alt="Illustration by Annie Ruygt of Frankie looking out over the solar system" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+You want to run your app and database in multiple [regions](/docs/reference/regions/) close to your users, and deploying database read replicas will give you better performance on read requests. This is a good solution for apps with read-heavy database workloads. But you also want writes to be efficient, despite needing to write to a primary database on the other side of the world.
+
+This guide will help you understand the concepts to implement an app, with a primary database and read replicas in multiple regions, that uses the `fly-replay` response header to re-route write requests to the primary region. Consider using this guide when:
+
+- Your app's users are in more than one geographic region and you want low latency for reads in all regions.
+- Your app has a request distribution of less than 50% writes.
+- You don't want the architecture complications and potential for conflicts that come with running a multi-primary database cluster.
+
+## Fly.io was made for multi-region apps
+
+Fly.io already routes requests to the closest region where your app is deployed. Using regional database read replicas can further reduce latency since the Fly Machine (our fast-launching VM) receiving the request can connect to a database instance in the same region. Read replicas also reduce the overall load on the primary database. This multi-reader single-writer setup is great for read-heavy apps.
+
+When your app receives write requests, you can use the `fly-replay` response header to forward the whole HTTP request to the primary region, which is often faster than connecting directly to the primary database from other regions. This is especially true when a request to an endpoint requires multiple database queries to complete; there would be extra latency on each query from a secondary region compared to a local connection in the primary region.
+
+## How it works
+
+The [`fly-replay` response header](/docs/networking/dynamic-request-routing/) instructs Fly proxy to redeliver (replay) the original request to another region or Machine in your app, or even another app in your organization. In this case, you’ll be replaying write requests to the Machine in the primary region. Using `fly-replay` to replay write requests is a general pattern that can be applied in most languages and frameworks for databases with one primary and multiple read replicas.
+
+In the following diagram, the app is running one Machine in each of three regions. The primary region is Chicago, and this is where the read/write primary database resides. There are Machines in two other regions, Rio de Janeiro and Amsterdam, each of which has a read replica. This example uses three regions for simplicity, but you could deploy in more than three regions and have more than one Machine per region connecting to the same read replica.
+
+<figure>
+  <img src="http://github.com/static/images/docs-fly-replay.png" alt="Three Machines with attached databases in 3 regions: Chicago is the primary region with a writable database, while Rio de Janeiro and Amsterdam have read only replica databases. Arrows pointing from the secondary Machines to the primary Machine show the direction of HTTP requests redelivered using the fly-replay response header. Arrows pointing from the primary database to the read replicas indicate syncing of data.">
+</figure>
+
+<div class="note">
+**Note:** To illustrate the `fly-replay` concept in our diagram, we show the replayed HTTP request going directly from Machines in Rio de Janeiro and Amsterdam to the Machine in Chicago. In real life, Fly Proxy routes the request back through an edge node first. The cost of this routing is small, but if extreme efficiency is important for your use case, you can run your app in more regions to mitigate that.
+</div>
+
+Your app is running on Fly.io. The database can also run on Fly.io—in which case the app and database regions will match—or on another provider where you can pick the region closest to the Fly.io region of your Machines.
+
+## How to make it work for your app
+
+Your app needs logic to:
+
+1. **Read from the corresponding regional replica (or primary!) when a Machine receives a read request.** 
+1. **Always replay write requests to the primary region rather than connecting to the primary database from another region.**
+
+### Read from the corresponding regional replica
+
+Your app has a configurable primary region and you'll also host your primary database there or, in the case of a separate database provider, as close as possible to it. The primary region is exposed in the `PRIMARY_REGION` environment variable on every Machine in your app.
+
+Each Machine exposes the region in which it's running in the `FLY_REGION` environment variable.
+
+Your app can check the `FLY_REGION` against the `PRIMARY_REGION`, and modify the `DATABASE_URL`, `DB_HOST`, or other database variables when the region codes don't match. In some cases this just means changing a port ([as for Postgres](/docs/postgres/advanced-guides/high-availability-and-global-replication/#connecting-to-read-replicas)) and in other cases it will be more complex if the database requires different variables for each read replica (like in this [Laravel example](/laravel-bytes/multi-region-laravel-with-planetscale/)).
+
+### Replay write requests to the primary region
+
+Your app can detect write requests and send a response with the `fly-replay` header that tells Fly Proxy to replay the whole request to the Fly Machine in the primary region.
+
+#### Detect write requests
+
+First, you'll need a way to detect write requests so that you can forward them to the primary database. How you detect write requests will depend on your app and database. With Postgres databases, probably the simplest way to detect write requests is by [catching “read only transaction” errors](/docs/postgres/advanced-guides/high-availability-and-global-replication/#detecting-write-requests) when you attempt to write to a read replica.
+
+You can also set up routes in middleware if your language provides support for splitting read and write connections. Or your app can handle GET, POST, DELETE, PUT, and PATCH requests differently, again likely in your app's middleware. For example, assuming HTTP requests using GET are read requests and everything else is a write request will work well most of the time.
+
+#### Send a response with the fly-replay header
+
+When your app detects a write request, it should send a response that contains only the `fly-replay` header with the [region code](/docs/reference/regions/) of your primary region like so: `fly-replay: region=<region code or env variable>`. Fly Proxy will replay the whole request to the specified region. The code would look something like this:
+
+```yaml
+# This code should be in the handler for non-GET requests to the endpoint you 
+# want to send to the primary region for write to the primary database.
+if os.environ("PRIMARY_REGION") != os.environ("FLY_REGION"):
+  # This machine is not in the primary region
+  response.headers = {"fly-replay": f"region={os.environ("PRIMARY_REGION")}"}
+  return response
+else:
+  # This machine *is* in the primary region
+  # Handle request normally, write to database.
+```
+
+## Challenges and limitations
+
+### Write-heavy apps shouldn't use read replicas
+
+Don't use regional read replicas if your app's requests are more than 50% write requests. In that case, you'd want to look into a multi-region primary or similar solution.
+
+### Reading your own writes
+
+There will be short periods of time when data is not consistent between replicas and the primary. If reading your own writes immediately is a requirement for your app, then you'll need to consider how to handle replication.
+
+You can set up health checks to monitor replication status and fail when replication is not complete.
+
+Another useful pattern is to poll the database until the data is replicated. The Fly Postgres [LSN module](https://github.com/superfly/fly_postgres_elixir/tree/main/lib/lsn+external) has an example of how to poll with a [Postgres stored procedure](https://github.com/superfly/fly_postgres_elixir/blob/main/lib/migrations/v01.ex+external). You can reuse this pattern from any database library.
+
+A less efficient method would be for your app to catch the errors thrown when records don't exist and then retry failed requests.
+
+## Implementation resources
+
+Example implementations of this multi-region database with `fly-replay` pattern can give you a head start:
+
+- [Fly Ruby gem](https://github.com/superfly/fly-ruby+external) for running database replicas alongside your app instances in multiple regions.
+- [Fly Postgres Elixir library](https://github.com/superfly/fly_postgres_elixir+external) for geographically distributed Elixir applications using Ecto and PostgreSQL in a primary/replica configuration on Fly.io.
+
+## Related reading
+
+We've covered multi-region databases with `fly-replay` in some past blog posts and in our docs:
+
+- [Globally Distributed Postgres](https://fly.io/blog/globally-distributed-postgres/)
+- [Multi-Region Laravel with PlanetScale](https://fly.io/laravel-bytes/multi-region-laravel-with-planetscale/)
+- [Run Ordinary Rails Apps Globally](https://fly.io/ruby-dispatch/run-ordinary-rails-apps-globally/)
+- [Dynamic Request Routing](/docs/networking/dynamic-request-routing/)
\ No newline at end of file
diff --git a/blueprints/n-tier-architecture.html.md b/blueprints/n-tier-architecture.html.md
new file mode 100644
index 0000000000..17f7dd9600
--- /dev/null
+++ b/blueprints/n-tier-architecture.html.md
@@ -0,0 +1,130 @@
+---
+title: Getting Started with N-Tier Architecture
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-08-29
+---
+
+<figure>
+  <img src="http://github.com/static/images/get-started-n-tier.png" alt="Illustration by Annie Ruygt of a bird slicing a loaf of bread-think app layers" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Introduction: What is n-tier architecture?
+
+When people talk about “**n-tier architecture**,” they’re describing a way of splitting an app into layers (or “tiers”) that each have a specific job. The “**n**” just means there could be two, three, or more tiers depending on how you slice things.
+
+---
+
+## Defining tiers
+
+- **Presentation tier**: the UI/frontend of your app — HTML/CSS/JS in a browser, or a mobile app interface — that the user interacts with
+- **Web tier**: the app servers/backend that [handle requests](/docs/networking/dynamic-request-routing/) and run business logic
+- **Data tier**: stores, manages and provides access to application data
+
+---
+
+## N-Tier Examples 
+
+### Two tiers 
+
+**web app + database**. This is the most common case on Fly.io: your app servers run on Fly Machines and connect to a shared Postgres cluster.
+
+### Three tiers
+
+**frontend + backend + database**. You’ll see this if you have a separate frontend (like a React SPA served from a CDN, or a mobile app) that talks to your Fly backend.
+
+### Mapping to Fly.io
+
+- **Web tier** → your app running on Fly Machines
+- **Data tier** → [Fly Managed Postgres](/docs/mpg/) (our hosted Postgres that handles the messy parts for you)
+- **Optional presentation tier** → a separate frontend app (web or mobile) that talks to your Fly backend
+
+The idea is simple but powerful: the web tier doesn’t keep state. All shared state lives in the data tier, so you can add or remove servers at will without breaking anything. It’s the architecture you want if you care about **scalability** (handling more traffic by adding machines) and **reliability** (requests keep flowing even if one machine goes down).
+
+---
+
+## Why use n-tier on Fly.io?
+
+- **Scale with one command**: Add more Web/App machines whenever traffic spikes.
+- **Keep requests flowing**: Fly’s proxy automatically balances load across your Machines.
+- **Let the database do its job**: With [Managed Postgres](/docs/mpg/), you don’t need to worry about setup, backups, or failover.
+
+You could use Redis, Tigris, or other data stores here too, but if you’re not sure, start with Managed Postgres. It’s the default choice for good reason.
+
+---
+
+## Quickstart: Deploying a n-Tier App
+
+Let’s spin up a simple n-tier setup.
+
+### 1. Launch your app
+
+First, deploy your app to Fly:
+
+```bash
+fly launch
+fly deploy
+```
+
+This gives you the **web tier**.
+
+---
+
+### 2. Add a database (Managed Postgres)
+
+Now create your **data tier** with [Fly Managed Postgres](/docs/mpg/):
+
+```cmd
+fly mpg create
+```
+
+This will:
+
+- Provision a new Postgres cluster in the same region as your app to keep latency to a minimum (though you can choose another region).
+- Configure monitoring, daily backups, and automatic failover.
+
+To connect your app, you’ll need to add the database credentials as secrets. You can do this from the Fly.io Dashboard, or with `flyctl`:
+
+```cmd
+fly secrets set DATABASE_URL=postgres://<user>:<password>@<host>/<dbname>
+```
+
+Most frameworks (Rails, Django, Node, etc.) will automatically read `DATABASE_URL` from the environment. Once set, your app is ready to talk to Postgres.
+
+More details on creating and connecting a managed Postgres database can be found [here](/docs/mpg/create-and-connect/).
+
+---
+
+### 3. Scale out your web tier
+
+If traffic grows, add more Machines:
+
+```cmd
+fly scale count 3
+```
+
+[Fly’s proxy](/docs/reference/fly-proxy/) takes care of spreading requests across the machines (load balancing).
+
+**Note:** Scaling works best when your web tier is **stateless**. Any shared data like file uploads, user sessions/cookies, or cached state should live in your data tier (usually Managed Postgres, sometimes object storage or Redis). If your framework defaults to local disk or memory for these, configure it to use a shared store instead.
+
+---
+
+## Finishing up
+
+At this point you’ve got:
+
+- **Optional presentation tier**: a separate frontend app, if you use one (delivered to browsers or devices)
+- **Web tier**: Fly Machines running your app (stateless and load balanced)
+- **Data tier**: [Fly Managed Postgres](/docs/mpg/)
+
+Every request can hit any Machine, and all Machines share the same Postgres. That’s an n-tier architecture in action, and it’s the foundation for most reliable web apps.
+
+---
+
+## Related reading
+
+- Explore the features of [Fly Managed Postgres](/docs/mpg/) 
+- Find out how to [scale apps on Fly](/docs/launch/scale-count/)
+- Read about [Fly networking](/docs/networking/) 
+- Learn more about [n-tier architecture](https://en.wikipedia.org/wiki/Multitier_architecture#Three-tier_architecture)
diff --git a/blueprints/observability-for-user-apps.html.md b/blueprints/observability-for-user-apps.html.md
new file mode 100644
index 0000000000..692c2dcee8
--- /dev/null
+++ b/blueprints/observability-for-user-apps.html.md
@@ -0,0 +1,121 @@
+---
+title: Observability for User Apps
+layout: docs
+nav: guides
+date: 2025-05-26
+---
+
+<figure>
+  <img src="http://github.com/static/images/observability.png" alt="Illustration by Annie Ruygt of a printed photo depicting a bird and a ghost backpacking through a forest" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+When you run a platform for users to execute their own code on Fly.io—[think per-user development environments](/docs/blueprints/per-user-dev-environments/) or AI/LLM apps—it's a good idea to have real-time observability for those user apps. You might _also_ want to stream logs from those apps back to the original developer (your end-user), so they can see what their code is doing.
+
+Fly.io offers built-in telemetry based on [**NATS**](https://nats.io/) that you can tap into to achieve this. At a high level, Fly.io captures everything your app writes to stdout and funnels it into an internal NATS log stream. A proxy in front of this NATS cluster ensures that each organization can only access its own applications' logs. Both the `flyctl logs` command and the our web dashboard's "Live Logs" use this pipeline under the hood. We can use the same system! By connecting a NATS client within your Fly organization's [private network](/docs/networking/private-networking/), we can subscribe to log subjects and stream logs out to wherever we need, in real-time.
+
+## Deploying the Fly Telemetry Forwarder
+
+If you want a bird's‑eye view for your own operations team, Fly provides an open source reference app called [**fly-telemetry**](https://github.com/superfly/fly-telemetry) that you can deploy to quickly get an observability stack running in your Fly organization. This app acts as a telemetry forwarder: it subscribes to the platform's NATS logs (and metrics) streams and stores the data for you. It includes a lightweight time-series database (VictoriaMetrics for metrics, VictoriaLogs for logs) and a Grafana instance with pre-configured dashboards, so you can explore your apps' logs and metrics visually.
+
+In an empty directory, run:
+
+```console
+fly launch --from https://github.com/superfly/fly-telemetry \
+  --yes \
+  --copy-config \
+  --org "$ORG" \
+  --env ORG="$ORG" \
+  --secret ACCESS_TOKEN="$(fly tokens create readonly "$ORG")" \
+  --flycast
+```
+
+After the deployment finishes, browse to the app's private URL [through WireGuard](/docs/blueprints/connect-private-network-wireguard/) or `fly proxy` and you have instant Grafana dashboards.
+
+This is handy for SREs, but not necessary for your end‑users.
+
+---
+
+## Streaming Fly app logs to your end users
+
+Streaming live logs straight to your users gives them insight into what their code is doing—developers see exactly what the runtime sees, in real time, without leaving your product or juggling extra tooling.
+
+### Connecting to the NATS Log Stream
+
+Every Fly organization has access to **NATS** which carries the logs for its apps. The server is available at the well-known address `[fdaa::3]:4223`. To connect to this endpoint, you must do so from within the Fly network—for example, from code running in a Fly app (like your telemetry forwarder or router) or from your local machine over a WireGuard connection.
+
+Using the NATS JavaScript client, you could connect as follows:
+
+```javascript
+import { connect, StringCodec } from "nats";
+
+const nc = await connect({
+  servers: "[fdaa::3]:4223",
+  user: "sandwich-expert",            // your Fly org slug (example)
+  pass: process.env.ACCESS_TOKEN       // your Fly access token (read-only)
+});
+
+// Now nc is a NATS connection that can subscribe to log subjects.
+```
+
+### Authentication
+
+When connecting from a Fly app in your org, you'll need to supply an access token. To generate one manually, run `fly tokens create readonly <org>` and store it as an app secrets. The NATS proxy will accept the token as the password and your org name as the username.
+
+### Log Subjects and Filtering
+
+Logs in the NATS stream are organized by **subject**. The subject format for Fly logs is:
+
+```console
+logs.<app_name>.<region>.<machine_id>
+```
+
+For example, if you have an application named `panini-786` and it's running in region `dfw`, you might see subjects like `logs.panini-786.dfw.d896d7c609dd68` (where `d896d7c609dd68` is the Machine ID). You can subscribe at varying levels of granularity using NATS wildcards:
+
+| Subject Pattern | Description |
+|----------------|-------------|
+| `logs.>` | Subscribe to **all logs** from all apps in your org (every region, every Machine) |
+| `logs.<app>.*.>` | Subscribe to all logs from a specific app (across all regions and Machine) |
+| `logs.*.<region>.>` | Subscribe to all logs from a specific region |
+| `logs.<app>.<region>.<machine>` | Subscribe to a single Machine (full exact subject) |
+
+In practice, to stream all logs for a given user's app, you'll subscribe to the subject pattern `logs.<user-app-name>.>` – this will capture any log line from any Machine of that app, in any region.
+
+### A Real-World Example
+
+[**NATstream**](https://natstream.fly.dev/) is a reference app that streams logs from your Fly apps right back to the browser. It connects to NATS and turns those events into a live feed at a simple HTTP `/logs` endpoint using Server-Sent Events (SSE). Developers could log in to your product and watch their app's logs flow in real time, without needing separate logging tools or the Fly CLI. The app keeps things high-level and lightweight—there's no deep framework complexity here, just a straightforward example of hooking into Fly's log pipeline and broadcasting events to the browser.
+
+<figure class="flex ai:center jc:center w:full r:lg overflow:off mb:4 rounded">
+  <img src="http://github.com/static/images/natstream.webp" alt="Screenshot of the NATstream open source app UI" class="w:full h:full fit:cover">
+</figure>
+
+You can fork it as a foundation for your own developer-facing live log streaming service, or rip out the relevant parts and build this logic into your existing app, using the NATstream implementation as a guide. More robustly, you could run a separate log "router" app that handles authentications and streaming on a per user, per app basis. This would be especially useful if streaming logs to a CLI.
+
+---
+
+## Building a Central Log Router Service
+
+Create a Fly "log router" app that sits between Fly's NATS telemetry stream, your product and your developers. Because each customer already has their own Fly app, every user's logs appear on a unique subject (`logs.<app>.>`), so multi-tenancy is solved by design—subscribe only to the subject that matches the requesting developer's app and you'll never mix data between users.
+
+<div class="note icon">
+**Note**: Your router service should enforce that a user can only request the logs for the app(s) they own. This means your routing logic needs an access control check (e.g. based on the authenticated user's ID matching the app name or an internal mapping). Fortunately, if you've structured your platform as one Fly app per user, it's straightforward to maintain a mapping from user account to Fly app name and use that for authorization.
+</div>
+
+On startup the router opens one NATS connection with an org-scoped read-only token. When a developer signs in through your dashboard or CLI, the router authenticates that user, determines their Fly app name, and, if not already listening, subscribes to that app's subject. As log entries arrive, the router forwards them over a live channel—typically a websocket or Server-Sent Events stream—directly to the developer's browser or CLI.
+
+The router itself is a Fly app that does the following:
+
+- On startup, connect to the NATS log stream using the org-wide credentials (as shown earlier).
+- Wait for developers to request or connect for log streaming (e.g., a developer opens a web UI to view their app's live logs, or runs a command to view logs).
+- When a request for a specific app's logs is received, subscribe to that app's log subject (if not already subscribed).
+- Stream the incoming log messages to the requesting developer in real-time.
+- Ensure that each developer only receives their own app's logs. The router should use the mapping of app ← → user to publish the right data to the correct output channel (and not mix different users' data).
+
+This approach uses one NATS subscription _per user app_. The messages are forwarded verbatim to the user's websocket in this case (as JSON strings), but you could transform them (for example, format them nicely or filter out certain internal logs) before sending. On the client side, you would simply read from the websocket or SSE stream and append new log lines to a console view.
+
+## Related reading
+
+- [Logging overview](/docs/monitoring/logging-overview/) How logs flow from your Fly apps into the platform’s NATS pipeline.
+- [Logs API options](/docs/monitoring/logs-api-options/) Guide with approaches for tapping directly into structured logs programmatically.
+- [fly-telemetry](https://github.com/superfly/fly-telemetry) Lightweight reference implementation for quick, out-of-the-box observability for deployments on Fly.io.
\ No newline at end of file
diff --git a/blueprints/opensshd.html.md b/blueprints/opensshd.html.md
new file mode 100644
index 0000000000..dadc86d502
--- /dev/null
+++ b/blueprints/opensshd.html.md
@@ -0,0 +1,217 @@
+---
+title: Run an SSH server
+layout: docs
+nav: guides
+author: rubys
+categories:
+  - SSH
+date: 2024-01-14
+redirect_from: /docs/app-guides/opensshd/
+---
+
+<figure>
+  <img src="http://github.com/static/images/openssh.png" alt="Illustration by Annie Ruygt of a terminal window, a computer and some numbers" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+A number of tools allow you to interact with your server over SSH. These tools are useful for tasks such as
+copying files ([rsync](https://rsync.samba.org/+external), [scp](https://en.wikipedia.org/wiki/Secure_copy_protocol+external), [sshfs](https://github.com/libfuse/sshfs#sshfs+external)), 
+editing ([emacs](https://www.gnu.org/software/emacs/manual/html_node/emacs/Remote-Files.html+external), [vim](https://www.vim.org/scripts/script.php?script_id=1075+external), [vscode](https://code.visualstudio.com/docs/remote/ssh+external)), and
+deployment ([ansible](https://www.ansible.com/+external), [github actions](https://github.com/marketplace/actions/ssh-deploy+external), and [kamal](https://kamal-deploy.org/+external)).
+
+One way to use these tools is to [set up a wireguard VPN](https://fly.io/docs/reference/private-networking/#install-your-wireguard-app) and
+[issue a new SSH credential](https://fly.io/docs/flyctl/ssh-issue/).  This may be impractical for some use cases (example: github actions).
+
+As an alternative, you can configure and deploy an SSH server on your machine(s).  This guide will walk you through the process.
+
+Before proceeding, a **caution**: unless you are **certain** that all of the clients will access this service through IPv6, you will need a [dedicated IPv4](https://fly.io/docs/reference/services/#dedicated-ipv4) address.
+
+## Install and configure opensshd
+
+Most Docker images are ultimately based on Debian, so the following will work.  Adjust as necessary for other operating systems (example: [Alpine](https://www.alpinelinux.org/+external)).
+
+```Dockerfile
+RUN apt-get update \
+ && apt-get install -y openssh-server \
+ && cp /etc/ssh/sshd_config /etc/ssh/sshd_config-original \
+ && sed -i 's/^#\s*Port.*/Port 2222/' /etc/ssh/sshd_config \
+ && sed -i 's/^#\s*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config \
+ && mkdir -p /root/.ssh \
+ && chmod 700 /root/.ssh \
+ && mkdir /var/run/sshd \
+ && chmod 755 /var/run/sshd \
+ && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+```
+
+Notes:
+ * This runs `sshd` internally on port 2222.  This is because by default `sshd` listens on all network interfaces,
+   but fly.io machines already are listening on port 22 on the private network (ipv6) interface, so sshd will
+   either complain or fail to start.  Additionally, `fly deploy` will attempt to verify that your application is
+   listening on the interfaces your application exports, and will incorrectly treat fly's listening on port 22 as
+   evidence that your application is up and running.
+ * Password Authentication is disabled.  This avoids unnecessary prompts.  We will be using SSH keys instead.
+ * The above assumes `root` user.  If your application is running under a different user, replace `/root` with the
+   home directory of that user (example: `/home/rails`).
+
+## Map internal port 2222 to external port 22
+
+Add the following to `fly.toml`:
+
+```
+[[services]]
+  internal_port = 2222
+  protocol = "tcp"
+  auto_stop_machines = true
+  auto_start_machines = true
+  [[services.ports]]
+    port = 22
+```
+
+This section is needed even if the internal and external ports are the same.
+
+Notes:
+
+* `internal_port` needs to match the port you selected in the previous step.
+* `port` can be any available port.  `22` is the [default port](https://www.ssh.com/academy/ssh/port+external) for SSH,
+  and the one that most applications expect to be used.
+* Like with your web server port, your server can be configured to spin down when idle and restart when accessed.
+  Feel free to adjust `auto_stop_machines` and `auto_start_machines` if your needs differ.
+
+## Start the openssh server
+
+There are a [number of ways to run multiple processes](../multiple-processes/).  The most straightforward
+way to start sshd before your application.  Locate the `ENTRYPOINT` in your Dockerfile.  If you don't have
+one, create a script in your application directory, name that script as the ENTYRPOINT, and make it
+executable.
+
+An example of such a script:
+
+```bash
+#!/bin/bash -e
+
+/usr/sbin/sshd
+
+exec "$@"
+```
+
+Note: the above needs to be run as root.  If your Dockerfile specifies another `USER`, you can work around this
+by installing and configuring `sudo` and then removing sudo access before running your main process.
+
+For example, if your userid is `rails`, you would add the following to your Dockerfile:
+
+```Dockerfile
+RUN apt-get install -y sudo && \
+    echo "%rails ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+```
+
+And then update your entrypoint script:
+
+```bash
+sudo /usr/sbin/sshd
+sudo sed -i "/^%rails/d" /etc/sudoers
+```
+
+The above commands will start `sshd` as root, then remove sudo access from your unprivileged userid.
+
+## Upload your SSH key
+
+First, locate your SSH key.  You can create a new key using [`ssh-keygen`](https://www.ssh.com/academy/ssh/keygen+external),
+Or you can use an existing one: look inside the `.ssh` folder in your home directory for a file with a name like `id_rsa.pub`.
+
+Once located, there are multiple ways to proceed.  Following you will find two ways.  Depending on the framework your
+application uses, you may have other ways to store credentials or environment variables.  As this step only deals with
+public keys, one need not take extraordinary measures to prevent leakage.
+
+### Alternative 1: Set and use a secret
+
+```bash
+fly secrets set "AUTHORIZED_KEYS=$(cat ~/.ssh/id_rsa.pub)"
+```
+
+Powershell users will want to use the following instead:
+
+```powershell
+fly secrets set "AUTHORIZED_KEYS=$(Get-Content $HOME\.ssh\id_rsa.pub)"
+```
+
+Next, update your entrypoint script to contain the following:
+
+```bash
+echo $AUTHORIZED_KEYS > /root/.ssh/authorized_keys
+```
+
+If you are running with sudo, you would want to do the following instead:
+
+```bash
+echo $AUTHORIZED_KEYS | sudo tee /root/.ssh/authorized_keys > /dev/null
+```
+
+### Alternative 2: Copy from a volume
+
+If you have a volume and if you can arrange to upload the file
+there, you can directly copy it as a part of your entrypoint script.
+
+```bash
+cp /volume/.ssh/authorized_keys /root/.ssh
+```
+
+## [RECOMMENDED] Make SSH host keys stable
+
+The first time you SSH into a server you will be presented with a fingerprint for the server you are accessing.
+If you accept that fingerprint, it will be added to your `known_hosts` file in your `.ssh` directory.  This key
+is generated when you install `openssh-server`.
+
+The issue arises when you redeploy your application.  If something changes (or your docker cache expires),
+the installation of `openssh-server` may be rerun, and new keys will be generated.  To avoid these keys from
+being used, you can capture and restore the keys.
+
+The following assumes that you have a [volume](../../apps/volume-storage/) mounted at `/volume`, and an entrypoint
+script.
+
+```bash
+mkdir -p /volume/.ssh
+
+if [[ "$(ls /volume/.ssh/*_key)" = "" ]]; then
+  cp /etc/ssh/*_key /volume/.ssh
+else
+  cp /volume/.ssh/*_key /etc/ssh
+fi
+```
+
+Notes:
+* These keys are expected to be private, so if you go with an alternate route, make sure that these values are
+  not committed to a public repository unencrypted.
+* If you are running with `sudo`, you need to add `sudo` before the `mkdir`, the `ls` and both of the `cp` statements.
+* If you have multiple machines, you may want all of them to [share the same keys](https://security.stackexchange.com/a/89621+external).
+
+## [OPTIONAL] Configure client user and aliases
+
+Your full dnsname may be a mouthful, the user the application runs under may be different than the one you use on your laptop.
+the port you expose may be non-standard, or you may have multiple machines and a desire to be able to SSH into a specific one.
+
+If any of these apply to you, you can create or update a file named [`config`](https://www.ssh.com/academy/ssh/config+external) in your `.ssh` directory.
+Following is an example that illustrates addressing a number of the above cases: 
+
+```config
+Host appname
+  Hostname appname.fly.dev
+  User rails
+  Port 2222
+Host *.appname
+  HostName %h.internal
+  ProxyJump rails@appname.fly.dev:2222
+  User rails
+  Port 2222
+```
+
+Additionally, if you want to avoid the fingerprint checking, you can add the following to each of the `Host` entries:
+
+```config
+StrictHostKeyChecking no
+```
+
+## Related reading
+
+- [`flyctl` SSH commands](https://fly.io/docs/flyctl/ssh/) Official reference for how to use `fly ssh`/`fly ssh sftp` to access running machines. 
+- [Multiple processes inside a Fly.io app](https://fly.io/docs/app-guides/multiple-processes/) Explains how to run multiple process groups in a single machine/container. Relevant when you’re adding `sshd` alongside your main app.
\ No newline at end of file
diff --git a/blueprints/per-user-dev-environments.html.md b/blueprints/per-user-dev-environments.html.md
new file mode 100644
index 0000000000..5321ebc3aa
--- /dev/null
+++ b/blueprints/per-user-dev-environments.html.md
@@ -0,0 +1,69 @@
+---
+title: Per-User Dev Environments with Fly Machines
+layout: docs
+nav: guides
+date: 2025-04-02
+---
+
+<figure>
+  <img src="http://github.com/static/images/per-user-dev.png" alt="Illustration by Annie Ruygt of different envrionments under glass domes" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Fly Machines are fast-launching VMs behind [a simple API](https://fly.io/docs/machines/api), enabling you to launch tightly isolated app instances in milliseconds [all over the world](https://fly.io/docs/reference/regions/).
+
+One interesting use case: running isolated dev environments for your users (or robots). Fly Machines are a safe execution sandbox for even the sketchiest user-generated (or LLM-generated) code.
+
+This guide explains how to use Fly Machines to securely host ephemeral development and/or execution environments, complete with [dynamic subdomain routing](/docs/networking/dynamic-request-routing) using `fly-replay`.
+
+## What your architecture should include
+
+- **Router app(s)**
+    - A Fly.io app to handle requests to wildcard subdomains (`*.example.com`). Uses `fly-replay` headers to transparently redirect each request to the correct app and machine. If you have clusters of users (or robots) in different geographic regions, you can spin up a router app in multiple regions. See [Connecting to User Machines](/docs/blueprints/connecting-to-user-machines/) for details on how to implement the routing pattern.
+- **User apps (pre-created)**
+    - Dedicated per-user (or per-robot) Fly apps ([more about why you should create a dedicated app per customer/robot](/docs/machines/guides-examples/one-app-per-user-why)), each containing isolated Fly Machines. App and Machine creation is not instantaneous, so we recommend provisioning a pool of these before you need them so you can quickly assign upon request.
+- **Fly Machines (with optional volumes)**
+    -  Fast-launching VMs that can be attached to persistent [Fly Volumes](/docs/volumes).
+
+### Example Architecture Diagram
+
+<img src="http://github.com/static/images/docs-sandbox-architecture.webp" alt="Diagram showing router app directing traffic to user apps containing Fly Machines with volumes">
+
+### Router app(s)
+
+Your router app handles all incoming wildcard traffic. Its responsibility is simple:
+
+- Extract subdomains (like `alice.example.com` → `alice-123`).
+- Look up the correct app (and optionally machine ID) for that user.
+- Issue a `fly-replay` header directing the Fly Proxy to [internally redirect the request](/docs/blueprints/connecting-to-user-machines/#using-fly-replay) (this should add no more than ~10 milliseconds of latency if the router app is deployed close to the user).
+- When appropriate, use [replay caching](/docs/networking/dynamic-request-routing/#replay-caching) to further reduce latency and load on the router app.
+- Make sure you've added [a wildcard domain](/docs/networking/custom-domain/#get-certified) (*.example.com) to your router app (read more about the [certificate management endpoint here](/docs/networking/custom-domain-api/)).
+
+### User apps
+
+Creating apps dynamically for each user at request time can be slow. To ensure fast provisioning:
+
+- **Pre-create** a pool of Fly apps and machines ahead of time (using the [Fly Machines API or CLI](/docs/apps/overview/)).
+- Store app details (e.g., app_name: `alice-123`) in a datastore accessible to your router app.
+- Assign apps to users at provisioning time.
+
+**Fly Machines**
+
+You'll want to spin up at least one Machine per user app (but apps can have as many Machines as needed). If your dev environments need persistent storage (data that should survive Machine restarts):
+
+- Attach Fly Volumes to each machine at creation time.
+- Keep in mind that machine restarts clear temporary filesystem state but preserve volume data.
+- Learn more about the [Machines API resource](/docs/machines/api/machines-resource/) and the [Volumes API resource](/docs/machines/api/volumes-resource/). 
+
+## Pointers & Footguns
+
+- **Machines & volumes are tied to physical hardware:** hardware failures can destroy machines and attached volumes. **Always persist important user data** (code, config, outputs) to external storage (like [Tigris Data](/docs/tigris/#main-content-start) or AWS S3).
+- **Your users will break their environments:** pre-create standby machines to handle hardware & runtime failures, or the inevitable user or robot poisoned environment. Pre-create standby machines that you can quickly activate in these scenarios.
+- **Machine restarts reset ephemeral filesystem:** the temporary Fly Machine filesystem state resets on Machine restarts, ensuring clean environments. However, volume data remains persistent, making it useful for retaining user progress or state.
+
+## Related reading
+
+- [Connecting to User Machines](/docs/blueprints/connecting-to-user-machines/) How to manage routing and networking when you spin up a fleet of machines dedicated to individual users.
+- [Multi‑container Machines](/docs/machines/guides-examples/multi-container-machines/) When your per‑user environment needs sidecars (logs, metric exporters, agent processes) alongside the main service.
+
diff --git a/blueprints/private-applications-flycast.html.md b/blueprints/private-applications-flycast.html.md
new file mode 100644
index 0000000000..932efdacda
--- /dev/null
+++ b/blueprints/private-applications-flycast.html.md
@@ -0,0 +1,199 @@
+---
+title: Run private apps with Flycast
+layout: docs
+sitemap: true
+nav: guides
+author: xe
+categories:
+  - networking
+date: 2024-06-17
+---
+
+<center><iframe width="600" height="315" src="https://www.youtube-nocookie.com/embed/PR0rzkwKwFA" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></center><br />
+
+## Overview
+
+A lot of the time your applications are made to be public and shared with the world. Sometimes you need to be more careful. When you deploy your apps on Fly.io, you get a private network for your organization. This lets your applications in other continents contact each other like they were in the same room.
+
+Sometimes you need a middle ground between fully public apps and fully private apps. [Flycast](/docs/networking/flycast/) addresses are private but global IPv6 addresses inside your private network that go through the Fly Proxy, so you get all of the load management and Machine waking powers that you get for free with public apps.
+
+This blueprint covers what Flycast is, when and why you’d want to use it, and shows you how to create an instance of Ollama that you can connect to over Flycast.
+
+## What is Flycast?
+
+Before we get started, let’s talk about Flycast and when you would want to use it. In general we can split every kind of Fly App into two categories: public apps and private apps.
+
+A public app is what you’d expose to the public Internet for your users. These are usually hardened apps that allow users to do some things, but have access limitations that prevent them from stepping outside their bounds. These are mostly programs that listen over HTTP for browsers to interact with. Your users connect to a public app through the platform router via the .fly.dev domain or whatever other domain you’ve set up.
+
+A private app is something internal, like a database server or a worker queue. These are things that run in the background and help you get things done, but are intentionally designed to NOT be exposed to the public Internet. You wouldn’t want to expose your Postgres or Valkey servers to anyone, would you?
+
+However, with a fully private app, all connections go directly to the Machines via their .internal addresses, so you have to keep them running 24/7 to maintain connectivity. This is fine for services like database engines where you want them to be running all the time, but what about an admin panel? You want your admin panel to be separate from your main app so that users can ever get into it, even by accident, but you also want it to shut down when it’s not in use.
+
+Flycast exists for this middle category of apps. With Flycast, your apps are only visible over your organization’s private network, but any traffic to them goes through the proxy so they can turn on when you need them and turn off when you don’t. This allows your administrative panels to be physically separate so that users can’t access them.
+
+When you want to connect to an app via Flycast, you connect to `appname.flycast`.
+
+### Security note
+
+Just a heads-up. In general, it’s a bad idea to assume that network access barriers like Flycast or NAT are security layers. At best, this is an obfuscation layer that makes it more difficult for attackers to get into private applications. Flycast is not a replacement for authentication in your private applications. With Flycast, you don’t know _who_ a request is coming from, but you do know that it’s coming from _something_ or _someone_ in your private network.
+
+One of the biggest platform features that uses Flycast out of the box is Fly Postgres. Even though Flycast addresses are local to your private network, Fly Postgres still configures usernames and passwords for your database.
+
+## Goal
+
+We'll show Flycast off by setting up an instance of [Ollama](https://ollama.com+external).
+
+Ollama is a program that wraps large language models and gives you an interface like Docker so that you can run open-weights large language models privately on your own device. Large language models are computationally expensive to run, so being able to offload them to a GPU-powered Fly Machine means you can hack all you want without burning up your precious battery life.
+
+Ollama doesn’t ship with authentication by default. When you create an instance of Ollama, anyone can access it without entering in a username, password, or API key. This is fine for running your models on your own computer; but it means that if you expose it to the internet, anyone can use it and run models whenever they want. This could rack up your bill infinitely.
+
+This is where Flycast comes in. Flycast lets you run a copy of Ollama on your private network so that you and your apps can access it, but nobody else. Flycast also lets you have the platform turn off your Ollama server when you’re not using it, which will save you money. This fits into that middle ground case that Flycast covers perfectly.
+
+## Prerequisites
+
+To get started, you need to do the following:
+
+- [sign up or sign in](/docs/getting-started/sign-up-sign-in/) to Fly.io
+- [install flyctl](/docs/flyctl/install/) (the Fly CLI)
+
+If you want to interact with your Flycast apps&mdash;like an Ollama instance&mdash;from your computer, you’ll need to [jack into your private network with WireGuard](/docs/blueprints/connect-private-network-wireguard/).
+
+## Steps
+
+Create a new folder on your computer called `ollama`. This is where we’ll put the Ollama configuration. Open a terminal in that folder and run the fly launch command:
+
+```
+fly launch --from https://github.com/fly-apps/ollama-demo --no-deploy
+```
+
+This command creates a new fly app from the [`ollama-demo` template](https://github.com/fly-apps/ollama-demo+external) and tells the flyctl command to not deploy it after you create the app. If we don’t do this, then the platform will create public IPv4 and IPv6 addresses, which will make this a public app. The name you choose when you create your app will be used to connect to your app over Flycast.
+
+Next, allocate a Flycast address for your app with the `fly ips allocate-v6` command:
+
+```
+$ fly ips allocate-v6 --private
+```
+
+Now you can deploy the app with the `fly deploy` command:
+
+```
+$ fly deploy
+```
+
+After that finishes, you can see the list of IP addresses associated to an app with `fly ips list`:
+
+```
+$ fly ips list
+VERSION	IP                	TYPE   	REGION	CREATED AT
+v6     	fdaa:3:9018:0:1::7	private	global	23h12m ago
+
+Learn more about [Fly.io public, private, shared and dedicated IP addresses](/docs/reference/services/#ip-addresses).
+```
+
+This app only has one IP address: a private Flycast IPv6 address. If had public IP addresses, it'd look like this:
+
+```
+$ fly ips list -a recipeficator
+VERSION	IP                    	TYPE              	REGION	CREATED AT
+v6     	2a09:8280:1::37:7312:0	public (dedicated)	global	May 30 2024 13:51
+v4     	66.241.124.113        	public (shared)   	      	Jan 1 0001 00:00
+```
+
+Now that we've proven it's private, let’s open an interactive shell Machine to play around with Flycast. Create the shell Machine with `fly machine run`:
+
+```
+$ fly machine run --shell ubuntu
+root@e784127b51e083:/#
+```
+
+The Ubuntu image we chose is very minimal, so we need to install a few tools such as ping, curl, and dig:
+
+```
+# apt update && apt install -y curl iputils-ping dnsutils
+```
+
+My app is named`xe-ollama`, so let’s look up its `.flycast` address with `nslookup xe-ollama.flycast`:
+
+```
+# nslookup xe-ollama.flycast
+Server:		fdaa::3
+Address:	fdaa::3#53
+
+Name:	xe-ollama.flycast
+Address: fdaa:3:9018:0:1::7
+```
+
+It matches that IP address from earlier. Now let’s see what happens when we ping it:
+
+```
+# ping xe-ollama.flycast -c2
+PING xe-ollama.flycast (fdaa:3:9018:0:1::7) 56 data bytes
+64 bytes from fdaa:3:9018:0:1::7: icmp_seq=1 ttl=63 time=0.138 ms
+64 bytes from fdaa:3:9018:0:1::7: icmp_seq=2 ttl=63 time=0.223 ms
+
+--- xe-ollama.flycast ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 1009ms
+rtt min/avg/max/mdev = 0.138/0.180/0.223/0.042 ms
+```
+
+Perfect, now let’s make a request to the Ollama app with curl:
+
+```
+# curl http://xe-ollama.flycast
+```
+
+It took a moment for Ollama to spin up, and now we get a happy “Ollama is running” message. Wait a few moments so your Ollama app goes to sleep and run the `time` command to see how long the first request takes:
+
+```
+# time curl http://xe-ollama.flycast
+Ollama is running
+real	0m9.144s
+user	0m0.003s
+sys		0m0.003s
+```
+
+It took a few seconds for the platform to wake up Ollama and make sure it was ready for your requests. The next request is a lot faster:
+
+```
+# time curl http://xe-ollama.flycast
+Ollama is running
+real	0m0.043s
+user	0m0.003s
+sys		0m0.003s
+```
+
+And if you wait a few moments, it’ll spin back down.
+
+### Running Llama 3
+
+Now that we’ve set up Ollama and demonstrated the platform turning it off and on for you, let’s run Llama 3. Exit out of that shell Machine with control-D so we can make a new one with the Ollama client installed.
+
+Create an Ollama shell using `fly machine run`:
+
+```
+$ fly machine run --shell ollama/ollama
+```
+
+Once that starts up, point the Ollama client to your Flycast app by setting the `OLLAMA_HOST` environment variable:
+
+```
+# export OLLAMA_HOST=http://xe-ollama.flycast
+```
+
+Then you can ask Llama 3 anything you want:
+
+```javascript
+# ollama run llama3 "Why is the sky blue?"
+```
+
+It took a moment for Ollama to get ready and download the image, then it downloaded it and answered your question. Once it’s been idle for a moment, the platform will turn Ollama back off.
+
+And there we go! We’ve covered what Flycast is, why you’d want to use it, and set up an instance of Ollama to show it off.
+
+## Related reading
+
+We've talked about Flycast in some past blog posts and blueprints:
+
+- [Autostart and autostop private apps](/docs/blueprints/autostart-internal-apps/)
+- [Deploy Your Own (Not) Midjourney Bot on Fly GPUs](https://fly.io/blog/not-midjourney-bot/)
+- [Scaling Large Language Models to zero with Ollama](https://fly.io/blog/scaling-llm-ollama/)
diff --git a/blueprints/remote-mcp-servers.html.md b/blueprints/remote-mcp-servers.html.md
new file mode 100644
index 0000000000..90c5f2b01c
--- /dev/null
+++ b/blueprints/remote-mcp-servers.html.md
@@ -0,0 +1,75 @@
+---
+title: Deploying Remote MCP Servers
+layout: docs
+nav: guides
+date: 2025-04-15
+---
+
+<figure>
+  <img src="http://github.com/static/images/remote-mpc.png" alt="Illustration by Annie Ruygt of bird working at their computer while drinking coffee" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+The Model Context Protocol (MCP) is a fun new way to give LLMs new powers. Originally developed by Anthropic, the protocol has since been adopted by OpenAI (with Google Gemini support in the works at the time of writing).
+
+The protocol defines a standardized way of connecting tools and providing additional context to LLMs, not dissimilar to the way USB provides a standardized way to connect computers to peripherals and devices. Fly Machines are tightly isolated VMs that are perfect for running MCP servers.
+
+This guide will help you understand, at a very high level, how to build, deploy, and connect remote MCP servers on Fly.io. Keep in mind that this is an nascent, still-emerging protocol – details are subject to change. For specific implementation details,  the [Model Context Protocol](https://modelcontextprotocol.io/) site is the authoritative source of truth (complete with [a handy .txt version for LLM prompting](https://modelcontextprotocol.io/llms-full.txt)).
+
+We've also started to integrate some MCP tooling into the `flyctl` that should give you a more concrete sense of how you might deploy MCP servers on Fly.io (read more in [this community forum post](https://community.fly.io/t/running-mcps-on-and-with-fly-io/24588)). Note that our MCP implementation is experimental and may still have sharp edges!
+
+## Remote MCP Servers
+
+MCP to date has been largely local-only, but the protocol also [specs out transports](https://modelcontextprotocol.io/specification/2025-03-26/basic/transports) for remote MCP servers. Remote MCP servers solve a bunch of problems:
+
+- Easier to update a centralized server instead of dispersed, local packages
+- You can give  MCP clients persistent connections that don't evaporate when someone closes their laptop
+- Securely sandbox MCP server activity in case the robots go rogue
+
+## Single Tenant or Multi-tenant
+
+There are broadly two patterns you might want to follow when deploying a remote MCP server to Fly.io:
+
+1. Multi-tenant MCP server (one app, many users)
+2. Single-tenant MCP servers (one app per user)
+
+We're partial to the single-tenant pattern – it ensures proper isolation, and also helps with minimize your Fly.io bill: unused Machines can stop and start as needed, so you won't waste resources on idle users (more about why we think one app per customer is the right pattern [here](https://fly.io/docs/machines/guides-examples/one-app-per-user-why/)). `fly-replay` makes it easy to route requests to the correct app / Fly Machine (see more detail about this pattern in [Per-user Dev Environments with Fly Machines](https://fly.io/docs/blueprints/per-user-dev-environments/)).
+
+## Multi-tenant MCP Servers
+
+<img src="http://github.com/static/images/docs-mcp-multi-tenant.webp" alt="Diagram showing multi-tenant MCP server architecture on Fly.io">
+
+You'll need two main components:
+
+1. **MCP-Remote Shim (optional)**: Tiny client-side proxy that connects local MCP clients to your remote servers (only needed if the MCP client doesn't support auth and / or streamable HTTP requests to a remote MCP server). Handles authentication via a secret shared between the shim and the router app (authentication could be a simple API token, username + password, or a full OAuth dance). Securely stores and refreshes tokens as needed. To see an example, try the experimental `fly mcp proxy` command in the `flyctl`. This sets up a local proxy that forwards MCP client requests to a remote URL (more details in [the docs](https://fly.io/docs/flyctl/mcp) and [the community forum](https://community.fly.io/t/running-mcps-on-and-with-fly-io/24588)).
+2. **MCP Server App**: This runs the actual MCP goodness and authenticates requests from the MCP client. Should have a single streamable HTTP endpoint path for MCP client connections, as well as any specific business logic or other integrations. To try our implementation, include the experimental `fly mcp wrap` command in the Dockerfile for your MCP server app. This instantiates a lightweight HTTP server to receive requests forwarded from the local MCP client via `fly mcp proxy` (more details in [the docs](https://fly.io/docs/flyctl/mcp) and [the community forum](https://community.fly.io/t/running-mcps-on-and-with-fly-io/24588)).
+
+## Single-tenant MCP Servers
+
+<img src="http://github.com/static/images/docs-mcp-single-tenant.webp" alt="Diagram showing single-tenant MCP server architecture on Fly.io">
+
+There are three main components:
+
+1. **Router App**: Receives requests from the MCP client and handles auth, then routes requests to per-user apps + Fly Machines with `fly-replay`. See [Connecting to User Machines](/docs/blueprints/connecting-to-user-machines/) for details on implementing the routing pattern. Optionally handles user management and permissions. You can use the experimental `fly mcp wrap` command in the Dockerfile of your router app to instantiate a lightweight HTTP server to receive requests forwarded from a local MCP client (more details in [the docs](https://fly.io/docs/flyctl/mcp) and [the community forum](https://community.fly.io/t/running-mcps-on-and-with-fly-io/24588)). Note that `fly mcp wrap` does not handle request routing – you'll have to implement that separately.
+2. **MCP Server Apps**: Per-user (or per-team) apps that run the actual MCP goodness. Should have a single streamable HTTP endpoint path for MCP client connections, as well as any specific business logic or other integrations. 
+3. **MCP-Remote Shim (optional)**: Tiny client-side proxy that connects local MCP clients to your remote servers (only needed if the MCP client doesn't support auth and / or streamable HTTP requests to a remote MCP server). Handles authentication via a secret shared between the shim and the router app (authentication could be a simple API token, username + password, or a full OAuth dance). Securely stores and refreshes tokens as needed. To see an example, try the experimental `fly mcp proxy` command in the `flyctl`, which sets up a local proxy that forwards MCP client requests to a remote URL (more details in [the docs](https://fly.io/docs/flyctl/mcp) and [the community forum](https://community.fly.io/t/running-mcps-on-and-with-fly-io/24588)).
+
+## How Users Experience It
+
+From your users' perspective, the experience should be delightfully simple:
+
+1. They add a new MCP server to their MCP client with a simple one-liner
+2. If needed, the user is walked through an authentication flow (ie a browser window pops open to kick off the OAuth dance or provide an API key)
+3. After logging in, the MCP client can now access all the tools you've exposed
+4. The connection persists across restarts without re-authentication
+
+## Taking It Further
+
+If you'd like your MCP servers to connect to third party OAuth APIs without having to directly handle API tokens, consider using [ssokenizer](https://github.com/superfly/ssokenizer) (or [tokenizer](https://github.com/superfly/tokenizer) for generic, non-OAuth flows).
+
+## Related reading
+
+- [Model Context Protocol (MCP) Documentation](/docs/mcp/) Learn more in our reference for MCP: what it is, how it works, and how to deploy servers.  
+- [Connecting to User Machines](/docs/blueprints/connecting-to-user-machines/) Find out about patterns for routing from a central router app to per‑user apps/machines via `fly‑replay`, which is useful when you build single‑tenant MCP setups.  
+- [Launching MCP Servers with flyctl](/docs/flyctl/mcp-server/) Read about the experimental `fly mcp server` command: how to start a local or remote MCP server using `flyctl`, including flags and usage.  
diff --git a/blueprints/resilient-apps-multiple-machines.html.md b/blueprints/resilient-apps-multiple-machines.html.md
new file mode 100644
index 0000000000..719e8f2bde
--- /dev/null
+++ b/blueprints/resilient-apps-multiple-machines.html.md
@@ -0,0 +1,175 @@
+---
+title: Resilient apps use multiple Machines
+layout: docs
+nav: guides
+date: 2025-09-12
+---
+
+<figure>
+  <img src="http://github.com/static/images/resilient-apps.png" alt="Illustration by Annie Ruygt of an armoured truck with a Fly balloon logo" class="w-full max-w-lg mx-auto">
+</figure>
+
+<div class="callout">
+**Fly Machines are fast-launching VMs, the basic compute unit of the Fly.io platform. Each Machine runs on a single physical host. If that host fails, the Machine goes down and does not automatically start again on another host.**
+</div>
+
+## Overview
+
+To make your app resilient to single-host failure, create at least two Machines per app or process. Fly Proxy autostop/autostart and standby Machines are built-in platform features that you can use to start extra Machines only when needed.
+
+---
+
+## Resiliency: Why and When
+
+Why resiliency? Machines are great until they aren’t. Hosts fail. Regions go dark. Networks get flaky. If your app only runs on one Machine, any of those failures means downtime. Running more than one Machine, or spreading them across regions, is how you keep the lights on when the infrastructure underneath you stumbles.
+
+### When to use it
+
+If you are building something people rely on, you probably want some resiliency. That includes production apps with paying users, customer-facing services where downtime makes people angry, or global apps that need to respond quickly no matter where users are. Regulations can also push you here if you are required to keep systems up in specific geographies.
+
+### When it might not be worth it
+
+For some apps, downtime just does not matter very much. A side project, a staging environment, or an internal tool might run fine on a single Machine. If the stakes are low, adding extra Machines can be more complexity than you need.
+
+### Performance
+
+Machines are really fast to start and stop. If your app has a lot of users, or bursts of high usage, then the Fly Proxy can load balance requests and automatically stop and start Machines based on traffic to your app. Keep one or more Machines running all the time if your app needs even faster first response times.
+
+### Costs
+
+You pay only for `rootfs` when Machines aren't running, not for CPU and RAM. Machine rootfs is [cheap](/docs/about/pricing/#stopped-fly-machines), like 18 cents a month for an average Elixir app that uses 1.2 GB of rootfs.
+
+---
+
+## Multiple Machines for apps with services
+
+You can add more Machines for Fly Proxy to start and stop as needed, which is great for apps that have built-in replication or that don't share data.
+
+### You get two Machines on first deploy
+
+When you deploy an app for the first time with the `fly launch` or `fly deploy` command, you automatically get two identical Machines for processes that have HTTP/TCP services configured in `fly.toml`. The Machines have autostop/autostart enabled so that Fly Proxy can start and stop them based on traffic to your app. You'll also get this default redundant Machine when you `fly deploy` after scaling to zero.
+
+<div class="important icon">
+**Volumes:** You'll only get one Machine with `fly launch` for processes or apps with volumes mounted. Volumes don't automatically replicate your data for you, so you'll need to set that up before intentionally creating more Machines with volumes.
+</div>
+
+### Add more Machines yourself
+
+If your app doesn't already have multiple Machines with autostop/autostart configured, then you can set it up yourself. You can create any number of Machines to both meet user demand and provide redundancy against host failures.
+
+#### 1. Set up autostop/autostart
+
+Use [Fly Proxy autostop/autostart](/docs/launch/autostop-autostart/) to automatically stop and start Machines based on traffic. Keep one or more Machines running in your primary region if you want to. Example `fly.toml` config:
+
+```toml
+[http_service]
+  internal_port = 8080
+  force_https = true
+  auto_stop_machines = "stop" # Fly Proxy stops Machines based on traffic
+  auto_start_machines = true # Fly Proxy starts Machines based on traffic 
+  min_machines_running = 0 # No. of Machines to keep running in primary region
+  [http_service.concurrency]
+    type = "requests"
+    soft_limit = 200 # Used by Fly Proxy to determine Machine excess capacity
+```
+
+Fly Proxy uses the concurrency `soft_limit` to determine if Machines have excess capacity. Learn more about [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/).
+
+**Using the Machines API:** To add or change the autostop/autostart settings with the Machines API, use the settings in the `services` object of the [Machine config](/docs/machines/api/machines-resource/#machine-config-object-properties) in your `create` or `update` calls.
+
+#### 2. Create more Machines
+
+Create extra Machines, or even just one extra Machine, using flyctl:
+
+```
+fly scale count 2
+```
+
+Or deploy even more Machines in more than one region:
+
+```
+fly scale count 20 --region ams,ewr,gig
+```
+
+Learn more about [scaling the number of Machines](/docs/apps/scale-count/).
+
+**Using the Machines API:** To scale the number of Machines with the Machines API, you can "clone" Machines. Get and modify a Machine config and use that config to create new Machines in any region. See the[ Machines resource docs](/docs/machines/api/machines-resource/).
+
+---
+
+## Standby Machines for apps without services
+
+When apps or processes are running tools like cron that don't require local storage or accept external requests, it's common to run only one Machine. Since these Machines don't have services configured, they can't be automatically started and stopped by the Fly Proxy. To add redundancy against host failures for this kind of Machine, use a standby Machine; it stays stopped and ready to take over in case the original Machine becomes unavailable.
+
+Unlike Fly Proxy autostop/autostart, which starts Machines based on app traffic, a standby Machine watches the Machine it's paired to and starts only if that Machine becomes unavailable. Learn more about [standby Machines](/docs/reference/app-availability/#standby-machines-for-process-groups-without-services).
+
+### You get a standby Machine on first deploy
+
+When you deploy an app for the first time with the `fly launch` or `fly deploy` command, you automatically get a standby Machine for processes that don't have services configured in `fly.toml` (and therefore aren't visible to Fly Proxy). That standby Machine is a copy of the original, running Machine. You'll also get this standby Machine when you `fly deploy` after scaling to zero.
+
+### Create a standby Machine yourself
+
+If you don't already have a standby Machine for your worker Machines, then you can create one yourself.
+
+To create a standby Machine that will take over the same tasks when a worker Machine is down, use this one command to clone the worker Machine and make the clone a standby:
+
+```
+fly machine clone <worker machine id> --standby-for <worker machine id>
+```
+
+**Using the Machines API:** To create a standby Machine with the Machines API, get and modify your worker Machine config and use that config to create a new standby Machine. Specify the standby in the Machine's config object: [config.standbys](/docs/machines/api-machines-resource/#machine-config-object-properties).
+
+### Bonus uses for standby Machines
+
+A standby Machine doesn't need to be a copy of the Machine it's watching. You can configure the standby Machine to run with any image you like when a watched Machine becomes unavailable; you can use it to run a recovery script, trigger alerts, or anything else. You can create a standby Machine for any Machine, including one with services.
+
+To create a standby Machine from a different image:
+
+```
+fly machine run <image> --standby-for <machine-id>
+```
+
+---
+
+## Scaling to multiple regions
+
+Running multiple Machines in one region protects you from host failures. But entire regions can fail too. Power cuts, network issues, and upstream outages do not happen often, but when they do, every Machine in that region goes down. If your app needs to weather that kind of failure, the next step is spreading out across regions.
+
+### When to use it
+
+Multi-region setups make sense when uptime really matters. That might mean production systems with strict SLAs, customer-facing apps where downtime causes pain, or global services that need to stay responsive close to users. Regulations can also be a factor if you need to keep infrastructure running in specific geographies.
+
+### Example
+
+You can place Machines in more than one region with a single command:
+
+```
+fly scale count 6 --region ams,ewr,syd
+```
+
+This example runs two Machines in Amsterdam, two in New Jersey, and two in Sydney. Fly Proxy will route users to the closest healthy region.
+
+One important caveat: volumes do not replicate across regions. If your app writes data, you need to think carefully about where that data lives and how it syncs. A common approach is to keep one primary “write” region and treat others as read-only.
+
+### Keep in mind
+
+Multi-region comes with real advantages, but also some trade-offs. Users near your regional Machines will see faster responses, but coordinating data across regions is hard, especially since most apps are not designed for global writes. And while redundancy improves reliability, it also increases your costs: more Machines in more places means more expense, and cross-region traffic can add up quickly.
+
+---
+
+## Summing up
+
+Resiliency builds in layers. At the base, you have a single Machine: cheap, simple, and fragile. Add a second Machine in the same region and you are protected from host failures. Spread Machines across regions and you are resilient to outages that take down an entire site, with the added bonus of faster responses for users around the world.
+
+Each layer improves availability, but it also adds cost and complexity. The right choice depends on what you are building and who is depending on it.
+
+Whatever strategy you choose, practice it. Do not wait for a real outage to find out how your app behaves. Stop a Machine and see if traffic shifts. Kill a region and watch how your data layer responds. A resiliency plan only works if you have rehearsed it enough to trust it.
+
+## Related reading
+
+If you want to dig deeper into how Fly apps stay available and what failure modes to expect, these are good next steps:
+
+- [App availability and resiliency](/docs/apps/app-availability/): An overview of the all features that can make your app more resistant to events like hardware failures or outages.
+- [Multi-region with Fly-Replay](/docs/blueprints/multi-region-fly-replay/): How to serve reads close to users and route writes back to a primary region.
+- [Machine placement and regional capacity](/docs/machines/guides-examples/machine-placement/): How Fly decides where to place your Machines, how to guide placement yourself, and what happens when a region runs out of capacity.
+- [Run Ordinary Rails Apps Globally](/ruby-dispatch/run-ordinary-rails-apps-globally/): Project-level example of Rails distributed across regions with smart routing.
diff --git a/blueprints/review-apps-guide.html.md b/blueprints/review-apps-guide.html.md
new file mode 100644
index 0000000000..d59e192be3
--- /dev/null
+++ b/blueprints/review-apps-guide.html.md
@@ -0,0 +1,175 @@
+---
+title: "Git Branch Preview Environments on Github"
+layout: docs
+nav: guides
+categories:
+  - ci
+  - github
+  - guide
+  - review apps
+  - cd
+redirect_from: /docs/app-guides/review-apps-guide/
+---
+
+<figure>
+  <img src="http://github.com/static/images/review-apps-github.png" alt="Illustration by Annie Ruygt of Github Octocat and Frankie with some apps" class="w-full max-w-lg mx-auto">
+</figure>
+
+# Overview
+
+Review apps are a great way to preview new features, changes, and bug fixes. This guide will teach you how to automatically generate ephemeral "review apps" on Fly.io for each pull request (PR) using GitHub Actions. This approach can be applied to other Git services and source code versioning software that supports branching and hooks.
+
+## Quick Start
+
+If you've worked with GitHub Actions before and want to jump right in, here are the steps to take:
+
+1. Create a new repository secret on your GitHub repository called `FLY_API_TOKEN` and provide it with the returned value of `fly tokens org <ORG NAME>`
+1. Create a new workflow in your project at `.github/workflows/fly-review.yml` and add the following [YAML code](https://gist.github.com/anniebabannie/3cb800f2a890a6f3ed3167c09a0234dd).
+1. Commit and push the changes containing your GitHub workflow.
+
+And that's it! Any new pull requests will trigger the creation of review apps for your application.
+
+By default, review apps will be available at `https://pr-<PR number>-<repository owner>-<repository name>.fly.dev`.
+
+The workflow described above will spin up a **single application** without other resources; if data stores, multiple Fly Apps, or other resources are required, see [Customizing your workflow](#customize-your-workflow).
+
+
+For more details about each step, follow the guide below.
+
+## Setting up review apps on Fly.io
+
+### Set your Fly API token
+
+Your GitHub Action will need a Fly API token to deploy and manage new review apps on Fly.io. You can get this token using the following [flyctl](/docs/flyctl/install/) command:
+
+```cmd
+fly tokens org <ORG NAME>
+```
+
+This token is specific to a single Fly.io organization and is valid for applications belonging the that organization.
+
+Next, let's save our API token as a secret in our GitHub repository. Visit the Settings tab in your repository, then Secrets and variables → Actions. Alternatively, you can visit `https://github.com/<username or org>/<repository>/settings/secrets/actions`. There, create a new **Repository Secret** called `FLY_API_TOKEN` with the value of your token.
+
+### Create your GitHub Action
+
+Next, let's create a new GitHub Action by creating a new YAML file in your app's repository for our workflow:
+
+```cmd
+touch .github/workflows/fly-review.yml
+```
+
+Then add the following to your new `fly-review.yml` file:
+
+```yaml
+name: Deploy Review App
+on:
+  # Run this workflow on every PR event. Existing review apps will be updated when the PR is updated.
+  pull_request:
+    types: [opened, reopened, synchronize, closed]
+
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+  # Set these to your Fly.io organization and preferred region.
+  FLY_REGION: iad
+  FLY_ORG: personal
+
+jobs:
+  review_app:
+    runs-on: ubuntu-latest
+    outputs:
+      url: ${{ steps.deploy.outputs.url }}
+    # Only run one deployment at a time per PR.
+    concurrency:
+      group: pr-${{ github.event.number }}
+
+    # Deploying apps with this "review" environment allows the URL for the app to be displayed in the PR UI.
+    # Feel free to change the name of this environment.
+    environment:
+      name: review
+      # The script in the `deploy` sets the URL output for each review app.
+      url: ${{ steps.deploy.outputs.url }}
+    steps:
+      - name: Get code
+        uses: actions/checkout@v4
+
+      - name: Deploy PR app to Fly.io
+        id: deploy
+        uses: superfly/fly-pr-review-apps@1.2.1
+```
+
+In the `deploy` step, `superfly/fly-pr-review` contains the custom Action with a shell script that creates and deploys your review apps. If you're curious, check out [entrypoint.sh](https://github.com/superfly/fly-pr-review-apps/blob/main/entrypoint.sh) for full details on how the script works.
+
+### Commit and push your workflow
+
+Finally, commit and push your changes to your GitHub repository. Once pushed, any new PRs will spin up a review app for you to preview your code on Fly.io.
+
+## Customize your workflow
+
+Often our applications do not operate in isolation and require other resources to function. The sample workflow mentioned above spins up a stand-alone Fly App, but you can customize your `fly-review.yml` GitHub workflow to create additional Fly Apps and resources, such as a Redis, Memcached, etc. You can find examples of these in the [README](https://github.com/superfly/fly-pr-review-apps/tree/main) for `superfly/fly-pr-review-apps`.
+
+### Customize with inputs
+
+The `superfly/fly-pr-review-apps` custom GitHub Action also provides a number of **inputs** that can be added to tweak behavior. See the [README](https://github.com/superfly/fly-pr-review-apps/tree/main) for the complete list.
+
+These inputs can be added to the `deploy` step in your workflow using the `with` key, like so:
+
+```yaml
+# fly-review.yml
+# ...
+    steps:
+      # ...
+      - name: Deploy PR app to Fly.io
+        id: deploy
+        uses: superfly/fly-pr-review-apps@1.2.0
+        with:
+          name: my-app-name-pr-${{ github.event.number }}
+          config: fly.review.toml
+```
+
+### Defining resource specs
+
+You probably won't need the same specifications for the Fly Machines used by review apps as you do for your production app. There are two ways to override the resources used in review apps.
+
+**1. Specifying a different `config` file:** By default, review apps will use the `fly.toml` in your application root, but you can create a separate TOML file with different specs using the `config` input, like so:
+
+```yaml
+# fly-review.yml
+# ...
+    steps:
+      # ...
+      - name: Deploy PR app to Fly.io
+        id: deploy
+        uses: superfly/fly-pr-review-apps@1.2.0
+        with:
+          config: fly.review.toml
+```
+
+**2. Setting specs in GitHub Action inputs:** Alternatively, you can set the specs for the Fly Machines used by your review apps using the following inputs:
+
+- `vmsize`
+- `cpu`
+- `cpukind`
+- `memory`
+- `ha`
+
+### Default secrets and environment variables
+
+We recommend setting default values for any secrets or environment variables your review apps require so you don't have to set them individually. You can do this by defining each secret as either a **repository secret** _or_ an **environment secret** in your GitHub repo. If using environment secrets, these should be set on the environment used in your workflow, such as `review`.
+
+Once you have your secrets and environment variables set in GitHub, add each of them to your `fly-review.yml` workflow, separated by a space, like so:
+
+```yaml
+# fly-review.yml
+# ...
+    steps:
+      # ...
+      - name: Deploy PR app to Fly.io
+        id: deploy
+        uses: superfly/fly-pr-review-apps@1.2.0
+        with:
+          secrets: FOOBAR=${{ secrets.FOOBAR }} SOME_API_KEY=${{ secrets.SOME_API_KEY}}
+```
+## Related Reading
+
+- [Continuous Deployment with Fly.io and GitHub Actions](/docs/launch/continuous-deployment-with-github-actions/) Shows how to set up automated CI/CD pipelines using GitHub Actions and Fly.io — a natural complement to per‑PR review deployments.
+- [Get information about an app](/docs/apps/info/) A handy guide to inspecting apps, machines, statuses via CLI/API — useful when you’re creating and destroying review apps on pull requests.
\ No newline at end of file
diff --git a/blueprints/rollback-guide.html.md b/blueprints/rollback-guide.html.md
new file mode 100644
index 0000000000..89ea2ab437
--- /dev/null
+++ b/blueprints/rollback-guide.html.md
@@ -0,0 +1,134 @@
+---
+title: Rollback Guide
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-08-22
+---
+
+<figure>
+  <img src="http://github.com/static/images/rollback-guide.png" alt="Illustration by Annie Ruygt of a Frankie the hot air balloon helping his developer friend roll back a bad deploy" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview: Why rollback?
+
+Fly.io runs your apps close to your users, in VMs you can spin up and tear down in seconds. But what if you spin up something broken? If a deploy goes wrong, it’s easy to roll back: just tell Fly to redeploy a previous image. There’s no special `rollback` command because you don’t need one. Rollbacks use the same deploy mechanism you already know.
+
+If you know which image was working before, you can deploy it again. You just need to know where to find the image, and how to tell Fly to use it. The trick is: you’re rolling back the _VM image_, not the database. If you ran migrations in that bad deploy, you’ll have to undo those separately in your application or migration code. Fly isn’t going to time-travel your data.
+
+---
+
+## How to rollback
+
+### Step 1: See what you’ve shipped
+
+Fly keeps a history of your releases, including the exact container image each one used. Run:
+
+```bash
+fly releases --app myapp --image
+```
+
+You’ll see a list of past releases with timestamps and image tags:
+
+```
+v42   2025-08-12T16:21Z   registry.fly.io/myapp:deployment-01HXXXXX
+v41   2025-08-10T09:14Z   registry.fly.io/myapp:deployment-01HYYYYY
+```
+
+Pick the one before things went sideways.
+
+---
+
+### Step 2: Deploy that exact image
+
+Let’s say `v41` was fine. You can redeploy its image directly:
+
+```bash
+fly deploy --image registry.fly.io/myapp:deployment-01HYYYYY
+```
+
+That’s it — no rebuild, no code checkout, just telling Fly to boot the older VM image. This works as long as the image is still in the Fly registry.
+
+---
+
+### Tip: Stop living in `deployment-01HXXXXX` hell:  use human-readable tags
+
+The default auto-generated tags work for machines, not humans. You can make your life easier by tagging builds with something you’ll recognize later — a git commit hash, a version number, or even just `before-i-broke-prod`.
+
+When you deploy, pass `--image-label` to set a tag:
+
+```bash
+fly deploy --image-label v1.2.3
+```
+
+That command:
+
+1. Builds your app
+1. Tags the image as `v1.2.3`
+1. Deploys it
+
+Rolling back later becomes:
+
+```bash
+fly deploy --image registry.fly.io/myapp:v1.2.3
+```
+
+---
+
+## How long does Fly keep your images? 
+
+Right now, Fly doesn’t promise to store app images forever. If an image hasn’t been deployed for a while, it might be pruned from our registry to free up space. If you need a “guaranteed forever” rollback target, push your image to a public container registry (like Docker Hub, GHCR, or ECR) and deploy from there. See [Using the Fly Docker Registry](https://fly.io/docs/blueprints/using-the-fly-docker-registry/#to-deploy-a-public-image-from-docker-hub-or-another-public-registry) for details.
+
+---
+
+## Things to watch out for
+
+Rollbacks are simple in Fly, but they aren’t magic. A few details are worth keeping in mind:
+
+- **Database schema drift** → If a deploy ran destructive migrations (dropping a column, renaming a table), rolling back the app image might not help. Plan migrations so they’re safe both forward and backward.
+- **Image retention** → Images don’t live forever in Fly’s registry. For long-term rollback insurance, push builds to your own container registry.
+- **Config, Secrets and `fly.toml`** → Rollbacks don’t undo config changes. When you deploy an older image, Fly still uses your current `fly.toml`, along with whatever env vars and secrets are set now. If a past deploy depended on an older config, you’ll need to update those settings manually when rolling back.
+- **Autoscaling** → If your app scaled up during the bad release (say traffic spiked and Fly added more machines), those extra machines don’t vanish the instant you roll back. They’ll hang around until autoscaling decides to scale them down. This is expected behavior and your rollback still worked; you just have more machines than usual for a while. Read more about [metrics-based autoscaling](https://fly.io/docs/launch/autoscale-by-metric/).
+- **Monitoring** → Always confirm a rollback stabilized things with logs , probes (`fly logs`, `fly status,` Grafana metrics), not just the success message from `fly deploy`.
+- **Regions** → By default, rollbacks redeploy globally. If you run in multiple regions (say `iad`, `lhr`, `syd`), you might test a rollback in just one region before rolling back everywhere. You can do this with the `--region` flag:
+
+```bash
+fly deploy --image registry.fly.io/myapp:v1.2.3 --region iad
+```
+---
+
+## Tip: Faster rollbacks with deploy strategies
+
+By default, Fly uses `rolling` deploys: new machines come up before old ones shut down. That’s safe for upgrades, but if you know the current release is bad, you may want a quicker cutover.
+
+### All-at-once rollback:
+
+```bash
+fly deploy --image registry.fly.io/myapp:v1.2.3 --strategy immediate
+```
+
+This stops old machines and boots the rollback image as quickly as possible.
+
+
+
+### Controlled speedup:
+
+```bash
+fly deploy --image registry.fly.io/myapp:v1.2.3 --max-unavailable 0.5
+```
+
+This lets you take down up to half your machines at once, moving faster than a cautious rolling deploy while avoiding a full stop.
+
+Use `--strategy immediate` when speed matters more than downtime, and `--max-unavailable` when you want a hedge between safety and speed.
+
+---
+
+## Summing up
+
+Rolling back on Fly is basically just _deploying an older image_. Once you’ve got the muscle memory for `fly releases --image` and `fly deploy --image`, it’s a quick, predictable way to recover from bad deploys. And if you start tagging images with human-readable labels, you’ll have an easier time remembering which one to trust when production is on fire.
+
+## Related reading
+
+- [Seamless Deployments on Fly.io](/docs/blueprints/seamless-deployments/) How to set up deploys that avoid downtime and make rollbacks less painful.  
+- [Using the Fly Docker Registry](/docs/blueprints/using-the-fly-docker-registry/) Details on image tagging and retention — key context for understanding how rollbacks work.  
+- [Staging and Production Isolation](/docs/blueprints/staging-prod-isolation/) Tips on environment isolation that reduce the blast radius of a bad release.
\ No newline at end of file
diff --git a/blueprints/seamless-deployments.html.md b/blueprints/seamless-deployments.html.md
new file mode 100644
index 0000000000..2c15d12eb1
--- /dev/null
+++ b/blueprints/seamless-deployments.html.md
@@ -0,0 +1,108 @@
+---
+title: Seamless Deployments on Fly.io
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-09-23
+---
+
+<figure>
+  <img src="http://github.com/static/images/seamless-deployments.png" alt="Illustration by Annie Ruygt of a balloon doing a health check" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+<div class="callout">
+**Zero-downtime deploys aren’t magic. They’re just health checks that work. Fly.io apps run on individual VMs, and we won’t start routing traffic to a new one until it proves it’s alive. Here's how to get seamless deploys without breaking things or relying on hope as a strategy.**
+</div>
+
+## Your deploy is only as good as your health checks
+
+Fly.io deployments look like magic when health checks are working. New Machines boot. Old ones go down. Users never notice. But behind the scenes, the [Fly Proxy](/docs/reference/fly-proxy/) is watching your Machines and only sending them traffic if they pass your health checks.
+
+[Health checks](/docs/reference/health-checks/) are how you tell the platform that your app is alive. If they're missing or broken, you're flying in the dark.
+
+In your `fly.toml`, you'll usually define health checks under `http_service.checks` (or the alternative `services.http_checks` if you're not using the http_service shortcut) for HTTP-based apps. These checks are simple: make a request to a path like `/`, expect a `200 OK` response, and fail if you get a redirect or timeout. If your app redirects HTTP to HTTPS, add a header like `X-Forwarded-Proto = "https"` to avoid false failures.
+
+The most common health check failure modes are easy to trip over:
+
+- getting 301/302s instead of 200 responses
+- hitting a path that loads slowly under cold start conditions
+- forgetting to delay checks with a `grace_period` after boot
+
+A typical HTTP health check might look like this:
+
+```
+[http_service.checks]
+  interval = "15s"
+  timeout = "2s"
+  grace_period = "10s"
+  method = "GET"
+  path = "/healthz"
+  headers = { X-Forwarded-Proto = "https" }
+```
+
+For apps that aren't serving HTTP, or where you want lighter checks, [TCP health checks](/docs/reference/health-checks/#service-level-checks) exist too. These just attempt to open a socket to the port you've configured; if the connection is accepted, the Machine is healthy.
+
+[Top-level health checks](/docs/reference/health-checks/#top-level-checks)—defined in the `[checks]` section of your `fly.toml`—are for observability, not traffic control. They don't influence routing; if a Machine fails one, we won’t pull it out of rotation. That makes them ideal for internal monitoring and alerting, especially for background workers or other non-public-facing services where you still want to know if something’s gone sideways, but don’t need Fly to reroute traffic automatically.
+
+Deployments get another layer: `machine_checks`. These aren't about routing traffic; they're about catching bad deploys before they go live. A `machine_check` boots a throwaway Machine, sets `FLY_TEST_MACHINE_IP`, and lets you poke it however you want. You can run integration tests, perform simulated traffic, check database access, or validate config. Fail the check, and the deploy halts. This is perfect for canary testing new releases.
+
+**Example:**
+
+```
+[services.machine_checks]
+  command = ["/bin/bash", "-c", "curl -f http://$FLY_TEST_MACHINE_IP:8080/healthz"]
+  interval = "30s"
+  timeout = "5s"
+```
+
+Note: `machine_checks` run in a temporary Machine with the new image before it's deployed anywhere else. They're isolated, so they won't affect your running app—but they can save you from pushing broken code into production.
+
+If a Machine fails a health check, Fly Proxy pulls it out of the rotation. That Machine can still be running, logging, and debugging, but it's invisible to your users.
+
+## Deployment strategies: choose your own trade-offs
+
+Working with health checks and at least two Machines, you can avoid downtime. The platform won't kill a healthy Machine until a new one is up and running.
+
+Fly.io supports a few deployment strategies in the `[deploy]` section of `fly.toml`:
+
+- **Rolling (default):** Replace Machines one at a time. Use `max_unavailable` to control how many go down at once (e.g., `1` or `25%`).
+- **Immediate:** Burn the ships. All Machines update at once, no health checks, hope for the best.
+- **Canary:** Start with one Machine. If it's healthy, continue with rolling. This can't be used with attached volumes.
+- **Bluegreen:** Boot new Machines alongside old ones. Only switch traffic after all new Machines pass checks. Fastest, safest, but also can't use attached volumes.
+
+Every deploy also includes a smoke check: Fly watches Machines for \~10 seconds after they start. If they crash repeatedly, the deploy fails.
+
+Don't forget to set `wait_timeout` if your image is big or startup is slow. It's easy to hit timeouts before Machines even start.
+
+## One-off tasks with `release_command`
+
+Sometimes you need to run a script before your app is actually deployed, like a database migration or other one-off prep work. The `release_command` in your `fly.toml` lets you do exactly that. It spins up a fresh temporary Machine, runs your command, then shuts it down and destroys it. It doesn’t join your deployed Machines.
+
+This runs once per deploy attempt, using the built image and your app’s environment. It won’t have volumes attached, so it’s not for anything that needs persistent state.
+
+If `release_command` fails, the deploy won’t proceed. This is usually what you want. If the migration didn’t work, it's better to stop there.
+
+We’ve got more details, including how `ENTRYPOINT` and `CMD` are handled, in the [reference for `fly.toml`](/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment).
+
+## Zero-downtime is a shared responsibility
+
+The Fly.io platform will keep your Machines healthy and traffic flowing. But there's one thing it can't fix: application incompatibility during deploys.
+
+Say you're changing your database schema. You run the migration in a `release_command`, then your Machines update one by one. If the old app code can't handle the new schema, users will see errors while old Machines are still running. Same goes for bluegreen deployments: the new Machines are healthy, but traffic doesn't switch until _all_ of them are.
+
+Fixing this is on you. You need to design schema and app changes that can coexist briefly. That usually means:
+
+- App code that works with both the old and new database schemas
+- Migrations that add columns or tables but don't drop or rename until later
+
+Every framework has guidance for this. Read it. Follow it. Then health checks, deployment strategies, and the platform can do their jobs.
+
+Deploying without downtime isn't automatic. But with a little help from your health checks and some care in your app logic, it's well within reach.
+
+## Related reading
+
+- [Health Checks](/docs/reference/health-checks/)
+- [Deploy an App](/docs/launch/deploy/)
+- [App Configuration (`fly.toml`)](https://fly.io/docs/reference/configuration/)
\ No newline at end of file
diff --git a/blueprints/setting-concurrency-limits.html.md b/blueprints/setting-concurrency-limits.html.md
new file mode 100644
index 0000000000..4f895904f3
--- /dev/null
+++ b/blueprints/setting-concurrency-limits.html.md
@@ -0,0 +1,48 @@
+---
+title: Setting Hard and Soft Concurrency Limits on Fly.io
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-05-15
+---
+
+<figure>
+  <img src="http://github.com/static/images/setting-limits.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon with two other balloon friends of different colors" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+On Fly.io, machines aren’t created automatically based on traffic; you create them manually. But once a machine is created, it can be stopped when idle (meaning you’re not paying for it), and started again instantly when load picks up. Our “autostart/autostop” feature can drive this process for you — but it only works well if you’ve tuned `soft_limit` and `hard_limit` correctly. Those limits tell Fly when a machine is too busy and it's time to bring more machines online.
+
+## How to tune concurrency limits
+
+Soft and hard limits for Fly Machines don’t have to be a black art. Here’s a quick rundown:
+
+- **hard_limit**: max concurrent requests the machine will ever handle.
+- **soft_limit**: how many it can handle _comfortably_, before Fly begins starting more machines. Incoming requests are distributed on a round-robin fashion to started machines.
+
+The best way to dial this in is to actually test it. Based on the target app you’re working to scale, create a separate Fly app copy with the same machine config. Now set both limits absurdly high (say, 1000), and hammer it with load using something like `wrk`, `hey`, `ab`, `Locust`, or `k6`. Watch CPU, memory, and latency.
+
+What you’re looking for is the point where responses start to slow down below your comfort threshold. That’s your hard limit—just below that threshold. Your comfort level is up to you; a real-time application will want to keep responses under 100ms, but an ordinary CRUD application might be just fine with request times around 250ms.
+
+Now set your soft limit. The soft limit is there to give our proxy time to bring another machine online before your users notice lag. Example: if things start dragging at 20 concurrent requests, set `hard_limit`: 18 and `soft_limit`: 12.
+
+Once you’ve got your limits dialed in, turning on `auto_start_machines` and `auto_stop_machines` gives you hands-off scaling behavior that still respects the boundaries you’ve set. Your app shouldn’t need babysitting to handle spikes, and you won’t end up running more machines than you meant to. It’s a good balance between elasticity and control.
+
+## Capacity Planning: A Real Example
+
+Let’s say:
+
+- Each request takes ~100ms to serve.
+- You’re expecting 750 requests per second.
+- One machine handles about 10 concurrent requests before slowing down.
+
+That means you need 75 concurrent request slots to keep up. So: 750 rps * 100ms = 75 concurrent requests. At 10 per machine, you’ll need 8 machines.
+
+In order to serve requests as they arrive (that is, dispatch 750 requests/second) with an average processing time per request of 100ms, 75 “workers”, or concurrent requests handled, are needed. Based on the above machine capacity of 10 requests, 8 machines should be able to handle the proposed load.
+
+## Related reading
+
+- [Guidelines for Concurrency Settings](/docs/apps/concurrency/) Read more in this reference for the `soft_limit`, `hard_limit`, and `type` settings you’ll use in your `fly.toml`.
+- [App Configuration: `http_service.concurrency`](/docs/reference/configuration/#http_service-concurrency)  Check out this section of the `fly.toml` config reference explaining concurrency parameters.
+- [Load Balancing on Fly.io](/docs/reference/load-balancing/) Find out how your concurrency limits affect how the Fly Proxy routes traffic across machines—and why your soft/hard limits matter.
\ No newline at end of file
diff --git a/blueprints/shared-nothing.html.markerb b/blueprints/shared-nothing.html.markerb
new file mode 100644
index 0000000000..c4b192029b
--- /dev/null
+++ b/blueprints/shared-nothing.html.markerb
@@ -0,0 +1,456 @@
+---
+title: "Shared Nothing Architecture"
+subtitle: "or, Writing This App Was Easier Than Cloning Myself"
+description: Comprehensive Overview of a Shared Nothing Application Deployed on Fly.io
+cover: dancing-clones-cover.webp
+thumbnail: dancing-clones-thumb.webp
+artist: Annie Ruygt
+artist_link: https://annieruygtillustration.com/
+alt: A number of couples dancing, including a two clones dancing with separate partners.
+layout: docs
+nav: guides
+redirect_from: "/blog/shared-nothing/"
+date: 2024-03-05
+author: rubys
+---
+
+<figure>
+  <img src="http://github.com/blog/2024-03-05/dancing-clones-cover_sm.webp" alt="Illustration by Annie Ruygt of a number of couples dancing, including a two clones dancing with separate partners." class="w-full max-w-lg mx-auto">
+</figure>
+
+<center><iframe width="600" height="315" src="https://www.youtube-nocookie.com/embed/_cT4Unk5RiU" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></center><br />
+
+<div class="callout">
+This guide from Rails and JS expert Sam Ruby is based on his personal capacity as a ballroom dance nerd. It covers how a serverful, stateful, shared-nothing architecture hit the spot for him when it came time to scale to multiple customers in different parts of the world.
+</div>
+
+## Introduction
+
+Once upon a time, I found myself double booked at a ballroom dance competition. Read that [story in more detail on my blog](http://intertwingly.net/blog/2022/08/13/Unretiring), but essentially: you’re only supposed to get one shot to dance in a given heat, and I ended up listed twice in the spreadsheet for that heat. I decided to write an app to take the load of manual entry and scheduling off of organizers, and so that no one would ever be asked to do something impossible and be at two places at one time.
+
+Showcase (that’s what I called it) started out as a Ruby on Rails app and a database; it kept track of competitors and their schedules for a single Showcase (that’s what these ballroom dance events are called). I ran it on a single Mac Mini in my home.
+
+Over time, it grew out of my attic and onto VMs in the cloud. It supports more events in different cities, and does more things. Conventional wisdom is that as you grow, you make each type of service reusable and put it into a separate set of machines.
+
+If this approach isn’t the best one for your app, throw it out the window! I did. In my case, it made a lot of sense to put all the services into a single VM, and scale out by repeating that set into new VMs. This works great for me. Maybe it’s right for your app, too! Maybe not! Prepare to bathe in the gory details of my stateful, serverful, shared-nothing monolith.
+
+## Shared-nothing architecures
+
+<p class="callout">
+A shared-nothing architecture is a distributed computing architecture in which each update request is satisfied by a single node (processor/memory/storage unit) in a computer cluster.
+</p>
+
+As you might expect, a Showcase competition happens live and in a single location. Very few people need access to the system, and they’re often all in the same room; picture a few judges entering scores at the end of a number—that’s your peak simultaneous users. Data’s not shared between events–they don’t want or need to share a database and Redis cache.
+
+Shared-nothing architectures are nothing new.  An excerpt from [Wikipedia](https://en.wikipedia.org/wiki/Shared-nothing_architecture):
+
+> The intent is to eliminate contention among nodes. Nodes do not share (independently access) the same memory or storage. One alternative architecture is shared everything, in which requests are satisfied by arbitrary combinations of nodes. This may introduce contention, as multiple nodes may seek to update the same data at the same time.
+
+While serverless is one kind of a shared-nothing architecture - this post explores another variation.  One where servers are explicitly deployed,
+users are assigned to servers, and users have databases that aren't shared.
+
+This application started, like most applications, small.  And that's where the story begins.
+
+## A single event
+
+<p class="callout">
+A Fly.io machine is not merely a Docker container, but rather a [full VM](https://fly.io/blog/docker-without-docker/).  Treat it as such: run as many services as you like on a single machine.
+</p>
+
+My first showcase was in Harrisburg, Pennsylvania.  The app I developed initially supported only that one event, and all of the services needed to support the event ran on a single machine.  Like most Rails applications,
+this consisted of a Rails application, a database, and (eventually) Redis.  Over time a number of supporting services were added (NGINX, opensshd, rsyncd, and a small log "heartbeat" script).
+Today, these all happily run on a single Fly.io machine.
+
+Conventional wisdom is that as you grow you put each type of service into a separate set of machines.  That isn't always the right approach.
+
+An excerpt from DHH's [Majestic Monolith](https://signalvnoise.com/svn3/the-majestic-monolith/):
+
+> Every time you extract a collaboration between objects to a collaboration between systems, you’re accepting a world of hurt with a myriad of liabilities and failure states. What to do when services are down, how to migrate in concert, and all the pain of running many services in the first place.
+
+Another way to look at this is: as needs grow, do you really want to share a database and Redis instances between customers?  (Or, in this case, between events?)
+If "no" turns out to be a viable answer: go with it.  Put all of the services needed to support one customer in one Docker image and then repeat that set as often
+as needed.  Eliminating the need for a network in producing a response to a request both increases throughput and reliability.
+
+There are a lot of [options for running multiple processes inside a Fly.io App](https://fly.io/docs/app-guides/multiple-processes/).
+I use a combination of [ENTRYPOINT](https://github.com/rubys/showcase/blob/main/bin/docker-entrypoint) running a
+[deploy](https://github.com/rubys/showcase/blob/main/bin/deploy) script and a [procfile](https://github.com/rubys/showcase/blob/main/Procfile.fly).
+
+Given the load for each event is only for one customer, I only need 1 CPU per server. While CPU is not a concern, it still is important to size
+the amount of RAM needed.
+Even with all of the services running, according to [Graftana/Fly Metrics](https://fly-metrics.net/), each instance uses about 220MB of RAM when idle,
+and grows to 450MB when active.  That being said, I have seen machines fail due to [OOM](https://en.wikipedia.org/wiki/Out_of_memory) with only 512MB, so I give
+each machine 1GB.  I also define an additional 2G of [swap](https://fly.io/docs/reference/configuration/#swap_size_mb-option) as
+I would rather the machine run slower under peak load than crash.
+
+Finally, invest the time to set up a [WireGuard network](https://fly.io/docs/networking/private-networking/) that lets you VPN into your own private network of machines.
+
+## Multi-tenancy
+
+<p class="callout">
+The code base supports only a single event.  Running multiple events on a single machine is the next step before jumping into multiple machines.
+</p>
+
+There are a number of blog posts out there on how to do
+[multi-tenancy](https://blog.arkency.com/comparison-of-approaches-to-multitenancy-in-rails-apps/)
+with Rails.  [Phusion Passenger](https://www.phusionpassenger.com/) provides a [different
+approach](https://stackoverflow.com/questions/48669947/multitenancy-passenger-rails-multiple-apps-different-versions-same-domain).
+
+For this use case, the Phusion Passenger approach is the best match.  The
+database for a mid-size local event is about a megabyte in size (about the size
+of a single camera image), and can be kept in SQLite.  Passenger provides a
+[`passenger_min_instances`](https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_min_instances)
+`0` option that allow a reasonable number of past, present, and future events
+to be hosted essentially without any overhead when not in use.  This does mean
+that you have to accept the cold start times of the first access, but that
+appears to be two seconds or less on modern hardware, which is acceptable.
+
+The NGINX configuration file defines a set of environment variables for each tenant to control
+the name of such things as the database, the log file, base URL, and pidfile.
+
+For web sockets (Action Cable), NGINX is [preferred over Apache
+httpd](https://www.phusionpassenger.com/library/config/apache/action_cable_integration/).
+The [documentation for Deploying multiple apps on a single server
+(multitenancy)](https://www.phusionpassenger.com/library/deploy/nginx/) is
+still listed as todo, but the following is what I have been able to figure out:
+
+- One action cable process is allocated per server (i.e., listen port).
+- In order to share the action cable process, all apps on the same server will
+  need to share the same Redis URL and channel prefix.  The [Rails
+  documentation](https://guides.rubyonrails.org/action_cable_overview.html#redis-adapter)
+  suggests that you use a different channel prefix for different applications
+  on the same server -- **IGNORE THAT**.
+- Instead, use environment variables to stream from, and broadcast to, different
+  action cable channels.
+
+The end result is what outwardly appears to be a single Rails app, with a
+single set of assets and a single cable.  One additional rails instance
+serves the index and provides a global administration interface.
+
+Recapping: a single server can host multiple events, each event is a separate instance of the same Rails application with a separate SQLite database placed on a volume.  The server is always on (`auto_stop_machines = false`), but the Rails apps are spun up when needed and spin down when idle (using [`passenger_pool_idle_time`](https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_pool_idle_time))
+
+## Multiple regions
+
+<p class="callout">
+Distributing an app across multiple regions not only lets you service requests close
+to your users, it enables horizontal scalability and isolation.
+</p>
+
+While most of my users are US based, my showcase app now has a second user in Australia, and now one in Warsaw, Poland.
+Sending requests and replies half way around the world unnecessarily adds latency.
+
+As each machine is monolithic and self-contained, replicating service into a new region is
+a matter of creating the new machine and routing requests to the correct machine.
+This application use three separate techniques to route requests.
+
+The first technique is to [listen](https://github.com/rubys/showcase/blob/main/app/javascript/controllers/region_controller.js) for
+[turbo:before-fetch-requests](https://turbo.hotwired.dev/reference/events#http-requests) events and
+insert a [fly-prefer-region header](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-prefer-region-request-header).
+The region is extracted from a data attribute added to the [body](https://github.com/rubys/showcase/blob/aae08a6d57f92335b2cdbb94756e5416b7b50f83/app/views/layouts/application.html.erb#L16) tag.
+
+This all made possible by how [Turbo works](https://turbo.hotwired.dev/handbook/introduction#turbo-drive%3A-navigate-within-a-persistent-process):
+
+> This happens by intercepting all clicks on `<a href>` links to the same domain. When you click an eligible link, Turbo Drive prevents the browser from following it, changes the browser’s URL using the History API, requests the new page using fetch, and then renders the HTML response.
+
+The same source above also defines a `window.inject_region` function to inject the header in other places in the code that may issue fetch requests.
+
+The next (and final) two approaches are done in the NGINX configuration itself.  This configuration is defined at startup on
+each machine.  Here is an example of the definition for `raleigh` on machines in regions other than `iad`:
+
+```
+## Raleigh
+location /showcase/2024/raleigh/cable {
+  add_header Fly-Replay region=iad;
+  return 307;
+}
+location /showcase/2024/raleigh {
+  proxy_set_header X-Forwarded-Host $host;
+  proxy_pass http://iad.smooth.internal:3000/showcase/2024/raleigh;
+}
+```
+
+This replays action cable (web socket) requests to the correct region, and
+[reverse proxies](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
+all other requests to the correct machine using its [`.internal` address](https://fly.io/docs/networking/private-networking/#fly-io-internal-addresses).  The latter is done because [fly-replay](https://fly.io/docs/networking/dynamic-request-routing/#limitations)
+is limited to 1MB requests, and uploading audio files may exceed this limit.
+
+## Appliances
+
+<p class="callout">
+For larger tasks, try
+decomposing parts of your applications into event handlers, starting up Machines to handle requests when needed, and stopping them when the requests are done.
+</p>
+
+While above I've sung the praises of a Majestic Monolith, there are limits.  Usage of this application
+is largely split into two phases: a lengthy period of data entry, followed by a brief period of report generation.
+This pattern then repeats a second time as scores are entered and then distributed.
+
+Report generation is done using [puppeteer](https://pptr.dev/) and [Google Chrome](https://www.google.com/chrome/).
+While this app runs comfortably with 1MB of RAM, I've had Google Chrome crash machines that have 2MB.
+
+Generating a PDF from a web page (including authentication) is something that can be run independently of
+all of the other services of your application.  By making use of [`auto_stop_machines` and `auto_start_machines`](https://fly.io/docs/reference/configuration/#the-http_service-section),
+a machine dedicated to this task can be spun up in seconds and perform this function.
+
+In my case, no changes to the application itself is needed, just a few lines of NGINX configuration:
+
+```
+## PDF generation
+location ~ /showcase/.+\.pdf$ {
+  add_header Fly-Replay app=smooth-pdf;
+  return 307;
+}
+```
+
+This was originally published as [Print on Demand](https://fly.io/blog/print-on-demand/),
+and the code for that article can be found on [GitHub as fly-apps/pdf-appliance](https://github.com/fly-apps/pdf-appliance).
+
+This architectural pattern can be applied whenever there is a minority of requests that require an outsized amount
+of resources.  A second example that comes to mind: I've had requests for audio capture and transcription.
+Setting up a machine that [runs Whisper with Fly GPUs](https://news.ycombinator.com/item?id=39417197) is
+something I plan to explore.
+
+## Backups
+
+<p class="callout">
+Running databases on a single volume attached to a single machine is a single
+point of failure.  It is imperative that you have recent backups in case of failure.
+</p>
+
+At this point, databases are small, and can be moved between servers with a simple configuration change.
+For that reason, for the moment I've elected to have each machine contain a complete copy of all of the databases.
+
+To make that work, I
+[install](https://github.com/rubys/showcase/blob/aae08a6d57f92335b2cdbb94756e5416b7b50f83/Dockerfile#L67),
+[configure](https://github.com/rubys/showcase/blob/main/Dockerfile#L114-L137), and
+[start](https://github.com/rubys/showcase/blob/aae08a6d57f92335b2cdbb94756e5416b7b50f83/bin/deploy#L26-L27)
+[rsync](https://rsync.samba.org/).
+
+With Passenger, I set [`passenger_min_instances`](https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_max_pool_size) to zero, allowing
+each application to completely shutdown after five minutes of inactivity.  I define a
+[`detached_process`](https://www.phusionpassenger.com/library/indepth/hooks.html#detached_process) hook to run
+a [script](https://github.com/rubys/showcase/blob/main/bin/passenger-hook).
+
+As that hook will be run after each process exits, what it does first is query the number of running processes.  If
+there are none (not counting websockets), it begins the backup to each Fly.io machine
+using `rsync --update` to only replace the newer files.  After that completes, a webhook
+is run on an offsite machine (a mac mini in my attic) to rsync all files there.  In order for that to work, I run
+[an ssh server](https://fly.io/docs/app-guides/opensshd/) on each Fly.io machine.
+
+And I don't stop there:
+  * My home machine runs the same passenger application configured to serve all of the events.
+    This can be used as a hot backup.  I've never needed it, but it comforting to have.
+  * I also rsync all of the data to a [Hetzner](https://www.hetzner.com/) which
+    runs the same application.
+  * Finally, I have a cron job on my home machine that makes a daily backup of all of the databases.  A new directory
+    is created per day, and [hard links](https://en.wikipedia.org/wiki/Hard_link) are used to link to the same file
+    in the all too common case where a database hasn't changed during the course of the day.  As this is in a terabyte
+    drive, I haven't bothered to prune, so at this point, I have daily backups going back years.
+
+While this may seem like massive overkill, always having a local copy of all of the databases to use to reproduce problems
+and test fixes, as well as having a complete instance that I can effectively use as a staging server alone makes all this
+worth it.
+
+Finally, since each region contains a copy of all databases, I use [`auto_extend_size_threshold`](https://fly.io/docs/reference/configuration/#auto_extend_size_threshold) and
+[`auto_extend_size_increment`](https://fly.io/docs/reference/configuration/#auto_extend_size_increment) to ensure that I never run out of space.
+
+## Logging
+
+<p class="callout">
+It is important that logs are there when you need them.  For this reason, logs need both monitoring and redundancy.
+</p>
+
+Equally as important as backups are logs.  Over the course of the life of this application I've had two cases where
+I've lost data due to errors on my part and was able to reconstruct that data by re-applying POST requests extracted
+from logs.
+
+The biggest problem with logs is that you take them for granted.  You see that they work and forget about them, and
+there always is the possibility that they are not working when you need them.
+
+I've written about my approach in [Multiple Logs for Resiliency](https://fly.io/blog/redundant-logs/), but a summary here:
+
+  * Since I have volumes already, I [instruct Rails to broadcast logs there](https://github.com/rubys/showcase/blob/aae08a6d57f92335b2cdbb94756e5416b7b50f83/config/environments/production.rb#L102-L110) in addition to stdout.
+    The API to do this changed in Rails 7.1, and the code I linked to does this both ways.  This data isn't replicated to other volumes and
+    only contains Rails logs, as it really is only intended for when all else fails.
+  * I have a [logger](https://github.com/rubys/showcase/tree/main/fly/applications/logger) app that I run in two regions.
+    This writes log entries to volumes, and runs a small web server that I can use to browse and navigate the log entries.
+    This data too is backed up (forever) to my home server, and is only kept for seven days on the log server.
+
+Two major additions since I wrote up that blog entry:
+  * I have each machine [create a heartbeat log entry every 30 minutes](https://github.com/rubys/showcase/blob/main/bin/log-heartbeat.sh), and each log server runs a
+    [monitor](https://github.com/rubys/showcase/blob/main/fly/applications/logger/monitor.ts) once an hour to
+    ensure that every machine has checked in.  If a machine doesn't check in, a [Sentry](https://sentry.io/)
+    alert is generated.
+  * I have my log tracker query Sentry whenever I visit the web page to see if there are new events.  This
+    serves as an additional reminder to go check for errors.
+
+I strongly encourage people to look into [Sentry](https://community.fly.io/t/integrated-sentry-error-tracking/15278).
+
+## Applying updates
+
+<p class="callout">
+While Fly.io will start machines fast, you have to do your part.
+If your app doesn't start fast, start something else that starts quickly first
+so your users see something while they are waiting.
+</p>
+
+If you go to https://smooth.fly.dev/ the server nearest to you will need to spin up the index application. And if, from there, you click on demo, a second application will be started.  While you might get lucky and somebody else (or a bot) may have already started these for you, the normal case is that you will have to wait.
+
+Since all the services that are needed to support this application are on one machine,  `fly deploy` can't simply start a new machine, wait for it to start, direct traffic to it, and only then start dismantling the previous machine.  Instead, each machine needs to be taken offline, have the rootfs replaced with a new image, and all of its services restarted.  Once that is complete, migrations need to be run on that machine; and in my case I may have several SQLite databases that need to be upgraded.  I also have each machine that comes up rsync with the primary region.  And finally, I generate an operational NGINX configuration and run [nginx reload](https://docs.nginx.com/nginx/admin-guide/basic-functionality/runtime-control/).
+
+While this overall process may take some time, NGINX starts fast so I start it first with a [configuration](https://github.com/rubys/showcase/blob/main/config/nginx.startup) that directs everything to a [Installing updates..](http://smooth.fly.dev/showcase/503.html) page that auto refreshes every 15 seconds which normally is ample time for all this to occur.  Worst case, this page simply refreshes again until the server is ready.
+
+Even with this in place, it still is worthwhile to make the application boot fast.  Measuring the times of the various components of startup, in my case Rails startup time dominates, and it turns out that effectively `bin/rails db:prepare` starts Rails once for each database.
+I found that I can avoid that by [getting a list of migrations](https://github.com/rubys/showcase/blob/cb3a05fd48c22a140effcf03ccfa9bd038a0df30/config/tenant/nginx-config.rb#L186),
+and then [comparing that list to the list of migrations already deployed](https://github.com/rubys/showcase/blob/cb3a05fd48c22a140effcf03ccfa9bd038a0df30/config/tenant/nginx-config.rb#L207-L215).
+I also moved preparation of my demo database to [build time](https://github.com/rubys/showcase/blob/cb3a05fd48c22a140effcf03ccfa9bd038a0df30/Dockerfile#L139-L140).  In most cases, this means that my users
+see no down time at all, just an approximately two second delay on their next request as Rails restarts.
+
+## Administration
+
+<p class="callout">
+While Fly.io provides a [Machines API](https://fly.io/docs/machines/working-with-machines/),
+you can go a long way with old-fashioned scripting using the [flyctl](https://fly.io/docs/flyctl/)
+command.
+</p>
+
+Now lets look at what happens when I create a new event, in a new region.  I (a human) get an email, I bring up my admin UI (on an instance of the index app I mentioned above).  I fill out a form for the new event.  I go to a separate page and add a new region.  I then go to a third form where I can review and apply the changes.  This involves regenerating my map, and I need to update the NGINX configuration in every existing region.  There are shortcuts I can utilize which will update files on each machine and reload the NGINX configuration, but I went that way I would need to ensure that the end result exactly matches the reproducible result that a subsequent `fly deploy` would produce.  I don't need that headache, so I'm actually using `fly deploy` which can add tens of seconds to the actual deploy time.
+
+I started out running the various commands manually, but that grew old fast.  So eventually
+I invested in creating an admin UI.
+
+Here's what the front page of the admin UI looks like:
+
+<img alt="Showcase Administration" src="http://github.com/blog/shared-nothing/assets/adminui-cover.webp" style="width: 50vw; margin-left: 5vw">
+
+From there, I can add, remove, and reconfigure my events, and apply changes.  I can also visit
+this app on three different servers, and see the logs from each.  Finally, I have links to handy
+tools.  The Sentry link that is current gray turns red when there are new events.
+
+I'm actually very happy with the result.  The fact that I could get an email and add an event and have everything up and running on a server half a world away in less than five minutes is frankly amazing to me.
+And to be honest, most of that is waiting on the human (me), followed by the amount of time it takes to build and deploy a
+new image in nine regions.
+
+And in most cases, I can now make and deploy changes from my smartphone rather than requiring
+my laptop.
+
+For those who are curious, here's the [deployment script](https://github.com/rubys/showcase/blob/main/bin/apply-changes.rb).
+
+## Costs
+
+<p class="callout">
+This is a decent sized personal project, deployed across three continents.  Even with a
+significant amount of over-provisioning, the costs per month are around $60, before taking
+into account plans and allowances.
+</p>
+
+I'm currently running this app in nine regions.  I have two machine running a log server.
+I have two machines that will run puppeteer and Chrome on demand.
+
+[Fly.io pricing](https://fly.io/docs/about/pricing/) includes a number of plans which include a number of allowances.  To
+keep things simple, I'm going to ignore all of that and just look at the total costs.
+From there, add your plan and subtract your allowances to see what this would cost for you.
+
+And be aware that things may change, the below numbers are current as of early March, 2024.
+
+Let's start with compute.  9 shared-cpu-1x machines with 1GB each at $5.70 per month total $51.30.
+Two shared-cpu-1x machines with 512MB each at $3.19 per month total $6.38.
+The print on demand machines are on bigger machines, but are only run when requested.
+I've configured them to stay up for 15 minutes when summoned.  Despite all of this the
+costs for a typical month are around $0.03.  So we are up to $57.71.
+
+Next up volumes.  I have 9 machines with 3GB disks, and 2 machines that only need 1G each.
+29GB at $0.15 per month is $1.35.
+
+I have a dedicated IPv4 address in order to use ssh.  This adds $2.00 per month.
+
+Outbound transfer is well under the free allowance, but for completeness I'm seeing about 16GB in North America and Europe,
+which at $0.02 per GB amounts to $0.32.  And about 0.1GB in Asia Pacific, which at $0.04 per GB adds less than a cent,
+but to be generous, let's accept a total of $0.33.
+
+Adding up everything, this would be 57.71 + 1.35 + 2.00 + 0.33 for a total of $61.39 per month.
+
+Again, this is before factoring in plans and allowances, and reflects the current pricing in March of 2023.
+
+For my needs to date, I'm clearly over-provisioning, but it is nice to have a picture of what
+a fully fleshed out system would cost per month to operate.
+
+## Summary
+
+<p class="callout">
+Shared Nothing architectures are a great way to scale up applications where the data involved is easily partitionable.
+</p>
+
+Key points (none of these should be a surprise, they were highlighted
+in the text above):
+
+* Run as many services as you like on a single machine; this both increases throughput and reliability.
+* You can even run multiple instances of the same app on a machine.
+* Distributing your apps across multiple regions lets you service requests close to your users.
+* For larger tasks, start up machines on demand.
+* Every backup plan should have a backup plan.
+* Not only should you have logs, logs should be monitored and have redundancy.
+* Make sure that you start something quickly -- even if it is only a "please wait" placeholder -- to make sure that your app is always servicing requests.
+* Create an administration UI and write scripts you can use to change your configuration.
+
+And finally, this app currently supports 77 events in 36 cities with 9 servers for less than you probably pay for a dinner out a month or a smart phone plan.
+
+## Background
+
+<p class="callout">
+Feel free to skip or skim this section.  It describes how the application came to be, what it does, and a high level description of its usage needs.
+</p>
+
+Background information on how this application came to be, and got me involved with Fly.io can be found
+at [Unretiring](http://intertwingly.net/blog/2022/08/13/Unretiring) on my personal blog.
+
+Here's an excerpt from that post:
+
+> I was at a local ballroom dance competition and found myself listed twice in one heat - a scheduling mishap where I was expected to be on the floor twice with two different dance partners.
+>
+> After the event, Carolyn and I discovered that the organizers used a spreadsheet to collect entries and schedule heats. A very manual and labor prone process, made more difficult by the need to react to last minute cancellations due to the ongoing pandemic.
+>
+> Carolyn told the organizers that I could do better, and volunteered me to write a program. I thought it would be fun so I agreed.
+
+This application is [on GitHub](https://github.com/rubys/showcase#readme), and while each individual event requires authentication for access, a full function demo can be accessed at [https://smooth.fly.dev/](ht
+tp://smooth.fly.dev/).  It was originally deployed a single Mac mini, and now is running on a small fleet of machines in the Fly.io network.
+
+---
+
+Couples ballroom dance competitions are called a "Showcase".
+The application supports:
+
+- managing all the contestants
+- storing and playing dance music for solos
+- invoicing students and studios
+- managing the schedule
+- printing heat sheets, back numbers, and labels
+- recording the judges' scores
+- publishing results
+
+As you might expect, a Showcase competition happens live and in one location. There are very few users who need access to the system and they often are all physically in the same location.
+Here we'll cover how a Ruby on Rails application using a SQLite database can be deployed to the nearest Fly.io region for the event and how elegantly it solved this problem, including the ability to easily deploy new servers from the application.
+
+---
+
+The core Showcase application is implemented on top of Ruby on Rails, augmented by two separate services implemented in JavaScript an run using [Bun](https://bun.sh/).  While the details may vary, many of the core principles described below apply to other applications,
+even applications using other frameworks.  In fact, many of the pieces of advice provided below apply to apps you host yourself, or host on
+other cloud providers.
+
+But first, some useful approximations that characterize this app, many of which will guide the choice of architecture:
+
+* Each event is a separate instance of the Rails application, with a its own separate database.
+* A typical database is one megabyte.  Not a typo: one megabyte.  Essentially, the app is a spreadsheet with a [Turbo](https://turbo.hotwired.dev/handbook/introduction) web front end.
+* All the services needed to support an event are run on a single VM.
+* Persistence consists of the database, storage (used for uploaded audio files), and logs.
+* Typical response time for a request is 100ms or less.
+* Peak transaction per second per database is approximately 1.  Again, not a typo -- think spreadsheet.
+* Peak number of simultaneous users is often one, but even when there are multiple they tend to be all in the same geographic region, often in the same room (example: multiple judges entering scores).
+* Transactions are generally a blend of reads and writes with neither dominating.
+
+This lends itself well to horizontal scaling, where every event effectively has a dedicated VM.  Again, this is a useful approximation - as not every event is "active", multiple events can share a VM.  As needs change, databases can be moved to different VMs.
+
+## Related reading
+
+- [Getting Started with N‑Tier Architecture](/docs/blueprints/n-tier-architecture/) A contrasting architecture pattern where state is shared across the data tier — useful for understanding when shared‑nothing *isn’t* the best fit.
+- [Session Affinity (a.k.a. Sticky Sessions)](/docs/blueprints/sticky-sessions/) Focused on routing and state‑isolation patterns that often come up when you adopt a shared‑nothing approach and need to keep state local to a machine.
+- [Networking](/docs/networking/) The comprehensive networking overview (private networks, Anycast, WireGuard tunnels, routing) — helpful when building globally distributed isolated nodes in a shared‐nothing architecture.
\ No newline at end of file
diff --git a/blueprints/staging-prod-isolation.html.md b/blueprints/staging-prod-isolation.html.md
new file mode 100644
index 0000000000..982d2658c3
--- /dev/null
+++ b/blueprints/staging-prod-isolation.html.md
@@ -0,0 +1,54 @@
+---
+title: Staging and production isolation
+layout: docs
+nav: guides
+redirect_from: /docs/going-to-production/the-basics/production-staging-isolation/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/staging-prod-iso.png" alt="Illustration by Annie Ruygt of a gateway and buildings" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+You want to isolate your production environment from your test or staging environments by limiting production access to the smallest possible group. You can get dependable isolation by using multiple organizations. Organization access is invitation-only and orgs are isolated from one another at a low level by our private networking architecture: every organization has its own [private network](/docs/networking/private-networking/) by default.
+
+All Fly.io accounts start with a "personal" organization. You can create as many organizations as you need, not just for different environments, but also for different projects or clients.
+
+Before you create a new organization, here's what you need to know:
+
+- You can consolidate billing for multiple organizations under a a single parent organization, or you can create regular organizations with separate payment methods and billing. Learn more about [unified billing](/docs/about/billing/#unified-billing).
+- You invite or remove members in each organization separately.
+- An organization can have multiple apps and those apps can communicate with each other securely over the org's private network.
+
+Adjust the pattern to fit your needs. For example:
+
+- personal organization: the org you started with, and the one you keep for personal projects
+- staging organization: `<project>-staging` used for development and testing
+- production organization: `<project>-production` used for your production app
+
+## Work with multiple organizations
+
+It's best if you use one Fly.io account to manage all your organizations, so you can access them without logging in and out. App names are unique across the Fly.io platform, so your staging and production apps will have different names and their own `fly.toml` files for configuration.
+
+### Manage organizations in your dashboard
+
+To create a new org from the [dashboard]((https://fly.io/dashboard/)), select **Create new organization** from the **Organization** dropdown.
+
+To view or send invites to members, use the **Organization** dropdown to choose an org, then go to **Team**.
+
+### Manage organizations with flyctl
+
+To create new organizations and invite or remove members, use [`fly orgs` flyctl commands](/docs/flyctl/orgs/).
+
+When you have more than one org, flyctl prompts you to choose an organization when required. You can run commands on a specific app in any org using the `--app` option if you aren't in the app's project source directory in your terminal.
+
+## Other kinds of isolation and access control
+
+- When you only need app isolation within an org, you can use [custom private networks](/docs/networking/custom-private-networks/) to isolate apps from one another by creating an app with `fly apps create` and the `--network` option.
+- When you want user or 3rd-party access control, you can use [deploy](https://community.fly.io/t/deploy-tokens/11895) and [org-scoped tokens](https://community.fly.io/t/org-scoped-tokens/13194) to limit access to apps or orgs.
+
+## Related reading
+
+- [Going to production checklist](/docs/apps/going-to-production/) A broad checklist for production‑readiness that includes isolating environments and access control.  
+- [Staging environments with GitHub actions](/docs/django/advanced-guides/staging-environments-with-github-actions/) A practical guide focused on using GitHub Actions to deploy dedicated staging environments. Complements the isolation pattern nicely.
\ No newline at end of file
diff --git a/blueprints/sticky-sessions.html.md b/blueprints/sticky-sessions.html.md
new file mode 100644
index 0000000000..770a8bbfe9
--- /dev/null
+++ b/blueprints/sticky-sessions.html.md
@@ -0,0 +1,156 @@
+---
+title: Session Affinity (a.k.a. Sticky Sessions)
+layout: docs
+nav: guides
+author: rubys
+date: 2024-07-17
+---
+
+<figure>
+  <img src="http://github.com/static/images/session-affinity.png" alt="Illustration by Annie Ruygt of a machine sticking envelopes together" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+In a number of scenarios, it is important to ensure that certain requests are routed to a specific Machine.  This frequently is expressed in the form of wanting an entire user's session to be processed by the same Machine.
+
+There are two approaches to addressing this with Fly.io:
+  * [fly-force-instance-id](#fly-force-instance-id) - Client-side request header
+  * [fly-replay](#fly-replay) - Server-side response header
+
+## Fly-Force-Instance-Id
+
+This approach requires you to have control over the client, typically a browser, but allows for immediate routing without an additional hop. The example below uses Rails' Hotwire [Turbo](https://turbo.hotwired.dev/) with [Stimulus](https://stimulus.hotwired.dev/) to send the required header.
+
+For this to work, the client needs some way of knowing what Machine to route requests to.  This can be accomplished by adding attributes to the `<body>` tag in HTML responses.  With Rails, those tags would be found in
+`app/views/layouts/application.html.erb`.
+
+An example `<body>` tag:
+
+```erb
+<body data-instance="<%= ENV['FLY_MACHINE_ID'] %>"
+   data-controller="sticky-session">
+```
+
+These attributes identify the Machine instance to direct future requests to, and the name of the Stimulus controller to be used to make this happen.
+
+Place the following into `app/javascript/controllers/sticky-session.js`:
+
+```js
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="sticky-session"
+export default class extends Controller {
+  connect() {
+    document.documentElement.addEventListener(
+     'turbo:before-fetch-request',
+     this.beforeFetchRequest
+    )
+  }
+
+  disconnect() {
+    document.documentElement.removeEventListener(
+     'turbo:before-fetch-request',
+     this.beforeFetchRequest
+    )
+  }
+
+  beforeFetchRequest = event => {
+    event.detail.fetchOptions.headers['fly-force-instance-id'] =
+      this.element.dataset.instance;
+  }
+}
+```
+
+This code will subscribe and unsubscribe from
+[turbo:before-fetch-request](https://turbo.hotwired.dev/reference/events#turbo%3Abefore-fetch-request) events and insert a `fly-force-instance-id` header into requests.
+
+## Fly-Replay
+
+This approach is implemented entirely on the server. Your application examines each request, determines which Machine should handle it, and returns a `fly-replay` response header to route the request accordingly. Initial requests will require an additional "hop" to route, and [requests are limited to payloads of 1 megabyte](https://fly.io/docs/networking/dynamic-request-routing/#limitations).
+
+The example below creates [Express Middleware](https://expressjs.com/en/guide/using-middleware.html) that routes requests based on a session cookie:
+
+```js
+// Import required modules
+import express from "express";
+import cookieParser from "cookie-parser";
+
+// Create an Express app
+const app = express();
+
+// Middleware to parse cookies
+app.use(cookieParser());
+
+app.use((request, response, next) => {
+  // This assumes your application has already established a session using a session_id cookie via your session middleware.
+  const sessionId = request.cookies["session_id"];
+
+  if (!sessionId) {
+    // No session - let any machine handle it
+    next();
+    return;
+  }
+
+  // Determine which machine should handle this session
+  // This could be based on:
+  // - Database lookup (session -> machine mapping)
+  // - Consistent hashing of session ID
+  // - Regional routing logic
+  // - Load balancing algorithm
+  // You'll need to implement determineTargetMachine() based on your routing strategy
+  const targetMachineId = determineTargetMachine(sessionId);
+
+  if (targetMachineId === process.env.FLY_MACHINE_ID) {
+    // This is the correct machine - handle the request
+    next();
+  } else {
+    // Route to the correct machine
+    response.set('Fly-Replay', `instance=${targetMachineId}`);
+    response.status(307);
+    response.send();
+  }
+});
+
+// Start the Express server
+const port = 3000;
+app.listen(port, () => {
+  console.log(`Server is running on port ${port}`);
+});
+```
+
+### Optimizing with Replay Caching
+
+For production workloads, having your application replay every request can create unnecessary load and latency. You can configure Fly Proxy to cache replay decisions, so only the first request in a session needs to consult your application.
+
+Add replay cache rules to your `fly.toml`:
+
+```toml
+[http_service]
+  internal_port = 8080
+  force_https = true
+
+  [[http_service.http_options.replay_cache]]
+    path_prefix = "/"
+    ttl_seconds = 300
+    type = "cookie"
+    name = "session_id"
+```
+
+With this configuration:
+1. The first request with a given `session_id` hits your app
+2. Your app returns a `fly-replay` response
+3. Fly Proxy caches this decision for that specific `session_id` value
+4. For the next 5 minutes, requests with the same `session_id` are automatically routed without consulting your app
+
+Caching is an optimization, not a guarantee, so your origin app still needs to handle replaying requests that aren't routed by a cached replay.
+
+Replays can be cached on any existing cookie or request header. For sticky sessions with an API, for example, you might choose to cache based on the `Authorization` header.
+
+For complete details on replay caching configuration, see [Session-based Replay Caching](/docs/networking/dynamic-request-routing/#session-based-replay-caching).
+
+## Related reading
+
+- [Dynamic Request Routing with `fly‑replay`](/docs/networking/dynamic-request-routing/) Explains how `fly‑replay` lets you route requests to a specific machine or region—core technique for sticky sessions.
+- [Load Balancing](/docs/reference/load-balancing/) Details how the Fly Proxy routes traffic among Machines, which underpins how session‑affinity decisions get made.
+- [Networking](/docs/networking/) A broad overview of how Fly handles public/private networking, Anycast IPs, WireGuard mesh, domain routing, and more.
\ No newline at end of file
diff --git a/blueprints/supercronic.html.md b/blueprints/supercronic.html.md
new file mode 100644
index 0000000000..bd33e9258a
--- /dev/null
+++ b/blueprints/supercronic.html.md
@@ -0,0 +1,109 @@
+---
+title: Crontab with Supercronic
+layout: docs
+nav: guides
+author: brad
+categories:
+  - cron
+date: 2022-11-19
+redirect_from:
+  - /docs/app-guides/superchronic/
+  - /docs/app-guides/supercronic/
+---
+
+<figure>
+  <img src="http://github.com/static/images/supercronic.png" alt="Illustration by Annie Ruygt of Framkie the balloon wearing a sash and a prize ribbon in a gymnasium hall while a bird looks with admiration" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+`crontab` is a little too opinionated for containers—it's a great little tool, but when run inside of containers it doesn't grab `ENV` vars how we'd like it to. Fortunately there's a Go binary called `supercronic` that's a drop-in replacement for containers.
+
+The good news is that it's pretty easy to get it running on Fly with a little bit of copy and pasting. Let's get to it.
+
+## Create a crontab file
+
+In the root of your project, add a `crontab` file.
+
+```
+touch ./crontab
+```
+
+If you need to run a job every 5 minutes, your `crontab` file would something like this:
+
+```
+*/5 * * * * echo "hello world!"
+```
+
+Check out [cron.help](https://cron.help+external) if you need a quick crontab syntax reference.
+
+## Install `supercronic` in the container
+
+The [latest releases for supercronic](https://github.com/aptible/supercronic/releases+external) are on [GitHub](https://github.com/aptible/supercronic+external), where they include copy pasta 🍝instructions for getting it in your Dockerfile. As of January 2024, the current version of `supercronic` is v0.2.29. You'll want to check the [releases page](https://github.com/aptible/supercronic/releases+external) for the latest version, but here's what it looks like now:
+
+```
+# Latest releases available at https://github.com/aptible/supercronic/releases
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.29/supercronic-linux-amd64 \
+    SUPERCRONIC=supercronic-linux-amd64 \
+    SUPERCRONIC_SHA1SUM=cd48d45c4b10f3f0bfdd3a57d054cd05ac96812b
+
+RUN curl -fsSLO "$SUPERCRONIC_URL" \
+ && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+ && chmod +x "$SUPERCRONIC" \
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+
+# You might need to change this depending on where your crontab is located
+COPY crontab crontab
+```
+
+After you put that in your Dockerfile, we're going to configure Fly to run only one instance of `supercronic`. Why? Because if you have a cronjob that does something like deliver emails to customers, you only want them to get that once. The last thing you want is them getting as many emails from your services that matches the number of instances you're running.
+
+## Setup a web & cron process
+
+At the bottom of the `fly.toml` file, add the following:
+
+```
+[processes]
+  # The command below is used to launch a Rails server; be sure to
+  # replace with the command you're using to launch your server.
+  web = "bin/rails fly:server"
+  cron = "supercronic /app/crontab"
+```
+
+Then we have to tell Fly that your `web` process matches up with a service by having this under the `[[services]].`
+
+```
+# Make sure there's only one `processes` entry under `[[services]]`
+[[services]]
+  processes = ["web"]
+```
+
+This change tells Fly that your `web` processes that you defined under `[processes]` will be exposed to the public internet. Your `cron` process won't be exposed to the public Internet because it doesn't need to!
+
+## Deploy & scale the new processes
+
+Now that we've added `supercronic` to our `Dockerfile`, put the `crontab` at the root of our project folder, and reconfigured the `fly.toml` file, we're ready to deploy to production.
+
+```
+$ fly deploy
+```
+
+Then we'll need to scale the processes so that we only run one virtual machine container with the `cron` process. Be sure to change `web` to whatever number you had before.
+
+```
+$ fly scale count cron=1 web=
+```
+
+That's it! If all went well you now have cron running in a `cron` process in a Fly virtual machine. When you `fly deploy` it will get the latest code changes and reboot the virtual machines.
+
+## Resources
+
+- [https://github.com/fly-apps/supercronic](https://github.com/fly-apps/supercronic+external)
+- [https://cron.help](https://cron.help+external)
+
+## Related Reading
+
+- [Task scheduling guide with Cron Manager and friends](/docs/blueprints/task-scheduling/) A broader look at scheduling jobs on Fly.io — covers Cron Manager, Supercronic, scheduled Machines, and more.
+- [Run multiple process groups in an app](/docs/launch/processes/) Explains how to define processes in `fly.toml`, run multiple programs (web, cron, workers), scale by group. 
+- [App Configuration (`fly.toml`)](/docs/reference/configuration/) In‑depth look at the config file that orchestrates your services, processes, health checks, etc.
\ No newline at end of file
diff --git a/blueprints/task-scheduling.html.md b/blueprints/task-scheduling.html.md
new file mode 100644
index 0000000000..b5755ddd44
--- /dev/null
+++ b/blueprints/task-scheduling.html.md
@@ -0,0 +1,149 @@
+---
+title: Task scheduling guide with Cron Manager and friends
+layout: docs
+nav: guides
+author: kcmartin
+categories:
+  - cron
+date: 2025-07-18
+---
+
+<figure>
+  <img src="http://github.com/static/images/task-scheuling.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon scheduling some tasks on his calendar" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Running on a schedule: it's not just for trains. If your app needs to rebuild a cache every night, prune old data, or email a weekly newsletter to your users, you’re probably looking for a way to run a cron job. Fly.io gives you a few ways to get that done.
+
+We’ll walk through options for task scheduling, starting with the most robust and ending with the “it works, okay?” tier.
+
+## Cron Manager
+
+[Cron Manager](https://github.com/fly-apps/cron-manager) is our “batteries-included” solution for running scheduled jobs. It’s a small Fly app that spins up temporary Machines—one per job—and tears them down afterward. Think of it as a very polite butler that rings a bell and quietly disappears before you remember you don’t have a butler.
+
+### How It Works
+
+You deploy Cron Manager as its own Fly app. It stays online, watching a `schedules.json` file. When a job’s scheduled time hits, it boots a one-off Machine with whatever image, region, and resources you specify. That Machine runs the command, exits, and disappears like a good container should.
+
+Jobs run in complete isolation—no shared environment, no weird state carried over from the last job. And because they’re just Fly Machines, you get all the perks: region placement, resource control, image selection, and clean logs.
+
+### Why Use This
+
+- **Isolation**: Each job gets its own Machine. Nothing leaks.
+- **Central config**: `schedules.json` lives in Git. Changes are versioned, auditable, and deployable.
+- **Easy updates**: Want to change a command or schedule? Update the file and redeploy.
+- **Job logs**: Each Machine has its own logs and lifecycle. Debugging isn’t a treasure hunt.
+
+### Setup
+
+1. Clone [cron-manager](https://github.com/fly-apps/cron-manager)
+1. Create a new Fly app and deploy it with `fly deploy`
+1. Set your `FLY_API_TOKEN` as a secret for the app
+1. Define your job schedules in `schedules.json`
+
+Here’s a sample job:
+
+```json
+{
+  "name": "daily-cache-rebuild",
+  "app_name": "my-app",
+  "schedule": "0 3 * * *",
+  "region": "lhr",
+  "command": ["bin/rebuild-cache"],
+  "command_timeout": 300,
+  "enabled": true,
+  "config": {
+    "image": "my-app-image",
+    "guest": { "cpu_kind": "shared", "cpus": 1, "memory_mb": 256 },
+    "restart": { "policy": "no" }
+  }
+}
+```
+
+### Managing Jobs
+
+Once deployed, you can:
+
+- List jobs: `cm schedules list`
+- Check history: `cm jobs list <schedule-id>`
+- Peek at details: `cm jobs show <job-id>`
+- Trigger one manually: `cm jobs trigger <schedule-id>`
+
+SSH into the Cron Manager VM if you need to do some spelunking.
+
+---
+
+## Supercronic
+
+Sometimes you don’t need a full orchestration layer—you just want a crontab to run inside your app container. Supercronic does that. It’s a container-friendly cron runner that handles environment variables correctly.
+
+### How It Works
+
+[Supercronic](/docs/blueprints/supercronic/) runs as a background process inside your app. You add a `crontab` file, install Supercronic in your Dockerfile, and define a `cron` process in `fly.toml`. Done.
+
+Well, almost done—remember to scale it correctly.
+
+### Setup
+
+1. Add a crontab file (`/app/crontab`) using standard syntax
+1. Install Supercronic in your Dockerfile
+1. In `fly.toml`:
+
+```
+[processes]
+app = "bin/server"
+cron = "supercronic /app/crontab"
+```
+
+1. Scale it:
+
+```bash
+fly scale count app=2 cron=1
+```
+
+Only run one copy of the cron process. Unless your goal is to send four copies of the same reminder email. (In which case, carry on.)
+
+---
+
+## Scheduled Machines
+
+Fly Machines support basic scheduling out of the box: you can tell a Machine to start hourly, daily, weekly, or monthly. The API is simple. The downside? You don’t get fine-grained control—just interval buckets.
+
+This is fine for non-critical cleanup tasks or anything where “roughly once a day” is good enough.
+
+---
+
+## In-App Scheduling
+
+If you’re already using a scheduler like `apscheduler` in a Python app—or you’ve duct-taped one together in Node—you can use it to call `fly machine run --rm` and spin up ephemeral Machines manually.
+
+This gives you full control and is technically elegant, though it does require some careful footwork. It’s the “build your own trigger system” option, best for when you’re already halfway there.
+
+---
+
+## Additional Options
+
+In addition to the options above, you can use an external scheduling service, like [GitHub Actions schedule](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#schedule), or [easycron](https://www.easycron.com/), an online cron service which can send out API requests to wake machines up.
+
+---
+
+## Summary
+
+| Option | Use When… | Good To Know |
+| --- | --- | --- |
+| **Cron Manager** | You want isolated, auditable job runs | Requires a separate app |
+| **Supercronic** | You want quick cron jobs inside your container | Keep the process count to one |
+| **Scheduled Machines** | You want simple, low-frequency jobs (~1x/day) | Not for precise timing |
+| **In-App Scheduler** | You want full control and don't mind plumbing | Write your own orchestration |
+
+If you're not sure where to start, Cron Manager is the most production-hardened option. But Supercronic gets you 80% of the way with almost no setup, and sometimes that’s all you need.
+
+---
+
+## Related Reading
+
+- [Cron Manager](https://github.com/fly-apps/cron-manager)
+- [Crontab with Supercronic](/docs/blueprints/supercronic/)
+- [Deferring long-running tasks to a work queue](/docs/blueprints/work-queues/)
+
diff --git a/blueprints/using-base-images-for-faster-deployments.html.md b/blueprints/using-base-images-for-faster-deployments.html.md
new file mode 100644
index 0000000000..08b3e6096d
--- /dev/null
+++ b/blueprints/using-base-images-for-faster-deployments.html.md
@@ -0,0 +1,272 @@
+---
+title: Using base images for faster deployments
+layout: docs
+nav: guides
+---
+
+<figure>
+  <img src="http://github.com/static/images/using-base-images.png" alt="Illustration by Annie Ruygt of the Docker whale carrying some containers" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+This guide explains how to use base images for faster deployments.  A base image is any image that is intended to be used as the `FROM` line in a Dockerfile.  Each app that is deployed on Fly.io can add an image to the Fly registry.
+
+Every app in the same organization can access the image for any other app and use it as the `FROM` line in their Dockerfile.  This means that it is very easy to make a base image by making a second app to use as the base image.
+
+## Why use a base image?
+
+Most developers have a specific reason for using a base image in their project.  Usually it's one of the following:
+
+* The base image can be built with all of their app's dependencies.  Rebuilding the app on top of this base image means the deploy process is only running the app-specific build processes, not the entire dependency tree.
+* The same app is deployed for a number of different end users.  Each end user has some specific files or configurations to build into the image.  A base image can get *most of the way* to the final configuration, and their app can do the final steps.
+
+
+## How to make a base image
+
+This guide walks through building and deploying an example application called go-fly-a-site, which runs a simple Go web server.  After deploying the app, you'll create a base image from its non-app-specific parts.  Finally, you'll update the app to use that base image.
+
+### Making the app
+
+Our program will be very simple.  It will respond to HTTP requests on port 8080 and respond with "Hello World!".
+
+```GO
+package main
+
+import (
+    "fmt"
+    "net/http"
+)
+
+func main() {
+    http.HandleFunc("/", HelloServer)
+    http.ListenAndServe(":8080", nil)
+}
+
+func HelloServer(w http.ResponseWriter, r *http.Request) {
+    fmt.Fprint(w, "Hello, world!\r\n")
+}
+
+```
+
+Create a Dockerfile based on Debian 12.  Install curl and go, compile the Go code, and configure the image to run the compiled binary.
+
+```Dockerfile
+FROM debian:12
+
+# Install Go
+RUN apt-get update; apt-get upgrade; apt-get -y install golang
+
+# Copy the code for our server to /opt/main.go
+COPY main.go /opt/main.go
+
+# Build /opt/server from the code in /opt/main.go
+RUN go build -o /opt/server /opt/main.go
+
+# Run our code from main.go as /opt/server
+CMD [ "/opt/server" ]
+```
+
+With `main.go` and the `Dockerfile` in your project directory, deploy the application:
+
+```bash
+$ fly launch --name go-fly-a-site --vm-size shared-cpu-1x --no-deploy
+....
+Your app is ready! Deploy with `flyctl deploy`
+```
+
+Now we have an additional file, `fly.toml` and have created the app `go-fly-a-site`.
+
+Deploy the app:
+
+```bash
+$ fly deploy
+==> Verifying app config
+Validating /Users/fly/Code/go-fly-a-site/fly.toml
+✓ Configuration is valid
+--> Verified app config
+==> Building image
+==> Building image with Depot
+--> build:
+...
+
+Visit your newly deployed app at https://go-fly-a-site.fly.dev/
+
+```
+
+We can see it's running:
+
+```bash
+$ curl https://go-fly-a-site.fly.dev/
+Hello, world!
+```
+
+Now our app is built and running.  This is great, but each time we `fly deploy` we might be reinstalling Go through apt.  We probably want to do that much less often than we want to update our `main.go`, so we can make a base image that installs go for us.
+
+### Make a base image
+
+Let's make a new file called `base.Dockerfile`.  For this file, we will keep the Go install.  We will replace the previous `CMD` statement with `[ "sleep", "inf" ]` so that we can easily SSH into this image to inspect it if needed in the future.
+
+
+```Dockerfile
+FROM debian:12
+
+# Install Go
+RUN apt-get update; apt-get upgrade; apt-get -y install golang
+
+CMD [ "sleep", "inf" ]
+```
+Copy `fly.toml` to `fly-base.toml` and make the following modification:
+
+* Append -base to the app name.
+* Explicitly include dockerfile in the `[build]` section.
+* Remove the `[http_service]` section.
+
+The resulting file looks like this:
+
+```toml
+app = 'go-fly-a-site-base'
+primary_region = 'lax'
+
+[build]
+    dockerfile = "base.Dockerfile"
+
+[[vm]]
+  size = 'shared-cpu-1x'
+```
+
+Create the app using the following options:
+
+* `--ha=false` ensures the app uses a single Machine.
+* `--config base.fly.toml` specifies the correct config file.
+
+When prompted about the existing `fly.toml` file, select yes to copy its configuration. You can skip tweaking the settings.
+
+```bash
+$ fly launch --ha=false --config base.fly.toml
+An existing fly.toml file was found for app go-fly-a-site-base
+? Would you like to copy its configuration to the new app? Yes
+Using build strategies '[the "base.Dockerfile" dockerfile]'. Remove [build] from fly.toml to force a rescan
+Creating app in /Users/fly/Code/go-fly-a-site
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+...
+Region:       Los Angeles, California (US) (from your fly.toml)
+App Machines: shared-cpu-1x, 256MB RAM     (from your fly.toml)
+...
+
+? Do you want to tweak these settings before proceeding? (y/N)
+Created app 'go-fly-a-site-base' in organization 'personal'
+Admin URL: https://fly.io/apps/go-fly-a-site-base
+Hostname: go-fly-a-site-base.fly.dev
+Wrote config file base.fly.toml
+...
+--> build:
+--> Building image done
+image: registry.fly.io/go-fly-a-site-base:deployment-01JTKF7JXJ1ZGMA76GCJ5WGZQZ
+image size: 233 MB
+```
+
+Some things to note:
+
+* We have the base image name we can use, it's the URL provided in `image:`.
+* When we go to the admin URL, we can click **Registry** and see the same image URL.
+* The **Registry** will have the list of images that have been created.
+* Any app in your organization can use the image URL for a `FROM` statement in a Dockerfile.
+* Apps in any other organization will get an error if they try to use this image.
+
+
+### Updating the app to use the base image
+
+After creating the base image, update the Dockerfile for go-fly-a-site:
+
+
+```Dockerfile
+FROM registry.fly.io/go-fly-a-site-base:deployment-01JTKF7JXJ1ZGMA76GCJ5WGZQZ
+
+# Copy the code for our server to /opt/main.go
+COPY main.go /opt/main.go
+
+# Build /opt/server from the code in /opt/main.go
+RUN go build -o /opt/server /opt/main.go
+
+# Run our code from main.go as /opt/server
+CMD [ "/opt/server" ]
+```
+
+With the updated Dockerfile in place, deploy the app with `fly deploy`.
+
+```bash
+$ fly deploy
+==> Verifying app config
+Validating /Users/fly/Code/go-fly-a-site/fly.toml
+✓ Configuration is valid
+--> Verified app config
+==> Building image
+==> Building image with Depot
+--> build:
+[+] Building 20.7s (8/8) FINISHED
+ ...
+ => [internal] load metadata for registry.fly.io go-fly-a-site-base:deployment-01JTKF7JXJ1ZGMA76GCJ5WGZQZ
+ ...
+ ```
+
+ We can see that it used the new base image, and the application is running:
+
+```bash
+$ curl https://go-fly-a-site.fly.dev/
+Hello, world!
+```
+
+We can shutdown the one Machine for the base image:
+
+```
+$ fly machine list --config base.fly.toml
+1 machines have been retrieved from app go-fly-a-site-base.
+View them in the UI here
+
+go-fly-a-site-base
+ID            	NAME               	...
+d890175f6940e8	wandering-wave-6179	...
+````
+
+Grab the Machine ID and then run `fly machine stop` with the app and Machine id:
+
+```bash
+$ fly machine stop d890175f6940e8 --config base.fly.toml
+Sending kill signal to machine d890175f6940e8...
+d890175f6940e8 has been successfully stopped
+```
+
+You’ll only be charged for the root file system storage of the image that's being stored.
+
+Now we have a base image for our project!  We can modify and deploy our `main.go` code without having to reinstall Go.  If we ever need to add additional dependencies to the base image, we just modify the `base.Dockerfile`, deploy it again, and get the new `image:` from the deploy command or in the **Registry** section of the app's dashboard.
+
+## Command Reference
+
+Get Machines for the base image: `fly machine list --config base.fly.toml`
+
+Start Machine for the base image: `fly machine start <ID_FROM_LIST>  --config base.fly.toml`
+
+Stop Machine for the base image: `fly machine stop <ID_FROM_LIST>  --config base.fly.toml`
+
+Get SSH access to the base image: `fly ssh console --config base.fly.toml` (Make sure the Machine is started)
+
+Rebuild the base image: `fly deploy --config base.fly.toml` (Update `base.Dockerfile` with your changes first, and remember to stop the Machine when you're done)
+
+## Additional Notes
+
+If you have a base image that many different apps will use, it can make sense to keep it all in its own app directory.  You can use `fly.toml` and `Dockerfile` like a normal app.
+
+The base image will stick around in the registry and as long as an image is associated with a Machine -- even if the Machine is stopped -- it won't be deleted.
+
+You can find the registry URL of the images for your base image in the dashboard under the **Registry** tab for the app, or by running `fly releases --image`
+
+## Related use case
+
+Want to skip the Fly builder and use Docker tools directly to manage your images?  See [Managing Docker Images with Fly.io's Private Registry](https://fly.io/docs/blueprints/using-the-fly-docker-registry/), a guide that walks through building, pushing, deploying, and managing images via Fly.io’s Docker registry!
+
+## Related reading
+
+- [Deploy with a Dockerfile](https://fly.io/docs/languages-and-frameworks/dockerfile/) The general guide on how to deploy apps from Dockerfiles — useful context when you’re building a base image.
+- [App Configuration (`fly.toml`)](https://fly.io/docs/reference/configuration/) Details on how your `fly.toml` orchestrates builds, images, and deployments.
diff --git a/blueprints/using-the-fly-docker-registry.html.md b/blueprints/using-the-fly-docker-registry.html.md
new file mode 100644
index 0000000000..38384d39e6
--- /dev/null
+++ b/blueprints/using-the-fly-docker-registry.html.md
@@ -0,0 +1,129 @@
+---
+title: Managing Docker Images with Fly.io's Private Registry
+layout: docs
+nav: guides
+---
+
+<figure>
+  <img src="http://github.com/static/images/using-the-fly-docker-reg.png" alt="Illustration by Annie Ruygt of Frankie the balloon and the Docker whale playing a game of bean bag toss" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Fly.io lets you deploy Docker containers as lightweight Firecracker VMs, running globally. While `fly launch` supports many frameworks and auto-generates deployment configurations, you can also build and push your own Docker images to Fly.io’s private registry and deploy them manually.
+
+This guide walks through building, pushing, deploying, and managing images via Fly.io’s Docker registry.
+
+## Tagging images for the Fly.io registry
+
+Each Fly.io app gets a dedicated registry path in the form of:
+
+```
+registry.fly.io/<your-app-name>
+```
+
+To create a new app:
+
+```sh
+fly apps create <your-app-name>
+```
+
+App names must be globally unique. You can generate a unique one automatically:
+
+```sh
+fly apps create --generate-name
+```
+
+Then tag your image for the app's registry:
+
+```sh
+docker build -t registry.fly.io/<your-app-name>:<your-tag> .
+```
+
+## Authenticating and pushing to the registry
+
+Authenticate Docker to use the Fly.io registry:
+
+```sh
+fly auth docker
+```
+
+This command updates your `~/.docker/config.json` with the required auth token for `registry.fly.io`. Once authenticated, push your image:
+
+```sh
+docker push registry.fly.io/<your-app-name>:<your-tag>
+```
+
+## Deploying the image
+
+You can deploy images from the Fly.io registry or public registries, depending on where the image is hosted.
+
+### To deploy a private image pushed to Fly.io's registry:
+
+Use the `--image` option with the `fly deploy` command:
+
+```sh
+fly deploy --app <your-app-name> --image registry.fly.io/<your-app-name>:<your-tag>
+```
+
+### To deploy a public image from Docker Hub or another public registry:
+
+Specify the image in your `fly.toml` file:
+
+```toml
+[build]
+  image = "flyio/hellofly:latest"
+```
+
+## Reusing images across apps
+
+Although registry URLs are structured per app, access is scoped per organization. This means you can push an image to `registry.fly.io/app-1` and use it in another app (e.g. `app-2`) if both apps are in the same Fly.io organization:
+
+```sh
+fly deploy --app app-2 --image registry.fly.io/app-1:tag
+```
+
+This pattern is useful for SaaS platforms that build once and deploy many times.
+
+## Verifying image existence
+
+You can verify that an image exists in the Fly registry without deploying it using Docker:
+
+```sh
+docker manifest inspect registry.fly.io/my-app-name:my-tag
+```
+
+This command returns data if the image exists, or exits with code 1 if it does not. It requires prior authentication using `fly auth docker`.
+
+For most workflows, use the `fly deploy --image` option with the Fly Docker registry. For advanced flows like multi-app SaaS provisioning, track image tags using `docker manifest inspect` or associate them with Machines to retain them.
+
+## Listing image tags
+
+There is no API or GraphQL query to list all image tags in the registry. Tags only become visible to Fly when they are part of a release. You can view deployed image references with:
+
+```sh
+fly releases -a my-app-name --image
+```
+
+If you're using the GraphQL API to query releases, use the following query format:
+
+```json
+{
+  "query": "query($appName: String!, $limit: Int!) { app(name: $appName) { releases: releasesUnprocessed(first: $limit) { nodes { id version description reason status imageRef stable user { id email name } createdAt } } } }",
+  "variables": {
+    "appName": "my-app-name",
+    "limit": 25
+  }
+}
+```
+
+This will only return images used in past deploys.
+
+## Related use case
+
+Want to optimize your deploys with shared layers and pre-installed dependencies? See the [Using base images for faster deployments](https://fly.io/docs/blueprints/using-base-images-for-faster-deployments/#how-to-make-a-base-image+external) blueprint.
+
+## Related reading
+
+- [Deploy with a Dockerfile](https://fly.io/docs/languages-and-frameworks/dockerfile/) The general guide on how to deploy apps from Dockerfiles — useful context when you’re building a base image.
+- [App Configuration (`fly.toml`)](https://fly.io/docs/reference/configuration/) Details on how your `fly.toml` orchestrates builds, images, and deployments.
diff --git a/blueprints/volume-forking.html.md b/blueprints/volume-forking.html.md
new file mode 100644
index 0000000000..9c3c605c7c
--- /dev/null
+++ b/blueprints/volume-forking.html.md
@@ -0,0 +1,130 @@
+---
+title: Using Fly Volume forks for faster startup times
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-09-12
+---
+
+<figure>
+  <img src="http://github.com/static/images/volume-forking.png" alt="Illustration by Annie Ruygt of a blimp and a Fly rocket flying side by side" class="w-full max-w-lg mx-auto">
+</figure>
+
+<div class="callout">
+**This guide shows how to preload large files onto volumes using forking to improve startup performance. This is especially useful for apps with big model files, binaries, or databases.**
+</div>
+
+## Overview
+
+If your app needs large local files like ML models, SQLite databases, or game assets, you're probably copying them into place at boot. Maybe you bake them into your image, or have your app download them on first run. This works, but it has downsides:
+
+- **Slow startup times**: waiting for multi-GB  file downloads.
+- **Wasted bandwidth**: each new machine pulls the same data.
+- **Image bloat**: large files increase your OCI/Docker image size.
+
+There's a better way. Write those files to a Fly Volume so they _persist_ after they've been downloaded. Fly Volumes support [forking](docs/volumes/volume-manage/#create-a-copy-of-a-volume-fork-a-volume), a fast, storage-efficient way to create new volumes preloaded with data, skipping downloads and startup delays.
+
+---
+
+## Why use this pattern?
+
+You’re cloning machines and want them to boot fast, with all their large files already in place.
+
+This isn’t about long-term persistence (though volumes can be used for that, too). It’s about getting cold-start performance close to warm-start, by skipping the “download half the internet” phase of your boot process.
+
+It’s especially useful when:
+
+- You’ve already run a setup step once and don’t want to repeat it.
+- Your app reads large files but doesn’t modify them.
+- You're scaling up on demand and startup time matters.
+
+---
+
+## How volume forking works
+
+When you fork a volume:
+
+- **Data is copied from the source volume**, block-for-block.
+- **Forked volumes are usable immediately**, even while they are in the hydrating state, thanks to lazy fetching (a system where data blocks are only fetched from the source volume when your app actually tries to read them).
+
+Your app can start reading files as soon as the fork succeeds. We start background replication right away, but behind the scenes we use a network block device to fetch blocks on demand. So startup is fast, and the data just shows up when your app asks for it.
+
+One tradeoff: disk access might be a little slower while the replication is ongoing. But for many apps, this beats the startup delay of downloading or unpacking files.
+
+---
+
+## Example: cloning a machine with preloaded data
+
+### 1. Make sure the source volume you want to fork is available
+
+```
+fly volumes list -a your-app
+```
+
+Pick the volume with the data you want to reuse.
+
+### 2. Fork the volume
+
+```
+fly volumes fork vol_abc123 -a your-app
+```
+
+You’ll get output like this:
+
+```
+              ID: vol_new_id
+            Name: volume_name
+             App: your-app
+          Region: yul
+            Zone: b5a1
+         Size GB: 20
+       Encrypted: true
+      Created at: 05 Sep 25 21:52 UTC
+```
+
+Note the `vol_new_id`.
+
+### 3. Clone the machine and attach the forked volume
+
+```
+fly machine clone <machine_id> --attach-volume vol_new_id
+```
+
+Now your new machine starts with the same data in place—no need for your app to download or generate it again.
+
+---
+
+## What to know
+
+- **Forks aren’t instant behind the scenes.** You can read from them immediately, but the full copy happens in the background. Disk I/O might be slower until replication finishes.
+- **Data is a snapshot, not a live link.** Changes to the original after forking don’t show up in the copy (and vice versa).
+- **You can fork cross‑region.** The `--region` flag allows you to target another region for the fork. If you skip it, the volume ends up in the same region by default.  Cross-region forks are expected to hydrate more slowly, since all data must be replicated over the network between regions.
+- **Forks have storage costs.** As blocks are fetched or written, forked volumes grow. Keep an eye on storage usage costs if you fork a lot.
+
+---
+
+## (Optional) Automate it in CI
+
+If you're scripting deploys or scaling machines dynamically, you can fold this pattern into a CI job or automation script.
+
+Here’s a rough sketch:
+
+```
+# Step 1: Fork the seed volume
+FORKED_VOL=$(fly volumes fork vol_abc123 -a your-app | grep ID | awk '{ print $2 }')
+
+# Step 2: Clone the machine and attach the fork
+fly machine clone <machine_id> --attach-volume $FORKED_VOL
+```
+
+This lets you create and attach preloaded volumes as part of your rollout process which is useful if you're standing up a new VM per job, or if you're scaling inference machines on demand.
+
+This is totally optional. Most folks will do this manually, or only once per release. But if you're already scripting `fly machine` operations, this fits right in.
+
+## Related reading
+
+- [Fly Volumes overview](/docs/volumes/overview/)
+- [Create and manage volumes](/docs/volumes/volume-manage/)
+- [Volume states](/docs/volumes/volume-states/)
+- `fly volumes fork` [reference](/docs/flyctl/volumes-fork/)
+
diff --git a/blueprints/work-queues.html.md b/blueprints/work-queues.html.md
new file mode 100644
index 0000000000..df43944ada
--- /dev/null
+++ b/blueprints/work-queues.html.md
@@ -0,0 +1,181 @@
+---
+title: Deferring long-running tasks to a distributed work queue
+layout: docs
+nav: guides
+author: kcmartin
+date: 2025-07-17
+---
+
+<figure>
+  <img src="http://github.com/static/images/work-queue.png" alt="Illustration by Annie Ruygt of a robot setting up a queue of boxes and tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Overview
+
+Some things just take a while. Generating a PDF. Calling a slow third-party API. Running a machine learning model. Sending an email newsletter, and retrying if the mail server flakes out.
+
+Whatever the reason, if your web app is sitting around waiting for that work to finish, you're doing it wrong. Not just in the “inefficient” sense—but in the “your app will time out and confuse users and make debugging miserable” sense.
+
+Instead, you should offload that work to a background worker.
+
+This isn’t a new idea. The pattern’s been around forever, often called a **work queue,** **job queue,** or **task queue.** Here’s the gist:
+
+- The web app gets a request.
+- Instead of doing everything right away, it drops a job onto a queue.
+- A separate process—called a worker—pulls jobs from that queue and handles them in the background.
+
+This means your web handler can respond immediately. It also means your background work can run on different machines, retry on failure, and scale independently from your frontend.
+
+You’ve probably already used something like this without realizing it. Ever sent an email via a task queue? That was a worker. Ever seen a spinner on a dashboard while a report gets generated? There's probably a job queue behind it.
+
+In this guide, we’ll show you how to set this up—using Celery if you're in Python, BullMQ if you're in Node, and Fly Machines if you're allergic to running idle containers.
+
+If you're already comfortable with queues, skip ahead. But if you’ve been stuffing async tasks into HTTP handlers and hoping for the best, this is your exit ramp. Let’s clean it up.
+
+---
+
+## Why use a work queue?
+
+- **Responsiveness**: Return HTTP responses instantly. Let workers take their time.
+- **Scalability**: Scale web servers and workers independently. No need to waste compute on idle async calls.
+- **Retries**: Jobs can fail and retry cleanly, without blocking a request or annoying a user.
+- **Cost efficiency**: With Fly Machines, you only pay for worker time while the job is running.
+- **Persistence**: Jobs don’t care if a user closes their browser tab. Work still gets done.
+
+---
+
+## Redis and Valkey
+
+Most of the tools in this guide use [Redis](https://redis.io/about/) as a message broker—a fast, in-memory data store that's great for short-lived messages and task queues. If you're deploying on Fly.io, we recommend trying [Valkey](https://valkey.io/), a fork of Redis with a more active community and governance model. You can set up a Valkey cluster without needing an Enterprise license. It works the same way but gives you more flexibility and long-term stability. You can deploy either Redis or Valkey yourself or use a managed service like [Upstash Redis](/docs/upstash/redis/).
+
+---
+
+## Option 1: Celery (Python)
+
+[Celery](https://docs.celeryq.dev/en/latest/getting-started/introduction.html) is a full-featured distributed task queue commonly used with Django and Flask.
+
+### How it works
+
+1. Your app enqueues a task to a message broker (Redis or RabbitMQ).
+1. A worker process picks up the task from the queue and executes it.
+1. Task results can optionally be stored (e.g., in Redis or your database).
+
+### Setup
+
+Install the basics:
+
+```bash
+pip install "celery[redis]" django-celery-results
+```
+
+Create a `celery.py`:
+
+```python
+from celery import Celery
+
+app = Celery("my_app")
+app.config_from_object("django.conf:settings", namespace="CELERY")
+app.autodiscover_tasks()
+```
+
+Use `@shared_task` for defining tasks:
+
+```python
+from celery import shared_task
+
+@shared_task(bind=True, autoretry_for=(Exception,), retry_backoff=3, retry_kwargs={"max_retries": 5})
+def crunch_numbers(self, arg):
+    ...
+```
+
+Run your worker:
+
+```bash
+celery -A my_app worker -l info
+```
+
+### Deploying to Fly.io
+
+Use `fly launch` to generate config and add Upstash Redis.
+
+Update `fly.toml`:
+
+```
+[processes]
+app = "gunicorn my_app.wsgi"
+worker = "celery -A my_app worker -l info"
+```
+
+Then:
+
+```bash
+fly deploy
+fly scale count worker=2
+```
+
+<div class="callout">**Region tip**: Put your Redis instance and workers in the same region (e.g. `ord`, `fra`) to avoid unnecessary latency and weird race conditions. </div>
+
+---
+
+## Option 2: On-Demand Workers with Fly Machines
+
+You don’t always need a persistent queue and worker pool. For low-frequency or one-off jobs, you can spin up a Fly Machine per task.
+
+### How it works
+
+1. Your app writes a job (params, metadata) to Redis/Valkey.
+1. It calls the Fly Machines API to spin up a temporary worker.
+1. The worker reads job data from Redis, runs it, and writes back the result.
+1. Your app polls Redis to check status and fetch results.
+1. You shut down the machine and clean up.
+
+This is great for jobs that don’t happen often, and it keeps your infrastructure lean. You can reuse your app image or build a dedicated worker image.
+
+Just make sure your job data and results are JSON-serializable.
+
+---
+
+## Option 3: BullMQ (Node.js)
+
+BullMQ is a Redis-backed queue system for Node.js apps. It works similarly to Celery:
+
+- Your app enqueues jobs to Redis/Valkey.
+- Workers pull jobs and execute them.
+- You get features like retries, rate limits, job delays, and concurrency control.
+
+BullMQ plays nicely with TypeScript, has good docs, and integrates well with modern backend frameworks like NestJS.
+
+Provision Redis via Upstash or use `fly redis create`.
+
+Scale workers as needed based on job load and machine size:
+
+```javascript
+const worker = new Worker("my-queue", async job => {
+  // do your work here
+}, { concurrency: 4 });
+```
+
+---
+
+## Other Options
+
+If none of the above tools fit your stack or mental model, there are plenty of alternatives:
+
+- **Sidekiq** (Ruby): The de facto standard for background jobs in Ruby and Rails apps. Redis-backed, battle-tested, and fast.
+- **Oban** (Phoenix) A robust background job processing library for Elixir 
+- **RQ** (Python): A simpler, more lightweight job queue than Celery, great for smaller projects or simpler needs.
+
+Most of these integrate with Redis/Valkey, some support more exotic brokers (like Postgres or Kafka), and all of them can be deployed on Fly.io with the right setup.
+
+---
+
+## Final Notes
+
+Whatever you do, don’t handle long-running jobs inside your HTTP request handlers. Use a job queue. Pick the right tool for your stack and use case, and let your web server get back to doing what it’s good at—responding fast and not melting down under load.
+
+
+
+## Related reading
+
+- [Async workers on Fly Machines](https://fly.io/blog/python-async-workers-on-fly-machines/)
+- [Celery and Django for async tasks](https://fly.io/django-beats/celery-async-tasks-on-fly-machines/)
diff --git a/build/assets/manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js b/build/assets/manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/build/assets/manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js.gz b/build/assets/manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js.gz
new file mode 100644
index 0000000000..66160efeab
Binary files /dev/null and b/build/assets/manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js.gz differ
diff --git a/build/assets/manifest.json b/build/assets/manifest.json
new file mode 100644
index 0000000000..959ddc75a3
--- /dev/null
+++ b/build/assets/manifest.json
@@ -0,0 +1 @@
+{"files":{"manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js":{"logical_path":"manifest.js","mtime":"2025-05-15T14:33:13-07:00","size":0,"digest":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","integrity":"sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="}},"assets":{"manifest.js":"manifest-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js"}}
\ No newline at end of file
diff --git a/caching/full-stack.html.md b/caching/full-stack.html.md
deleted file mode 100644
index 3487dcc38b..0000000000
--- a/caching/full-stack.html.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Full Stack Caching
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-Frameworks for full stack apps typically include powerful caching APIs. Developers can use these to cache everything from full HTTP responses to view partials to structured data. In general, the goal of caching in full stack apps is improve performance and levers for scaling.
-
-Users prefer fast applications regardless of scale. The standard caching APIs in frameworks give you a way to make your application fast without spending wasted time prematurely optimizing some of the more finicky bits of your app. Rather than over optimizing a DB schema that will probably change as you iterate, for example, you can cache a rendered view and avoid hitting the database altogether.
-
-Responsiveness is usually a function of latency. When a user requests data, applications typically deal with:
-
-* Input lag, how long it takes something they type/clip/tap/say to appear on the screen. If your app is simple you hopefully don't have to worry about this. If you put in a load of third party JavaScript, it might be a problem.
-* The "slow" speed of light: when a user sends data to your backend, they have to wait for a light to go from their device, through their ISP (which can be frightfully slow), across the world, and into your server.
-* Data processing time: you probably have to do some computering to handle a user's request and then generate a response.
-* The speed of light again! Your server sends data, it traverses the internet, arrives at the users (frightfully slow) ISP and lands on their device.
-* Render lag: there's more computering involved when a device paints information on a user's screen.
-
-Humans are reasonably sensitive to delays. Most people can perceive a slow down of as little as 100ms. The best apps have a latency budgets -- a "deadline" for responding to user input. This can vary a bit depending on the action, if a user makes a complicated request and gets a message that "we're working on it" very quickly, they might tolerate several seconds of delay. If they do something that seems simple (like click a URL on Google), they tend to be much less forgiving.
-
-Latency budgets are hard! You can really only control two things: (1) render performance and (2) how fast you can get data to a user's ISPs.
-
-Fly helps you get data to a user's ISP faster by running your app geographically near your users. A user who makes a request to your app in San Francisco, for example, will connect to a server running in San Jose, usually in under 5ms. If that same San Francisco user connects to New York City to use your application, it might take more like 150ms. Remember the 100ms "perceptible to humans" number? Light is so "slow" a human can perceive how long it takes to travel across the United States.
-
-So if your app just does some math without talking to a DB or an outside service, Fly is great! But apps that do that are boring. Your users probably care about data you manage on their behalf. If you're using a typical database, it's difficult and expensive to move close to users ... simplest to keep it in one place. So putting your app in different cities reduces latency between your users and the application logic, but might increase latency between your application logic and the data it uses to do magic.
-
-The trick is to avoid requesting data from your primary database. And when you do request "slow" data, to keep it in a fast cache store so you can skip that query next time.
-
-Fly hosted applications include local Redis cache storage. When you request data from your database, you can save the response (or a transformed version of the response) in the cache. The next time you request that data, you'll get it back in just a few milliseconds. Most framework cache APIs can use Redis, so if you enable caching in your app you'll see an immediate performance improvement on Fly with minimal code.
-
-## _View caching_
-
-Most popular frameworks offer Redis adapters for view caching. If you’ve configured view caching already, you can typically just add a Redis adapter library, and point at [Fly’s Redis cache](/docs/redis/).
-
-
-If your application purges the caches when data changes, you’ll need to add a little bit of logic to [send the purge/delete commands to `database 1`](/docs/redis/#managing-redis-data-globally) on your Fly Redis connection. This ensures they get applied in every region.
diff --git a/database-storage-guides.html.md b/database-storage-guides.html.md
index 82720aadd5..e25d8ca969 100644
--- a/database-storage-guides.html.md
+++ b/database-storage-guides.html.md
@@ -1,65 +1,37 @@
 ---
-title: Databases & Storage
+title: Databases and storage
 layout: docs
 toc: true
 nav: firecracker
 ---
 
-## Choosing an approach to storage
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/database-storage.png" alt="Illustration by Annie Ruygt of a tiger sleeping next to a storage device" class="w-full max-w-lg mx-auto">
+</figure>
 
-Often the solution to persistent data storage is to connect your Fly App to a separate database or object store.
 
-Fly.io offers a [deploy-it-yourself Postgres app](/docs/postgres/) with some tools to make it easier to manage yourself.
+## Managed database service
 
-If you need hardware-local disk storage on your Machines&mdash;for example, if your Fly App _is_ a database (or if you want to use [LiteFS](/docs/litefs))&mdash;then you'll want to use [Fly Volumes](/docs/volumes/).
+[Fly.io Managed Postgres](/docs/mpg/) is a production-ready Postgres service that handles the hard parts for you: high availability, automatic failover, encrypted backups, monitoring and metrics, seamless scaling, and 24/7 support to keep your data fast, safe, and always online.
 
-Explore these, and further options, for data storage in the following sections.
+## Key-value stores
 
-## Fly Volumes - Disk Storage
+**[Upstash for Redis](/docs/upstash/redis/)** - [Redis](https://redis.io/+external) is an in-memory database commonly used for caching. A managed service by [Upstash](https://upstash.com/+external).
 
-Anything an App VM writes to its root disk is ephemeral: when the VM is redeployed, the root file system is rebuilt using its Docker image, deleting any data written to it since it was started up. This is fine for `/tmp` files, but most apps need to keep state in a database or another form of persistent storage.
-
-- **[Fly Volumes](/docs/volumes/)** - Persistent storage on Fly.io is provided by Fly Volumes. You can use Volumes on an App directly, or run a separate database App with Volume storage and connect an App to that. A Fly Volume is a slice of NVMe disk storage attached to the server that hosts your Machine. Volumes have pros and cons, and you should read the [Fly volumes overview](/docs/reference/volumes/) before deciding whether they're the best solution for your use case.
-
-## Fly.io Database Projects
-
-These are projects that we develop and support. They're not managed services; you can deploy them yourself as Fly Apps.
-
-- **[Fly Postgres](/docs/postgres/)** - [PostgreSQL](https://www.postgresql.org/) is a popular relational database. When you deploy an App on Fly.io, we give you the option to launch a Fly Postgres App and attach it to your App. We provide tools for deployment and management; you manage the cluster once it's deployed.
-- **[LiteFS for SQLite](/docs/litefs/)** - [SQLite](https://www.sqlite.org/index.html) is a very lightweight file-based database. [LiteFS](/docs/litefs/) is a distributed file system that transparently replicates SQLite databases. You deploy it and you manage it.
-
-## Partner Integrations Running on Fly.io
-
-- **[Upstash for Redis](/docs/reference/redis/)** - [Redis](https://redis.io/) is an in-memory database commonly used for caching. A managed service by [Upstash](https://upstash.com/).
-
-## Other Storage Apps
-
-If your application calls for a different solution, you can deploy it yourself as an App on Fly.io. These examples can help you get started with other popular storage options.
-
-- **[MySQL and MariaDB](/docs/app-guides/mysql-on-fly/)** - [MySQL](https://www.mysql.com/) is a popular relational database. [MariaDB](https://mariadb.org/) is a community fork of MySQL and is compatible with MySQL.
+---
 
-- **[EdgeDB](/docs/app-guides/edgedb/)** - [EdgeDB](https://www.edgedb.com/) is a graph-relational database that runs on top of Postgres.
+## Fly Volumes - Disk storage
 
-- **[MinIO Object Storage](/docs/app-guides/minio/)** - [MinIO](https://min.io/) is software that allows you to self-host S3-compatible storage.
+The Fly Machines in your app provide ephemeral storage, so you get a blank slate on every startup. For hardware-local, persistent storage on Fly.io, use Fly Volumes. You can attach volumes on an app directly, or run a separate database app with volume storage and connect an app to that.
 
-## Recommended External Providers
+**[Fly Volumes](/docs/volumes/overview):** A Fly Volume is a slice of NVMe disk storage attached to the server that hosts your Machine. Read the [Fly Volumes overview](/docs/volumes/overview/) to find out if volumes are the best solution for your use case.
 
-If you want a fully managed database or storage solution for your Fly Apps, there are many great options, including:
+## Object storage service
 
-- [Crunchy Bridge Managed Postgres](https://www.crunchydata.com/products/crunchy-bridge) (on AWS, Azure, GCP, or Heroku)
-- [Neon Serverless Postgres](https://neon.tech/)
-- [PlanetScale Serverless MySQL](https://planetscale.com/) ([guide to use with Fly Apps](/docs/app-guides/planetscale/))
-- [Supabase Postgres](https://supabase.com/database)
-- [MinIO Hosted Object Storage](https://min.io/)
-- [Fauna](https://fauna.com/) ([guide to use with Fly Apps](/docs/app-guides/fauna/))
+**[Tigris Global Object Storage](/docs/tigris/)** - [Tigris](https://www.tigrisdata.com/+external) is a globally distributed S3-compatible object storage service hosted on Fly.io infrastructure.
 
-## Other Places
+---
 
-You can connect your Fly Apps to the usual suspects, too:
+## Have a project with special database or storage requirements?
 
-- [Amazon RDS for PostgreSQL](https://aws.amazon.com/rds/postgresql/)
-- [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/products/postgresql/#overview)
-- [Digital Ocean Managed Postgres](https://www.digitalocean.com/products/managed-databases-postgresql)
-- [Google Cloud SQL for PostgreSQL](https://cloud.google.com/sql/docs/postgres/)
-- [Heroku Managed Data Services](https://www.heroku.com/managed-data-services)
-- [AWS S3 Object Storage](https://aws.amazon.com/s3/)
+If your project calls for something else, most external databases and storage providers work well with Fly.io. You might just need to spend a bit more time wiring up the networking.
diff --git a/deep-dive/application.html.markerb b/deep-dive/application.html.markerb
new file mode 100644
index 0000000000..3eb912216e
--- /dev/null
+++ b/deep-dive/application.html.markerb
@@ -0,0 +1,22 @@
+---
+title: Your Fly App
+layout: docs
+nav: demo
+order: 4
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/your_fly_app.png" alt="Illustration by Annie Ruygt of an app cube flying near two Fly balloons" class="w-full max-w-lg mx-auto">
+</figure>
+
+Your demo app is running by default on two [Fly Machines](/docs/machines/), our fast-launching VMs.
+
+Both Machines stop when not in use, and start automatically when a new request comes in. [Autostop/autostart](/docs/launch/autostop-autostart/) is entirely configurable. You can chose to suspend instead of stop, configure a minimum number of Machines to keep running, or even decide never to stop Machines at all.
+
+The purpose of two Machines is twofold: redundancy and scalability. If one Machine goes down, the other can continue on. If both are available, when your app has higher traffic, both can be started to handle requests. You can [vertically scale](/launch/scale-machine/) the CPU and RAM on Machines.
+
+You can also [horizontally scale](/docs/launch/scale-count/) the number of Machines. You can scale out to different regions with the `fly scale count` command too. If you have a co-worker on another continent, create a Machine there.
+
+Familiarize yourself with the [fly.toml](/docs/reference/configuration/) config file. Make a change there--or to any part of your app--and run `fly deploy` to update your app.
+
+Your Fly App takes advantage of [Anycast routing](/docs/networking/services/), a [load-balancing proxy](/docs/reference/fly-proxy/), and [private networking](/docs/networking/private-networking/). You can also create [DNS certificates for custom domains](/docs/networking/custom-domain/).
diff --git a/deep-dive/django.html.markerb b/deep-dive/django.html.markerb
new file mode 100644
index 0000000000..c7f6a6ef2b
--- /dev/null
+++ b/deep-dive/django.html.markerb
@@ -0,0 +1,43 @@
+---
+title: Django demo reference
+layout: docs
+nav: demo
+---
+
+The Django source is on [GitHub](https://github.com/fly-apps/django-dictaphone/).
+`fly launch` will provide a [`Dockerfile`](https://docs.docker.com/reference/dockerfile/)
+ and a [`fly.toml`](/docs/reference/configuration/) config file.
+ When you make changes to your application, you can use 
+ [dockerfile-django](https://github.com/fly-apps/dockerfile-django?tab=readme-ov-file#dockerfile-generator-for-django-projects)
+to produce updated Dockerfiles.
+
+How the pieces are put together:
+
+* The original web-dictaphone app (minus the HTML) is in the
+  [static](https://github.com/fly-apps/django-dictaphone/tree/main/static) directory,
+  and contains icons, scripts, styles, and a web manifest; all served as
+  static files.
+* [`clips/templates/clips/index.html`](https://github.com/fly-apps/django-dictaphone/blob/main/clips/templates/clips/index.html) contains the HTML template.
+* [Django Models and databases](https://docs.djangoproject.com/en/5.1/topics/db/) is [configured](https://github.com/fly-apps/django-dictaphone/blob/2a9ec4ceb728e657aeec76477d87ea1a8627523a/dictaphone/settings.py#L89-L102) to use Sqlite3 as the database in development mode, and
+  PostgreSQL in production. Access to the database is through the `DATABASE_URL` secret.
+* [Django Storages](https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html) is [configured](https://github.com/fly-apps/django-dictaphone/blob/2a9ec4ceb728e657aeec76477d87ea1a8627523a/dictaphone/settings.py#L104-L117) to write to the filesystem
+  in development and Tigris in production.  The following secrets are used to
+  establish the connection: `AWS_ACCESS_KEY_ID`, `AWS_ENDPOINT_URL_S3`, `AWS_REGION`, `AWS_SECRET_ACCESS_KEY`, and `BUCKET_NAME`.
+* [Django Channels](https://channels.readthedocs.io/en/latest/) is [configured](https://github.com/fly-apps/django-dictaphone/blob/2a9ec4ceb728e657aeec76477d87ea1a8627523a/dictaphone/settings.py#L119-L135) to use an in memory channel in development and Redis in production
+  based using the `REDIS_URL` secret.
+
+Key points of logic:
+
+* [`static/scripts/app.js`](https://github.com/fly-apps/django-dictaphone/blob/main/static/scripts/app.js)
+  has been modified to make server requests at various points using
+  [the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch).
+* [`clips/views.py`](https://github.com/fly-apps/django-dictaphone/blob/main/clips/views.py) contains
+  the logic to build responses to requests for the index page, and to GET, PUT,
+  and DELETE audio clips.
+* The server side realtime implementation code is primarily in [Django Channels](https://channels.readthedocs.io/en/latest/), so all that is needed is a few lines in [`clips/models.py`](https://github.com/fly-apps/django-dictaphone/blob/b1bb70cc513bd4977dc74fd56dfff86b8f2d12ec/clips/models.py#L20-L25).
+  The client side is provided by [`static/scripts/websocket.js`](https://github.com/fly-apps/django-dictaphone/blob/main/static/scripts/websocket.js).
+  When update notifications are received, the index page is re-retrieved and the body of the DOM is replaced with new contents.
+* When the `WHISPER_URL` secret is set, `PUT` requests will cause the audio clips
+  to be passed to the Whisper server, and responses will be used to update the
+  PostgreSQL database.  This is done using [Celery](https://docs.celeryq.dev/en/stable/django/first-steps-with-django.html).
+  The code for this is in [`clips/tasks.py`](https://github.com/fly-apps/django-dictaphone/blob/main/clips/tasks.py).
\ No newline at end of file
diff --git a/deep-dive/index.html.markerb b/deep-dive/index.html.markerb
new file mode 100644
index 0000000000..3e4ff3495f
--- /dev/null
+++ b/deep-dive/index.html.markerb
@@ -0,0 +1,74 @@
+---
+title: Deep dive demo
+layout: docs
+nav: demo
+toc: true
+---
+
+<figure>
+  <img src="http://github.com/static/images/deep-dive.png" alt="Illustration by Annie Ruygt of a bird in a diver costume, swimming under water" class="w-full max-w-lg mx-auto">
+</figure>
+
+Welcome to our deep dive demo, where you can explore Fly.io more thoroughly, but in a time-boxed way. In one hour or less: get a fully-functioning app running in the first few minutes, and then have enough time left over to understand what you just did, explore how the pieces fit together, and even integrate AI functionality that makes use of GPUs.
+
+## Goals of the deep dive
+
+It's really just one goal:
+
+**Help you find out if Fly.io is the right place for you.**
+
+If you came from our [Speedrun](https://fly.io/speedrun) or [Getting started](https://fly.io/docs/getting-started/) pages, maybe you want to go beyond `hello world` and explore the platform so you can feel confident that you're choosing a provider that can support you now, and scale with you later on as you grow.
+
+Maybe you're concerned about lock in. You want to use services from other places and even eject entirely and go elsewhere if things don't work out.
+
+Perhaps it is a simple as you feel it is easier to tune and evolve a working
+system than it is to debug why your application doesn’t launch on an unfamiliar
+platform.
+
+If you don't get a good feeling within an hour, you're out of here. If you do get a good feeling, then stick around and try launching the app that you brought here to launch.
+
+## Beyond `hello fly`
+
+A real-world application has, at a minimum, the following components:
+
+* An HTML form and a database; typically a relational database.
+* The ability to handle media files or documents, generally using S3.
+* A multi-user and realtime component, where changes made by one person in one location are reflected instantly in the browser of another person.
+
+To get a fully-functional app running smoothly, you need a whole bunch of things; things like Anycast routing, load balancers, DNS certificates, WebSockets, an internal private network, a relational database, an object store, and an in-memory database. And the knowledge to connect them all together.
+
+Connecting complex components together generally takes an unpredictable amount of time due to surprises.  Usually, set up for a complete app typically takes a _minimum_ of an afternoon's worth of work, even if you're familiar with a cloud platform.  We will be up and running in minutes.
+
+Fly.io minimizes surprises by taking a lot of work off your plate with our [Public Network Services](https://fly.io/docs/networking/services/), [Fly Proxy routing](/docs/reference/fly-proxy/), out-of-the-box [Private Networking](/docs/networking/private-networking/), and preconfigured databases.
+While we can't promise no surprises, we can show you how we'll partner with you to handle some of the dev ops complexities of working in a public cloud.
+
+## So what is this deep dive demo app?
+
+The deep dive demo uses industry standard components that you can run on your laptop, a VPS, AWS EC2, Google Compute Engine, or Azure.
+
+### Web Dictaphone -- Fly.io edition
+
+The deep dive demo is based on [MDN's Web Dictaphone](https://github.com/mdn/dom-examples/tree/main/media/web-dictaphone+external).
+You can play with a [live demo hosted on GitHub](https://mdn.github.io/dom-examples/media/web-dictaphone/+external). The Web Dictaphone app is about as basic of an HTML form as you can get, and it has the added bonus of providing the ability to generate as many media files as you want using only your voice.
+
+The basic Web Dictaphone is client side only, requiring a web server that can deploy static assets (HTML, CSS, JS, images), like nginx, Apache HTTPd, or Caddy. Storing the data in databases for our deep dive demo requires a server that can handle HTTP GET, POST, PUT, and DELETE requests. The choice of server varies depending on the language or framework.
+
+The demo includes the following components:
+
+* A [PostgreSQL](https://www.postgresql.org/+external) relational database to store the names of the audio clips
+* A [Tigris bucket](https://www.tigrisdata.com/+external) to store the audio files
+* [Upstash for Redis](https://fly.io/docs/reference/redis/) and [WebSockets](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API+external) to handle the connections for the realtime requirement
+
+### Available runtimes
+
+Our deep dive demo comes in five flavors (so far):
+
+  * [Django](/docs/deep-dive/django/)
+  * [Next.js](/docs/deep-dive/nextjs/)
+  * [Node.js](/docs/deep-dive/nodejs/)
+  * [Phoenix](/docs/deep-dive/phoenix/)
+  * [Rails](/docs/deep-dive/rails/)
+
+---
+
+**Next:** [Launch the demo](/docs/deep-dive/launch-deep-dive/)
diff --git a/deep-dive/launch-deep-dive.html.markerb b/deep-dive/launch-deep-dive.html.markerb
new file mode 100644
index 0000000000..379e1bb496
--- /dev/null
+++ b/deep-dive/launch-deep-dive.html.markerb
@@ -0,0 +1,66 @@
+---
+title: Launch the demo
+layout: docs
+nav: demo
+order: 3
+---
+
+Let's get right to it.
+
+**Step 0:** To get set up to run the deep dive demo on Fly.io, all you need to do is install Node, Phoenix, Python, or Ruby and create an empty project directory. 
+
+After that there are only two steps.
+
+**Step 1:** [Install flyctl](https://fly.io/docs/flyctl/install/).
+
+**Step 2:** Run one of the following: 
+```cmd
+fly launch --from https://github.com/fly-apps/django-dictaphone
+```
+-or-
+```cmd
+fly launch --from https://github.com/fly-apps/node-dictaphone
+```
+-or-
+```cmd
+fly launch --from https://github.com/fly-apps/nextjs-dictaphone
+```
+-or-
+```cmd
+fly launch --from https://github.com/fly-apps/phoenix-dictaphone
+```
+-or-
+```cmd
+fly launch --from https://github.com/fly-apps/rails-dictaphone
+```
+
+If you're new to Fly.io, the second step will take you to a page where you can register before continuing. 
+
+The `fly launch` output describes what you'll be getting for the app, and gives you an opportunity to tweak the settings. (Suggestion: don't. The defaults are fine for this demo and we'll walk you through how to adjust them later.) And then it will build and assemble and wire up your app.
+
+Take your time and play with it. Open the application in multiple browser windows. Send a link to a friend on another continent and watch your browser update in realtime.
+
+And then relax. We promised you it would be less than an hour. You're already up and running. If you are so inclined, try bringing up this exact same application on another cloud provider. We don't mind. In fact, we encourage it. Just please don't count the time you spent there against the hour you set aside for this demo!
+
+## Explore the result of `fly launch`
+
+Once you're back and/or rested up, explore the app and add-on components. Feel free to review the following in any order, or chose to skip ahead:
+
+  * [Your Fly App](../application/)
+  * [PostgreSQL database](../postgresql/)
+  * [Tigris Object Storage](../tigris/)
+  * [Upstash Redis](../redis/)
+
+## Runtimes
+
+Optional, but if you haven't yet dived in, details are provided for each runtime:
+
+  * [Django](../django/)
+  * [Next.js](../nextjs/)
+  * [Node.js](../nodejs/)
+  * [Phoenix](../phoenix/)
+  * [Rails](../rails/)
+
+--- 
+
+**Next:** Add [OpenAI Whisper](../whisper/) speech recognition as a bonus.
diff --git a/deep-dive/nextjs.html.markerb b/deep-dive/nextjs.html.markerb
new file mode 100644
index 0000000000..180f3cbade
--- /dev/null
+++ b/deep-dive/nextjs.html.markerb
@@ -0,0 +1,55 @@
+---
+title: Next.js demo reference
+layout: docs
+nav: demo
+---
+
+
+
+The Next.js demo source is on [GitHub](https://github.com/fly-apps/nextjs-dictaphone).
+`fly launch` will provide a [`Dockerfile`](https://docs.docker.com/reference/dockerfile/)
+ and a [`fly.toml`](https://fly.io/docs/reference/configuration/) config file. When you make changes to your application, you can run `npx @flydotio/dockerfile` to produce updated Dockerfiles.
+
+How the pieces are put together:
+
+* The original web-dictaphone app is placed in the [Next.js app](https://nextjs.org/docs/app) directory:
+    * [`app/dictaphone.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/dictaphone.js)
+      contains the JavaScript.
+    * [`app/globals.css`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/globals.css) contains
+      the stylesheets.
+    * [`app/page.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/page.js) contains the HTML
+* [`server.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/server.js) and
+  [`app/audio/[name]/route.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/audio/%5Bname%5D/route.js) contain
+  the server implementation.
+* The [pg](https://www.npmjs.com/package/pg) module is used to access PostgreSQL.
+  Access to the database is through the `DATABASE_URL` secret.  This module is low level
+  which is sufficient for this demo, but most modern Node.js applications use
+  an [ORM](https://amplication.com/blog/top-6-orms-for-modern-nodejs-app-development).
+* The [AWS SDK for JavaScript](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html)
+  is used to access Tigris.  The following secrets are used to
+  establish the connection: `AWS_ACCESS_KEY_ID`, `AWS_ENDPOINT_URL_S3`, `AWS_REGION`, `AWS_SECRET_ACCESS_KEY`, and `BUCKET_NAME`.
+* The [express-ws](https://github.com/HenningM/express-ws?tab=readme-ov-file#express-ws-)
+  module is used for [WebSocket](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API) support.
+* The [redis](https://github.com/redis/node-redis?tab=readme-ov-file#node-redis) module
+  is used to access Redis.  The `REDIS_URL` secret is used to access the database.
+
+Key points of logic:
+
+* [`app/page.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/page.js) contains the
+  home page.  All of the clip data comes from web sockets.
+* [`app/dictaphone.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/dictaphone.js)
+  has been modified to make server requests at various points using
+  [the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch); the delete
+  and rename actions are split out so that they can be referenced by the React JSX Home page view.
+* [`server.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/server.js) contains 
+  the WebSocket code, and delegates to Next.js to render the rest.
+* [`pubsub.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/pubsub.js) contains the
+  interface to Redis.  It is split out from the server to avoid circular dependencies.
+* [`app/audio/[name]/route.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/audio/%5Bname%5D/route.js) contains
+  the logic to build responses to requests to GET, PUT,
+  and DELETE audio clips.
+* [`app/page.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/ac1abcdc9cb1dfa7de08c682b26034e76ad34cc6/app/page.js#L12-L21)
+  contains the client implementation of web sockets.
+* When the `WHISPER_URL` secret is set, `PUT` requests will cause the audio clips
+  to be passed to the Whisper server, and responses will be used to update the
+  PostgreSQL database. The code for this is in [`app/audio/[name]/route.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/459774ec9ebebdf6f991adaa6c88509854ffe34e/app/audio/%5Bname%5D/route.js#L90-L118).
diff --git a/deep-dive/nodejs.html.markerb b/deep-dive/nodejs.html.markerb
new file mode 100644
index 0000000000..ed10bb1dc0
--- /dev/null
+++ b/deep-dive/nodejs.html.markerb
@@ -0,0 +1,53 @@
+---
+title: Node.js demo reference
+layout: docs
+nav: demo
+---
+
+
+
+The Node.js demo source is on [GitHub](https://github.com/fly-apps/node-dictaphone).
+`fly launch` will provide a [`Dockerfile`](https://docs.docker.com/reference/dockerfile/)
+ and a [`fly.toml`](https://fly.io/docs/reference/configuration/) config file. When you make changes to your application, you can run `npx @flydotio/dockerfile` to produce updated Dockerfiles.
+
+How the pieces are put together:
+
+* The original web-dictaphone app (minus the HTML) is in the
+  [public](https://github.com/fly-apps/node-dictaphone/tree/main/public) directory,
+  and contains icons, scripts, styles, and a web manifest; all served as
+  static files.
+* [`views/index.ejs`](https://github.com/fly-apps/node-dictaphone/blob/main/views/index.ejs) contains the HTML template.
+* [app.js](https://github.com/fly-apps/node-dictaphone/blob/main/app.js) contains
+  the server implementation, based on [Express.js](https://expressjs.com/).  There
+  are lots of JavaScript frameworks out there, this is perhaps the oldest and most
+  minimalist.
+* The [pg](https://www.npmjs.com/package/pg) module is used to access PostgreSQL.
+  Access to the database is through the `DATABASE_URL` secret.  This module is low level
+  which is sufficient for this demo, but most modern Node.js applications use
+  an [ORM](https://amplication.com/blog/top-6-orms-for-modern-nodejs-app-development).
+* The [AWS SDK for JavaScript](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html)
+  is used to access Tigris.  The following secrets are used to
+  establish the connection: `AWS_ACCESS_KEY_ID`, `AWS_ENDPOINT_URL_S3`, `AWS_REGION`, `AWS_SECRET_ACCESS_KEY`, and `BUCKET_NAME`.
+* The [express-ws](https://github.com/HenningM/express-ws?tab=readme-ov-file#express-ws-)
+  module is used for [WebSocket](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API) support.
+* The [redis](https://github.com/redis/node-redis?tab=readme-ov-file#node-redis) module
+  is used to access Redis.  The `REDIS_URL` secret is used to access the database.
+
+Key points of logic:
+
+* [`public/scripts/app.js`](https://github.com/fly-apps/node-dictaphone/blob/main/public/scripts/app.js)
+  has been modified to make server requests at various points using
+  [the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch).
+* [`app.js`](https://github.com/fly-apps/node-dictaphone/blob/main/app.js) contains
+  the logic to build responses to requests for the index page, and to GET, PUT,
+  and DELETE audio clips.
+* [`pubsub.js`](https://github.com/fly-apps/node-dictaphone/blob/main/pubsub.js) contains
+  the logic to subscribe to a `dictaphone:timestamp` redis queue, and to
+  forward updates to all open websocket connections.
+* [`websocket.js`](https://github.com/fly-apps/node-dictaphone/blob/main/public/scripts/websocket.js)
+  contains the client implementation of web sockets.  When update notifications
+  are received, the index page is re-retrieved and the body of the DOM is
+  replaced with new contents.
+* When the `WHISPER_URL` secret is set, `PUT` requests will cause the audio clips
+  to be passed to the Whisper server, and responses will be used to update the
+  PostgreSQL database. The code for this is in [app.js](https://github.com/fly-apps/node-dictaphone/blob/1e84a4dece6888dfc68880d146b46511d47391b3/app.js#L102-L129).
diff --git a/deep-dive/phoenix.html.markerb b/deep-dive/phoenix.html.markerb
new file mode 100644
index 0000000000..7f2b68c7db
--- /dev/null
+++ b/deep-dive/phoenix.html.markerb
@@ -0,0 +1,51 @@
+---
+title: Phoenix demo reference
+layout: docs
+nav: demo
+---
+
+The Phoenix demo source is on [GitHub](https://github.com/fly-apps/phoenix-dictaphone).
+`fly launch` will provide a [`Dockerfile`](https://docs.docker.com/reference/dockerfile/)
+ and a [`fly.toml`](https://fly.io/docs/reference/configuration/) config file.
+
+How the pieces are put together:
+
+* The original web-dictaphone app is spread throughout your application:
+    * [`assets/js/dictaphone.js`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/assets/js/dictaphone.js)
+      contains the JavaScript.
+    * [`assets/css/dictaphone.css`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/assets/css/dictaphone.css) contains
+      the stylesheets.
+    * [`priv/static/favicon.ico`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/priv/static/favicon.ico) contains your image
+    * [`lib/dictaphone_web/live/dictaphone.html.heex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/live/dictaphone.html.heex) contains the HTML
+* [`lib/dictaphone_web/live/dictaphone.ex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/live/dictaphone.ex) and
+  [`lib/dictaphone_web/controllers/audio_controller.ex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/controllers/audio_controller.ex) contain
+  the server implementation.
+* [Ecto.Adapters.Postgres](Ecto.Adapters.Postgres) is used to access PostgreSQL.
+  Access to the database is through the `DATABASE_URL` secret.
+* [ExAws.S3](https://hexdocs.pm/ex_aws_s3/ExAws.S3.html)
+  is used to access Tigris.  The following secrets are used to
+  establish the connection: `AWS_ACCESS_KEY_ID`, `AWS_ENDPOINT_URL_S3`, `AWS_REGION`, `AWS_SECRET_ACCESS_KEY`, and `BUCKET_NAME`.
+* [Phoenix.LiveView](https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.html)
+  module is used for [WebSocket](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API) support.
+* [Phoenix.PubSub.Redis](https://hexdocs.pm/phoenix_pubsub_redis/Phoenix.PubSub.Redis.html)
+  is used to access Redis.  The `REDIS_URL` secret is used to access the database.
+
+Key points of logic:
+
+* [`lib/dictaphone_web/live/dictaphone.html.heex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/live/dictaphone.html.heex) contains the
+  home page.
+* [assets/js/dictaphone.js](https://github.com/fly-apps/phoenix-dictaphone/blob/main/assets/js/dictaphone.js)
+  has been modified to:
+    * upload clips using [the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch)
+    * use [Click Events](https://hexdocs.pm/phoenix_live_view/bindings.html#click-events) for delete
+    * use [Client Hooks](https://hexdocs.pm/phoenix_live_view/js-interop.html#client-hooks-via-phx-hook) for rename actions
+  the WebSocket code, and delegates to Next.js to render the rest.
+* [`lib/dictaphone_web/live/dictaphone.ex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/live/dictaphone.ex) contains the
+  interface to Redis.  It is split out from the server to avoid circular dependencies.
+* [`app/audio/[name]/route.js`](https://github.com/fly-apps/nextjs-dictaphone/blob/main/app/audio/%5Bname%5D/route.js) contains
+  the logic to respond to events from both browser clients, and redis pubsub.
+* [`lib/dictaphone_web/controllers/audio_controller.ex`](https://github.com/fly-apps/phoenix-dictaphone/blob/main/lib/dictaphone_web/controllers/audio_controller.ex)
+  contains the server access to `GET` and `PUT` audio clips.
+* When the `WHISPER_URL` secret is set, `PUT` requests will cause the audio clips
+  to be passed to the Whisper server, and responses will be used to update the
+  PostgreSQL database. The code for this is in [`lib/dictaphone_web/controllers/audio_controller.ex`](https://github.com/fly-apps/phoenix-dictaphone/blob/396d22a537b4f688f99ce88b707d6e045d828e6f/lib/dictaphone_web/controllers/audio_controller.ex#L42-L58).
diff --git a/deep-dive/postgresql.html.markerb b/deep-dive/postgresql.html.markerb
new file mode 100644
index 0000000000..745cfd3201
--- /dev/null
+++ b/deep-dive/postgresql.html.markerb
@@ -0,0 +1,16 @@
+---
+title: PostgreSQL
+layout: docs
+order: 5
+nav: demo
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/postgresql.png" alt="Illustration by Annie Ruygt of elephant and a Fly balloon" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly Postgres is deployed as a separate app, and that app comes initially configured with a single [Fly Postgres](/docs/postgres/) Machine. That's fine for development, but for production you need redundancy and scalability. With a [few commands](/docs/postgres/advanced-guides/high-availability-and-global-replication/) you can create an HA cluster in your primary region and read-only replicas elsewhere.
+
+And there is no lock in here. We have a list of [recommended external providers](/docs/postgres/getting-started/what-you-should-know/#recommended-external-providers), but you're free to host your database literally anywhere.
+
+Before moving on, one last observation on the relational database. While you want and need your application to be on the internet, you are much better off if your relational database is NOT directly exposed to the internet, but can only be accessed via your application. That’s the value of an [internal private network](/docs/networking/private-networking/). The private connection from the demo app to the Postgres app was configured automatically for you.
diff --git a/deep-dive/rails.html.markerb b/deep-dive/rails.html.markerb
new file mode 100644
index 0000000000..a46128fe2d
--- /dev/null
+++ b/deep-dive/rails.html.markerb
@@ -0,0 +1,42 @@
+---
+title: Rails demo reference
+layout: docs
+nav: demo
+---
+
+The Rails source is on [GitHub](https://github.com/fly-apps/rails-dictaphone/).
+`fly launch` will provide a [`Dockerfile`](https://docs.docker.com/reference/dockerfile/)
+ and a [`fly.toml`](/docs/reference/configuration/) config file.  `fly launch` will
+ also work with Rails-provided Dockerfiles. When you make changes to your application, you can run
+ `bin/rails generate dockerfile` to generate updated Dockerfiles.
+
+How the pieces are put together:
+
+* The original web-dictaphone app distributed throughout the application:
+    * [`app/javascript/controllers/main_controls_controller`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/javascript/controllers/main_controls_controller.js)
+      and [`app/javascript/controllers/sound_clip_controller`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/javascript/controllers/sound_clip_controller.js)
+      contain the JavaScript, implemented as [Stimulus](https://stimulus.hotwired.dev/handbook/origin) controllers.
+    * [`app/assets/stylesheets/dictaphone.css`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/assets/stylesheets/dictaphone.css) contains
+      the stylesheets.
+    * [`app/views/clips/index.html.erb`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/views/clips/index.html.erb) contains the HTML
+* [Active Record](https://guides.rubyonrails.org/active_record_basics.html) will run using Sqlite3 as the database in development mode, and
+PostgreSQL in production.
+  Access to the database is through the `DATABASE_URL` secret.
+* [Active Storage](https://guides.rubyonrails.org/active_storage_overview.html) is configured to write to the filesystem
+  in development and Tigris in production.  The following secrets are used to
+  establish the connection: `AWS_ACCESS_KEY_ID`, `AWS_ENDPOINT_URL_S3`, `AWS_REGION`, `AWS_SECRET_ACCESS_KEY`, and `BUCKET_NAME`.
+* [Action Cable](https://guides.rubyonrails.org/action_cable_overview.html) is configured to use an Async adapter
+  in development and the Redis adapter in production.
+
+Key points of logic:
+
+* [`app/controllers/clips_controller.rb`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/controllers/clips_controller.rb) contains
+  the logic to build responses to requests for the index page, and to GET, PUT,
+  and DELETE audio clips.
+* The realtime implementation code is primarily in [ActionCable](https://guides.rubyonrails.org/action_cable_overview.html), so all that is needed is one line in [`app/models/clip.rb`](https://github.com/fly-apps/rails-dictaphone/blob/6bdf4f639640c9fb55530546dbbed682b65a7df9/app/models/clip.rb#L2)
+and one line in [`app/views/layouts/application.html.erb`](https://github.com/fly-apps/rails-dictaphone/blob/6bdf4f639640c9fb55530546dbbed682b65a7df9/app/views/layouts/application.html.erb#L9)
+* When the `WHISPER_URL` secret is set, `PUT` requests will cause the audio clips
+  to be passed to the Whisper server, and responses will be used to update the
+  PostgreSQL database.  This is done using [Active Job](https://guides.rubyonrails.org/active_job_basics.html)
+  and [Sidekiq](https://sidekiq.org/).
+  The code for this is in [`app/jobs/whisper_transcribe_job.rb`](https://github.com/fly-apps/rails-dictaphone/blob/main/app/jobs/whisper_transcribe_job.rb).
\ No newline at end of file
diff --git a/deep-dive/recap.html.markerb b/deep-dive/recap.html.markerb
new file mode 100644
index 0000000000..702c69a0b9
--- /dev/null
+++ b/deep-dive/recap.html.markerb
@@ -0,0 +1,25 @@
+---
+title: Recap
+layout: docs
+nav: demo
+toc: false
+order: 9
+---
+
+We promised that you could get through this in under an hour. You successfully deployed a full-stack app with both object storage and realtime requirements, and then went on to add AI functionality.
+
+Up front, we set a goal: **Help you find out if Fly.io is the right place for you.**
+
+Fly.io can support your apps now, with flexible built-in features, and scale with you later as you grow, with low-level control of Machines and powerful compute in 35 [regions](/docs/reference/regions/).
+
+You're never locked in; you can always eject entirely and move your entire application elsewhere if things don’t work out.
+
+How did we do? Visit [community](https://community.fly.io/) and let us know.
+
+## Learn more
+
+  * [Going to production](/docs/apps/going-to-production/)
+  * [Support](/docs/about/support/)
+  * [Pricing](/docs/about/pricing/)
+  * [Application Monitoring by Sentry](../../reference/sentry/)
+  * [Application Security by Arcjet](../../reference/arcjet/)
diff --git a/deep-dive/redis.html.markerb b/deep-dive/redis.html.markerb
new file mode 100644
index 0000000000..327558fe9d
--- /dev/null
+++ b/deep-dive/redis.html.markerb
@@ -0,0 +1,21 @@
+---
+title: Upstash Redis
+layout: docs
+nav: demo
+order: 7
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/redis-upstash.png" alt="Illustration by Annie Ruygt of a puzzle box figure holding two slices of cake" class="w-full max-w-lg mx-auto">
+</figure>
+
+[Upstash Redis](/docs/upstash/redis/) is used by the deep dive demo app for its [pubsub](https://redis.io/docs/latest/commands/?group=pubsub+external) capabilities, but it can do [so much more](https://upstash.com/docs/redis/overall/rediscompatibility+external).
+
+In particular, Redis is useful for caching:
+
+- [Node and Redis](https://redis.io/learn/develop/node/nodecrashcourse/caching+external)
+- [Rails and Redis](https://guides.rubyonrails.org/caching_with_rails.html#activesupport-cache-rediscachestore+external)
+
+In the deep dive demo app, updates are broadcast to all Machines via Redis, and then each Machine informs browser clients
+of the update via [WebSockets](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API+external). The client requests
+updated information from the application using HTTP GET.
diff --git a/deep-dive/tigris.html.markerb b/deep-dive/tigris.html.markerb
new file mode 100644
index 0000000000..b34e311605
--- /dev/null
+++ b/deep-dive/tigris.html.markerb
@@ -0,0 +1,15 @@
+---
+title: Tigris
+layout: docs
+nav: demo
+order: 6
+---
+<figure>
+  <img src="http://github.com/static/images/Tigris-doc.png" alt="Illustration by Annie Ruygt Bernard of a blue tiger reading a map with delight" class"w-full max-w-lg mx-auto">
+</figure>
+
+[Tigris](https://fly.io/docs/tigris/) is a globally distributed object storage service. It essentially requires no configuration, and seamlessly handles multi-regions. If you upload an audio file to a host in Virginia, you can access it from Amsterdam. Even better: subsequent accesses from regions other than the primary region are served locally. 
+
+Unlike relational databases, there may be reasons why you want to make your object store available via the internet. In this demo, the object store starts out private, but you can make it [public](/docs/tigris/#public-buckets) if you want.
+
+And if you happen to have an existing S3 object store, check out [shadow buckets](/docs/tigris/#migrating-to-tigris-with-shadow-buckets), which enable you to incrementally migrate your data.
diff --git a/deep-dive/whisper.html.markerb b/deep-dive/whisper.html.markerb
new file mode 100644
index 0000000000..a78be7f09f
--- /dev/null
+++ b/deep-dive/whisper.html.markerb
@@ -0,0 +1,31 @@
+---
+title: Whisper
+layout: docs
+nav: demo
+order: 8
+---
+
+Since you are now officially a Fly.io expert, let's dive right in and run the following two commands in the project directory of your deep dive demo app:
+
+```
+fly launch --attach --from https://github.com/rubys/cog-whisper
+fly deploy
+```
+
+Next try capturing a new audio clip. It will be transcribed automatically by OpenAI Whisper, an automatic speech recognition (ASR) program that converts speech into text.
+
+## What just happened
+
+You provisioned a new Machine, this time with an [L40S](https://www.nvidia.com/en-us/data-center/l40s/+external) GPU.
+It will stop when not in use. It will restart when a new request comes in.
+It is only available on the private network using [Flycast](/docs/networking/flycast/).
+
+It runs [OpenAI Whisper](https://openai.com/index/whisper/+external) accessed via a [COG](https://github.com/replicate/cog+external) interface.
+
+This process involves taking audio clips from Tigris, passing them to Whisper, and updating Postgres with the results.
+The Node code for this is about [two dozen lines of code](https://github.com/fly-apps/node-dictaphone/blob/1e84a4dece6888dfc68880d146b46511d47391b3/app.js#L102-L129),
+and for Rails is about a [dozen](https://github.com/fly-apps/rails-dictaphone/blob/6bdf4f639640c9fb55530546dbbed682b65a7df9/app/jobs/whisper_transcribe_job.rb#L5-L16).
+
+And, as always, there's no lock in. You can opt to replace this with a machine hosted by [Replicate](https://replicate.com/) or elsewhere.
+
+**Next:** [Recap](/docs/deep-dive/recap) the deep dive
diff --git a/django/advanced-guides.html.md b/django/advanced-guides.html.md
new file mode 100644
index 0000000000..414de38d82
--- /dev/null
+++ b/django/advanced-guides.html.md
@@ -0,0 +1,6 @@
+---
+title: Advanced guides
+layout: framework_docs_overview
+toc: false
+order: 2
+---
diff --git a/django/advanced-guides/staging-environments-with-github-actions.html.md b/django/advanced-guides/staging-environments-with-github-actions.html.md
new file mode 100644
index 0000000000..9b3564c866
--- /dev/null
+++ b/django/advanced-guides/staging-environments-with-github-actions.html.md
@@ -0,0 +1,336 @@
+---
+title: Staging environments with GitHub actions
+layout: framework_docs
+order: 1
+objective: How to create staging environments on the Fly.io with GitHub actions.
+related_pages:
+  - /docs/django/getting-started/
+  - /docs/flyctl/
+  - /docs/postgres/
+  - /docs/reference/configuration/
+---
+
+Creating staging environments for testing changes to our apps can be a challenge. This
+guide shows how to use GitHub actions to smoothly create a separate staging
+environment for each pull request using the
+[`fly-pr-review-apps`](https://github.com/marketplace/actions/pr-review-apps-on-fly-io+external)
+action, which will create and deploy our Django project with changes from the specific
+pull request. It will also destroy it when it's no longer needed, such as after closing
+or merging a pull request. The entire staging process enclosed in one GitHub action, so
+we don't have to worry about anything else (**NoOps**).
+
+## Basic flow
+
+[GitHub action](https://github.com/features/actions+external) workflows are defined by YAML files
+in the `.github/workflows/` directory of our repository. Let's add a new flow that will
+create and deploy staging environment for each pull request. But first we need to create
+a new repository secret called `FLY_API_TOKEN` to use for authentication. Go to a GitHub
+repository page and open:
+
+ _Settings (tab) → Security → Secrets and variables → Actions → Repository secrets → New repository secret_
+
+next, create a new secret called `FLY_API_TOKEN` with a value from:
+
+```cmd
+fly tokens org <ORG NAME>
+```
+
+<section class="callout">
+It's also possible to create a token from the organization dashboard, under the "Tokens" tab.
+</section>
+
+Now, we're ready to add a new flow. This is how we can define it in the
+`.github/workflows/fly_pr_preview.yml` file:
+
+```yaml
+# .github/workflows/fly_pr_preview.yml
+
+name: Start preview app
+
+on:
+  pull_request:
+    types: [labeled, synchronize, opened, reopened, closed]
+
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.event.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+
+jobs:
+  preview-app:
+    if: contains(github.event.pull_request.labels.*.name, 'PR preview app')
+    runs-on: ubuntu-latest
+    name: Preview app
+    environment:
+      name: pr-${{ github.event.number }}
+      url: ${{ steps.deploy.outputs.url }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Deploy preview app
+        uses: superfly/fly-pr-review-apps@1.2.0
+        id: deploy
+        with:
+          region: waw
+          org: personal
+```
+
+It's time to split our configuration up into its component parts:
+
+- `on → pull_request → types`: specifies [events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request+external)
+  on which a new staging project will be deployed:
+
+```yaml
+pull_request:
+  types: [labeled, synchronize, opened, reopened, closed]
+```
+
+- `concurrency`: prevents concurrent deploys for the same PR (Pull Request). The `group`
+  name contains a PR number and workflow name to create a separate group for each
+  workflow and PR:
+
+```yaml
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.event.number }}
+  cancel-in-progress: true
+```
+
+- `env`: makes the `FLY_API_TOKEN` secret available to use for authentication:
+
+```yaml
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+```
+
+- `jobs → preview-app → if`: skips deploy on PRs without the
+  <span class="bg-indigo-500 rounded text-white px-1 py-1">_PR preview app_</span>
+  label. Both for safety reasons and to avoid creating a staging environments when no
+  needed:
+
+```yaml
+if: contains(github.event.pull_request.labels.*.name, 'PR preview app')
+```
+
+- `jobs → preview-app → environment`: describes the deployment target to show up in a
+  pull request UI. `steps.deploy.outputs.url` is filled by the
+  `superfly/fly-pr-review-apps` and will contain the URL of a deployed staging project:
+
+```yaml
+environment:
+  name: pr-${{ github.event.number }}
+  url: ${{ steps.deploy.outputs.url }}
+```
+
+- `jobs → preview-app → steps → with`: specifies all inputs that we want to pass to our
+  flow. You can check available options in the
+  [README](https://github.com/superfly/fly-pr-review-apps#inputs+external). We pass the Fly.io
+  [region](https://fly.io/docs/reference/regions/#fly-io-regions) and organization as a
+  starting point:
+
+```yaml
+with:
+  region: waw
+  org: personal
+```
+
+The action configured in this way will deploy an app with the name created according to
+the following pattern:
+
+<div class="text-center justify-center items-center">
+`pr-{{ PR number }}-{{ repository owner }}-{{ repository name }}`
+</div>
+to the: `https://{{ app name }}.fly.dev`, e.g.
+
+<div class="text-center justify-center items-center">
+`https://pr-9-felixxm-fly-pr-preview-example.fly.dev/`
+</div>
+
+(for PR number 9 in the repository called `pr-preview-example`).
+
+## Using Postgres cluster
+
+Using a dedicated staging database is a good practice for test environments. This gives
+us more control and appropriate separation from the production environment which
+eliminates a potential data leak vector.
+
+If you don't have a [Postgres cluster](https://fly.io/docs/postgres/) specifically for
+testing purposes you can create one with [`fly postgres create`](https://fly.io/docs/flyctl/postgres-create/):
+
+```cmd
+fly postgres create --name pg-fly-pr-staging-preview
+```
+
+Once created, we can specify it in our action (`jobs → preview-app → steps → with`)
+using the `postgres` input:
+
+```yaml
+# .github/workflows/fly_pr_preview.yml
+
+name: Start preview app
+
+on:
+  pull_request:
+    types: [labeled, synchronize, opened, reopened, closed]
+
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.event.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+
+jobs:
+  preview-app:
+    if: contains(github.event.pull_request.labels.*.name, 'PR preview app')
+    runs-on: ubuntu-latest
+    name: Preview app
+    environment:
+      name: pr-${{ github.event.number }}
+      url: ${{ steps.deploy.outputs.url }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Deploy preview app
+        uses: superfly/fly-pr-review-apps@1.2.0
+        id: deploy
+        with:
+          postgres: pg-fly-pr-staging-preview  # ← Added
+          region: waw
+          org: personal
+```
+
+With that in place, our staging Postgres cluster will be automatically attached to the
+test app, which will make a `DATABASE_URL` environment variable available in the test
+VM.
+
+## Additional release steps
+
+For performing additional release steps when deploying our staging environment, we can
+use a custom [Fly.io TOML configuration file](https://fly.io/docs/reference/configuration/)
+dedicated for staging with a release script
+[to run before a deployment](https://fly.io/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment).
+First, make a copy of an existing configuration:
+
+```cmd
+mkdir staging
+```
+```cmd
+cp fly.toml staging/fly_staging.toml
+```
+
+Next, create a script (`staging/post_deploy.sh`) to prepare our staging database:
+
+```bash
+# staging/post_deploy.sh
+#!/usr/bin/env bash
+
+# Migrate database.
+python /code/manage.py migrate
+# Load fixtures with test data.
+python /code/manage.py loaddata /code/staging/test_groups.json
+```
+
+Finally, we need to add `release_command` to the TOML configuration calling our script:
+
+```toml
+# staging/fly_staging.toml
+
+console_command = "/code/manage.py shell"
+
+[build]
+
+[env]
+  PORT = "8000"
+
+[deploy]
+  release_command = "sh ./staging/post_deploy.sh" # ← Added.
+
+...
+```
+
+and specify the custom TOML configuration in our action
+(`jobs → preview-app → steps → with`) using the `config` input:
+
+```yaml
+# .github/workflows/fly_pr_preview.yml
+
+name: Start preview app
+
+on:
+  pull_request:
+    types: [labeled, synchronize, opened, reopened, closed]
+
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.event.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+env:
+  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+
+jobs:
+  preview-app:
+    if: contains(github.event.pull_request.labels.*.name, 'PR preview app')
+    runs-on: ubuntu-latest
+    name: Preview app
+    environment:
+      name: pr-${{ github.event.number }}
+      url: ${{ steps.deploy.outputs.url }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Deploy preview app
+        uses: superfly/fly-pr-review-apps@1.2.0
+        id: deploy
+        with:
+          config: staging/fly_staging.toml  # ← Added
+          postgres: pg-fly-pr-staging-preview
+          region: waw
+          org: personal
+```
+
+With this small effort we have staging database created on Fly.io!
+
+🚨 Be aware that `release_command` is run on a temporary VM and cannot modify the
+local storage or state. It's fine to run database operations but not to perform release
+steps that attempt to modify a local storage, e.g. collecting static files. Such steps
+should be added to the `Dockerfile`. For example, if we want to collect static files,
+then add the `collectstatic` management command to the `Dockerfile`:
+
+```docker
+ARG PYTHON_VERSION=3.10-slim-bullseye
+
+FROM python:${PYTHON_VERSION}
+
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+RUN mkdir -p /code
+
+WORKDIR /code
+
+COPY requirements.txt /tmp/requirements.txt
+RUN set -ex && \
+    pip install --upgrade pip && \
+    pip install -r /tmp/requirements.txt && \
+    rm -rf /root/.cache/
+COPY . /code
+
+# ↓ Added ↓
+RUN set -ex && \
+    python /code/manage.py collectstatic --noinput
+
+EXPOSE 8000
+
+CMD ["gunicorn", "--bind", ":8000", "--workers", "2", "hello_pr_preview_example.wsgi"]
+```
diff --git a/django/getting-started/existing.html.md b/django/getting-started/existing.html.md
index e3c1ebd1c4..7c01fa3929 100644
--- a/django/getting-started/existing.html.md
+++ b/django/getting-started/existing.html.md
@@ -25,7 +25,7 @@ Be sure to have generated an up-to-date `requirements.txt` file for any new pack
 
 ## flyctl
 
-Fly.io has its own command-line utility for managing apps, [flyctl](https://fly.io/docs/hands-on/install-flyctl/). If not already installed, follow the instructions on the [installation guide](https://fly.io/docs/hands-on/install-flyctl/) and [log in to Fly](https://fly.io/docs/getting-started/log-in-to-fly/).
+Fly.io has its own command-line utility for managing apps, [flyctl](/docs/flyctl/). If not already installed, follow the instructions on the [installation guide](/docs/flyctl/install/) and [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 
 ## Provision Django and Postgres Servers
@@ -165,7 +165,7 @@ fly ssh console --pty -C 'python /code/manage.py createsuperuser'
 
 ### Secrets
 
-Secrets allow sensitive values, such as credentials and API keys, to be securely passed to your Django applications. You can set, remove, or list all secrets with the [fly secrets](https://fly.io/docs/reference/secrets/) command.
+Secrets allow sensitive values, such as credentials and API keys, to be securely passed to your Django applications. You can set, remove, or list all secrets with the [fly secrets](/docs/apps/secrets/) command.
 
 ### Git
 
diff --git a/django/getting-started/index.html.md b/django/getting-started/index.html.md
index 2146b26651..fb0ef28332 100644
--- a/django/getting-started/index.html.md
+++ b/django/getting-started/index.html.md
@@ -140,7 +140,7 @@ By default, Django is configured for local development. The [How to Deploy Djang
 However, for demonstration purposes, we can take some shortcuts.
 
 First, in the [`hello_django/settings.py`](https://github.com/fly-apps/hello-django/blob/main/hello_django/settings.py) file update the `ALLOWED_HOSTS` configuration to accept
-a host on which it's deployed. Use the [`FLY_APP_NAME`](https://fly.io/docs/reference/runtime-environment/#fly_app_name)
+a host on which it's deployed. Use the [`FLY_APP_NAME`](https://fly.io/docs/machines/runtime-environment/#fly_app_name)
 environment variable for that:
 
 ```python
@@ -167,7 +167,7 @@ That's it! We're ready to deploy on Fly.io.
 
 ## flyctl
 
-Fly.io has its own command-line utility for managing apps, [flyctl](https://fly.io/docs/hands-on/install-flyctl/). If not already installed, follow the instructions on the [installation guide](https://fly.io/docs/hands-on/install-flyctl/) and [log in to Fly.io](https://fly.io/docs/getting-started/log-in-to-fly/).
+Fly.io has its own command-line utility for managing apps, [flyctl](/docs/flyctl/). If not already installed, follow the instructions on the [installation guide](/docs/flyctl/install/) and [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
 
 
 ## Configure and Deploy your Fly App
diff --git a/django/index.html.markerb b/django/index.html.markerb
index 4d3aedffdb..8deb7b4fec 100644
--- a/django/index.html.markerb
+++ b/django/index.html.markerb
@@ -20,3 +20,5 @@ Run through the [Starter Django App](./getting-started/) guide to get a feel for
 ## [Existing Django Apps](./getting-started/existing/)
 
 The [Existing Django Apps](./getting-started/existing/) guide walks through deploying a production-ready project to Fly.io. If you are coming from another hosting platform like Heroku there are additional tips for managing the migration.
+
+## [Advanced Guides](./advanced-guides)
diff --git a/elixir/advanced-guides/clustering-from-home-to-your-app-in-fly.html.md b/elixir/advanced-guides/clustering-from-home-to-your-app-in-fly.html.md
new file mode 100644
index 0000000000..ab1a5562a7
--- /dev/null
+++ b/elixir/advanced-guides/clustering-from-home-to-your-app-in-fly.html.md
@@ -0,0 +1,174 @@
+---
+title: Easy Clustering from Home to Fly.io
+layout: framework_docs
+order: 8
+objective: Guide for connecting a locally running Elixir application to another application running on Fly.
+author: mark
+status: stable
+categories:
+  - elixir
+references:
+  - /elixir/the-basics/clustering
+date: 2024-03-18
+---
+
+This explains how to cluster a locally running Elixir application with another Elixir application running on Fly.io. Additionally, a [**bash script** (named `cluster_with_remote`)](https://gist.github.com/brainlid/9e02e95f7d9c65a23312a4df95094d2a) is provided to automate the process of starting the local node and clustering it with the server.
+
+Here we cover _why_ we might want to do this, _what_ is required to make it work, and _how_ to make it happen.
+
+## Why cluster a local application with the one on the server?
+
+Besides being really cool that we can do this, there are some practical reasons as well.
+
+### AI/ML development
+
+With a local Elixir application clustered to an application on Fly.io with a GPU attached, we can keep our local development workflow without having a large GPU in our development machine.
+
+When we leverage [Nx](https://github.com/elixir-nx/nx) and [Bumblebee](https://github.com/elixir-nx/bumblebee), we can easily have the clustered application do all the GPU accelerated AI work and return the processing results seamlessly to our local application.
+
+It really does feel like the GPU is local when we work this way.
+
+### Develop and debug a distributed application
+
+Building a globally distributed application can be challenging to model locally. With [Fly.io Regions](https://fly.io/docs/reference/regions/), we can deploy our cluster-aware application where it makes sense. Then, our local application joins the global cluster, giving us a close-up view of how the application behaves in a truly globally distributed environment.
+
+## How it works
+
+Elixir supports [clustering](https://fly.io/docs/elixir/the-basics/clustering/) multiple running Elixir applications together (thanks to [Erlang](https://www.erlang.org/doc/reference_manual/distributed.html)), even while running on separate machines.
+
+Fly.io makes creating a [WireGuard VPN tunnel](https://fly.io/docs/networking/private-networking/#private-network-vpn) between your local machine and your Fly.io organization easy.
+
+![Image showing an app inside a house connecting to a wire that plugs into a Fly balloon with a region abbreviation on it.](/docs/images/cluster-from-home-to-fly-app-1.png?center)
+
+This means we can connect and cluster our locally running Elixir application with an Elixir application deployed at Fly.io. There are some special configuration requirements needed to make this possible, but we cover it all here.
+
+### Prerequisites
+
+There are a few prerequisites to consider when clustering a local Elixir application to one running in Fly.io. We'll provide tools or instructions to help with each.
+
+1. A [WireGuard connection](https://fly.io/docs/networking/private-networking/#private-network-vpn) must be setup and open from your local machine to Fly.io
+1. The same version of Elixir and Erlang OTP must be running on both ends.
+1. The locally running Elixir application needs the Erlang COOKIE used on the server.
+1. We need the full node name of the Elixir node running on the server (**NOTE:** The bash script provided later does this for you.)
+1. The local Elixir application must be started with IPv6 networking support enabled. By default it does not.
+
+### Setting the Erlang cookie
+
+The [recommended way for setting the Erlang COOKIE](https://fly.io/docs/elixir/the-basics/clustering/#making-the-cookie-changes) value in your deployed application is to set an ENV named `RELEASE_COOKIE`. This gives the server a stable, predictable cookie value. In order for the nodes to connect, they need the same cookie.
+
+When [set in the ENV through Fly.io](https://fly.io/docs/flyctl/config-env/), we can read it from the application's information. The script does this so we don't have to do anything else.
+
+### Starting with IPv6 support
+
+Fly.io uses an IPv6 network internally for private IPs. The BEAM needs IPv6 support to be enabled explicitly. On the server, that’s taken care of through a Dockerfile. Locally, however, it needs to be enabled so the local application can cluster with the remote node.
+
+The issue is, if IPv6 support is enabled globally, like in a `.bashrc` file, then setting it in the `cluster_with_remote` script essentially flips it OFF. If NOT set globally, then it should be set in the script. Choose the approach that best fits your situation.
+
+When set globally in your `.bashrc` file (recommended), it looks like this:
+
+```
+export ERL_AFLAGS="-kernel shell_history enabled -proto_dist inet6_tcp"
+```
+
+This one includes the added benefit of turning on shell history in IEx. Yay!
+
+If not set globally, it can be set in the script command like this:
+
+```
+iex --erl "-proto_dist inet6_tcp" --sname local [...]
+```
+
+Where the `--erl "-proto_dist inet6_tcp"` portion is the key.
+
+### Hidden by default: A note about production systems
+
+Joining your local application to a production cluster in a public way may result in other application sending work, tasks, or executing processes in your local node, depending on the behavior of your specific application. This may not be what you want!
+
+For this reason, the script uses the `--hidden` option to hide the local node from the rest of the cluster.
+
+To see the **_all_** the connected nodes, including any hidden ones, use:
+
+```elixir
+Node.list(:hidden)
+```
+
+<div class="note icon">
+If you want the local Elixir application to be _fully visible_ to the rest of the cluster, remove the `--hidden` argument in the bash script.
+</div>
+
+## Bash script file
+
+Create [this file](https://gist.github.com/brainlid/9e02e95f7d9c65a23312a4df95094d2a) locally in your root of your Elixir project.
+
+<style>
+.gist table.lines {
+ font-size: 12px;
+}
+.smallscript .gist-data {
+ max-height: 350px;
+}
+.gist-meta {
+ font-size: 80% !important;
+}
+</style>
+
+<div class="smallscript">
+  <script src="https://gist.github.com/brainlid/9e02e95f7d9c65a23312a4df95094d2a.js"></script>
+</div>
+
+Make the script file executable.
+
+```
+chmod +x cluster_with_remote
+```
+
+## Script usage
+
+With the perquisites out of the way, we'll use the `cluster_with_remote` script to start our local Elixir application. The script automates much of what needs to be done to make the process work smoothly. Feel free to customize the script as needed.
+
+The script is designed to be copied into a project with little to no modification required. The only expected customizations are handled through ENV values that can be controlled per-project.
+
+There are two primary ways to use the script:
+
+1. Cluster the local application to the same project deployed at Fly.io. This is the same application running in two places.
+1. Cluster a local application to a difference project deployed at Fly.io.  The deployed application's name must be provided.
+
+### Cluster to the same application running on the server
+
+The simplest variation is when we cluster our local application to a deployed version of itself. The `fly.toml` file in the directory with a copy of the `cluster_with_remote` is for the deployed application.
+
+To do this, just execute the script:
+
+```
+./cluster_with_remote
+```
+
+The script outputs if the clustering connection succeeded and prints the names of the connected nodes.
+
+### Cluster to a different application running on the server
+
+There are times when the local application is connecting to a _different_ application than where the script is running from.
+
+To do this, we need to tell the script the Fly.io app name of the application we want to connect with. It can be done like this:
+
+```
+CLUSTER_APP_NAME=server-app-name ./cluster_with_remote
+```
+
+This can also be set as a project-specific ENV using a tool like [direnv](https://direnv.net/) or [dotenv](https://www.dotenv.org/). The custom app name to cluster with can be written to env file and then running the script just works.
+
+```
+./cluster_with_remote
+```
+
+If the Erlang cookie of the deployed application is not set using the recommended `RELEASE_COOKIE` ENV setting, it can still be provided to the script using a local ENV named `RELEASE_COOKIE`. See the script for details.
+
+![Image showing an app inside a house connecting to a wire that plugs into a Fly balloon with a region abbreviation on it. There are three balloons in the sky and for different regions and they are connected by wires.](/docs/images/cluster-from-home-to-fly-app-2.png?center)
+
+Now you're _really_ doing distributed Elixir!
+
+## Summary
+
+When we couple Elixir's clustering ability with Fly.io's networking, VPN, and API discoverability, we can easily cluster a locally running Elixir application with a deployed Elixir application. This makes it easy to leverage hosted GPUs for developing AI/ML applications or working on distributed applications.
+
+The ready-to-use script automates much of the process.
diff --git a/elixir/advanced-guides/connect-livebook-to-your-app.html.md b/elixir/advanced-guides/connect-livebook-to-your-app.html.md
index 76092c5b70..2c27960213 100644
--- a/elixir/advanced-guides/connect-livebook-to-your-app.html.md
+++ b/elixir/advanced-guides/connect-livebook-to-your-app.html.md
@@ -2,8 +2,9 @@
 title: Connecting Livebook to Your App in Production
 layout: framework_docs
 order: 6
-objective: Guide shows how to connect a locally running Livebook to your application running on Fly.
+objective: Guide for connecting a locally running Livebook to your application running on Fly.
 redirect_from: /docs/app-guides/elixir-livebook-connection-to-your-app
+redirect_from: /blog/connecting-livebook-to-your-production-application/
 author: mark
 categories:
   - elixir
@@ -24,7 +25,7 @@ There are a few requirements for this to work.
 
 - **Livebook requires Elixir version 1.14.2 or higher**. Livebook runs locally on your machine, so that part is easy to control. However, the **server** side needs to have the same version of Elixir as well. When Livebook connects to the server, it loads some code into the server environment as well. So your server version of Elixir also needs to be 1.14.2 or higher. I recommend making your local version be the same as the production version to reduce potential problems.
 - **Known cookie value on your server**. Livebook needs to know the cookie value used on the server. Follow [this guide to give your app a static cookie value](/docs/elixir/the-basics/clustering/#the-cookie-situation).
-- **WireGuard setup on your local machine**. Follow the Fly.io [Private Network VPN](/docs/reference/private-networking/#private-network-vpn) guide to walk through that.
+- **WireGuard setup on your local machine**. Follow the Fly.io [Private Network VPN](/docs/networking/private-networking/#private-network-vpn) guide to walk through that.
 
 <aside class="callout">
 **Elixir Version Tip**
@@ -164,7 +165,7 @@ When you have the name and cookie, enter those and "**Connect**" to the server.
 
 **REMEMBER:** Each time we deploy our apps, the private IP will change. We need to get the current IP before we can connect again.
 
-Once connected, we have code completion available in the Elixir cells for the app we are connected to. The [HelloElixir app](https://github.com/fly-apps/hello_elixir-dockerfile) doesn't have anything useful to run so we can just prove to ourselves that our code is being executed remotely.
+Once connected, we have code completion available in the Elixir cells for the app we are connected to. The [HelloElixir app](https://github.com/fly-apps/hello_elixir) doesn't have anything useful to run so we can just prove to ourselves that our code is being executed remotely.
 
 Add the following code to a Livebook Elixir cell and execute it.
 
diff --git a/elixir/advanced-guides/connect-observer-to-your-app.html.md b/elixir/advanced-guides/connect-observer-to-your-app.html.md
index 792e83682d..88fe016b27 100644
--- a/elixir/advanced-guides/connect-observer-to-your-app.html.md
+++ b/elixir/advanced-guides/connect-observer-to-your-app.html.md
@@ -2,7 +2,7 @@
 title: Connecting Observer to Your App in Production
 layout: framework_docs
 order: 5
-objective: Guide shows how to connect a locally running Observer instance to your application running on Fly.
+objective: Guide for connecting a locally running Observer instance to your application running on Fly.
 redirect_from: /docs/app-guides/elixir-observer-connection-to-your-app/
 author: mark
 categories:
@@ -38,12 +38,11 @@ Let's do it. This will be fun!
 
 The deployed servers running on Fly need a predictable, stable, known cookie value used for allowing nodes to join each other to create a cluster. This is required for your local node to be able to connect to the remote nodes. Your local node needs the cookie value too!
 
-See [this guide on creating a static cookie value](/docs/app-guides/elixir-static-cookie/) in your Elixir project.
+See [this guide on creating a static cookie value](/docs/elixir/the-basics/clustering/#the-cookie-situation) in your Elixir project.
 
 ## WireGuard Tunnel
 
-Setup WireGuard on your local machine. Follow the Fly.io [Private Network VPN](/docs/reference/private-networking/#private-network-vpn) guide to walk through that.
-
+Setup WireGuard on your local machine. Follow the Fly.io [Private Network VPN](/docs/networking/private-networking/#private-network-vpn) guide to walk through that.
 
 ## Connecting to Production
 
@@ -55,42 +54,17 @@ Our script needs to know the cookie value. The easiest way to do this and keep t
 
 To help manage project-specific ENV values, I like using [direnv](https://direnv.net/). When changing into a directory with an `.envrc` file, it loads those values into my ENV, when I leave that directory, it unloads them. This means I can set a COOKIE value (or other config) specific to each project and it works great.
 
-You don't have to use a tool like `direnv` though. The `./observer` script file can be customized to set the COOKIE value explicitly if you prefer that approach. Refer to the full [script file here](https://github.com/fly-apps/hello_elixir-dockerfile/blob/explicitly-set-release-cookie/observer#L14) in the comments to see how you can  do that.
+You don't have to use a tool like [`direnv`](https://direnv.net/) though. The `./observer` script file can be customized to set the COOKIE value explicitly if you prefer that approach. Refer to the full [script file here](https://github.com/fly-apps/hello_elixir/blob/main/observer#L14) in the comments to see how you can  do that.
 
 ### Script File
 
-This is a simple bash script file to kick off a correctly configured local IEx session, connect our node to the remote cluster, and start Observer.
-
-Create a file titled `observer`. Here are the important contents. (See [here for full script file](https://github.com/fly-apps/hello_elixir-dockerfile/blob/explicitly-set-release-cookie/observer))
-
-```bash
-#!/bin/bash
-
-set -e
+This is a bash script to kick off a correctly configured local IEx session, connect a new local node to the remote cluster, and start Observer.
 
-if [ -z "$COOKIE" ]; then
-    echo "Set the COOKIE your project uses in the COOKIE ENV value before running this script"
-    exit 1
-fi
+Here's a copy of the **[`observer`](https://github.com/fly-apps/hello_elixir/blob/main/observer) script file**.
 
-# Get the first IPv6 address returned
-ip_array=( $(fly ips private | awk '(NR>1){ print $3 }') )
-IP=${ip_array[0]}
-
-# Get the Fly app name. Assumes it is used as part of the full node name
-APP_NAME=`fly info --name`
-FULL_NODE_NAME="${APP_NAME}@${IP}"
-echo Attempting to connect to $FULL_NODE_NAME
-
-# Export the BEAM settings for running the "iex" command.
-# This creates a local node named "my_remote". The name used isn't important.
-# The cookie must match the cookie used in your project so the two nodes can connect.
-iex --erl "-proto_dist inet6_tcp" --sname my_remote --cookie ${COOKIE} -e "IO.inspect(Node.connect(:'${FULL_NODE_NAME}'), label: \"Node Connected?\"); IO.inspect(Node.list(), label: \"Connected Nodes\"); :observer.start"
-```
+This should work fine on Linux and MacOS. On Windows, if you are using [WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10) then it will work because it's Linux. Otherwise, refer to the manual steps outlined below.
 
-This should work fine on Linux and MacOS. On Windows, if you are using [WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10) then it will work because it's Linux. Otherwise refer to the manual steps outlined below.
-
-Make the script file executable:
+After creating the file locally, make the script file executable:
 
 ```cmd
 chmod +x observer
@@ -102,15 +76,15 @@ Execute the script:
 ./observer
 ```
 ```output
-Attempting to connect to icy-leaf-7381@fdaa:0:1da8:a7b:ac2:baed:c434:2
-Erlang/OTP 24 [erts-12.0.1] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [jit]
+Attempting to connect to hello-elixir-01HR8CXEYKQ9RXYQFEWSE5PTE0@fdaa:0:1da8:a7b:a160:73d2:f48b:2
+Erlang/OTP 26 [erts-14.2.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [jit]
 
 Node Connected?: true
-Connected Nodes: [:"icy-leaf-7381@fdaa:0:1da8:a7b:ac2:baed:c434:2"]
+Connected Nodes: [:"hello-elixir-01HR8CXEYKQ9RXYQFEWSE5PTE0@fdaa:0:1da8:a7b:a160:73d2:f48b:2"]
 
 ...
 
-Interactive Elixir (1.12.1) - press Ctrl+C to exit (type h() ENTER for help)
+Interactive Elixir (1.16.1) - press Ctrl+C to exit (type h() ENTER for help)
 ```
 
 When observer first opens, it might looks something like this:
@@ -121,11 +95,11 @@ Notice that the window title shows `my_remote@...`? This means it's showing the
 
 If everything worked and it's connected, under the Nodes menu you should see the connected remote node.
 
-![Observer connected to local node](/docs/images/observer-local-node-menu.webp?card&2/3&centered)
+![Observer connected to local node](/docs/images/observer-local-node-menu.webp?2/3&centered)
 
 When the remote node is selected, then all the stats and information changes to reflect what's going on in the selected node.
 
-![Observer connected to local node](/docs/images/observer-local-node-connected.webp?scentered)
+![Observer connected to local node](/docs/images/observer-local-node-connected.webp?centered)
 
 It worked! I'm seeing the information for the production node!
 
@@ -157,25 +131,59 @@ In order for everything to work, here's the checklist overview:
 - The local COOKIE value must be the same as the cookie value used in production.
 - Observer needs to be working in your local environment. That requires WxWidget support in your Erlang install.
 
+### Networking and the BEAM
+
+Fly.io uses an IPv6 network internally for private IPs. The BEAM needs IPv6 support to be enabled explicitly. That's taken care of for the server through the Dockerfile. Locally, however, it needs to be enabled as well so the machine running Observer can actually _connect_ to the remote node.
+
+The issue is, if IPv6 support is enabled globally, like in a `.bashrc` file, then setting it in the `observer` script essentially flips it OFF. If NOT set globally, then it should be set in the script. Choose the version that fits your situation by modifying the script.
+
+It's the `--erl "-proto_dist inet6_tcp"` portion.
+
+Example:
+```
+iex --erl "-proto_dist inet6_tcp" --sname my_remote --cookie ${COOKIE} -e "IO.inspect(Node.connect(:'${FULL_NODE_NAME}'), label: \"Node Connected?\"); IO.inspect(Node.list(), label: \"Connected Nodes\"); :observer.start"
+```
+
+Versus without the `--erl` option:
+```
+iex --sname my_remote --cookie ${COOKIE} -e "IO.inspect(Node.connect(:'${FULL_NODE_NAME}'), label: \"Node Connected?\"); IO.inspect(Node.list(), label: \"Connected Nodes\"); :observer.start"
+```
+
 ### Manual Script Steps
 
 If you encounter issues, this can help you diagnose what's going on. The script automates 4 things.
 
 1. Getting the cookie value from the ENV - make sure the correct cookie value is either available in the ENV or explicitly set in the script.
-2. Uses the `fly info --name` command to get the app name. This is used to build the fully qualified node name.
-3. Get the first IPv6 address for your server using `fly ips private | awk '(NR>1){ print $3 }'`. If you have multiple servers, it just returns the first one. You only need one. Once you join to any node you are introduced and connected to all of them.
-4. Set up a local node and executes multiple commands.
-  1. It runs a command like `Node.connect(:'icy-leaf-7381@fdaa:0:1da8:a7b:ac2:baed:c434:2')` to connect to the remote node. It returns `true` when it succeeds or `false` when it fails. The app name and the IP address used to make up the node's name are assembled from the previous steps.
+2. Uses the `fly status` command to get the app name, Docker image ref, and the first private IP. This is used to build the fully qualified node name. You only need one IP address. Once you join to any node you are introduced and connected to all of them.
+3. Set up a local node and executes multiple commands.
+  1. It runs a command like `Node.connect(:'APP_NAME-IMAGE_REF@IPv6_ADDRESS')` to connect to the remote node. It returns `true` when it succeeds or `false` when it fails. The app name and the IP address used to make up the node's name are assembled from the previous steps.
   2. Launch observer with the command `:observer.start`. If this fails, check the other tip for WxWidgets.
 
 To do it manually, once you get the IP address, you can customize the following command to launch Observer.
 
 ```
-iex --erl "-proto_dist inet6_tcp" --sname my_remote --cookie ${COOKIE} -e "Node.connect(:'APP_NAME@IP_ADDRESS'); :observer.start"
+iex --erl "-proto_dist inet6_tcp" --sname my_remote --cookie ${YOUR-COOKIE-VALUE} -e "IO.inspect(Node.connect(:'${FULL_NODE_NAME}'), label: \"Node Connected?\"); :observer.start"
 ```
 
-You need to substitute in your `YOUR-COOKIE-VALUE` value, the `APP_NAME` and the `IP_ADDRESS`.
+You need to substitute in your `YOUR-COOKIE-VALUE` value, the `FULL_NODE_NAME`.
 
 ### WxWidgets Support
 
 If you are using [asdf-vm](https://asdf-vm.com/) for managing your Elixir and Erlang versions, check out the [Erlang plugin's documentation](https://github.com/asdf-vm/asdf-erlang) for getting WxWidget support in your Erlang environment. This is required for using Observer.
+
+To test if WxWidgets and observer is working correctly on you local machine, try the following.
+
+Start IEx:
+
+```
+iex
+```
+
+Start observer:
+
+```
+:observer.start
+```
+
+It should bring Observer running on your machine. It won't be connected to
+anything else, but it verifies that the libraries and dependencies are working.
diff --git a/elixir/advanced-guides/interesting-things-with-livebook.html.md b/elixir/advanced-guides/interesting-things-with-livebook.html.md
index ee67f38097..3bf7f3c6c6 100644
--- a/elixir/advanced-guides/interesting-things-with-livebook.html.md
+++ b/elixir/advanced-guides/interesting-things-with-livebook.html.md
@@ -14,7 +14,7 @@ date: 2021-06-22
 
 Livebook ends up being very flexible and powerful. Because Elixir nodes can easily be clustered together, you can run Livebook on your local machine, connect it to your Elixir servers, and do some really interesting things.
 
-Once you have [Livebook connected to your app on Fly](), you are ready to start playing!
+Once you have [Livebook connected to your app on Fly](/docs/elixir/advanced-guides/connect-livebook-to-your-app/), you are ready to start playing!
 
 ## Getting Started with Livebook
 
diff --git a/elixir/advanced-guides/sqlite3.html.md b/elixir/advanced-guides/sqlite3.html.md
index ad8a952569..f2b59caf58 100644
--- a/elixir/advanced-guides/sqlite3.html.md
+++ b/elixir/advanced-guides/sqlite3.html.md
@@ -228,9 +228,11 @@ And use the `put` command to transfer your file to the volume path.
 **NOTE**: Because our server is running, we first need to give the database a new name. Do **not** try to put this file in the same place as your current `DATABASE_PATH`.
 
 ```
-» put ./name.db mnt/name-prod.db
+» put ./name.db mnt/volume_name/name-prod.db
 ```
 
+Where `volume_name` corresponds to the name you used when [creating your volume](#create-volume).
+
 Check that it's there:
 
 ```sh
@@ -258,3 +260,15 @@ fly deploy
 ```
 
 Next time it boots it should use your new database! 
+
+### Download a local copy of your production database 
+
+You can use the [fly sftp get](https://fly.io/docs/flyctl/sftp-get/) command to download your database locally. 
+
+```elixir
+fly sftp get /mnt/name/name-prod.db prod.db
+```
+
+Replace `/mnt/name/name-prod.db` with the path to your database (DATABASE_PATH).
+
+
diff --git a/elixir/getting-started/existing.html.markerb b/elixir/getting-started/existing.html.markerb
index 9a1abcbca8..1930fe4ab4 100644
--- a/elixir/getting-started/existing.html.markerb
+++ b/elixir/getting-started/existing.html.markerb
@@ -12,33 +12,12 @@ If you have an existing Elixir app that you want to move over to Fly, this guide
 
 To configure and launch your Elixir app, you can use `fly launch` and follow the wizard.
 
-<%= partial "docs/languages-and-frameworks/partials/launch_with_postgres", locals: { detected: "Phoenix", app_name: "<app_name>" } %>
-
-You can set a name for the app, choose a default region, and choose to launch and attach a PostgreSQL database.
-
-### Deploy your application
-
-Deploying your application is done with the following command:
-
-```cmd
-fly deploy
-```
-
-This will take a few seconds as it uploads your application, builds a machine image,
-deploys the images, and then monitors to ensure it starts successfully. Once complete
-visit your app with the following command:
-
-```cmd
-fly apps open
-```
-
-If all went well, you'll see your Elixir application homepage.
+<%= partial "docs/languages-and-frameworks/partials/launch_with_postgres", locals: { detected: "Phoenix", app_name: "my-app-name" } %>
 
 ## Troubleshooting your initial deployment
 
 Since this is an existing Elixir app, its highly likely it might not boot because you probably need to configure secrets or other service dependencies. Let's walk through how to troubleshoot these issues so you can get your app running.
 
-
 ### View log files
 
 If your application didn't boot on the first deploy, run `fly logs` to see what's going on.
@@ -73,3 +52,21 @@ Interactive Elixir (1.11.2) - press Ctrl+C to exit (type h() ENTER for help)
 iex(hello_elixir@fdaa:0:1da8:a7b:ac4:b204:7e29:2)1>
 ```
 You have a live IEx shell into your application!
+
+## Deploy your application after changes
+
+Deploying your application is done with the following command:
+
+```cmd
+fly deploy
+```
+
+This will take a few seconds as it uploads your application, builds a machine image,
+deploys the images, and then monitors to ensure it starts successfully. Once complete
+visit your app with the following command:
+
+```cmd
+fly apps open
+```
+
+If all went well, you'll see your Elixir application homepage.
diff --git a/elixir/getting-started/index.html.markerb b/elixir/getting-started/index.html.markerb
index 23b8d700d1..3af03e7248 100644
--- a/elixir/getting-started/index.html.markerb
+++ b/elixir/getting-started/index.html.markerb
@@ -39,7 +39,7 @@ mix archive.install hex phx_new
 
 If you just want to see how Fly.io deployment works, this is the section to focus on. Here we'll bootstrap the app and deploy it with a Postgres database.
 
-First, [install flyctl](/docs/hands-on/install-flyctl/), your Fly app command center, and [sign up to Fly](/docs/getting-started/log-in-to-fly/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
+First, [install flyctl](/docs/flyctl/install/), the Fly.io CLI, and [sign up to Fly.io](/docs/getting-started/sign-up-sign-in/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
 
 Now let's generate a shiny, new Phoenix app:
 
@@ -51,13 +51,13 @@ The output ends with instructions for configuring the database and starting the
 
 <%= partial "docs/languages-and-frameworks/partials/launch_with_postgres", locals: { detected: "Phoenix", app_name: "hello_elixir" } %>
 
-To recap the `fly launch` command detected that we are using Phoenix, setup a Fly app, created a Postgres instance and configured it for us, updated our Dockerfile, and created special modules and scripts to run ecto migrations for us!
+To recap, the `fly launch` command  detected that we are using Phoenix, set up a Fly app, created a Fly Postgres app and configured it for us, updated our Dockerfile, and created special modules and scripts to run ecto migrations for us!
 
 ### Storing secrets on Fly.io
 
 You may also have some secrets you'd like set on your app.
 
-Use [`fly secrets`](https://fly.io/docs/reference/secrets/#setting-secrets) to configure those.
+Use [`fly secrets`](/docs/apps/secrets/) to configure those.
 
 ```cmd
 fly secrets set MY_SECRET_KEY=my_secret_value
@@ -71,26 +71,15 @@ When you want to deploy changes to your application, use `fly deploy`.
 fly deploy
 ```
 
-Note: On Apple Silicon (M1) computers, docker runs cross platform builds using qemu which might not always work. If you get a segmentation fault error like the following:
+The `fly deploy` command uses a Fly.io remote builder app to build the image.
 
-```
- => [build  7/17] RUN mix deps.get --only
- => => # qemu: uncaught target signal 11 (Segmentation fault) - core dumped
-```
-
-You can use fly's remote builder by adding the `--remote-only` flag:
-
-```cmd
-fly deploy --remote-only
-```
-
-You can always check on the status of a deploy
+You can always check on the status of a deploy:
 
 ```cmd
 fly status
 ```
 
-Check your app logs
+Check your app logs:
 
 ```cmd
 fly logs
@@ -114,7 +103,7 @@ ENV ERL_AFLAGS "-proto_dist inet6_tcp"
 
 If you customized your Dockerfile or launched without the Dockerfile, this setting may not have been set for you. These values are important and enable your Elixir app to work smoothly in Fly's private IPv6 network.
 
-Check for this If you encounter network related errors like this:
+Check for this if you encounter network-related errors like the following:
 
 ```
 Could not contact remote node my-app@fdaa:0:31d4:a5b:9d36:7c1e:f284:2, reason: :nodedown. Aborting...
diff --git a/elixir/getting-started/migrate-from-heroku.html.markerb b/elixir/getting-started/migrate-from-heroku.html.markerb
index 544c498c52..ee8cb33302 100644
--- a/elixir/getting-started/migrate-from-heroku.html.markerb
+++ b/elixir/getting-started/migrate-from-heroku.html.markerb
@@ -20,17 +20,10 @@ The steps below run you through the process of migrating your Phoenix app from H
 
 From the root of the Elixir app you're running on Heroku, run `fly launch` and select the options to provision a new Postgres database.
 
-<%= partial "docs/languages-and-frameworks/partials/launch_with_postgres", locals: { detected: "Phoenix", app_name: "<app_name>" } %>
+<%= partial "docs/languages-and-frameworks/partials/launch_with_postgres", locals: { detected: "Phoenix", app_name: "my_app_name" } %>
 
-When that's done, view your app in a browser:
+There's still work to be done to move more Heroku stuff over, so don't worry if the app doesn't boot right away. Also check out:
 
-```cmd
-fly apps open
-```
-
-There's still work to be done to move more Heroku stuff over, so don't worry if the app doesn't boot right away. There's a few commands that you'll find useful to configure your environment:
-
-* `fly logs` - Read error messages and stack traces emitted by your application.
 * [Connect via IEx](/docs/elixir/the-basics/iex-into-running-app/)
 
 ### Transfer Heroku secrets
diff --git a/elixir/the-basics/clustering.html.md b/elixir/the-basics/clustering.html.md
index 0eaa988e08..f725b123a2 100644
--- a/elixir/the-basics/clustering.html.md
+++ b/elixir/the-basics/clustering.html.md
@@ -43,7 +43,7 @@ export RELEASE_DISTRIBUTION="name"
 export RELEASE_NODE="${FLY_APP_NAME}-${FLY_IMAGE_REF##*-}@${FLY_PRIVATE_IP}"
 ```
 
-This names our Elixir node's name (aka RELEASE_NODE) using the Fly application name, the Docker image reference value, and the internal IPv6 address. Make sure to deploy after making this change!
+This names our Elixir node's name (also known as RELEASE_NODE) using the Fly application name, the Docker image reference value, and the internal IPv6 address. Make sure to deploy after making this change!
 
 ```cmd
 fly deploy
@@ -55,7 +55,7 @@ The Phoenix library [dns_cluster](https://github.com/phoenixframework/dns_cluste
 
 The `dns_cluster` library lets you easily setup Erlang Clustering using DNS, and Fly.io has built in DNS support!
 
-After installing `dns_cluser`, add it to the application like this:
+After installing `dns_cluster`, add it to the application like this:
 
 ```elixir
 defmodule HelloElixir.Application do
@@ -170,7 +170,7 @@ I included the IEx prompt because it shows the IP address of the node I'm connec
 
 Fly.io makes it super easy to run VMs of your applications physically closer to your users. Through the magic of DNS, users are directed to the nearest [region](/docs/reference/regions/) where your application is located.
 
-Starting back from our baseline of a single VM running in `sea` which is Seattle, Washington (US), I'll add the region `ewr` which is Parsippany, NJ (US). I can do this by cloning the existing Fly Machine into my desired region:
+Starting back from our baseline of a single VM running in `sea` which is Seattle, Washington (US), I'll add the region `ewr` which is NJ (US). I can do this by cloning the existing Fly Machine into my desired region:
 
 ```cmd
 fly machine clone 6e82dd00f75687 --region ewr
@@ -204,7 +204,7 @@ We have two VMs of our application deployed to the West and East coasts of the N
 
 ## The cookie situation
 
-Before two Elixir nodes **can** cluster together, they must share a secret cookie. The cookie itself isn't meant to be a super secret encryption key or anything like that, it's designed to let us create multiple sets of small clusters on the same network that don't all just connect together. Different cookies means different clusters. For instance, only the nodes that all use the cookie "abc" will connect together.
+Before two Elixir nodes **can** cluster together, they must share a secret cookie. The cookie itself isn't meant to be a super secret encryption key or anything like that, it's designed to let us create multiple sets of small clusters on the same network that don't all just connect together. Different cookies means different clusters. For instance, only the nodes that all use the cookie `abc` will connect together.
 
 For us, this means that in order for `my_remote` node to connect to the cluster on Fly, we need to share the same cookie value used in production.
 
@@ -220,25 +220,55 @@ The easiest solution here is to **specify** the value to use for our cookie. One
 
 If we read the [Mix.Tasks.Release docs](https://hexdocs.pm/mix/Mix.Tasks.Release.html#module-options), in the `:cookie` section we learn that if we provide an ENV named `RELEASE_COOKIE`, it will be used. If that ENV is not found, it falls back to the randomly generated one.
 
-To do this, we can create the cookie we want and store it in our `fly.toml` file like this:
+To generate the cookie string we will use this Elixir command:
+
+```elixir
+Base.url_encode64(:crypto.strong_rand_bytes(40))
+```
+
+To provide the ENV named `RELEASE_COOKIE` inside the running app, after generating the cookie, we can either:
+- [Put it as a secret](https://fly.io/docs/apps/secrets/#set-secrets) inside project settings under the `RELEASE_COOKIE` name, or
+- Store it in our `fly.toml` file like this:
 
 ```toml
 [env]
   RELEASE_COOKIE = "my-app-cookie"
 ```
 
-Also from the docs, we can generate the cookie string to use with this Elixir command:
+After setting up the ENV and deploying the application, we can verify that the cookie is being used by getting an [IEx shell into our running server](/docs/elixir/the-basics/iex-into-running-app/) and issuing the following command:
 
 ```elixir
-Base.url_encode64(:crypto.strong_rand_bytes(40))
+Node.get_cookie()
 ```
 
-After deploying the application, we can verify that the cookie is being used by getting an [IEx shell into our running server](/docs/elixir/the-basics/iex-into-running-app/) and issuing the following command:
+This shows the cookie being used at runtime.
 
-```
-Node.get_cookie()
+We can also check list of connected nodes by running the following command:
+
+```elixir
+Node.list()
 ```
 
-This shows the cookie being used at runtime.
+An empty list means the node has no connections. If you are sure that there is more then one node running, you could proceed to [Troubleshooting](/docs/elixir/the-basics/troubleshooting/) documentation.
 
 With a known and unchanging cookie deployed in our application, we are ready for the next step!
+
+### Important IPv6 settings
+
+The `flyctl` command attempts to modify your project's Dockerfile and append the following lines:
+
+```Dockerfile
+# Appended by flyctl
+ENV ECTO_IPV6 true
+ENV ERL_AFLAGS "-proto_dist inet6_tcp"
+```
+
+If you customized your Dockerfile or launched without the Dockerfile, this setting may not have been set for you. These values are important and enable your Elixir app to work smoothly in Fly's private IPv6 network.
+
+Check for this If you encounter network related errors like this:
+
+```
+Could not contact remote node my-app@fdaa:0:31d4:a5b:9d36:7c1e:f284:2, reason: :nodedown. Aborting...
+```
+
+If you have non-empty list with all of your running nodes - congratulations, you have successfully set up the clustering!
\ No newline at end of file
diff --git a/elixir/the-basics/troubleshooting.html.md b/elixir/the-basics/troubleshooting.html.md
index 23dd06657c..baa3486b64 100644
--- a/elixir/the-basics/troubleshooting.html.md
+++ b/elixir/the-basics/troubleshooting.html.md
@@ -2,12 +2,12 @@
 title: Troubleshooting
 layout: framework_docs
 order: 10
-tredirect_from: /docs/elixir/getting-started/troubleshooting/
+redirect_from: /docs/elixir/getting-started/troubleshooting/
 blog_path: /phoenix-files
 objective: Common troubleshooting issues and resources for getting unstuck.
 ---
 
-Some problems are harder to diagnose because they deal with [Elixir releases](https://hexdocs.pm/mix/master/Mix.Tasks.Release.html) or Docker build problems. Typically, you don't run the application that way locally, so you only encounter those problems when it's time to deploy.
+Some problems are harder to diagnose because they deal with [Elixir releases](https://hexdocs.pm/mix/master/Mix.Tasks.Release.html+external) or Docker build problems. Typically, you don't run the application that way locally, so you only encounter those problems when it's time to deploy.
 
 Here are a few tips to help diagnose and identify problems.
 
@@ -16,7 +16,7 @@ Here are a few tips to help diagnose and identify problems.
 - Check the `:prod` config in `config/runtime.exs`, which is not used locally. Carefully review it.
 - Run `fly logs` to check server logs.
 
-For diagnosing database app issues, refer to the [Postgres Monitoring](/docs/reference/postgres/#monitoring) information.
+For diagnosing database app issues, refer to the [Postgres Monitoring](/docs/postgres/managing/monitoring/) information.
 
 Here's a quick hit list of commands to help:
 
@@ -31,7 +31,7 @@ Most difficulties center around application config. Applications generated with
 
 The internal networks at Fly.io use a IPv6 addresses. Elixir/OTP needs some config to work smoothly.
 
-One way to identify an issue is to generate a new Elixir application using a current version of Phoenix. Deploy that to Fly.io with a database. With that, you have a local working example to compare against. Don't worry, you can easily [`destroy`](/docs/flyctl/destroy/) the test app when you're ready to.
+One way to identify an issue is to generate a new Elixir application using a current version of Phoenix. Deploy that to Fly.io with a database. With that, you have a local working example to compare against. Don't worry, you can easily [`destroy`](/docs/flyctl/apps-destroy/) the test app when you're ready to.
 
 Suggested files to pay attention to when looking for config differences.
 
@@ -64,7 +64,7 @@ When using [IEx to remote into a running application](/docs/elixir/the-basics/ie
 warning: the --remsh option will be ignored because IEx is running on limited shell
 ```
 
-When that warning is present, the Elixir node we are connecting to is not the remote running node. A new node was launched when the remote shell request was ignored. Refer to the [docs here about the `--pty`](#iex-into-running-app) option.
+When that warning is present, the Elixir node we are connecting to is not the remote running node. A new node was launched when the remote shell request was ignored. Refer to the [docs here about the `--pty`](/docs/elixir/the-basics/iex-into-running-app/) option.
 
 Another indication of this situation is when typing `Node.self()`, the name of the node is returned with a prefix similar to "rem-ea46-".
 Example:
diff --git a/flyctl/cmd/fly.md b/flyctl/cmd/fly.md
new file mode 100644
index 0000000000..f0c759cc2d
--- /dev/null
+++ b/flyctl/cmd/fly.md
@@ -0,0 +1,66 @@
+This is flyctl, the Fly.io command line interface.
+
+## Usage
+~~~
+fly [flags]
+~~~
+
+## Available Commands
+* [agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+* [apps](/docs/flyctl/apps/)	 - Manage apps.
+* [auth](/docs/flyctl/auth/)	 - Manage authentication
+* [certs](/docs/flyctl/certs/)	 - Manage certificates
+* [checks](/docs/flyctl/checks/)	 - Manage health checks
+* [config](/docs/flyctl/config/)	 - Manage an app's configuration
+* [console](/docs/flyctl/console/)	 - Run a console in a new or existing machine
+* [consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
+* [dashboard](/docs/flyctl/dashboard/)	 - Open web browser on Fly Web UI for this app
+* [deploy](/docs/flyctl/deploy/)	 - Deploy Fly applications
+* [dig](/docs/flyctl/dig/)	 - Make DNS requests against Fly.io's internal DNS server
+* [docs](/docs/flyctl/docs/)	 - View Fly documentation
+* [doctor](/docs/flyctl/doctor/)	 - The DOCTOR command allows you to debug your Fly environment
+* [extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+* [image](/docs/flyctl/image/)	 - Manage app image
+* [incidents](/docs/flyctl/incidents/)	 - Show incidents
+* [ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+* [jobs](/docs/flyctl/jobs/)	 - Show jobs at Fly.io
+* [launch](/docs/flyctl/launch/)	 - Create and configure a new app from source code or a Docker image
+* [litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+* [logs](/docs/flyctl/logs/)	 - View app logs
+* [machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+* [mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+* [mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+* [mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+* [orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+* [ping](/docs/flyctl/ping/)	 - Test connectivity with ICMP ping messages
+* [platform](/docs/flyctl/platform/)	 - Fly platform information
+* [postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+* [proxy](/docs/flyctl/proxy/)	 - Proxies connections to a Fly Machine.
+* [redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+* [releases](/docs/flyctl/releases/)	 - List app releases
+* [scale](/docs/flyctl/scale/)	 - Scale app resources
+* [secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+* [services](/docs/flyctl/services/)	 - Show the application's services
+* [settings](/docs/flyctl/settings/)	 - Manage flyctl settings
+* [sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
+* [ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
+* [status](/docs/flyctl/status/)	 - Show app status
+* [storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+* [synthetics](/docs/flyctl/synthetics/)	 - Synthetic monitoring
+* [tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+* [version](/docs/flyctl/version/)	 - Show version information for the flyctl command
+* [volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+* [wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
+## Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+  -h, --help                  help for fly
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+
diff --git a/flyctl/cmd/fly_agent.md b/flyctl/cmd/fly_agent.md
new file mode 100644
index 0000000000..300971f9c7
--- /dev/null
+++ b/flyctl/cmd/fly_agent.md
@@ -0,0 +1,35 @@
+The Fly agent is a background process that manages wireguard connections started by flyctl.
+Commands such as 'fly ssh' and 'fly proxy' use this agent.
+Generally, the agent starts and stops automatically. These commands are useful for debugging.
+
+
+## Usage
+~~~
+fly agent [command] [flags]
+~~~
+
+## Available Commands
+* [ping](/docs/flyctl/agent-ping/)	 - Ping the Fly agent
+* [restart](/docs/flyctl/agent-restart/)	 - Restart the Fly agent
+* [run](/docs/flyctl/agent-run/)	 - Run the Fly agent in the foreground
+* [start](/docs/flyctl/agent-start/)	 - Start the Fly agent
+* [stop](/docs/flyctl/agent-stop/)	 - Stop the Fly agent
+
+## Options
+
+~~~
+  -h, --help   help for agent
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_agent_ping.md b/flyctl/cmd/fly_agent_ping.md
new file mode 100644
index 0000000000..a3e37bfd8f
--- /dev/null
+++ b/flyctl/cmd/fly_agent_ping.md
@@ -0,0 +1,27 @@
+Ping the Fly agent
+
+
+## Usage
+~~~
+fly agent ping [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for ping
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+
diff --git a/flyctl/cmd/fly_agent_restart.md b/flyctl/cmd/fly_agent_restart.md
new file mode 100644
index 0000000000..e819d75039
--- /dev/null
+++ b/flyctl/cmd/fly_agent_restart.md
@@ -0,0 +1,26 @@
+Restart the Fly agent
+
+
+## Usage
+~~~
+fly agent restart [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for restart
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+
diff --git a/flyctl/cmd/fly_agent_run.md b/flyctl/cmd/fly_agent_run.md
new file mode 100644
index 0000000000..dfdf2aac81
--- /dev/null
+++ b/flyctl/cmd/fly_agent_run.md
@@ -0,0 +1,26 @@
+Run the Fly agent in the foreground
+
+
+## Usage
+~~~
+fly agent run [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for run
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+
diff --git a/flyctl/cmd/fly_agent_start.md b/flyctl/cmd/fly_agent_start.md
new file mode 100644
index 0000000000..f63e221300
--- /dev/null
+++ b/flyctl/cmd/fly_agent_start.md
@@ -0,0 +1,26 @@
+Start the Fly agent
+
+
+## Usage
+~~~
+fly agent start [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for start
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+
diff --git a/flyctl/cmd/fly_agent_stop.md b/flyctl/cmd/fly_agent_stop.md
new file mode 100644
index 0000000000..88c47e7aca
--- /dev/null
+++ b/flyctl/cmd/fly_agent_stop.md
@@ -0,0 +1,26 @@
+Stop the Fly agent
+
+
+## Usage
+~~~
+fly agent stop [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for stop
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
+
diff --git a/flyctl/cmd/fly_apps.md b/flyctl/cmd/fly_apps.md
new file mode 100644
index 0000000000..518cd8a29d
--- /dev/null
+++ b/flyctl/cmd/fly_apps.md
@@ -0,0 +1,35 @@
+Manage your Fly applications.
+
+## Usage
+~~~
+fly apps [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/apps-create/)	 - Create a new application.
+* [destroy](/docs/flyctl/apps-destroy/)	 - Permanently destroy one or more apps.
+* [errors](/docs/flyctl/apps-errors/)	 - View application errors on Sentry.io
+* [list](/docs/flyctl/apps-list/)	 - List applications.
+* [move](/docs/flyctl/apps-move/)	 - Move an app to another organization.
+* [open](/docs/flyctl/apps-open/)	 - Open browser to current deployed application
+* [releases](/docs/flyctl/apps-releases/)	 - List app releases
+* [restart](/docs/flyctl/apps-restart/)	 - Restart an application.
+
+## Options
+
+~~~
+  -h, --help   help for apps
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_apps_create.md b/flyctl/cmd/fly_apps_create.md
new file mode 100644
index 0000000000..eb15697c25
--- /dev/null
+++ b/flyctl/cmd/fly_apps_create.md
@@ -0,0 +1,34 @@
+Create a new application on the Fly platform.
+This command won't generate a fly.toml configuration file, but you can
+fetch one with 'fly config save -a <app_name>'.
+
+## Usage
+~~~
+fly apps create <app name> [flags]
+~~~
+
+## Options
+
+~~~
+      --generate-name    Generate an app name
+  -h, --help             help for create
+  -j, --json             JSON output
+      --name string      The app name to use
+      --network string   Specify custom network id
+  -o, --org string       The target Fly.io organization
+      --save             Save the app name to the config file
+  -y, --yes              Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_destroy.md b/flyctl/cmd/fly_apps_destroy.md
new file mode 100644
index 0000000000..6862feba62
--- /dev/null
+++ b/flyctl/cmd/fly_apps_destroy.md
@@ -0,0 +1,26 @@
+Delete one or more applications from the Fly platform.
+
+## Usage
+~~~
+fly apps destroy <app name(s)> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for destroy
+  -y, --yes    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_errors.md b/flyctl/cmd/fly_apps_errors.md
new file mode 100644
index 0000000000..f6dc7a6fe7
--- /dev/null
+++ b/flyctl/cmd/fly_apps_errors.md
@@ -0,0 +1,27 @@
+View application errors on Sentry.io
+
+## Usage
+~~~
+fly apps errors [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for errors
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_list.md b/flyctl/cmd/fly_apps_list.md
new file mode 100644
index 0000000000..aa0ef81529
--- /dev/null
+++ b/flyctl/cmd/fly_apps_list.md
@@ -0,0 +1,32 @@
+List the applications currently
+available to this user. The list includes applications
+from all the organizations the user is a member of. The list shows
+the name, owner (org), status, and date/time of latest deploy for each app.
+
+
+## Usage
+~~~
+fly apps list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -j, --json         JSON output
+  -o, --org string   The target Fly.io organization
+  -q, --quiet        Only list app names
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_move.md b/flyctl/cmd/fly_apps_move.md
new file mode 100644
index 0000000000..8bcc3e4243
--- /dev/null
+++ b/flyctl/cmd/fly_apps_move.md
@@ -0,0 +1,30 @@
+Move an application to another
+organization the current user belongs to.
+For details, see https://fly.io/docs/apps/move-app-org/.
+
+## Usage
+~~~
+fly apps move <app name> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help                 help for move
+  -o, --org string           The target Fly.io organization
+      --skip-health-checks   Update machines without waiting for health checks
+  -y, --yes                  Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_open.md b/flyctl/cmd/fly_apps_open.md
new file mode 100644
index 0000000000..3f409c64dc
--- /dev/null
+++ b/flyctl/cmd/fly_apps_open.md
@@ -0,0 +1,29 @@
+Open browser to current deployed application. If an optional relative URI is specified, it is appended
+to the root URL of the deployed application.
+
+
+## Usage
+~~~
+fly apps open [RELATIVE_URI] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for open
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_releases.md b/flyctl/cmd/fly_apps_releases.md
new file mode 100644
index 0000000000..795110f9ac
--- /dev/null
+++ b/flyctl/cmd/fly_apps_releases.md
@@ -0,0 +1,31 @@
+List all the releases of the application onto the Fly platform,
+including type, when, success/fail and which user triggered the release.
+
+
+## Usage
+~~~
+fly apps releases [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for releases
+      --image           Display the Docker image reference of the release
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_apps_restart.md b/flyctl/cmd/fly_apps_restart.md
new file mode 100644
index 0000000000..cd3ab947c7
--- /dev/null
+++ b/flyctl/cmd/fly_apps_restart.md
@@ -0,0 +1,27 @@
+Restart an application. Perform a rolling restart against all running Machines.
+
+## Usage
+~~~
+fly apps restart <app name> [flags]
+~~~
+
+## Options
+
+~~~
+      --force-stop           Performs a force stop against the target Machine
+  -h, --help                 help for restart
+      --skip-health-checks   Restarts app without waiting for health checks
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly apps](/docs/flyctl/apps/)	 - Manage apps.
+
diff --git a/flyctl/cmd/fly_auth.md b/flyctl/cmd/fly_auth.md
new file mode 100644
index 0000000000..849d2643f9
--- /dev/null
+++ b/flyctl/cmd/fly_auth.md
@@ -0,0 +1,37 @@
+Authenticate with Fly (and logout if you need to).
+If you do not have an account, start with the AUTH SIGNUP command.
+If you do have an account, begin with the AUTH LOGIN subcommand.
+
+
+## Usage
+~~~
+fly auth [command] [flags]
+~~~
+
+## Available Commands
+* [docker](/docs/flyctl/auth-docker/)	 - Authenticate docker
+* [login](/docs/flyctl/auth-login/)	 - Log in a user
+* [logout](/docs/flyctl/auth-logout/)	 - Logs out the currently logged in user
+* [signup](/docs/flyctl/auth-signup/)	 - Create a new fly account
+* [whoami](/docs/flyctl/auth-whoami/)	 - Displays the users email address/service identity currently
+authenticated and in use.
+
+
+## Options
+
+~~~
+  -h, --help   help for auth
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_auth_docker.md b/flyctl/cmd/fly_auth_docker.md
new file mode 100644
index 0000000000..340be6e790
--- /dev/null
+++ b/flyctl/cmd/fly_auth_docker.md
@@ -0,0 +1,29 @@
+Adds registry.fly.io to the Docker daemon's authenticated
+registries. This allows you to push images directly to Fly.io from
+the Docker CLI.
+
+Note: Tokens generated by this command expire after 5 minutes.
+
+## Usage
+~~~
+fly auth docker [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for docker
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly auth](/docs/flyctl/auth/)	 - Manage authentication
+
diff --git a/flyctl/cmd/fly_auth_login.md b/flyctl/cmd/fly_auth_login.md
new file mode 100644
index 0000000000..3c4c19c281
--- /dev/null
+++ b/flyctl/cmd/fly_auth_login.md
@@ -0,0 +1,32 @@
+Logs a user into the Fly platform. Supports browser-based,
+email/password and one-time-password authentication. Defaults to using
+browser-based authentication.
+
+
+## Usage
+~~~
+fly auth login [flags]
+~~~
+
+## Options
+
+~~~
+      --email string      Login email
+  -h, --help              help for login
+  -i, --interactive       Log in with an email and password interactively
+      --otp string        One time password
+      --password string   Login password
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly auth](/docs/flyctl/auth/)	 - Manage authentication
+
diff --git a/flyctl/cmd/fly_auth_logout.md b/flyctl/cmd/fly_auth_logout.md
new file mode 100644
index 0000000000..d833ab9fae
--- /dev/null
+++ b/flyctl/cmd/fly_auth_logout.md
@@ -0,0 +1,27 @@
+Log the currently logged-in user out of the Fly platform.
+To continue interacting with Fly, the user will need to log in again.
+
+
+## Usage
+~~~
+fly auth logout [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for logout
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly auth](/docs/flyctl/auth/)	 - Manage authentication
+
diff --git a/flyctl/cmd/fly_auth_signup.md b/flyctl/cmd/fly_auth_signup.md
new file mode 100644
index 0000000000..d2a621718b
--- /dev/null
+++ b/flyctl/cmd/fly_auth_signup.md
@@ -0,0 +1,27 @@
+Creates a new fly account. The command opens the browser
+and sends the user to a form to provide appropriate credentials.
+
+
+## Usage
+~~~
+fly auth signup [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for signup
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly auth](/docs/flyctl/auth/)	 - Manage authentication
+
diff --git a/flyctl/cmd/fly_auth_whoami.md b/flyctl/cmd/fly_auth_whoami.md
new file mode 100644
index 0000000000..735be91346
--- /dev/null
+++ b/flyctl/cmd/fly_auth_whoami.md
@@ -0,0 +1,26 @@
+Show the currently authenticated user
+
+## Usage
+~~~
+fly auth whoami [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for whoami
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly auth](/docs/flyctl/auth/)	 - Manage authentication
+
diff --git a/flyctl/cmd/fly_certs.md b/flyctl/cmd/fly_certs.md
new file mode 100644
index 0000000000..d06edd8aa4
--- /dev/null
+++ b/flyctl/cmd/fly_certs.md
@@ -0,0 +1,35 @@
+Manages the certificates associated with a deployed application.
+Certificates are created by associating a hostname/domain with the application.
+When Fly is then able to validate that hostname/domain, the platform gets
+certificates issued for the hostname/domain by Let's Encrypt.
+
+## Usage
+~~~
+fly certs [command] [flags]
+~~~
+
+## Available Commands
+* [add](/docs/flyctl/certs-add/)	 - Add a certificate for an app
+* [check](/docs/flyctl/certs-check/)	 - Show certificate and DNS status
+* [list](/docs/flyctl/certs-list/)	 - List certificates for an app
+* [remove](/docs/flyctl/certs-remove/)	 - Removes a certificate from an app
+* [setup](/docs/flyctl/certs-setup/)	 - Shows certificate setup instructions
+
+## Options
+
+~~~
+  -h, --help   help for certs
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_certs_add.md b/flyctl/cmd/fly_certs_add.md
new file mode 100644
index 0000000000..a442a3b630
--- /dev/null
+++ b/flyctl/cmd/fly_certs_add.md
@@ -0,0 +1,29 @@
+Add a certificate for an application. Takes a hostname
+as a parameter for the certificate.
+
+## Usage
+~~~
+fly certs add <hostname> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for add
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly certs](/docs/flyctl/certs/)	 - Manage certificates
+
diff --git a/flyctl/cmd/fly_certs_check.md b/flyctl/cmd/fly_certs_check.md
new file mode 100644
index 0000000000..9659b1829c
--- /dev/null
+++ b/flyctl/cmd/fly_certs_check.md
@@ -0,0 +1,29 @@
+Shows detailed certificate information and checks the DNS configuration
+for the specified hostname.
+
+## Usage
+~~~
+fly certs check <hostname> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for check
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly certs](/docs/flyctl/certs/)	 - Manage certificates
+
diff --git a/flyctl/cmd/fly_certs_list.md b/flyctl/cmd/fly_certs_list.md
new file mode 100644
index 0000000000..6b06346213
--- /dev/null
+++ b/flyctl/cmd/fly_certs_list.md
@@ -0,0 +1,28 @@
+List the certificates associated with a deployed application.
+
+## Usage
+~~~
+fly certs list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly certs](/docs/flyctl/certs/)	 - Manage certificates
+
diff --git a/flyctl/cmd/fly_certs_remove.md b/flyctl/cmd/fly_certs_remove.md
new file mode 100644
index 0000000000..cfaf5dc747
--- /dev/null
+++ b/flyctl/cmd/fly_certs_remove.md
@@ -0,0 +1,29 @@
+Removes a certificate from an application. Takes hostname
+as a parameter to locate the certificate.
+
+## Usage
+~~~
+fly certs remove <hostname> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for remove
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly certs](/docs/flyctl/certs/)	 - Manage certificates
+
diff --git a/flyctl/cmd/fly_certs_setup.md b/flyctl/cmd/fly_certs_setup.md
new file mode 100644
index 0000000000..db46c97776
--- /dev/null
+++ b/flyctl/cmd/fly_certs_setup.md
@@ -0,0 +1,29 @@
+Shows setup instructions for configuring DNS records for a certificate.
+Takes hostname as a parameter to show the setup instructions for that certificate.
+
+## Usage
+~~~
+fly certs setup <hostname> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for setup
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly certs](/docs/flyctl/certs/)	 - Manage certificates
+
diff --git a/flyctl/cmd/fly_checks.md b/flyctl/cmd/fly_checks.md
new file mode 100644
index 0000000000..8678b7fa93
--- /dev/null
+++ b/flyctl/cmd/fly_checks.md
@@ -0,0 +1,30 @@
+Manage health checks
+
+## Usage
+~~~
+fly checks [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/checks-list/)	 - List health checks
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for checks
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_checks_list.md b/flyctl/cmd/fly_checks_list.md
new file mode 100644
index 0000000000..03de119f94
--- /dev/null
+++ b/flyctl/cmd/fly_checks_list.md
@@ -0,0 +1,29 @@
+List health checks
+
+## Usage
+~~~
+fly checks list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string          Application name
+      --check-name string   Filter checks by name
+  -c, --config string       Path to application configuration file
+  -h, --help                help for list
+  -j, --json                JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly checks](/docs/flyctl/checks/)	 - Manage health checks
+
diff --git a/flyctl/cmd/fly_config.md b/flyctl/cmd/fly_config.md
new file mode 100644
index 0000000000..eaa092335f
--- /dev/null
+++ b/flyctl/cmd/fly_config.md
@@ -0,0 +1,31 @@
+The CONFIG commands allow you to work with an application's configuration.
+
+## Usage
+~~~
+fly config [command] [flags]
+~~~
+
+## Available Commands
+* [env](/docs/flyctl/config-env/)	 - Display an app's runtime environment variables
+* [save](/docs/flyctl/config-save/)	 - Save an app's config file
+* [show](/docs/flyctl/config-show/)	 - Show an app's configuration
+* [validate](/docs/flyctl/config-validate/)	 - Validate an app's config file
+
+## Options
+
+~~~
+  -h, --help   help for config
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_config_env.md b/flyctl/cmd/fly_config_env.md
new file mode 100644
index 0000000000..8e3433ea19
--- /dev/null
+++ b/flyctl/cmd/fly_config_env.md
@@ -0,0 +1,28 @@
+Display an app's runtime environment variables. It displays a section for
+secrets and another for config file defined environment variables.
+
+## Usage
+~~~
+fly config env [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for env
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly config](/docs/flyctl/config/)	 - Manage an app's configuration
+
diff --git a/flyctl/cmd/fly_config_save.md b/flyctl/cmd/fly_config_save.md
new file mode 100644
index 0000000000..e6f8715ab2
--- /dev/null
+++ b/flyctl/cmd/fly_config_save.md
@@ -0,0 +1,31 @@
+Save an application's configuration locally. The configuration data is
+retrieved from the Fly service and saved in TOML format.
+
+## Usage
+~~~
+fly config save [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for save
+      --json            Output the configuration in JSON format
+      --yaml            Output the configuration in YAML format
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly config](/docs/flyctl/config/)	 - Manage an app's configuration
+
diff --git a/flyctl/cmd/fly_config_show.md b/flyctl/cmd/fly_config_show.md
new file mode 100644
index 0000000000..1200a0ed8b
--- /dev/null
+++ b/flyctl/cmd/fly_config_show.md
@@ -0,0 +1,31 @@
+Show an application's configuration. The configuration is presented by default
+in JSON format. The configuration data is retrieved from the Fly service.
+
+## Usage
+~~~
+fly config show [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+      --local           Parse and show local fly.toml file instead of fetching from the Fly service
+      --toml            Show configuration in TOML format
+      --yaml            Show configuration in YAML format
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly config](/docs/flyctl/config/)	 - Manage an app's configuration
+
diff --git a/flyctl/cmd/fly_config_validate.md b/flyctl/cmd/fly_config_validate.md
new file mode 100644
index 0000000000..56da0b1005
--- /dev/null
+++ b/flyctl/cmd/fly_config_validate.md
@@ -0,0 +1,29 @@
+Validates an application's config file against the Fly platform to
+ensure it is correct and meaningful to the platform.
+
+## Usage
+~~~
+fly config validate [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for validate
+  -s, --strict          Enable strict validation to check for unrecognized sections and keys
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly config](/docs/flyctl/config/)	 - Manage an app's configuration
+
diff --git a/flyctl/cmd/fly_console.md b/flyctl/cmd/fly_console.md
new file mode 100644
index 0000000000..78b53b823d
--- /dev/null
+++ b/flyctl/cmd/fly_console.md
@@ -0,0 +1,55 @@
+Run a console in a new or existing machine. The console command is
+specified by the `console_command` configuration field. By default, a
+new machine is created by default using the app's most recently deployed
+image. An existing machine can be used instead with --machine.
+
+## Usage
+~~~
+fly console [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+  -C, --command string              command to run on SSH session
+  -c, --config string               Path to application configuration file
+      --container string            Container to connect to
+      --dockerfile string           Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+      --entrypoint string           ENTRYPOINT replacement
+  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
+      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
+  -h, --help                        help for console
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+  -i, --image string                image to use (default: current release)
+      --machine string              Run the console in the existing machine with the specified ID
+  -p, --port strings                Publish ports, format: port[:machinePort][/protocol[:handler[:handler...]]])
+                                    		i.e.: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
+                                    		To remove a port mapping use '-' as handler, i.e.: --port 80/tcp:-
+  -r, --region string               The target region (see 'flyctl platform regions')
+  -s, --select                      Select the machine and container on which to execute the console from a list.
+  -u, --user string                 Unix username to connect as (default "root")
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --volume strings              Volume to mount, in the form of <volume_id_or_name>:/path/inside/machine[:<options>]
+      --wg                          Determines whether communication with remote builders are conducted over wireguard or plain internet(https) (default true)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_consul.md b/flyctl/cmd/fly_consul.md
new file mode 100644
index 0000000000..f01fc437d5
--- /dev/null
+++ b/flyctl/cmd/fly_consul.md
@@ -0,0 +1,29 @@
+Enable and manage Consul clusters
+
+## Usage
+~~~
+fly consul [command] [flags]
+~~~
+
+## Available Commands
+* [attach](/docs/flyctl/consul-attach/)	 - Attach Consul cluster to an app
+* [detach](/docs/flyctl/consul-detach/)	 - Detach Consul cluster from an app
+
+## Options
+
+~~~
+  -h, --help   help for consul
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_consul_attach.md b/flyctl/cmd/fly_consul_attach.md
new file mode 100644
index 0000000000..1cb1301a7e
--- /dev/null
+++ b/flyctl/cmd/fly_consul_attach.md
@@ -0,0 +1,28 @@
+Attach Consul cluster to an app, and setting the FLY_CONSUL_URL secret
+
+## Usage
+~~~
+fly consul attach [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -h, --help                   help for attach
+      --variable-name string   The environment variable name that will be added to the consuming app. (default "FLY_CONSUL_URL")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
+
diff --git a/flyctl/cmd/fly_consul_detach.md b/flyctl/cmd/fly_consul_detach.md
new file mode 100644
index 0000000000..3b9c7be1ba
--- /dev/null
+++ b/flyctl/cmd/fly_consul_detach.md
@@ -0,0 +1,28 @@
+Detach Consul cluster from an app, and unsetting the FLY_CONSUL_URL secret
+
+## Usage
+~~~
+fly consul detach [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -h, --help                   help for detach
+      --variable-name string   The secret name that will be removed from the app. (default "FLY_CONSUL_URL")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
+
diff --git a/flyctl/cmd/fly_dashboard.md b/flyctl/cmd/fly_dashboard.md
new file mode 100644
index 0000000000..a1a8fb905a
--- /dev/null
+++ b/flyctl/cmd/fly_dashboard.md
@@ -0,0 +1,30 @@
+Open web browser on Fly Web UI for this application
+
+## Usage
+~~~
+fly dashboard [flags]
+~~~
+
+## Available Commands
+* [metrics](/docs/flyctl/dashboard-metrics/)	 - Open web browser on Fly Web UI for this app's metrics
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_dashboard_metrics.md b/flyctl/cmd/fly_dashboard_metrics.md
new file mode 100644
index 0000000000..aeb1457c8f
--- /dev/null
+++ b/flyctl/cmd/fly_dashboard_metrics.md
@@ -0,0 +1,27 @@
+Open web browser on Fly Web UI for this application's metrics
+
+## Usage
+~~~
+fly dashboard metrics [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for metrics
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly dashboard](/docs/flyctl/dashboard/)	 - Open web browser on Fly Web UI for this app
+
diff --git a/flyctl/cmd/fly_deploy.md b/flyctl/cmd/fly_deploy.md
new file mode 100644
index 0000000000..8d0481553e
--- /dev/null
+++ b/flyctl/cmd/fly_deploy.md
@@ -0,0 +1,102 @@
+Deploy Fly applications from source or an image using a local or remote builder.
+
+		To disable colorized output and show full Docker build output, set the environment variable NO_COLOR=1.
+	
+
+## Usage
+~~~
+fly deploy [WORKING_DIRECTORY] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                       Application name
+      --build-arg stringArray            Set of build time variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --build-only                       Build but do not deploy
+      --build-secret stringArray         Set of build secrets of NAME=VALUE pairs. Can be specified multiple times. See https://docs.docker.com/engine/reference/commandline/buildx_build/#secret
+      --build-target string              Set the target build stage to build if the Dockerfile has more than one stage
+      --buildkit                         Deploy using buildkit-based remote builder
+      --buildpacks-docker-host string    Address to docker daemon that will be exposed to the build container.
+                                         If not set (or set to empty string) the standard socket location will be used.
+                                         Special value 'inherit' may be used in which case DOCKER_HOST environment variable will be used.
+                                         This option may set DOCKER_HOST environment variable for the build container if needed.
+                                         
+      --buildpacks-volume strings        Mount host volume into the build container, in the form '<host path>:<target path>[:<options>]'.
+                                         - 'host path': Name of the volume or absolute directory path to mount.
+                                         - 'target path': The path where the file or directory is available in the container.
+                                         - 'options' (default "ro"): An optional comma separated list of mount options.
+                                             - "ro", volume contents are read-only.
+                                             - "rw", volume contents are readable and writeable.
+                                             - "volume-opt=<key>=<value>", can be specified more than once, takes a key-value pair consisting of the option name and its value.
+                                         Repeat for each volume in order (comma-separated lists not accepted)
+                                         
+      --compression string               Compression algorithm to use for the image. Options are "zstd" or "gzip". Defaults to "gzip". (default "gzip")
+      --compression-level int            Compression level to use for the image. Defaults to 7. (default 7)
+  -c, --config string                    Path to application configuration file
+      --deploy-retries string            Number of times to retry a deployment if it fails (default "auto")
+      --depot string[="true"]            Deploy using depot to build the image (default "auto")
+      --depot-scope string               The scope of the Depot builder's cache to use (org or app) (default "org")
+      --detach                           Return immediately instead of monitoring deployment progress
+      --dns-checks                       Perform DNS checks during deployment (default true)
+      --dockerfile string                Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+  -e, --env stringArray                  Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --exclude-machines strings         Deploy to all machines except machines with these IDs. Multiple IDs can be specified with comma separated values or by providing the flag multiple times.
+      --exclude-regions strings          Deploy to all machines except machines in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times.
+      --file-literal stringArray         Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
+      --file-local stringArray           Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray          Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
+      --flycast                          Allocate a private IPv6 addresses
+      --ha                               Create spare machines that increases app availability (default true)
+  -h, --help                             help for deploy
+      --host-dedication-id string        The dedication id of the reserved hosts for your organization (if any)
+      --https-failover                   Determines whether to failover to plain internet(https) communication with remote builders if wireguard fails (default true)
+      --ignorefile string                Path to a Docker ignore file. Defaults to the .dockerignore file in the working directory.
+  -i, --image string                     The Docker image to deploy
+      --image-label string               Image label to use when tagging and pushing to the fly registry. Defaults to "deployment-{timestamp}".
+      --label stringArray                Add custom metadata to an image via docker labels
+      --lease-timeout string             Time duration to lease individual machines while running deployment. All machines are leased at the beginning and released at the end.The lease is refreshed periodically for this same time, which is why it is short.flyctl releases leases in most cases. (default "13s")
+      --local-only                       Perform builds locally using the local docker daemon. The default is --remote-only.
+      --max-concurrent int               Maximum number of machines to operate on concurrently. (default 8)
+      --max-unavailable float            Max number of unavailable machines during rolling updates. A number between 0 and 1 means percent of total machines (default 0.33)
+      --nixpacks                         Deploy using nixpacks to build the image
+      --no-cache                         Do not use the build cache when building the image
+      --no-public-ips                    Do not allocate any new public IP addresses
+      --now                              Deploy now without confirmation
+      --only-machines strings            Deploy to machines only with these IDs. Multiple IDs can be specified with comma separated values or by providing the flag multiple times.
+      --primary-region string            Override primary region in fly.toml configuration.
+      --process-groups strings           Deploy to machines only in these process groups
+      --push                             Push image to registry after build is complete
+      --recreate-builder                 Recreate the builder app, if it exists
+      --regions strings                  Deploy to machines only in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times.
+      --release-command-timeout string   Time duration to wait for a release command finish running, or 'none' to disable. (default "5m0s")
+      --remote-only                      Perform builds on a remote builder instance instead of using the local docker daemon. This is the default. Use --local-only to build locally.
+  -s, --signal string                    Signal to stop the machine with for bluegreen strategy (default: SIGINT)
+      --skip-release-command             Do not run the release command during deployment.
+      --smoke-checks                     Perform smoke checks during deployment (default true)
+      --strategy string                  The strategy for replacing running instances. Options are canary, rolling, bluegreen, or immediate. The default strategy is rolling.
+      --update-only                      Do not create Machines for new process groups
+      --vm-cpu-kind string               The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                      Number of CPUs
+      --vm-gpu-kind string               If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                      Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string                 Memory (in megabytes) to attribute to the VM
+      --vm-size string                   The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --volume-initial-size int          The initial size in GB for volumes created on first deploy
+      --wait-timeout string              Time duration to wait for individual machines to transition states and become healthy. (default "5m0s")
+      --wg                               Determines whether communication with remote builders are conducted over wireguard or plain internet(https) (default true)
+  -y, --yes                              Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_dig.md b/flyctl/cmd/fly_dig.md
new file mode 100644
index 0000000000..2f1d3ee2dd
--- /dev/null
+++ b/flyctl/cmd/fly_dig.md
@@ -0,0 +1,36 @@
+Make DNS requests against Fly.io's internal DNS server. Valid types include
+AAAA and TXT (the two types our servers answer authoritatively), AAAA-NATIVE
+and TXT-NATIVE, which resolve with Go's resolver (they're slower,
+but may be useful if diagnosing a DNS bug) and A and CNAME
+(if you're using the server to test recursive lookups.)
+Note that this resolves names against the server for the current organization. You can
+set the organization with -o <org-slug>; otherwise, the command uses the organization
+attached to the current app (you can pass an app in with -a <appname>).
+
+## Usage
+~~~
+fly dig [type] <name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dig
+  -o, --org string      The target Fly.io organization
+  -s, --short           Just print the answers, not DNS record details
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_docs.md b/flyctl/cmd/fly_docs.md
new file mode 100644
index 0000000000..5e73341c85
--- /dev/null
+++ b/flyctl/cmd/fly_docs.md
@@ -0,0 +1,27 @@
+View Fly documentation on the Fly.io website. This command will open a
+browser to view the content.
+
+
+## Usage
+~~~
+fly docs [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for docs
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_doctor.md b/flyctl/cmd/fly_doctor.md
new file mode 100644
index 0000000000..bdf8f6f28f
--- /dev/null
+++ b/flyctl/cmd/fly_doctor.md
@@ -0,0 +1,33 @@
+The DOCTOR command allows you to debug your Fly environment
+
+
+## Usage
+~~~
+fly doctor [flags]
+~~~
+
+## Available Commands
+* [diag](/docs/flyctl/doctor-diag/)	 - Send diagnostic information about your applications back to Fly.io.
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for doctor
+  -j, --json            JSON output
+  -o, --org string      The name of the organization to use for WireGuard tests. (default "personal")
+  -v, --verbose         Print extra diagnostic information.
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_doctor_diag.md b/flyctl/cmd/fly_doctor_diag.md
new file mode 100644
index 0000000000..eed9a9f02e
--- /dev/null
+++ b/flyctl/cmd/fly_doctor_diag.md
@@ -0,0 +1,34 @@
+Send diagnostic information about your applications back to Fly.io,
+to help diagnose problems.
+
+This command will collect some local system information and a few files
+that you'd be sending us anyways in order to deploy, notably any Dockerfiles
+you might have associated with this application.
+
+
+## Usage
+~~~
+fly doctor diag [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --force           Send diagnostics even if we can't find your local Fly.io app
+  -h, --help            help for diag
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly doctor](/docs/flyctl/doctor/)	 - The DOCTOR command allows you to debug your Fly environment
+
diff --git a/flyctl/cmd/fly_extensions.md b/flyctl/cmd/fly_extensions.md
new file mode 100644
index 0000000000..3ba3b9d4c0
--- /dev/null
+++ b/flyctl/cmd/fly_extensions.md
@@ -0,0 +1,35 @@
+Extensions are additional functionality that can be added to your Fly apps
+
+## Usage
+~~~
+fly extensions [command] [flags]
+~~~
+
+## Available Commands
+* [arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+* [kubernetes](/docs/flyctl/extensions-kubernetes/)	 - Provision and manage Kubernetes clusters
+* [mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+* [sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
+* [storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+* [supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
+* [vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+* [wafris](/docs/flyctl/extensions-wafris/)	 - Provision and manage Wafris WAFs (Web Application Firewalls)
+
+## Options
+
+~~~
+  -h, --help   help for extensions
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_extensions_arcjet.md b/flyctl/cmd/fly_extensions_arcjet.md
new file mode 100644
index 0000000000..92aa38071e
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet.md
@@ -0,0 +1,33 @@
+Provision and manage Arcjet
+
+
+## Usage
+~~~
+fly extensions arcjet [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-arcjet-create/)	 - Create an Arcjet site
+* [dashboard](/docs/flyctl/extensions-arcjet-dashboard/)	 - Visit the Arcjet dashboard
+* [destroy](/docs/flyctl/extensions-arcjet-destroy/)	 - Permanently destroy an Arcjet site
+* [list](/docs/flyctl/extensions-arcjet-list/)	 - List your Arcjet sites
+* [status](/docs/flyctl/extensions-arcjet-status/)	 - Show details about an Arcjet site setup
+
+## Options
+
+~~~
+  -h, --help   help for arcjet
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_arcjet_create.md b/flyctl/cmd/fly_extensions_arcjet_create.md
new file mode 100644
index 0000000000..e9a1bfaf77
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet_create.md
@@ -0,0 +1,32 @@
+Create an Arcjet site
+
+
+## Usage
+~~~
+fly extensions arcjet create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for create
+  -n, --name string     The name of your application
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+
diff --git a/flyctl/cmd/fly_extensions_arcjet_dashboard.md b/flyctl/cmd/fly_extensions_arcjet_dashboard.md
new file mode 100644
index 0000000000..2c229d7565
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Arcjet dashboard
+
+## Usage
+~~~
+fly extensions arcjet dashboard [site_name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+
diff --git a/flyctl/cmd/fly_extensions_arcjet_destroy.md b/flyctl/cmd/fly_extensions_arcjet_destroy.md
new file mode 100644
index 0000000000..51aed26d75
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy an Arcjet site
+
+## Usage
+~~~
+fly extensions arcjet destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+
diff --git a/flyctl/cmd/fly_extensions_arcjet_list.md b/flyctl/cmd/fly_extensions_arcjet_list.md
new file mode 100644
index 0000000000..8dc2040c79
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet_list.md
@@ -0,0 +1,27 @@
+List your Arcjet sites
+
+## Usage
+~~~
+fly extensions arcjet list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+
diff --git a/flyctl/cmd/fly_extensions_arcjet_status.md b/flyctl/cmd/fly_extensions_arcjet_status.md
new file mode 100644
index 0000000000..56b2637c19
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_arcjet_status.md
@@ -0,0 +1,29 @@
+Show details about an Arcjet site setup
+
+
+## Usage
+~~~
+fly extensions arcjet status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions arcjet](/docs/flyctl/extensions-arcjet/)	 - Provision and manage Arcjet
+
diff --git a/flyctl/cmd/fly_extensions_kubernetes.md b/flyctl/cmd/fly_extensions_kubernetes.md
new file mode 100644
index 0000000000..8261da469b
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_kubernetes.md
@@ -0,0 +1,32 @@
+Provision and manage Kubernetes clusters
+
+
+## Usage
+~~~
+fly extensions kubernetes [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-kubernetes-create/)	 - Provision a Kubernetes cluster for an organization
+* [destroy](/docs/flyctl/extensions-kubernetes-destroy/)	 - Permanently destroy a Kubernetes cluster
+* [list](/docs/flyctl/extensions-kubernetes-list/)	 - List your Kubernetes clusters
+* [save-kubeconfig](/docs/flyctl/extensions-kubernetes-save-kubeconfig/)	 - Save the kubeconfig file of your cluster
+
+## Options
+
+~~~
+  -h, --help   help for kubernetes
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_kubernetes_create.md b/flyctl/cmd/fly_extensions_kubernetes_create.md
new file mode 100644
index 0000000000..825d7685da
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_kubernetes_create.md
@@ -0,0 +1,30 @@
+Provision a Kubernetes cluster for an organization
+
+
+## Usage
+~~~
+fly extensions kubernetes create [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help            help for create
+  -n, --name string     The name of your cluster
+  -o, --org string      The target Fly.io organization
+      --output string   The output path to save the kubeconfig file
+  -r, --region string   The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions kubernetes](/docs/flyctl/extensions-kubernetes/)	 - Provision and manage Kubernetes clusters
+
diff --git a/flyctl/cmd/fly_extensions_kubernetes_destroy.md b/flyctl/cmd/fly_extensions_kubernetes_destroy.md
new file mode 100644
index 0000000000..b250813612
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_kubernetes_destroy.md
@@ -0,0 +1,26 @@
+Permanently destroy a Kubernetes cluster
+
+## Usage
+~~~
+fly extensions kubernetes destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for destroy
+  -y, --yes    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions kubernetes](/docs/flyctl/extensions-kubernetes/)	 - Provision and manage Kubernetes clusters
+
diff --git a/flyctl/cmd/fly_extensions_kubernetes_list.md b/flyctl/cmd/fly_extensions_kubernetes_list.md
new file mode 100644
index 0000000000..bbdf02c50c
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_kubernetes_list.md
@@ -0,0 +1,25 @@
+List your Kubernetes clusters
+
+## Usage
+~~~
+fly extensions kubernetes list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions kubernetes](/docs/flyctl/extensions-kubernetes/)	 - Provision and manage Kubernetes clusters
+
diff --git a/flyctl/cmd/fly_extensions_kubernetes_save-kubeconfig.md b/flyctl/cmd/fly_extensions_kubernetes_save-kubeconfig.md
new file mode 100644
index 0000000000..09dd11820d
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_kubernetes_save-kubeconfig.md
@@ -0,0 +1,26 @@
+Save the kubeconfig file of your cluster
+
+## Usage
+~~~
+fly extensions kubernetes save-kubeconfig [cluster name] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help            help for save-kubeconfig
+      --output string   The output path to save the kubeconfig file
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions kubernetes](/docs/flyctl/extensions-kubernetes/)	 - Provision and manage Kubernetes clusters
+
diff --git a/flyctl/cmd/fly_extensions_mysql.md b/flyctl/cmd/fly_extensions_mysql.md
new file mode 100644
index 0000000000..daa2885059
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql.md
@@ -0,0 +1,33 @@
+Provision and manage MySQL database clusters
+
+
+## Usage
+~~~
+fly extensions mysql [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-mysql-create/)	 - Provision a MySQL database
+* [destroy](/docs/flyctl/extensions-mysql-destroy/)	 - Permanently destroy a MySQL database
+* [list](/docs/flyctl/extensions-mysql-list/)	 - List your MySQL databases
+* [status](/docs/flyctl/extensions-mysql-status/)	 - Show details about a MySQL database
+* [update](/docs/flyctl/extensions-mysql-update/)	 - Update an existing MySQL database
+
+## Options
+
+~~~
+  -h, --help   help for mysql
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_mysql_create.md b/flyctl/cmd/fly_extensions_mysql_create.md
new file mode 100644
index 0000000000..881843ac54
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql_create.md
@@ -0,0 +1,36 @@
+Provision a MySQL database
+
+
+## Usage
+~~~
+fly extensions mysql create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --cpu int         The number of CPUs assigned to each cluster member
+      --disk int        Disk size (in GB) assigned to each cluster member
+  -h, --help            help for create
+      --memory int      Memory (in GB) assigned to each cluster member
+  -n, --name string     The name of your database
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+      --size int        The number of members in your cluster
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_extensions_mysql_destroy.md b/flyctl/cmd/fly_extensions_mysql_destroy.md
new file mode 100644
index 0000000000..235cefb1aa
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a MySQL database
+
+## Usage
+~~~
+fly extensions mysql destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_extensions_mysql_list.md b/flyctl/cmd/fly_extensions_mysql_list.md
new file mode 100644
index 0000000000..68f85b17f4
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql_list.md
@@ -0,0 +1,27 @@
+List your MySQL databases
+
+## Usage
+~~~
+fly extensions mysql list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_extensions_mysql_status.md b/flyctl/cmd/fly_extensions_mysql_status.md
new file mode 100644
index 0000000000..55dace95ad
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql_status.md
@@ -0,0 +1,29 @@
+Show details about a MySQL database
+
+
+## Usage
+~~~
+fly extensions mysql status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_extensions_mysql_update.md b/flyctl/cmd/fly_extensions_mysql_update.md
new file mode 100644
index 0000000000..775c2e07f3
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_mysql_update.md
@@ -0,0 +1,33 @@
+Update an existing MySQL database
+
+
+## Usage
+~~~
+fly extensions mysql update <database_name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --cpu int         The number of CPUs assigned to each cluster member
+  -h, --help            help for update
+      --memory int      Memory (in GB) assigned to each cluster member
+  -o, --org string      The target Fly.io organization
+      --size int        The number of members in your cluster
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions mysql](/docs/flyctl/extensions-mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_extensions_sentry.md b/flyctl/cmd/fly_extensions_sentry.md
new file mode 100644
index 0000000000..8f450006d5
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_sentry.md
@@ -0,0 +1,32 @@
+Setup a Sentry project for this app
+
+
+## Usage
+~~~
+fly extensions sentry [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-sentry-create/)	 - Provision a Sentry project for a Fly.io app
+* [dashboard](/docs/flyctl/extensions-sentry-dashboard/)	 - View application errors in the Sentry dashboard
+* [destroy](/docs/flyctl/extensions-sentry-destroy/)	 - Permanently destroy a Sentry project
+* [list](/docs/flyctl/extensions-sentry-list/)	 - List your Sentry projects
+
+## Options
+
+~~~
+  -h, --help   help for sentry
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_sentry_create.md b/flyctl/cmd/fly_extensions_sentry_create.md
new file mode 100644
index 0000000000..ec37008f27
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_sentry_create.md
@@ -0,0 +1,29 @@
+Provision a Sentry project for a Fly.io app
+
+
+## Usage
+~~~
+fly extensions sentry create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for create
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
+
diff --git a/flyctl/cmd/fly_extensions_sentry_dashboard.md b/flyctl/cmd/fly_extensions_sentry_dashboard.md
new file mode 100644
index 0000000000..120e548a36
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_sentry_dashboard.md
@@ -0,0 +1,28 @@
+View application errors in the Sentry dashboard
+
+## Usage
+~~~
+fly extensions sentry dashboard [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
+
diff --git a/flyctl/cmd/fly_extensions_sentry_destroy.md b/flyctl/cmd/fly_extensions_sentry_destroy.md
new file mode 100644
index 0000000000..daf8c05ef8
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_sentry_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a Sentry project
+
+## Usage
+~~~
+fly extensions sentry destroy [project-name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
+
diff --git a/flyctl/cmd/fly_extensions_sentry_list.md b/flyctl/cmd/fly_extensions_sentry_list.md
new file mode 100644
index 0000000000..1c37184a9f
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_sentry_list.md
@@ -0,0 +1,27 @@
+List your Sentry projects
+
+## Usage
+~~~
+fly extensions sentry list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
+
diff --git a/flyctl/cmd/fly_extensions_storage.md b/flyctl/cmd/fly_extensions_storage.md
new file mode 100644
index 0000000000..ac0cf117fe
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage.md
@@ -0,0 +1,34 @@
+Provision and manage Tigris object storage buckets
+
+
+## Usage
+~~~
+fly extensions storage [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-storage-create/)	 - Provision a Tigris object storage bucket
+* [dashboard](/docs/flyctl/extensions-storage-dashboard/)	 - Visit the Tigris dashboard
+* [destroy](/docs/flyctl/extensions-storage-destroy/)	 - Permanently destroy a Tigris object storage bucket
+* [list](/docs/flyctl/extensions-storage-list/)	 - List your Tigris object storage buckets
+* [status](/docs/flyctl/extensions-storage-status/)	 - Show details about a Tigris storage bucket
+* [update](/docs/flyctl/extensions-storage-update/)	 - Update an existing Tigris object storage bucket
+
+## Options
+
+~~~
+  -h, --help   help for storage
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_storage_create.md b/flyctl/cmd/fly_extensions_storage_create.md
new file mode 100644
index 0000000000..09e0f26fd9
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_create.md
@@ -0,0 +1,38 @@
+Provision a Tigris object storage bucket
+
+
+## Usage
+~~~
+fly extensions storage create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                 Application name
+  -c, --config string              Path to application configuration file
+  -h, --help                       help for create
+  -n, --name string                The name of your bucket
+  -o, --org string                 The target Fly.io organization
+  -p, --public                     Objects in the bucket should be publicly accessible
+      --shadow-access-key string   Shadow bucket access key
+      --shadow-endpoint string     Shadow bucket endpoint
+      --shadow-name string         Shadow bucket name
+      --shadow-region string       Shadow bucket region
+      --shadow-secret-key string   Shadow bucket secret key
+      --shadow-write-through       Write objects through to the shadow bucket
+  -y, --yes                        Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_storage_dashboard.md b/flyctl/cmd/fly_extensions_storage_dashboard.md
new file mode 100644
index 0000000000..6563c8b063
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Tigris dashboard
+
+## Usage
+~~~
+fly extensions storage dashboard [bucket_name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_storage_destroy.md b/flyctl/cmd/fly_extensions_storage_destroy.md
new file mode 100644
index 0000000000..862efaac49
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a Tigris object storage bucket
+
+## Usage
+~~~
+fly extensions storage destroy [storage-bucket-name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_storage_list.md b/flyctl/cmd/fly_extensions_storage_list.md
new file mode 100644
index 0000000000..1f422cee13
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_list.md
@@ -0,0 +1,27 @@
+List your Tigris object storage buckets
+
+## Usage
+~~~
+fly extensions storage list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_storage_status.md b/flyctl/cmd/fly_extensions_storage_status.md
new file mode 100644
index 0000000000..148e4672ab
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_status.md
@@ -0,0 +1,29 @@
+Show details about a Tigris storage bucket
+
+
+## Usage
+~~~
+fly extensions storage status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_storage_update.md b/flyctl/cmd/fly_extensions_storage_update.md
new file mode 100644
index 0000000000..7c9428b5fb
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_storage_update.md
@@ -0,0 +1,41 @@
+Update an existing Tigris object storage bucket
+
+
+## Usage
+~~~
+fly extensions storage update <bucket_name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                 Application name
+      --clear-custom-domain        Remove a custom domain from a bucket
+      --clear-shadow               Remove an existing shadow bucket
+  -c, --config string              Path to application configuration file
+      --custom-domain string       A custom domain name pointing at your bucket
+  -h, --help                       help for update
+  -o, --org string                 The target Fly.io organization
+      --private                    Set a public bucket to be private
+  -p, --public                     Objects in the bucket should be publicly accessible
+      --shadow-access-key string   Shadow bucket access key
+      --shadow-endpoint string     Shadow bucket endpoint
+      --shadow-name string         Shadow bucket name
+      --shadow-region string       Shadow bucket region
+      --shadow-secret-key string   Shadow bucket secret key
+      --shadow-write-through       Write objects through to the shadow bucket
+  -y, --yes                        Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions storage](/docs/flyctl/extensions-storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_extensions_supabase.md b/flyctl/cmd/fly_extensions_supabase.md
new file mode 100644
index 0000000000..30d2415d61
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_supabase.md
@@ -0,0 +1,32 @@
+Provision and manage Supabase Postgres databases
+
+
+## Usage
+~~~
+fly extensions supabase [command] [flags]
+~~~
+
+## Available Commands
+* [dashboard](/docs/flyctl/extensions-supabase-dashboard/)	 - Visit the Supabase database dashboard
+* [destroy](/docs/flyctl/extensions-supabase-destroy/)	 - Permanently destroy a Supabase database
+* [list](/docs/flyctl/extensions-supabase-list/)	 - List your Supabase databases
+* [status](/docs/flyctl/extensions-supabase-status/)	 - Show details about a Supabase Postgres database
+
+## Options
+
+~~~
+  -h, --help   help for supabase
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_supabase_dashboard.md b/flyctl/cmd/fly_extensions_supabase_dashboard.md
new file mode 100644
index 0000000000..961cfb52b7
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_supabase_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Supabase database dashboard
+
+## Usage
+~~~
+fly extensions supabase dashboard [database_name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
+
diff --git a/flyctl/cmd/fly_extensions_supabase_destroy.md b/flyctl/cmd/fly_extensions_supabase_destroy.md
new file mode 100644
index 0000000000..9f4a2bacd6
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_supabase_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a Supabase database
+
+## Usage
+~~~
+fly extensions supabase destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
+
diff --git a/flyctl/cmd/fly_extensions_supabase_list.md b/flyctl/cmd/fly_extensions_supabase_list.md
new file mode 100644
index 0000000000..9fcf475bb1
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_supabase_list.md
@@ -0,0 +1,27 @@
+List your Supabase databases
+
+## Usage
+~~~
+fly extensions supabase list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
+
diff --git a/flyctl/cmd/fly_extensions_supabase_status.md b/flyctl/cmd/fly_extensions_supabase_status.md
new file mode 100644
index 0000000000..99352ffdc3
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_supabase_status.md
@@ -0,0 +1,29 @@
+Show details about a Supabase Postgres database
+
+
+## Usage
+~~~
+fly extensions supabase status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
+
diff --git a/flyctl/cmd/fly_extensions_vector.md b/flyctl/cmd/fly_extensions_vector.md
new file mode 100644
index 0000000000..f908cbcc40
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector.md
@@ -0,0 +1,33 @@
+Provision and manage Upstash Vector index
+
+
+## Usage
+~~~
+fly extensions vector [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-vector-create/)	 - Provision a Upstash Vector index
+* [dashboard](/docs/flyctl/extensions-vector-dashboard/)	 - Visit the Upstash Vector dashboard on the Upstash web console
+* [destroy](/docs/flyctl/extensions-vector-destroy/)	 - Permanently destroy an Upstash Vector index
+* [list](/docs/flyctl/extensions-vector-list/)	 - List your Upstash Vector index
+* [status](/docs/flyctl/extensions-vector-status/)	 - Show details about an Upstash Vector index
+
+## Options
+
+~~~
+  -h, --help   help for vector
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_vector_create.md b/flyctl/cmd/fly_extensions_vector_create.md
new file mode 100644
index 0000000000..38649b13fd
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector_create.md
@@ -0,0 +1,32 @@
+Provision a Upstash Vector index
+
+
+## Usage
+~~~
+fly extensions vector create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for create
+  -n, --name string     The name of your cluster
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+
diff --git a/flyctl/cmd/fly_extensions_vector_dashboard.md b/flyctl/cmd/fly_extensions_vector_dashboard.md
new file mode 100644
index 0000000000..5381d4e31f
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Upstash Vector dashboard on the Upstash web console
+
+## Usage
+~~~
+fly extensions vector dashboard [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+
diff --git a/flyctl/cmd/fly_extensions_vector_destroy.md b/flyctl/cmd/fly_extensions_vector_destroy.md
new file mode 100644
index 0000000000..7aa867cad3
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy an Upstash Vector index
+
+## Usage
+~~~
+fly extensions vector destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+
diff --git a/flyctl/cmd/fly_extensions_vector_list.md b/flyctl/cmd/fly_extensions_vector_list.md
new file mode 100644
index 0000000000..57a186ce56
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector_list.md
@@ -0,0 +1,27 @@
+List your Upstash Vector index
+
+## Usage
+~~~
+fly extensions vector list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+
diff --git a/flyctl/cmd/fly_extensions_vector_status.md b/flyctl/cmd/fly_extensions_vector_status.md
new file mode 100644
index 0000000000..35c693bb6e
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_vector_status.md
@@ -0,0 +1,29 @@
+Show details about an Upstash Vector index
+
+
+## Usage
+~~~
+fly extensions vector status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions vector](/docs/flyctl/extensions-vector/)	 - Provision and manage Upstash Vector index
+
diff --git a/flyctl/cmd/fly_extensions_wafris.md b/flyctl/cmd/fly_extensions_wafris.md
new file mode 100644
index 0000000000..37d13aa72f
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_wafris.md
@@ -0,0 +1,31 @@
+Provision and manage Wafris WAFs (Web Application Firewalls)
+
+
+## Usage
+~~~
+fly extensions wafris [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/extensions-wafris-create/)	 - Provision a Wafris WAF
+* [dashboard](/docs/flyctl/extensions-wafris-dashboard/)	 - Visit the Wafris dashboard
+* [destroy](/docs/flyctl/extensions-wafris-destroy/)	 - Permanently destroy a Wafris WAF
+
+## Options
+
+~~~
+  -h, --help   help for wafris
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
+
diff --git a/flyctl/cmd/fly_extensions_wafris_create.md b/flyctl/cmd/fly_extensions_wafris_create.md
new file mode 100644
index 0000000000..e4dc0664c7
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_wafris_create.md
@@ -0,0 +1,32 @@
+Provision a Wafris WAF
+
+
+## Usage
+~~~
+fly extensions wafris create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for create
+  -n, --name string     The name of your WAF
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions wafris](/docs/flyctl/extensions-wafris/)	 - Provision and manage Wafris WAFs (Web Application Firewalls)
+
diff --git a/flyctl/cmd/fly_extensions_wafris_dashboard.md b/flyctl/cmd/fly_extensions_wafris_dashboard.md
new file mode 100644
index 0000000000..528c7a447d
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_wafris_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Wafris dashboard
+
+## Usage
+~~~
+fly extensions wafris dashboard [firewall_name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions wafris](/docs/flyctl/extensions-wafris/)	 - Provision and manage Wafris WAFs (Web Application Firewalls)
+
diff --git a/flyctl/cmd/fly_extensions_wafris_destroy.md b/flyctl/cmd/fly_extensions_wafris_destroy.md
new file mode 100644
index 0000000000..76950e3384
--- /dev/null
+++ b/flyctl/cmd/fly_extensions_wafris_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a Wafris WAF
+
+## Usage
+~~~
+fly extensions wafris destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly extensions wafris](/docs/flyctl/extensions-wafris/)	 - Provision and manage Wafris WAFs (Web Application Firewalls)
+
diff --git a/flyctl/cmd/fly_image.md b/flyctl/cmd/fly_image.md
new file mode 100644
index 0000000000..9731838a5d
--- /dev/null
+++ b/flyctl/cmd/fly_image.md
@@ -0,0 +1,30 @@
+Manage app image
+
+
+## Usage
+~~~
+fly image [command] [flags]
+~~~
+
+## Available Commands
+* [show](/docs/flyctl/image-show/)	 - Show image details.
+* [update](/docs/flyctl/image-update/)	 - Updates the app's image to the latest available version.
+
+## Options
+
+~~~
+  -h, --help   help for image
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_image_show.md b/flyctl/cmd/fly_image_show.md
new file mode 100644
index 0000000000..5011a6b377
--- /dev/null
+++ b/flyctl/cmd/fly_image_show.md
@@ -0,0 +1,29 @@
+Show image details.
+
+
+## Usage
+~~~
+fly image show [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly image](/docs/flyctl/image/)	 - Manage app image
+
diff --git a/flyctl/cmd/fly_image_update.md b/flyctl/cmd/fly_image_update.md
new file mode 100644
index 0000000000..8bc6ee4040
--- /dev/null
+++ b/flyctl/cmd/fly_image_update.md
@@ -0,0 +1,31 @@
+Update the app's image to the latest available version.
+The update will perform a rolling restart against each Machine, which may result in a brief service disruption.
+
+## Usage
+~~~
+fly image update [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+  -c, --config string        Path to application configuration file
+  -h, --help                 help for update
+      --image string         Target a specific image
+      --skip-health-checks   Skip waiting for health checks between VM updates.
+  -y, --yes                  Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly image](/docs/flyctl/image/)	 - Manage app image
+
diff --git a/flyctl/cmd/fly_incidents.md b/flyctl/cmd/fly_incidents.md
new file mode 100644
index 0000000000..463c10cd1f
--- /dev/null
+++ b/flyctl/cmd/fly_incidents.md
@@ -0,0 +1,29 @@
+Show incidents that may be affecting your organization.
+
+## Usage
+~~~
+fly incidents [command] [flags]
+~~~
+
+## Available Commands
+* [hosts](/docs/flyctl/incidents-hosts/)	 - Show hosts' incidents
+* [list](/docs/flyctl/incidents-list/)	 - List active incidents.
+
+## Options
+
+~~~
+  -h, --help   help for incidents
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_incidents_hosts.md b/flyctl/cmd/fly_incidents_hosts.md
new file mode 100644
index 0000000000..280775fc55
--- /dev/null
+++ b/flyctl/cmd/fly_incidents_hosts.md
@@ -0,0 +1,28 @@
+Show hosts' incidents affecting applications
+
+## Usage
+~~~
+fly incidents hosts [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/incidents-hosts-list/)	 - List hosts' issues affecting the application
+
+## Options
+
+~~~
+  -h, --help   help for hosts
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly incidents](/docs/flyctl/incidents/)	 - Show incidents
+
diff --git a/flyctl/cmd/fly_incidents_hosts_list.md b/flyctl/cmd/fly_incidents_hosts_list.md
new file mode 100644
index 0000000000..9ab41efe6b
--- /dev/null
+++ b/flyctl/cmd/fly_incidents_hosts_list.md
@@ -0,0 +1,28 @@
+List hosts' issues affecting the application
+
+## Usage
+~~~
+fly incidents hosts list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly incidents hosts](/docs/flyctl/incidents-hosts/)	 - Show hosts' incidents
+
diff --git a/flyctl/cmd/fly_incidents_list.md b/flyctl/cmd/fly_incidents_list.md
new file mode 100644
index 0000000000..5747a0b639
--- /dev/null
+++ b/flyctl/cmd/fly_incidents_list.md
@@ -0,0 +1,29 @@
+List the active incidents that may be affecting your apps or deployments.
+
+## Usage
+~~~
+fly incidents list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+  -o, --org string      The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly incidents](/docs/flyctl/incidents/)	 - Show incidents
+
diff --git a/flyctl/cmd/fly_ips.md b/flyctl/cmd/fly_ips.md
new file mode 100644
index 0000000000..4706b87bef
--- /dev/null
+++ b/flyctl/cmd/fly_ips.md
@@ -0,0 +1,33 @@
+Commands for managing IP addresses associated with an application
+
+## Usage
+~~~
+fly ips [command] [flags]
+~~~
+
+## Available Commands
+* [allocate](/docs/flyctl/ips-allocate/)	 - Allocate recommended IP addresses
+* [allocate-v4](/docs/flyctl/ips-allocate-v4/)	 - Allocate an IPv4 address
+* [allocate-v6](/docs/flyctl/ips-allocate-v6/)	 - Allocate an IPv6 address
+* [list](/docs/flyctl/ips-list/)	 - List allocated IP addresses
+* [private](/docs/flyctl/ips-private/)	 - List instances private IP addresses
+* [release](/docs/flyctl/ips-release/)	 - Release IP addresses
+
+## Options
+
+~~~
+  -h, --help   help for ips
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_ips_allocate-v4.md b/flyctl/cmd/fly_ips_allocate-v4.md
new file mode 100644
index 0000000000..0c39402cb4
--- /dev/null
+++ b/flyctl/cmd/fly_ips_allocate-v4.md
@@ -0,0 +1,30 @@
+Allocates an IPv4 address to the application
+
+## Usage
+~~~
+fly ips allocate-v4 [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for allocate-v4
+  -r, --region string   The target region (see 'flyctl platform regions')
+      --shared          Allocates a shared IPv4
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_ips_allocate-v6.md b/flyctl/cmd/fly_ips_allocate-v6.md
new file mode 100644
index 0000000000..a73f966250
--- /dev/null
+++ b/flyctl/cmd/fly_ips_allocate-v6.md
@@ -0,0 +1,31 @@
+Allocates an IPv6 address to the application
+
+## Usage
+~~~
+fly ips allocate-v6 [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string       Application name
+  -c, --config string    Path to application configuration file
+  -h, --help             help for allocate-v6
+      --network string   Target network name for a Flycast private IPv6 address
+  -o, --org string       The target Fly.io organization
+      --private          Allocate a private IPv6 address
+  -r, --region string    The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_ips_allocate.md b/flyctl/cmd/fly_ips_allocate.md
new file mode 100644
index 0000000000..9109dfbe36
--- /dev/null
+++ b/flyctl/cmd/fly_ips_allocate.md
@@ -0,0 +1,28 @@
+Allocate recommended IP addresses for the application
+
+## Usage
+~~~
+fly ips allocate [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for allocate
+  -r, --region string   The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_ips_list.md b/flyctl/cmd/fly_ips_list.md
new file mode 100644
index 0000000000..64d6e9119c
--- /dev/null
+++ b/flyctl/cmd/fly_ips_list.md
@@ -0,0 +1,28 @@
+Lists the IP addresses allocated to the application
+
+## Usage
+~~~
+fly ips list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_ips_private.md b/flyctl/cmd/fly_ips_private.md
new file mode 100644
index 0000000000..0144001d71
--- /dev/null
+++ b/flyctl/cmd/fly_ips_private.md
@@ -0,0 +1,28 @@
+List instances private IP addresses, accessible from within the Fly network
+
+## Usage
+~~~
+fly ips private [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for private
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_ips_release.md b/flyctl/cmd/fly_ips_release.md
new file mode 100644
index 0000000000..3c5a19ba41
--- /dev/null
+++ b/flyctl/cmd/fly_ips_release.md
@@ -0,0 +1,27 @@
+Releases one or more IP addresses from the application
+
+## Usage
+~~~
+fly ips release [flags] ADDRESS ADDRESS ...
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for release
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
+
diff --git a/flyctl/cmd/fly_jobs.md b/flyctl/cmd/fly_jobs.md
new file mode 100644
index 0000000000..e672df0a14
--- /dev/null
+++ b/flyctl/cmd/fly_jobs.md
@@ -0,0 +1,28 @@
+Show jobs at Fly.io, including maybe ones you should apply to
+
+## Usage
+~~~
+fly jobs [flags]
+~~~
+
+## Available Commands
+* [open](/docs/flyctl/jobs-open/)	 - Open fly.io/jobs
+
+## Options
+
+~~~
+  -h, --help   help for jobs
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_jobs_open.md b/flyctl/cmd/fly_jobs_open.md
new file mode 100644
index 0000000000..8459b1d256
--- /dev/null
+++ b/flyctl/cmd/fly_jobs_open.md
@@ -0,0 +1,25 @@
+Open browser to https://fly.io/jobs/
+
+## Usage
+~~~
+fly jobs open [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for open
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly jobs](/docs/flyctl/jobs/)	 - Show jobs at Fly.io
+
diff --git a/flyctl/cmd/fly_launch.md b/flyctl/cmd/fly_launch.md
new file mode 100644
index 0000000000..e135df6406
--- /dev/null
+++ b/flyctl/cmd/fly_launch.md
@@ -0,0 +1,120 @@
+Create and configure a new app from source code or a Docker image.  Options passed after double dashes ("--") will be passed to the language specific scanner/dockerfile generator.
+
+## Usage
+~~~
+fly launch [flags]
+~~~
+
+## Options
+
+~~~
+      --attach                           Attach this new application to the current application
+      --auto-stop string                 Automatically suspend the app after a period of inactivity. Valid values are 'off', 'stop', and 'suspend' (default "stop")
+      --build-arg stringArray            Set of build time variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --build-only                       Build but do not deploy
+      --build-secret stringArray         Set of build secrets of NAME=VALUE pairs. Can be specified multiple times. See https://docs.docker.com/engine/reference/commandline/buildx_build/#secret
+      --build-target string              Set the target build stage to build if the Dockerfile has more than one stage
+      --buildkit                         Deploy using buildkit-based remote builder
+      --buildpacks-docker-host string    Address to docker daemon that will be exposed to the build container.
+                                         If not set (or set to empty string) the standard socket location will be used.
+                                         Special value 'inherit' may be used in which case DOCKER_HOST environment variable will be used.
+                                         This option may set DOCKER_HOST environment variable for the build container if needed.
+                                         
+      --buildpacks-volume strings        Mount host volume into the build container, in the form '<host path>:<target path>[:<options>]'.
+                                         - 'host path': Name of the volume or absolute directory path to mount.
+                                         - 'target path': The path where the file or directory is available in the container.
+                                         - 'options' (default "ro"): An optional comma separated list of mount options.
+                                             - "ro", volume contents are read-only.
+                                             - "rw", volume contents are readable and writeable.
+                                             - "volume-opt=<key>=<value>", can be specified more than once, takes a key-value pair consisting of the option name and its value.
+                                         Repeat for each volume in order (comma-separated lists not accepted)
+                                         
+      --command string                   The command to override the Docker CND.
+      --compression string               Compression algorithm to use for the image. Options are "zstd" or "gzip". Defaults to "gzip". (default "gzip")
+      --compression-level int            Compression level to use for the image. Defaults to 7. (default 7)
+  -c, --config string                    Path to application configuration file
+      --copy-config                      Use the configuration file if present without prompting
+      --db string[="true"]               Provision a Postgres database. Options: mpg (managed postgres), upg/legacy (unmanaged postgres), or true (default type)
+      --deploy-retries string            Number of times to retry a deployment if it fails (default "auto")
+      --depot string[="true"]            Deploy using depot to build the image (default "auto")
+      --depot-scope string               The scope of the Depot builder's cache to use (org or app) (default "org")
+      --detach                           Return immediately instead of monitoring deployment progress
+      --dns-checks                       Perform DNS checks during deployment (default true)
+      --dockerfile string                Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+      --dockerignore-from-gitignore      If a .dockerignore does not exist, create one from .gitignore files
+  -e, --env stringArray                  Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --exclude-machines strings         Deploy to all machines except machines with these IDs. Multiple IDs can be specified with comma separated values or by providing the flag multiple times.
+      --exclude-regions strings          Deploy to all machines except machines in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times.
+      --file-literal stringArray         Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
+      --file-local stringArray           Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray          Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
+      --flycast                          Allocate a private IPv6 addresses
+      --from string                      A github repo URL to use as a template for the new app
+      --generate-name                    Always generate a name for the app, without prompting
+      --ha                               Create spare machines that increases app availability (default true)
+  -h, --help                             help for launch
+      --host-dedication-id string        The dedication id of the reserved hosts for your organization (if any)
+      --https-failover                   Determines whether to failover to plain internet(https) communication with remote builders if wireguard fails (default true)
+      --ignorefile string                Path to a Docker ignore file. Defaults to the .dockerignore file in the working directory.
+  -i, --image string                     The Docker image to deploy
+      --image-label string               Image label to use when tagging and pushing to the fly registry. Defaults to "deployment-{timestamp}".
+      --internal-port int                Set internal_port for all services in the generated fly.toml (default -1)
+      --into string                      Destination directory for github repo specified with --from
+      --json                             Generate configuration in JSON format
+      --label stringArray                Add custom metadata to an image via docker labels
+      --lease-timeout string             Time duration to lease individual machines while running deployment. All machines are leased at the beginning and released at the end.The lease is refreshed periodically for this same time, which is why it is short.flyctl releases leases in most cases. (default "13s")
+      --local-only                       Perform builds locally using the local docker daemon. The default is --remote-only.
+      --max-concurrent int               Maximum number of machines to operate on concurrently. (default 8)
+      --max-unavailable float            Max number of unavailable machines during rolling updates. A number between 0 and 1 means percent of total machines (default 0.33)
+      --name string                      Name of the new app
+      --nixpacks                         Deploy using nixpacks to build the image
+      --no-cache                         Do not use the build cache when building the image
+      --no-create                        Do not create an app, only generate configuration files
+      --no-db                            Skip automatically provisioning a database
+      --no-deploy                        Do not immediately deploy the new app after fly launch creates and configures it
+      --no-github-workflow               Skip automatically provisioning a GitHub fly deploy workflow
+      --no-object-storage                Skip automatically provisioning an object storage bucket
+      --no-public-ips                    Do not allocate any new public IP addresses
+      --no-redis                         Skip automatically provisioning a Redis instance
+      --now                              Deploy now without confirmation
+      --only-machines strings            Deploy to machines only with these IDs. Multiple IDs can be specified with comma separated values or by providing the flag multiple times.
+  -o, --org string                       The target Fly.io organization
+      --path string                      Path to the app source root, where fly.toml file will be saved (default ".")
+      --primary-region string            Override primary region in fly.toml configuration.
+      --process-groups strings           Deploy to machines only in these process groups
+      --push                             Push image to registry after build is complete
+      --recreate-builder                 Recreate the builder app, if it exists
+  -r, --region string                    The target region (see 'flyctl platform regions')
+      --regions strings                  Deploy to machines only in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times.
+      --release-command-timeout string   Time duration to wait for a release command finish running, or 'none' to disable. (default "5m0s")
+      --remote-only                      Perform builds on a remote builder instance instead of using the local docker daemon. This is the default. Use --local-only to build locally.
+      --secret stringArray               Set of secrets in the form of NAME=VALUE pairs. Can be specified multiple times.
+  -s, --signal string                    Signal to stop the machine with for bluegreen strategy (default: SIGINT)
+      --smoke-checks                     Perform smoke checks during deployment (default true)
+      --strategy string                  The strategy for replacing running instances. Options are canary, rolling, bluegreen, or immediate. The default strategy is rolling.
+      --vm-cpu-kind string               The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                      Number of CPUs
+      --vm-gpu-kind string               If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                      Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string                 Memory (in megabytes) to attribute to the VM
+      --vm-size string                   The VM size to set machines to. See "fly platform vm-sizes" for valid values
+  -v, --volume strings                   Volume to mount, in the form of <volume_name>:/path/inside/machine[:<options>]
+      --volume-initial-size int          The initial size in GB for volumes created on first deploy
+      --wait-timeout string              Time duration to wait for individual machines to transition states and become healthy. (default "5m0s")
+      --wg                               Determines whether communication with remote builders are conducted over wireguard or plain internet(https) (default true)
+      --yaml                             Generate configuration in YAML format
+  -y, --yes                              Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_litefs-cloud.md b/flyctl/cmd/fly_litefs-cloud.md
new file mode 100644
index 0000000000..a39858a7d5
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud.md
@@ -0,0 +1,33 @@
+Commands for managing LiteFS Cloud databases
+
+## Usage
+~~~
+fly litefs-cloud [command] [flags]
+~~~
+
+## Available Commands
+* [clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
+* [export](/docs/flyctl/litefs-cloud-export/)	 - Export LiteFS Cloud database
+* [import](/docs/flyctl/litefs-cloud-import/)	 - Import SQLite database into LiteFS Cloud
+* [regions](/docs/flyctl/litefs-cloud-regions/)	 - List LiteFS Cloud regions
+* [restore](/docs/flyctl/litefs-cloud-restore/)	 - Restore LiteFS Cloud database
+* [status](/docs/flyctl/litefs-cloud-status/)	 - Show LiteFS Cloud cluster status
+
+## Options
+
+~~~
+  -h, --help   help for litefs-cloud
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_litefs-cloud_clusters.md b/flyctl/cmd/fly_litefs-cloud_clusters.md
new file mode 100644
index 0000000000..78f33dcfc3
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_clusters.md
@@ -0,0 +1,31 @@
+"Commands for managing LiteFS Cloud clusters"
+
+
+## Usage
+~~~
+fly litefs-cloud clusters [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/litefs-cloud-clusters-create/)	 - Creates a LiteFS Cloud cluster
+* [destroy](/docs/flyctl/litefs-cloud-clusters-destroy/)	 - Delete a LiteFS Cloud cluster
+* [list](/docs/flyctl/litefs-cloud-clusters-list/)	 - Show LiteFS Cloud clusters
+
+## Options
+
+~~~
+  -h, --help   help for clusters
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_litefs-cloud_clusters_create.md b/flyctl/cmd/fly_litefs-cloud_clusters_create.md
new file mode 100644
index 0000000000..9d5ffd9f9b
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_clusters_create.md
@@ -0,0 +1,28 @@
+Creates a new LiteFS Cloud cluster.
+
+## Usage
+~~~
+fly litefs-cloud clusters create CLUSTERNAME [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help            help for create
+  -j, --json            JSON output
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl litefs-cloud regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
+
diff --git a/flyctl/cmd/fly_litefs-cloud_clusters_destroy.md b/flyctl/cmd/fly_litefs-cloud_clusters_destroy.md
new file mode 100644
index 0000000000..1eda076771
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_clusters_destroy.md
@@ -0,0 +1,27 @@
+Permanently deletes a LiteFS Cloud cluster.
+
+## Usage
+~~~
+fly litefs-cloud clusters destroy [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for destroy
+  -j, --json         JSON output
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
+
diff --git a/flyctl/cmd/fly_litefs-cloud_clusters_list.md b/flyctl/cmd/fly_litefs-cloud_clusters_list.md
new file mode 100644
index 0000000000..349a9c973c
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_clusters_list.md
@@ -0,0 +1,29 @@
+Lists the LiteFS Cloud clusters in the organization.
+
+## Usage
+~~~
+fly litefs-cloud clusters list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -j, --json         JSON output
+      --limit int    Number of results to return (default 50)
+      --offset int   Index of results to return from
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
+
diff --git a/flyctl/cmd/fly_litefs-cloud_export.md b/flyctl/cmd/fly_litefs-cloud_export.md
new file mode 100644
index 0000000000..16c18c214a
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_export.md
@@ -0,0 +1,31 @@
+Exports the current state of the database to a file.
+
+## Usage
+~~~
+fly litefs-cloud export [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --cluster string    LiteFS Cloud cluster name
+  -d, --database string   LiteFS Cloud database name
+  -f, --force             Overwrite output file if it already exists
+  -h, --help              help for export
+  -j, --json              JSON output
+  -o, --org string        The target Fly.io organization
+      --output string     Output filename
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_litefs-cloud_import.md b/flyctl/cmd/fly_litefs-cloud_import.md
new file mode 100644
index 0000000000..02c2d8ab66
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_import.md
@@ -0,0 +1,30 @@
+Imports a local SQLite database into a LiteFS Cloud cluster.
+
+## Usage
+~~~
+fly litefs-cloud import [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --cluster string    LiteFS Cloud cluster name
+  -d, --database string   LiteFS Cloud database name
+  -h, --help              help for import
+      --input string      Input filename
+  -j, --json              JSON output
+  -o, --org string        The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_litefs-cloud_regions.md b/flyctl/cmd/fly_litefs-cloud_regions.md
new file mode 100644
index 0000000000..8537451acc
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_regions.md
@@ -0,0 +1,26 @@
+View a list of LiteFS Cloud regions
+
+## Usage
+~~~
+fly litefs-cloud regions [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for regions
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_litefs-cloud_restore.md b/flyctl/cmd/fly_litefs-cloud_restore.md
new file mode 100644
index 0000000000..614e75e958
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_restore.md
@@ -0,0 +1,30 @@
+Restores a LiteFS Cloud database to a previous state.
+
+## Usage
+~~~
+fly litefs-cloud restore [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --cluster string     LiteFS Cloud cluster name
+  -d, --database string    LiteFS Cloud database name
+  -h, --help               help for restore
+  -j, --json               JSON output
+  -o, --org string         The target Fly.io organization
+      --timestamp string   Time to restore to (ISO 8601)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_litefs-cloud_status.md b/flyctl/cmd/fly_litefs-cloud_status.md
new file mode 100644
index 0000000000..85f2918861
--- /dev/null
+++ b/flyctl/cmd/fly_litefs-cloud_status.md
@@ -0,0 +1,28 @@
+Lists the databases in the cluster with their replication position.
+
+## Usage
+~~~
+fly litefs-cloud status [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --cluster string   LiteFS Cloud cluster name
+  -h, --help             help for status
+  -j, --json             JSON output
+  -o, --org string       The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
+
diff --git a/flyctl/cmd/fly_logs.md b/flyctl/cmd/fly_logs.md
new file mode 100644
index 0000000000..0b02575200
--- /dev/null
+++ b/flyctl/cmd/fly_logs.md
@@ -0,0 +1,39 @@
+View application logs as generated by the application running on
+the Fly platform.
+
+Logs can be filtered to a specific instance using the --instance/-i flag or
+to all instances running in a specific region using the --region/-r flag.
+
+By default logs are continually streamed until the command is aborted.
+Use --no-tail to only fetch the logs in the buffer.
+
+
+## Usage
+~~~
+fly logs [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string       Application name
+  -c, --config string    Path to application configuration file
+  -h, --help             help for logs
+  -j, --json             JSON output
+      --machine string   Filter by machine ID
+  -n, --no-tail          Do not continually stream logs
+  -r, --region string    The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_machine.md b/flyctl/cmd/fly_machine.md
new file mode 100644
index 0000000000..f530dabdd6
--- /dev/null
+++ b/flyctl/cmd/fly_machine.md
@@ -0,0 +1,48 @@
+Manage Fly Machines. Fly Machines are super-fast, lightweight VMs that can be created,
+and then quickly started and stopped as needed with flyctl commands or with the
+Machines REST fly.
+
+## Usage
+~~~
+fly machine [command] [flags]
+~~~
+
+## Available Commands
+* [api-proxy](/docs/flyctl/machine-api-proxy/)	 - Establish a proxy to the Machine API through a Wireguard tunnel for local connections
+* [clone](/docs/flyctl/machine-clone/)	 - Clone a Fly Machine
+* [cordon](/docs/flyctl/machine-cordon/)	 - Deactivate all services on a machine
+* [create](/docs/flyctl/machine-create/)	 - Create, but don't start, a machine
+* [destroy](/docs/flyctl/machine-destroy/)	 - Destroy Fly machines
+* [egress-ip](/docs/flyctl/machine-egress-ip/)	 - Manage static egress IPs
+* [exec](/docs/flyctl/machine-exec/)	 - Execute a command on a machine
+* [kill](/docs/flyctl/machine-kill/)	 - Kill (SIGKILL) a Fly machine
+* [leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
+* [list](/docs/flyctl/machine-list/)	 - List Fly machines
+* [place](/docs/flyctl/machine-place/)	 - Simulate Machine placements
+* [restart](/docs/flyctl/machine-restart/)	 - Restart one or more Fly machines
+* [run](/docs/flyctl/machine-run/)	 - Run a machine
+* [start](/docs/flyctl/machine-start/)	 - Start one or more Fly machines
+* [status](/docs/flyctl/machine-status/)	 - Show current status of a running machine
+* [stop](/docs/flyctl/machine-stop/)	 - Stop one or more Fly machines
+* [suspend](/docs/flyctl/machine-suspend/)	 - Suspend one or more Fly machines
+* [uncordon](/docs/flyctl/machine-uncordon/)	 - Reactivate all services on a machine
+* [update](/docs/flyctl/machine-update/)	 - Update a machine
+
+## Options
+
+~~~
+  -h, --help   help for machine
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_machine_api-proxy.md b/flyctl/cmd/fly_machine_api-proxy.md
new file mode 100644
index 0000000000..5395bc0ad1
--- /dev/null
+++ b/flyctl/cmd/fly_machine_api-proxy.md
@@ -0,0 +1,28 @@
+Establish a proxy to the Machine API through a Wireguard tunnel for local connections
+
+
+## Usage
+~~~
+fly machine api-proxy [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for api-proxy
+  -o, --org string   The target Fly.io organization
+  -q, --quiet        Don't print progress indicators for WireGuard
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_clone.md b/flyctl/cmd/fly_machine_clone.md
new file mode 100644
index 0000000000..825b963996
--- /dev/null
+++ b/flyctl/cmd/fly_machine_clone.md
@@ -0,0 +1,44 @@
+Clone a Fly Machine. The new Machine will be a copy of the specified Machine. If the original Machine has a volume, then a new empty volume will be created and attached to the new Machine.
+
+## Usage
+~~~
+fly machine clone [machine_id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                    Application name
+      --attach-volume string          Existing volume to attach to the new Machine in the form of <volume_id>[:/path/inside/machine]
+      --clear-auto-destroy            Disable auto destroy setting on the new Machine
+      --clear-cmd                     Set empty CMD on the new Machine so it uses default CMD for the image
+  -c, --config string                 Path to application configuration file
+      --detach                        Return immediately instead of monitoring deployment progress
+      --from-snapshot string          Clone attached volumes and restore from snapshot, use 'last' for most recent snapshot. The default is an empty volume.
+  -h, --help                          help for clone
+      --host-dedication-id string     The dedication id of the reserved hosts for your organization (if any)
+      --name string                   Optional name for the new Machine
+      --override-cmd string           Set CMD on the new Machine to this value
+  -r, --region string                 The target region (see 'flyctl platform regions')
+      --standby-for strings           Comma separated list of Machine IDs to watch for. You can use '--standby-for=source' to create a standby for the cloned Machine.
+      --vm-cpu-kind string            The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                   Number of CPUs
+      --vm-gpu-kind string            If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                   Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string              Memory (in megabytes) to attribute to the VM
+      --vm-size string                The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --volume-requires-unique-zone   Require volume to be placed in separate hardware zone from existing volumes. Default true. (default true)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_cordon.md b/flyctl/cmd/fly_machine_cordon.md
new file mode 100644
index 0000000000..3f5480cc47
--- /dev/null
+++ b/flyctl/cmd/fly_machine_cordon.md
@@ -0,0 +1,28 @@
+Deactivate all services on a machine
+
+
+## Usage
+~~~
+fly machine cordon [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for cordon
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_create.md b/flyctl/cmd/fly_machine_create.md
new file mode 100644
index 0000000000..17893a0c52
--- /dev/null
+++ b/flyctl/cmd/fly_machine_create.md
@@ -0,0 +1,64 @@
+Create, but don't start, a machine
+
+
+## Usage
+~~~
+fly machine create <image> [command] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
+      --autostop string[="stop"]    Automatically stop a Machine when there are no network requests for it. Options include 'off', 'stop', and 'suspend'. (default "off")
+      --build-depot                 Build your image with depot.dev
+      --build-nixpacks              Build your image with nixpacks
+  -c, --config string               Path to application configuration file
+      --detach                      Return immediately instead of monitoring deployment progress
+      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+      --entrypoint string           The command to override the Docker ENTRYPOINT.
+  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
+      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
+  -h, --help                        help for create
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+      --id string                   Machine ID, if previously known
+      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
+      --machine-config string       Read machine config from json file or string
+  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
+  -n, --name string                 Machine name. Will be generated if omitted.
+      --org string                  The organization that will own the app
+  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
+                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
+                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
+  -r, --region string               The target region (see 'flyctl platform regions')
+      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
+                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
+      --rm                          Automatically remove the Machine when it exits. Sets the restart-policy to 'never' if not otherwise specified.
+      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
+      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
+      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
+      --use-zstd                    Enable zstd compression for the image
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+  -v, --volume strings              Volume to mount, in the form of <volume_id_or_name>:/path/inside/machine[:<options>]
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_destroy.md b/flyctl/cmd/fly_machine_destroy.md
new file mode 100644
index 0000000000..42ad813646
--- /dev/null
+++ b/flyctl/cmd/fly_machine_destroy.md
@@ -0,0 +1,31 @@
+Destroy one or more Fly machines.
+This command requires a machine to be in a stopped or suspended state unless the force flag is used.
+
+
+## Usage
+~~~
+fly machine destroy [flags] ID ID ...
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -f, --force           force kill machine regardless of current state
+  -h, --help            help for destroy
+  -i, --image string    remove all machines with the specified image hash
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_egress-ip.md b/flyctl/cmd/fly_machine_egress-ip.md
new file mode 100644
index 0000000000..ff2fafcd6c
--- /dev/null
+++ b/flyctl/cmd/fly_machine_egress-ip.md
@@ -0,0 +1,30 @@
+Manage static egress (outgoing) IP addresses for machines
+
+## Usage
+~~~
+fly machine egress-ip [command] [flags]
+~~~
+
+## Available Commands
+* [allocate](/docs/flyctl/machine-egress-ip-allocate/)	 - Allocate static egress IPs
+* [list](/docs/flyctl/machine-egress-ip-list/)	 - List all allocated static egress IPs
+* [release](/docs/flyctl/machine-egress-ip-release/)	 - Release an egress IP address
+
+## Options
+
+~~~
+  -h, --help   help for egress-ip
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_egress-ip_allocate.md b/flyctl/cmd/fly_machine_egress-ip_allocate.md
new file mode 100644
index 0000000000..74b902110b
--- /dev/null
+++ b/flyctl/cmd/fly_machine_egress-ip_allocate.md
@@ -0,0 +1,28 @@
+Allocate a pair of static egress IPv4 and IPv6 for a machine
+
+## Usage
+~~~
+fly machine egress-ip allocate <machine-id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for allocate
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine egress-ip](/docs/flyctl/machine-egress-ip/)	 - Manage static egress IPs
+
diff --git a/flyctl/cmd/fly_machine_egress-ip_list.md b/flyctl/cmd/fly_machine_egress-ip_list.md
new file mode 100644
index 0000000000..fb8928dd67
--- /dev/null
+++ b/flyctl/cmd/fly_machine_egress-ip_list.md
@@ -0,0 +1,27 @@
+List all allocated static egress IP addresses with their corresponding machine
+
+## Usage
+~~~
+fly machine egress-ip list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine egress-ip](/docs/flyctl/machine-egress-ip/)	 - Manage static egress IPs
+
diff --git a/flyctl/cmd/fly_machine_egress-ip_release.md b/flyctl/cmd/fly_machine_egress-ip_release.md
new file mode 100644
index 0000000000..6a6dd2995e
--- /dev/null
+++ b/flyctl/cmd/fly_machine_egress-ip_release.md
@@ -0,0 +1,28 @@
+Release an egress IP address for a machine
+
+## Usage
+~~~
+fly machine egress-ip release <machine-id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for release
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine egress-ip](/docs/flyctl/machine-egress-ip/)	 - Manage static egress IPs
+
diff --git a/flyctl/cmd/fly_machine_exec.md b/flyctl/cmd/fly_machine_exec.md
new file mode 100644
index 0000000000..fe9199c7ed
--- /dev/null
+++ b/flyctl/cmd/fly_machine_exec.md
@@ -0,0 +1,30 @@
+Execute a command on a machine
+
+
+## Usage
+~~~
+fly machine exec [machine-id] <command> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for exec
+  -j, --json            JSON output
+      --timeout int     Timeout in seconds
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_kill.md b/flyctl/cmd/fly_machine_kill.md
new file mode 100644
index 0000000000..e2690fb12f
--- /dev/null
+++ b/flyctl/cmd/fly_machine_kill.md
@@ -0,0 +1,28 @@
+Kill (SIGKILL) a Fly machine
+
+
+## Usage
+~~~
+fly machine kill [id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for kill
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_leases.md b/flyctl/cmd/fly_machine_leases.md
new file mode 100644
index 0000000000..19b7844a3d
--- /dev/null
+++ b/flyctl/cmd/fly_machine_leases.md
@@ -0,0 +1,30 @@
+Manage machine leases
+
+
+## Usage
+~~~
+fly machine leases [command] [flags]
+~~~
+
+## Available Commands
+* [clear](/docs/flyctl/machine-leases-clear/)	 - Clear machine leases
+* [view](/docs/flyctl/machine-leases-view/)	 - View machine leases
+
+## Options
+
+~~~
+  -h, --help   help for leases
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_leases_clear.md b/flyctl/cmd/fly_machine_leases_clear.md
new file mode 100644
index 0000000000..b7feb123dc
--- /dev/null
+++ b/flyctl/cmd/fly_machine_leases_clear.md
@@ -0,0 +1,28 @@
+Clear machine leases
+
+
+## Usage
+~~~
+fly machine leases clear [machine-id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for clear
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
+
diff --git a/flyctl/cmd/fly_machine_leases_view.md b/flyctl/cmd/fly_machine_leases_view.md
new file mode 100644
index 0000000000..bfe6d77ac7
--- /dev/null
+++ b/flyctl/cmd/fly_machine_leases_view.md
@@ -0,0 +1,29 @@
+View machine leases
+
+
+## Usage
+~~~
+fly machine leases view [machine-id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for view
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
+
diff --git a/flyctl/cmd/fly_machine_list.md b/flyctl/cmd/fly_machine_list.md
new file mode 100644
index 0000000000..6c5942dc82
--- /dev/null
+++ b/flyctl/cmd/fly_machine_list.md
@@ -0,0 +1,30 @@
+List Fly machines
+
+
+## Usage
+~~~
+fly machine list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+  -q, --quiet           Only list machine ids
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_place.md b/flyctl/cmd/fly_machine_place.md
new file mode 100644
index 0000000000..f909b1aeb7
--- /dev/null
+++ b/flyctl/cmd/fly_machine_place.md
@@ -0,0 +1,41 @@
+Simulate a batch of Machine placements across multiple regions
+
+
+## Usage
+~~~
+fly machine place [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --config string               Path to application configuration file
+      --count int                   number of machines to place
+  -h, --help                        help for place
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+  -j, --json                        JSON output
+  -o, --org string                  The target Fly.io organization
+      --region string               comma-delimited list of regions to place machines
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --volume-name string          name of the volume to place machines
+      --volume-size int             size of the desired volume to place machines
+      --weights strings             comma-delimited list of key=value weights to adjust placement preferences. e.g., 'region=5,spread=10'
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_restart.md b/flyctl/cmd/fly_machine_restart.md
new file mode 100644
index 0000000000..3be4e0b4e8
--- /dev/null
+++ b/flyctl/cmd/fly_machine_restart.md
@@ -0,0 +1,32 @@
+Restart one or more Fly machines
+
+
+## Usage
+~~~
+fly machine restart [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+  -c, --config string        Path to application configuration file
+      --force                Force stop the machine(s)
+  -h, --help                 help for restart
+  -s, --signal string        Signal to stop the machine with (default: SIGINT)
+      --skip-health-checks   Restarts app without waiting for health checks.
+      --time int             Seconds to wait before killing the machine
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_run.md b/flyctl/cmd/fly_machine_run.md
new file mode 100644
index 0000000000..0d2c1810ca
--- /dev/null
+++ b/flyctl/cmd/fly_machine_run.md
@@ -0,0 +1,69 @@
+Run a machine
+
+
+## Usage
+~~~
+fly machine run <image> [command] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
+      --autostop string[="stop"]    Automatically stop a Machine when there are no network requests for it. Options include 'off', 'stop', and 'suspend'. (default "off")
+      --build-depot                 Build your image with depot.dev
+      --build-nixpacks              Build your image with nixpacks
+      --command string              Used with --shell. The command to run, if we're shelling into the Machine now (in case you don't have bash). (default "/bin/bash")
+  -c, --config string               Path to application configuration file
+      --container string            Container to update with the new image, files, etc; defaults to "app" or the first container in the config.
+      --detach                      Return immediately instead of monitoring deployment progress
+      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+      --entrypoint string           The command to override the Docker ENTRYPOINT.
+  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
+      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
+  -h, --help                        help for run
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+      --id string                   Machine ID, if previously known
+      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
+      --machine-config string       Read machine config from json file or string
+  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
+  -n, --name string                 Machine name. Will be generated if omitted.
+      --org string                  The organization that will own the app
+  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
+                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
+                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
+  -r, --region string               The target region (see 'flyctl platform regions')
+      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
+                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
+      --rm                          Automatically remove the Machine when it exits. Sets the restart-policy to 'never' if not otherwise specified.
+      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
+      --shell                       Open a shell on the Machine once created (implies --it --rm). If no app is specified, a temporary app is created just for this Machine and destroyed when the Machine is destroyed. See also --command and --user.
+      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
+      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
+      --use-zstd                    Enable zstd compression for the image
+      --user string                 Used with --shell. The username, if we're shelling into the Machine now. (default "root")
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+  -v, --volume strings              Volume to mount, in the form of <volume_id_or_name>:/path/inside/machine[:<options>]
+      --wg                          Determines whether communication with remote builders are conducted over wireguard or plain internet(https) (default true)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_start.md b/flyctl/cmd/fly_machine_start.md
new file mode 100644
index 0000000000..5c3f53236a
--- /dev/null
+++ b/flyctl/cmd/fly_machine_start.md
@@ -0,0 +1,28 @@
+Start one or more Fly machines
+
+
+## Usage
+~~~
+fly machine start [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for start
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_status.md b/flyctl/cmd/fly_machine_status.md
new file mode 100644
index 0000000000..a82a5c8e79
--- /dev/null
+++ b/flyctl/cmd/fly_machine_status.md
@@ -0,0 +1,29 @@
+Show current status of a running machine
+
+
+## Usage
+~~~
+fly machine status [id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string       Application name
+  -c, --config string    Path to application configuration file
+  -d, --display-config   Display the machine config as JSON
+  -h, --help             help for status
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_stop.md b/flyctl/cmd/fly_machine_stop.md
new file mode 100644
index 0000000000..656d96a835
--- /dev/null
+++ b/flyctl/cmd/fly_machine_stop.md
@@ -0,0 +1,31 @@
+Stop one or more Fly machines
+
+
+## Usage
+~~~
+fly machine stop [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string              Application name
+  -c, --config string           Path to application configuration file
+  -h, --help                    help for stop
+  -s, --signal string           Signal to stop the machine with (default: SIGINT)
+      --timeout int             Seconds to wait before sending SIGKILL to the machine
+  -w, --wait-timeout duration   Time duration to wait for individual machines to transition states and become stopped.
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_suspend.md b/flyctl/cmd/fly_machine_suspend.md
new file mode 100644
index 0000000000..5a20e1746e
--- /dev/null
+++ b/flyctl/cmd/fly_machine_suspend.md
@@ -0,0 +1,29 @@
+Suspend one or more Fly machines
+
+
+## Usage
+~~~
+fly machine suspend [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string              Application name
+  -c, --config string           Path to application configuration file
+  -h, --help                    help for suspend
+  -w, --wait-timeout duration   Duration to wait for individual Machines to be suspended.
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_uncordon.md b/flyctl/cmd/fly_machine_uncordon.md
new file mode 100644
index 0000000000..2a1521295a
--- /dev/null
+++ b/flyctl/cmd/fly_machine_uncordon.md
@@ -0,0 +1,28 @@
+Reactivate all services on a machine
+
+
+## Usage
+~~~
+fly machine uncordon [<id>...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for uncordon
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_machine_update.md b/flyctl/cmd/fly_machine_update.md
new file mode 100644
index 0000000000..cb46fa1ea4
--- /dev/null
+++ b/flyctl/cmd/fly_machine_update.md
@@ -0,0 +1,66 @@
+Update a machine
+
+
+## Usage
+~~~
+fly machine update [machine_id] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
+      --autostop string[="stop"]    Automatically stop a Machine when there are no network requests for it. Options include 'off', 'stop', and 'suspend'. (default "off")
+      --build-depot                 Build your image with depot.dev
+      --build-nixpacks              Build your image with nixpacks
+      --buildkit                    Deploy using buildkit-based remote builder
+  -C, --command string              Command to run
+  -c, --config string               Path to application configuration file
+      --container string            Container to update with the new image, files, etc; defaults to "app" or the first container in the config.
+      --detach                      Return immediately instead of monitoring deployment progress
+      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
+      --entrypoint string           The command to override the Docker ENTRYPOINT.
+  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
+      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
+  -h, --help                        help for update
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+  -i, --image string                The Docker image to deploy
+      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
+      --machine-config string       Read machine config from json file or string
+  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --mount-point string          New volume mount point
+  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
+                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
+                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
+      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
+                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
+      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
+      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
+      --skip-health-checks          Updates machine without waiting for health checks.
+      --skip-start                  Updates machine without starting it.
+      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --wait-timeout int            Seconds to wait for individual machines to transition states and become healthy. (default 300) (default 300)
+  -y, --yes                         Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
+
diff --git a/flyctl/cmd/fly_mcp.md b/flyctl/cmd/fly_mcp.md
new file mode 100644
index 0000000000..177663fe27
--- /dev/null
+++ b/flyctl/cmd/fly_mcp.md
@@ -0,0 +1,38 @@
+flyctl Model Context Protocol.
+
+
+## Usage
+~~~
+fly mcp [command] [flags]
+~~~
+
+## Available Commands
+* [add](/docs/flyctl/mcp-add/)	 - [experimental] Add MCP proxy client to a MCP client configuration
+* [destroy](/docs/flyctl/mcp-destroy/)	 - [experimental] Destroy an MCP stdio server
+* [inspect](/docs/flyctl/mcp-inspect/)	 - [experimental] Inspect a MCP stdio server
+* [launch](/docs/flyctl/mcp-launch/)	 - [experimental] Launch an MCP stdio server
+* [list](/docs/flyctl/mcp-list/)	 - [experimental] List MCP servers
+* [logs](/docs/flyctl/mcp-logs/)	 - [experimental] Show log for an MCP server
+* [proxy](/docs/flyctl/mcp-proxy/)	 - [experimental] Start an MCP proxy client
+* [remove](/docs/flyctl/mcp-remove/)	 - [experimental] Remove MCP proxy client from a MCP client configuration
+* [server](/docs/flyctl/mcp-server/)	 - [experimental] Start a flyctl MCP server
+* [wrap](/docs/flyctl/mcp-wrap/)	 - [experimental] Wrap an MCP stdio program
+
+## Options
+
+~~~
+  -h, --help   help for mcp
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_mcp_add.md b/flyctl/cmd/fly_mcp_add.md
new file mode 100644
index 0000000000..c5ba14396f
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_add.md
@@ -0,0 +1,40 @@
+[experimental] Add MCP proxy client to a MCP client configuration
+
+
+## Usage
+~~~
+fly mcp add [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+      --bearer-token         Use bearer token for authentication (default true)
+      --claude               Add MCP server to the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file (can be specified multiple times)
+      --cursor               Add MCP server to the Cursor client configuration
+      --flycast              Use wireguard and flycast for access
+  -h, --help                 help for add
+      --neovim               Add MCP server to the Neovim client configuration
+      --password string      Password to authenticate with
+      --server string        Name to use for the MCP server in the MCP client configuration
+      --url string           URL of the MCP wrapper server
+      --user string          User to authenticate with
+      --vscode               Add MCP server to the VS Code client configuration
+      --windsurf             Add MCP server to the Windsurf client configuration
+      --zed                  Add MCP server to the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_destroy.md b/flyctl/cmd/fly_mcp_destroy.md
new file mode 100644
index 0000000000..cfc193c4f9
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_destroy.md
@@ -0,0 +1,36 @@
+[experimental] Destroy an MCP stdio server
+
+
+## Usage
+~~~
+fly mcp destroy [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+      --claude               Remove MCP server from to the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file
+      --cursor               Remove MCP server from to the Cursor client configuration
+  -h, --help                 help for destroy
+      --neovim               Remove MCP server from to the Neovim client configuration
+      --server string        Name of the MCP server in the MCP client configuration
+      --vscode               Remove MCP server from to the VS Code client configuration
+      --windsurf             Remove MCP server from to the Windsurf client configuration
+  -y, --yes                  Accept all confirmations
+      --zed                  Remove MCP server from to the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_inspect.md b/flyctl/cmd/fly_mcp_inspect.md
new file mode 100644
index 0000000000..6b6817d933
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_inspect.md
@@ -0,0 +1,45 @@
+[experimental] Inspect a MCP stdio server
+
+
+## Usage
+~~~
+fly mcp inspect [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string            Application name
+      --bearer-token string   Bearer token to authenticate with
+  -b, --bind-addr string      Local address to bind to (default "127.0.0.1")
+      --claude                Use the configuration for Claude client
+      --config string         Path to the MCP client configuration file
+      --cursor                Use the configuration for Cursor client
+  -h, --help                  help for inspect
+      --instance string       Use fly-force-instance-id to connect to a specific instance
+      --neovim                Use the configuration for Neovim client
+  -p, --password string       Password to authenticate with
+      --ping                  Enable ping for the MCP connection
+      --server string         Name of the MCP server in the MCP client configuration
+      --sse                   Use Server-Sent Events (SSE) for the MCP connection
+      --stream                Use streaming for the MCP connection
+      --timeout int           Timeout in seconds for the MCP connection
+      --url string            URL of the MCP wrapper server
+  -u, --user string           User to authenticate with
+      --vscode                Use the configuration for VS Code client
+      --windsurf              Use the configuration for Windsurf client
+      --zed                   Use the configuration for Zed client
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_launch.md b/flyctl/cmd/fly_mcp_launch.md
new file mode 100644
index 0000000000..1bf5245189
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_launch.md
@@ -0,0 +1,57 @@
+[experimental] Launch an MCP stdio server
+
+
+## Usage
+~~~
+fly mcp launch command [flags]
+~~~
+
+## Options
+
+~~~
+      --auto-stop string            Automatically suspend the app after a period of inactivity. Valid values are 'off', 'stop', and 'suspend' (default "suspend")
+      --bearer-token                Use bearer token for authentication (default true)
+      --claude                      Add MCP server to the Claude client configuration
+      --config stringArray          Path to the MCP client configuration file (can be specified multiple times)
+      --cursor                      Add MCP server to the Cursor client configuration
+      --file-literal stringArray    Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
+      --file-local stringArray      Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
+      --file-secret stringArray     Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
+      --flycast                     Use wireguard and flycast for access
+  -h, --help                        help for launch
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+      --image string                The image to use for the app
+  -i, --inspector                   Launch MCP inspector: a developer tool for testing and debugging MCP servers
+      --name string                 Suggested name for the app
+      --neovim                      Add MCP server to the Neovim client configuration
+      --org string                  The organization that will own the app
+      --password string             Password to authenticate with
+  -r, --region string               The target region. By default, the new volume will be created in the source volume's region.
+      --secret stringArray          Set of secrets in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --server string               Name to use for the MCP server in the MCP client configuration
+      --setup strings               Additional setup commands to run before launching the MCP server
+      --user string                 User to authenticate with
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+  -v, --volume strings              Volume to mount, in the form of <volume_name>:/path/inside/machine[:<options>]
+      --vscode                      Add MCP server to the VS Code client configuration
+      --windsurf                    Add MCP server to the Windsurf client configuration
+      --zed                         Add MCP server to the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_list.md b/flyctl/cmd/fly_mcp_list.md
new file mode 100644
index 0000000000..8bd73a90da
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_list.md
@@ -0,0 +1,35 @@
+[experimental] List MCP servers
+
+
+## Usage
+~~~
+fly mcp list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+      --claude               List MCP servers from the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file (can be specified multiple times)
+      --cursor               List MCP servers from the Cursor client configuration
+  -h, --help                 help for list
+      --json                 Output in JSON format
+      --neovim               List MCP servers from the Neovim client configuration
+      --vscode               List MCP servers from the VS Code client configuration
+      --windsurf             List MCP servers from the Windsurf client configuration
+      --zed                  List MCP servers from the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_logs.md b/flyctl/cmd/fly_mcp_logs.md
new file mode 100644
index 0000000000..5e9ca428b6
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_logs.md
@@ -0,0 +1,37 @@
+[experimental] Show log for an MCP server
+
+
+## Usage
+~~~
+fly mcp logs [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+      --claude               Select MCP server from the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file (can be specified multiple times)
+      --cursor               Select MCP server from the Cursor client configuration
+  -h, --help                 help for logs
+      --json                 Output in JSON format
+      --neovim               Select MCP server from the Neovim client configuration
+  -n, --no-tail              Do not continually stream logs
+      --server string        Name of the MCP server to show logs for
+      --vscode               Select MCP server from the VS Code client configuration
+      --windsurf             Select MCP server from the Windsurf client configuration
+      --zed                  Select MCP server from the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_proxy.md b/flyctl/cmd/fly_mcp_proxy.md
new file mode 100644
index 0000000000..01a3606ba3
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_proxy.md
@@ -0,0 +1,38 @@
+[experimental] Start an MCP proxy client
+
+
+## Usage
+~~~
+fly mcp proxy [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string            Application name
+      --bearer-token string   Bearer token to authenticate with
+  -b, --bind-addr string      Local address to bind to (default "127.0.0.1")
+  -h, --help                  help for proxy
+  -i, --inspector             Launch MCP inspector: a developer tool for testing and debugging MCP servers
+      --instance string       Use fly-force-instance-id to connect to a specific instance
+  -p, --password string       Password to authenticate with
+      --ping                  Enable ping for the MCP connection
+      --sse                   Use Server-Sent Events (SSE) for the MCP connection
+      --stream                Use streaming for the MCP connection
+      --timeout int           Timeout in seconds for the MCP connection
+      --url string            URL of the MCP wrapper server
+  -u, --user string           User to authenticate with
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_remove.md b/flyctl/cmd/fly_mcp_remove.md
new file mode 100644
index 0000000000..1f62a092c9
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_remove.md
@@ -0,0 +1,35 @@
+[experimental] Remove MCP proxy client from a MCP client configuration
+
+
+## Usage
+~~~
+fly mcp remove [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+      --claude               Remove MCP server from the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file (can be specified multiple times)
+      --cursor               Remove MCP server from the Cursor client configuration
+  -h, --help                 help for remove
+      --neovim               Remove MCP server from the Neovim client configuration
+      --server string        Name to use for the MCP server in the MCP client configuration
+      --vscode               Remove MCP server from the VS Code client configuration
+      --windsurf             Remove MCP server from the Windsurf client configuration
+      --zed                  Remove MCP server from the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_server.md b/flyctl/cmd/fly_mcp_server.md
new file mode 100644
index 0000000000..6a03e4cf91
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_server.md
@@ -0,0 +1,39 @@
+[experimental] Start a flyctl MCP server
+
+
+## Usage
+~~~
+fly mcp server [flags]
+~~~
+
+## Options
+
+~~~
+  -b, --bind-addr string     Local address to bind to (default "127.0.0.1")
+      --claude               Add flyctl MCP server to the Claude client configuration
+      --config stringArray   Path to the MCP client configuration file (can be specified multiple times)
+      --cursor               Add flyctl MCP server to the Cursor client configuration
+  -h, --help                 help for server
+  -i, --inspector            Launch MCP inspector: a developer tool for testing and debugging MCP servers
+      --neovim               Add flyctl MCP server to the Neovim client configuration
+      --port int             Port to run the MCP server on (default is 8080) (default 8080)
+      --server string        Name to use for the MCP server in the MCP client configuration
+      --sse                  Enable Server-Sent Events (SSE) for MCP commands
+      --stream               Enable HTTP streaming output for MCP commands
+      --vscode               Add flyctl MCP server to the VS Code client configuration
+      --windsurf             Add flyctl MCP server to the Windsurf client configuration
+      --zed                  Add flyctl MCP server to the Zed client configuration
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mcp_wrap.md b/flyctl/cmd/fly_mcp_wrap.md
new file mode 100644
index 0000000000..b59c262e46
--- /dev/null
+++ b/flyctl/cmd/fly_mcp_wrap.md
@@ -0,0 +1,32 @@
+[experimental] Wrap an MCP stdio program. Options passed after double dashes ("--") will be passed to the MCP program. If user is specified, HTTP authentication will be required.
+
+
+## Usage
+~~~
+fly mcp wrap [flags]
+~~~
+
+## Options
+
+~~~
+      --bearer-token string   Bearer token to authenticate with. Defaults to the value of the FLY_MCP_BEARER_TOKEN environment variable.
+  -h, --help                  help for wrap
+  -m, --mcp string            Path to the stdio MCP program to be wrapped.
+      --password string       Password to authenticate with. Defaults to the value of the FLY_MCP_PASSWORD environment variable.
+  -p, --port int              Port to listen on. (default 8080)
+      --private               Use private networking.
+      --user string           User to authenticate with. Defaults to the value of the FLY_MCP_USER environment variable.
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mcp](/docs/flyctl/mcp/)	 - flyctl Model Context Protocol.
+
diff --git a/flyctl/cmd/fly_mpg.md b/flyctl/cmd/fly_mpg.md
new file mode 100644
index 0000000000..b54cca6a9e
--- /dev/null
+++ b/flyctl/cmd/fly_mpg.md
@@ -0,0 +1,40 @@
+Manage Managed Postgres clusters.
+
+
+## Usage
+~~~
+fly mpg [command] [flags]
+~~~
+
+## Available Commands
+* [attach](/docs/flyctl/mpg-attach/)	 - Attach a managed Postgres cluster to an app
+* [backup](/docs/flyctl/mpg-backup/)	 - Backup commands
+* [connect](/docs/flyctl/mpg-connect/)	 - Connect to a MPG database using psql
+* [create](/docs/flyctl/mpg-create/)	 - Create a new Managed Postgres cluster
+* [databases](/docs/flyctl/mpg-databases/)	 - Manage databases in a managed postgres cluster
+* [destroy](/docs/flyctl/mpg-destroy/)	 - Destroy a managed Postgres cluster
+* [list](/docs/flyctl/mpg-list/)	 - List MPG clusters.
+* [proxy](/docs/flyctl/mpg-proxy/)	 - Proxy to a MPG database
+* [restore](/docs/flyctl/mpg-restore/)	 - Restore MPG cluster from backup.
+* [status](/docs/flyctl/mpg-status/)	 - Show MPG cluster status.
+* [users](/docs/flyctl/mpg-users/)	 - Manage users in a managed postgres cluster
+
+## Options
+
+~~~
+  -h, --help         help for mpg
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_mpg_attach.md b/flyctl/cmd/fly_mpg_attach.md
new file mode 100644
index 0000000000..9b4e63c19c
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_attach.md
@@ -0,0 +1,31 @@
+Attach a managed Postgres cluster to an app. This command will add a secret to the specified app
+ containing the connection string for the database.
+
+## Usage
+~~~
+fly mpg attach <CLUSTER ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -d, --database string        The database to connect to
+  -h, --help                   help for attach
+  -u, --username string        The username to connect as
+      --variable-name string   The name of the environment variable that will be added to the attached app (default "DATABASE_URL")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_backup.md b/flyctl/cmd/fly_mpg_backup.md
new file mode 100644
index 0000000000..7be3097693
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_backup.md
@@ -0,0 +1,30 @@
+Backup commands
+
+
+## Usage
+~~~
+fly mpg backup [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/mpg-backup-create/)	 - Create MPG cluster backup.
+* [list](/docs/flyctl/mpg-backup-list/)	 - List MPG cluster backups.
+
+## Options
+
+~~~
+  -h, --help   help for backup
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_backup_create.md b/flyctl/cmd/fly_mpg_backup_create.md
new file mode 100644
index 0000000000..684b5fabfc
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_backup_create.md
@@ -0,0 +1,26 @@
+Create a backup for a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg backup create <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help          help for create
+      --type string   Backup type: full or incr (default "full")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg backup](/docs/flyctl/mpg-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_mpg_backup_list.md b/flyctl/cmd/fly_mpg_backup_list.md
new file mode 100644
index 0000000000..19bb81f1ba
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_backup_list.md
@@ -0,0 +1,27 @@
+List backups for a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg backup list <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+      --all    Show all backups (default: last 24 hours)
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg backup](/docs/flyctl/mpg-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_mpg_connect.md b/flyctl/cmd/fly_mpg_connect.md
new file mode 100644
index 0000000000..82a7fb1c35
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_connect.md
@@ -0,0 +1,27 @@
+Connect to a MPG database using psql
+
+## Usage
+~~~
+fly mpg connect <CLUSTER ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -d, --database string   The database to connect to
+  -h, --help              help for connect
+  -u, --username string   The username to connect as
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_create.md b/flyctl/cmd/fly_mpg_create.md
new file mode 100644
index 0000000000..22505d931c
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_create.md
@@ -0,0 +1,32 @@
+Create a new Managed Postgres cluster
+
+
+## Usage
+~~~
+fly mpg create [flags]
+~~~
+
+## Options
+
+~~~
+      --enable-postgis-support   Enable PostGIS for the Postgres cluster
+  -h, --help                     help for create
+  -n, --name string              The name of your Postgres cluster
+  -o, --org string               The target Fly.io organization
+      --plan string              The plan to use for the Postgres cluster (development, production, etc)
+  -r, --region string            The target region (see 'flyctl platform regions')
+      --volume-size int          The volume size in GB (default 10)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_databases.md b/flyctl/cmd/fly_mpg_databases.md
new file mode 100644
index 0000000000..1b0b747511
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_databases.md
@@ -0,0 +1,30 @@
+Manage databases in a managed postgres cluster
+
+
+## Usage
+~~~
+fly mpg databases [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/mpg-databases-create/)	 - Create a database in an MPG cluster.
+* [list](/docs/flyctl/mpg-databases-list/)	 - List databases in an MPG cluster.
+
+## Options
+
+~~~
+  -h, --help   help for databases
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_databases_create.md b/flyctl/cmd/fly_mpg_databases_create.md
new file mode 100644
index 0000000000..384ff1b5bc
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_databases_create.md
@@ -0,0 +1,26 @@
+Create a new database in a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg databases create <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help          help for create
+  -n, --name string   The name of the database
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg databases](/docs/flyctl/mpg-databases/)	 - Manage databases in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mpg_databases_list.md b/flyctl/cmd/fly_mpg_databases_list.md
new file mode 100644
index 0000000000..64852c235c
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_databases_list.md
@@ -0,0 +1,26 @@
+List databases in a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg databases list <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg databases](/docs/flyctl/mpg-databases/)	 - Manage databases in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mpg_destroy.md b/flyctl/cmd/fly_mpg_destroy.md
new file mode 100644
index 0000000000..dd6e23bdc7
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_destroy.md
@@ -0,0 +1,27 @@
+Destroy a managed Postgres cluster. This command will permanently destroy a managed Postgres cluster and all its data.
+This action is not reversible.
+
+## Usage
+~~~
+fly mpg destroy <CLUSTER ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for destroy
+  -y, --yes    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_list.md b/flyctl/cmd/fly_mpg_list.md
new file mode 100644
index 0000000000..f44635bd12
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_list.md
@@ -0,0 +1,29 @@
+List MPG clusters owned by the specified organization.
+If no organization is specified, the user's personal organization is used.
+
+## Usage
+~~~
+fly mpg list [flags]
+~~~
+
+## Options
+
+~~~
+      --deleted      Show deleted clusters instead of active clusters
+  -h, --help         help for list
+  -j, --json         JSON output
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_proxy.md b/flyctl/cmd/fly_mpg_proxy.md
new file mode 100644
index 0000000000..67225b67ec
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_proxy.md
@@ -0,0 +1,26 @@
+Proxy to a MPG database
+
+## Usage
+~~~
+fly mpg proxy <CLUSTER ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -b, --bind-addr string   Local address to bind to (default "127.0.0.1")
+  -h, --help               help for proxy
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_restore.md b/flyctl/cmd/fly_mpg_restore.md
new file mode 100644
index 0000000000..49d4e51e27
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_restore.md
@@ -0,0 +1,26 @@
+Restore a Managed Postgres cluster from a backup.
+
+## Usage
+~~~
+fly mpg restore <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+      --backup-id string   The backup ID to restore from
+  -h, --help               help for restore
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_status.md b/flyctl/cmd/fly_mpg_status.md
new file mode 100644
index 0000000000..b5a3ccb2c2
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_status.md
@@ -0,0 +1,26 @@
+Show status and details of a specific Managed Postgres cluster using its ID.
+
+## Usage
+~~~
+fly mpg status [CLUSTER_ID] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for status
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_users.md b/flyctl/cmd/fly_mpg_users.md
new file mode 100644
index 0000000000..4f70b3c4ec
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_users.md
@@ -0,0 +1,32 @@
+Manage users in a managed postgres cluster
+
+
+## Usage
+~~~
+fly mpg users [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/mpg-users-create/)	 - Create a user in an MPG cluster.
+* [delete](/docs/flyctl/mpg-users-delete/)	 - Delete a user from an MPG cluster.
+* [list](/docs/flyctl/mpg-users-list/)	 - List users in an MPG cluster.
+* [set-role](/docs/flyctl/mpg-users-set-role/)	 - Update a user's role in an MPG cluster.
+
+## Options
+
+~~~
+  -h, --help   help for users
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg](/docs/flyctl/mpg/)	 - Manage Managed Postgres clusters.
+
diff --git a/flyctl/cmd/fly_mpg_users_create.md b/flyctl/cmd/fly_mpg_users_create.md
new file mode 100644
index 0000000000..0097e95e6e
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_users_create.md
@@ -0,0 +1,27 @@
+Create a new user in a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg users create <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help              help for create
+  -r, --role string       The role of the user (schema_admin, writer, or reader)
+  -u, --username string   The username of the user
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg users](/docs/flyctl/mpg-users/)	 - Manage users in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mpg_users_delete.md b/flyctl/cmd/fly_mpg_users_delete.md
new file mode 100644
index 0000000000..b6198e1faf
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_users_delete.md
@@ -0,0 +1,27 @@
+Delete a user from a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg users delete <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help              help for delete
+  -u, --username string   The username to delete
+  -y, --yes               Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg users](/docs/flyctl/mpg-users/)	 - Manage users in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mpg_users_list.md b/flyctl/cmd/fly_mpg_users_list.md
new file mode 100644
index 0000000000..ae56fd99b9
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_users_list.md
@@ -0,0 +1,26 @@
+List users in a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg users list <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg users](/docs/flyctl/mpg-users/)	 - Manage users in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mpg_users_set-role.md b/flyctl/cmd/fly_mpg_users_set-role.md
new file mode 100644
index 0000000000..3319fd978a
--- /dev/null
+++ b/flyctl/cmd/fly_mpg_users_set-role.md
@@ -0,0 +1,27 @@
+Update a user's role in a Managed Postgres cluster.
+
+## Usage
+~~~
+fly mpg users set-role <CLUSTER_ID> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help              help for set-role
+  -r, --role string       The new role for the user (schema_admin, writer, or reader)
+  -u, --username string   The username to update
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mpg users](/docs/flyctl/mpg-users/)	 - Manage users in a managed postgres cluster
+
diff --git a/flyctl/cmd/fly_mysql.md b/flyctl/cmd/fly_mysql.md
new file mode 100644
index 0000000000..3949f4199a
--- /dev/null
+++ b/flyctl/cmd/fly_mysql.md
@@ -0,0 +1,33 @@
+Provision and manage MySQL database clusters
+
+
+## Usage
+~~~
+fly mysql [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/mysql-create/)	 - Provision a MySQL database
+* [destroy](/docs/flyctl/mysql-destroy/)	 - Permanently destroy a MySQL database
+* [list](/docs/flyctl/mysql-list/)	 - List your MySQL databases
+* [status](/docs/flyctl/mysql-status/)	 - Show details about a MySQL database
+* [update](/docs/flyctl/mysql-update/)	 - Update an existing MySQL database
+
+## Options
+
+~~~
+  -h, --help   help for mysql
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_mysql_create.md b/flyctl/cmd/fly_mysql_create.md
new file mode 100644
index 0000000000..04f78ea055
--- /dev/null
+++ b/flyctl/cmd/fly_mysql_create.md
@@ -0,0 +1,36 @@
+Provision a MySQL database
+
+
+## Usage
+~~~
+fly mysql create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --cpu int         The number of CPUs assigned to each cluster member
+      --disk int        Disk size (in GB) assigned to each cluster member
+  -h, --help            help for create
+      --memory int      Memory (in GB) assigned to each cluster member
+  -n, --name string     The name of your database
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+      --size int        The number of members in your cluster
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_mysql_destroy.md b/flyctl/cmd/fly_mysql_destroy.md
new file mode 100644
index 0000000000..ea8f3d5aff
--- /dev/null
+++ b/flyctl/cmd/fly_mysql_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a MySQL database
+
+## Usage
+~~~
+fly mysql destroy [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_mysql_list.md b/flyctl/cmd/fly_mysql_list.md
new file mode 100644
index 0000000000..6f961706a9
--- /dev/null
+++ b/flyctl/cmd/fly_mysql_list.md
@@ -0,0 +1,27 @@
+List your MySQL databases
+
+## Usage
+~~~
+fly mysql list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_mysql_status.md b/flyctl/cmd/fly_mysql_status.md
new file mode 100644
index 0000000000..2d33493b5b
--- /dev/null
+++ b/flyctl/cmd/fly_mysql_status.md
@@ -0,0 +1,29 @@
+Show details about a MySQL database
+
+
+## Usage
+~~~
+fly mysql status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_mysql_update.md b/flyctl/cmd/fly_mysql_update.md
new file mode 100644
index 0000000000..ed5f4bf126
--- /dev/null
+++ b/flyctl/cmd/fly_mysql_update.md
@@ -0,0 +1,33 @@
+Update an existing MySQL database
+
+
+## Usage
+~~~
+fly mysql update <database_name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --cpu int         The number of CPUs assigned to each cluster member
+  -h, --help            help for update
+      --memory int      Memory (in GB) assigned to each cluster member
+  -o, --org string      The target Fly.io organization
+      --size int        The number of members in your cluster
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly mysql](/docs/flyctl/mysql/)	 - Provision and manage MySQL database clusters
+
diff --git a/flyctl/cmd/fly_orgs.md b/flyctl/cmd/fly_orgs.md
new file mode 100644
index 0000000000..2435b073a0
--- /dev/null
+++ b/flyctl/cmd/fly_orgs.md
@@ -0,0 +1,36 @@
+Commands for managing Fly organizations. list, create, show and
+destroy organizations.
+Organization admins can also invite or remove users from Organizations.
+
+
+## Usage
+~~~
+fly orgs [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/orgs-create/)	 - Create an organization
+* [delete](/docs/flyctl/orgs-delete/)	 - Delete an organization
+* [invite](/docs/flyctl/orgs-invite/)	 - Invite user (by email) to organization
+* [list](/docs/flyctl/orgs-list/)	 - Lists organizations for current user
+* [remove](/docs/flyctl/orgs-remove/)	 - Remove a user from an organization
+* [show](/docs/flyctl/orgs-show/)	 - Show information about an organization
+
+## Options
+
+~~~
+  -h, --help   help for orgs
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_orgs_create.md b/flyctl/cmd/fly_orgs_create.md
new file mode 100644
index 0000000000..0d6ee6580e
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_create.md
@@ -0,0 +1,28 @@
+Create a new organization. Other users can be invited to join the
+organization later.
+
+
+## Usage
+~~~
+fly orgs create [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for create
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_orgs_delete.md b/flyctl/cmd/fly_orgs_delete.md
new file mode 100644
index 0000000000..8c892d5029
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_delete.md
@@ -0,0 +1,27 @@
+Delete an existing organization.
+
+
+## Usage
+~~~
+fly orgs delete [-yes] [slug] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for delete
+  -y, --yes    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_orgs_invite.md b/flyctl/cmd/fly_orgs_invite.md
new file mode 100644
index 0000000000..7e293211bb
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_invite.md
@@ -0,0 +1,28 @@
+Invite a user, by email, to join organization. The invitation will be
+sent, and the user will be pending until they respond.
+
+
+## Usage
+~~~
+fly orgs invite [slug] [email] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for invite
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_orgs_list.md b/flyctl/cmd/fly_orgs_list.md
new file mode 100644
index 0000000000..2974645272
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_list.md
@@ -0,0 +1,27 @@
+Lists organizations available to current user.
+
+
+## Usage
+~~~
+fly orgs list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_orgs_remove.md b/flyctl/cmd/fly_orgs_remove.md
new file mode 100644
index 0000000000..502aeed882
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_remove.md
@@ -0,0 +1,27 @@
+Remove a user from an organization. User must have accepted a previous
+invitation to join (if not, see orgs revoke).
+
+
+## Usage
+~~~
+fly orgs remove [slug] [email] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for remove
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_orgs_show.md b/flyctl/cmd/fly_orgs_show.md
new file mode 100644
index 0000000000..858e058222
--- /dev/null
+++ b/flyctl/cmd/fly_orgs_show.md
@@ -0,0 +1,29 @@
+Shows information about an organization.
+Includes name, slug and type. Summarizes user permissions, DNS zones and
+associated member. Details full list of members and roles.
+
+
+## Usage
+~~~
+fly orgs show [slug] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for show
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
+
diff --git a/flyctl/cmd/fly_ping.md b/flyctl/cmd/fly_ping.md
new file mode 100644
index 0000000000..254aea94b3
--- /dev/null
+++ b/flyctl/cmd/fly_ping.md
@@ -0,0 +1,41 @@
+Test connectivity with ICMP ping messages.
+
+This runs over WireGuard; tell us which WireGuard tunnel to use by
+running from within an app directory (with a 'fly.toml'), passing the
+'-a' flag with an app name, or the '-o' flag with an org name.
+
+With no arguments, test connectivity to your gateway, the first hop
+in our network, to see if your WireGuard connection is working.
+
+The target argument can be either a ".internal" DNS name in our network
+(the name of your application) or "gateway".
+
+## Usage
+~~~
+fly ping [hostname] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string        Application name
+  -c, --config string     Path to application configuration file
+  -n, --count int         Number of probes to send (0=indefinite)
+  -h, --help              help for ping
+  -i, --interval string   Interval between ping probes (default "1s")
+  -o, --org string        The target Fly.io organization
+  -s, --size int          Size of probe to send (not including headers) (default 12)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_platform.md b/flyctl/cmd/fly_platform.md
new file mode 100644
index 0000000000..76e734231d
--- /dev/null
+++ b/flyctl/cmd/fly_platform.md
@@ -0,0 +1,32 @@
+The PLATFORM commands are for users looking for information
+about the Fly platform.
+
+
+## Usage
+~~~
+fly platform [command] [flags]
+~~~
+
+## Available Commands
+* [regions](/docs/flyctl/platform-regions/)	 - List regions
+* [status](/docs/flyctl/platform-status/)	 - Show current platform status with an optional filter for maintenance or incidents in json mode (eg. incidents, maintenance)
+* [vm-sizes](/docs/flyctl/platform-vm-sizes/)	 - List VM Sizes
+
+## Options
+
+~~~
+  -h, --help   help for platform
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_platform_regions.md b/flyctl/cmd/fly_platform_regions.md
new file mode 100644
index 0000000000..344fd3fd82
--- /dev/null
+++ b/flyctl/cmd/fly_platform_regions.md
@@ -0,0 +1,28 @@
+View a list of regions where Fly has datacenters.
+'Capacity' shows how many performance-1x VMs can currently be launched in each region.
+
+
+## Usage
+~~~
+fly platform regions [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for regions
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly platform](/docs/flyctl/platform/)	 - Fly platform information
+
diff --git a/flyctl/cmd/fly_platform_status.md b/flyctl/cmd/fly_platform_status.md
new file mode 100644
index 0000000000..d796008c38
--- /dev/null
+++ b/flyctl/cmd/fly_platform_status.md
@@ -0,0 +1,27 @@
+Show current Fly platform status in a browser or via json with the json flag
+
+
+## Usage
+~~~
+fly platform status [kind] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for status
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly platform](/docs/flyctl/platform/)	 - Fly platform information
+
diff --git a/flyctl/cmd/fly_platform_vm-sizes.md b/flyctl/cmd/fly_platform_vm-sizes.md
new file mode 100644
index 0000000000..878815ffa7
--- /dev/null
+++ b/flyctl/cmd/fly_platform_vm-sizes.md
@@ -0,0 +1,27 @@
+View a list of VM sizes which can be used with the FLYCTL SCALE VM command
+
+
+## Usage
+~~~
+fly platform vm-sizes [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for vm-sizes
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly platform](/docs/flyctl/platform/)	 - Fly platform information
+
diff --git a/flyctl/cmd/fly_postgres.md b/flyctl/cmd/fly_postgres.md
new file mode 100644
index 0000000000..60023f23f1
--- /dev/null
+++ b/flyctl/cmd/fly_postgres.md
@@ -0,0 +1,43 @@
+Unmanaged Fly Postgres is not supported by Fly.io Support and users are responsible for operations, management, and disaster recovery. If you'd like a managed, supported solution, try 'fly mpg' (Managed Postgres).
+Please visit https://fly.io/docs/mpg/overview/ for more information about Managed Postgres.
+
+
+## Usage
+~~~
+fly postgres [command] [flags]
+~~~
+
+## Available Commands
+* [attach](/docs/flyctl/postgres-attach/)	 - Attach a postgres cluster to an app
+* [backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+* [config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
+* [connect](/docs/flyctl/postgres-connect/)	 - Connect to the Postgres console
+* [create](/docs/flyctl/postgres-create/)	 - Create a new Postgres cluster
+* [db](/docs/flyctl/postgres-db/)	 - Manage databases in a cluster
+* [detach](/docs/flyctl/postgres-detach/)	 - Detach a postgres cluster from an app
+* [events](/docs/flyctl/postgres-events/)	 - Track major cluster events
+* [failover](/docs/flyctl/postgres-failover/)	 - Failover to a new primary
+* [import](/docs/flyctl/postgres-import/)	 - Imports database from a specified Postgres URI
+* [list](/docs/flyctl/postgres-list/)	 - List postgres clusters
+* [renew-certs](/docs/flyctl/postgres-renew-certs/)	 - Renews the SSH certificates for the Postgres cluster.
+* [restart](/docs/flyctl/postgres-restart/)	 - Restarts each member of the Postgres cluster one by one.
+* [users](/docs/flyctl/postgres-users/)	 - Manage users in a postgres cluster
+
+## Options
+
+~~~
+  -h, --help   help for postgres
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_postgres_attach.md b/flyctl/cmd/fly_postgres_attach.md
new file mode 100644
index 0000000000..33c2868727
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_attach.md
@@ -0,0 +1,33 @@
+Attach a postgres cluster to an app
+
+
+## Usage
+~~~
+fly postgres attach <POSTGRES APP> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+      --database-name string   The designated database name for this consuming app.
+      --database-user string   The database user to create. By default, we will use the name of the consuming app.
+  -h, --help                   help for attach
+      --superuser              Grants attached user superuser privileges (default true)
+      --variable-name string   The environment variable name that will be added to the consuming app.  (default "DATABASE_URL")
+  -y, --yes                    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_backup.md b/flyctl/cmd/fly_postgres_backup.md
new file mode 100644
index 0000000000..f693d8c0a0
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup.md
@@ -0,0 +1,33 @@
+Backup commands
+
+
+## Usage
+~~~
+fly postgres backup [command] [flags]
+~~~
+
+## Available Commands
+* [config](/docs/flyctl/postgres-backup-config/)	 - Manage backup configuration
+* [create](/docs/flyctl/postgres-backup-create/)	 - Create a backup
+* [enable](/docs/flyctl/postgres-backup-enable/)	 - Enable backups on a Postgres cluster, creating a Tigris bucket for storage
+* [list](/docs/flyctl/postgres-backup-list/)	 - List backups
+* [restore](/docs/flyctl/postgres-backup-restore/)	 - Performs a WAL-based restore into a new Postgres cluster.
+
+## Options
+
+~~~
+  -h, --help   help for backup
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_backup_config.md b/flyctl/cmd/fly_postgres_backup_config.md
new file mode 100644
index 0000000000..be8b33c4c0
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_config.md
@@ -0,0 +1,30 @@
+Manage backup configuration
+
+
+## Usage
+~~~
+fly postgres backup config [command] [flags]
+~~~
+
+## Available Commands
+* [show](/docs/flyctl/postgres-backup-config-show/)	 - Show backup configuration
+* [update](/docs/flyctl/postgres-backup-config-update/)	 - Update backup configuration
+
+## Options
+
+~~~
+  -h, --help   help for config
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_postgres_backup_config_show.md b/flyctl/cmd/fly_postgres_backup_config_show.md
new file mode 100644
index 0000000000..d8c485f9fc
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_config_show.md
@@ -0,0 +1,28 @@
+Show backup configuration
+
+
+## Usage
+~~~
+fly postgres backup config show [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup config](/docs/flyctl/postgres-backup-config/)	 - Manage backup configuration
+
diff --git a/flyctl/cmd/fly_postgres_backup_config_update.md b/flyctl/cmd/fly_postgres_backup_config_update.md
new file mode 100644
index 0000000000..9b91ab6954
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_config_update.md
@@ -0,0 +1,32 @@
+Update backup configuration
+
+
+## Usage
+~~~
+fly postgres backup config update [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                     Application name
+      --archive-timeout string         Archive timeout
+  -c, --config string                  Path to application configuration file
+      --full-backup-frequency string   Full backup frequency
+  -h, --help                           help for update
+      --minimum-redundancy string      Minimum redundancy
+      --recovery-window string         Recovery window
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup config](/docs/flyctl/postgres-backup-config/)	 - Manage backup configuration
+
diff --git a/flyctl/cmd/fly_postgres_backup_create.md b/flyctl/cmd/fly_postgres_backup_create.md
new file mode 100644
index 0000000000..624e57d3ef
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_create.md
@@ -0,0 +1,30 @@
+Create a backup
+
+
+## Usage
+~~~
+fly postgres backup create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -h, --help                   help for create
+  -i, --immediate-checkpoint   Forces Postgres to perform an immediate checkpoint
+  -n, --name string            Backup name
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_postgres_backup_enable.md b/flyctl/cmd/fly_postgres_backup_enable.md
new file mode 100644
index 0000000000..ad53dab4b7
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_enable.md
@@ -0,0 +1,28 @@
+Enable backups on a Postgres cluster, creating a Tigris bucket for storage
+
+
+## Usage
+~~~
+fly postgres backup enable [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for enable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_postgres_backup_list.md b/flyctl/cmd/fly_postgres_backup_list.md
new file mode 100644
index 0000000000..9ce6d69aea
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_list.md
@@ -0,0 +1,28 @@
+List backups
+
+
+## Usage
+~~~
+fly postgres backup list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_postgres_backup_restore.md b/flyctl/cmd/fly_postgres_backup_restore.md
new file mode 100644
index 0000000000..2b4b26c310
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_backup_restore.md
@@ -0,0 +1,33 @@
+Performs a WAL-based restore into a new Postgres cluster.
+
+
+## Usage
+~~~
+fly postgres backup restore <destination-app-name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                   Application name
+  -c, --config string                Path to application configuration file
+      --detach                       Return immediately instead of monitoring deployment progress
+  -h, --help                         help for restore
+      --image-ref string             Specify a non-default base image for the restored Postgres app
+      --restore-target-inclusive     Set to true to stop recovery after the specified time, or false to stop before it (default true)
+      --restore-target-name string   ID or alias of backup to restore.
+      --restore-target-time string   RFC3339-formatted timestamp up to which recovery will proceed. Example: 2021-07-16T12:34:56Z
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres backup](/docs/flyctl/postgres-backup/)	 - Backup commands
+
diff --git a/flyctl/cmd/fly_postgres_config.md b/flyctl/cmd/fly_postgres_config.md
new file mode 100644
index 0000000000..6cd5a26bba
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_config.md
@@ -0,0 +1,30 @@
+Show and manage Postgres configuration.
+
+
+## Usage
+~~~
+fly postgres config [command] [flags]
+~~~
+
+## Available Commands
+* [show](/docs/flyctl/postgres-config-show/)	 - Show Postgres configuration
+* [update](/docs/flyctl/postgres-config-update/)	 - Update Postgres configuration.
+
+## Options
+
+~~~
+  -h, --help   help for config
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_config_show.md b/flyctl/cmd/fly_postgres_config_show.md
new file mode 100644
index 0000000000..aa381b5f4d
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_config_show.md
@@ -0,0 +1,27 @@
+Show Postgres configuration
+
+## Usage
+~~~
+fly postgres config show [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
+
diff --git a/flyctl/cmd/fly_postgres_config_update.md b/flyctl/cmd/fly_postgres_config_update.md
new file mode 100644
index 0000000000..ef7df91461
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_config_update.md
@@ -0,0 +1,40 @@
+Update Postgres configuration.
+
+## Usage
+~~~
+fly postgres config update [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                          Application name
+  -c, --config string                       Path to application configuration file
+      --detach                              Return immediately instead of monitoring deployment progress
+      --force                               Skips pg-setting value verification.
+  -h, --help                                help for update
+      --log-min-duration-statement string   Sets the minimum execution time above which all statements will be logged. (ms)
+      --log-statement string                Sets the type of statements logged. (none, ddl, mod, all)
+      --maintenance-work-mem string         Sets the maximum amount of memory used for maintenance operations like ALTER TABLE, CREATE INDEX, and VACUUM
+      --max-connections string              Sets the maximum number of concurrent connections.
+      --max-replication-slots string        Specifies the maximum number of replication slots. This should typically match max_wal_senders.
+      --max-wal-senders string              Maximum number of concurrent connections from standby servers or streaming backup clients. (0 disables replication)
+      --shared-buffers string               Sets the amount of memory the database server uses for shared memory buffers
+      --shared-preload-libraries string     Sets the shared libraries to preload. (comma separated string)
+      --wal-level string                    Sets the level of information written to the WAL. (minimal, replica, logical).
+      --work-mem string                     Sets the maximum amount of memory each Postgres query can use
+  -y, --yes                                 Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
+
diff --git a/flyctl/cmd/fly_postgres_connect.md b/flyctl/cmd/fly_postgres_connect.md
new file mode 100644
index 0000000000..c868e637d0
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_connect.md
@@ -0,0 +1,31 @@
+Connect to the Postgres console
+
+
+## Usage
+~~~
+fly postgres connect [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string        Application name
+  -c, --config string     Path to application configuration file
+  -d, --database string   The name of the database you would like to connect to (default "postgres")
+  -h, --help              help for connect
+  -p, --password string   The postgres user password
+  -u, --user string       The postgres user to connect with (default "postgres")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_create.md b/flyctl/cmd/fly_postgres_create.md
new file mode 100644
index 0000000000..ced0a81153
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_create.md
@@ -0,0 +1,48 @@
+Create a new Postgres cluster
+
+
+## Usage
+~~~
+fly postgres create [flags]
+~~~
+
+## Options
+
+~~~
+      --autostart                   Automatically start a stopped Postgres app when a network request is received
+      --consul-url string           Opt into using an existing consul as the backend store by specifying the target consul url.
+      --detach                      Return immediately instead of monitoring deployment progress
+      --enable-backups              Create a new tigris bucket and enable WAL-based backups
+      --flex                        Create a postgres cluster that's managed by Repmgr (default true)
+      --fork-from string            Specify a source Postgres application to fork from. Format: <app-name> or <app-name>:<volume-id>
+  -h, --help                        help for create
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+      --image-ref string            Specify a non-default base image for the Postgres app
+      --initial-cluster-size int    Initial cluster size
+  -n, --name string                 The name of your Postgres app
+  -o, --org string                  The target Fly.io organization
+  -p, --password string             The superuser password. The password will be generated for you if you leave this blank
+  -r, --region string               The target region (see 'flyctl platform regions')
+      --snapshot-id string          Creates the volume with the contents of the snapshot
+      --stolon                      Create a postgres cluster that's managed by Stolon
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --volume-size int             The volume size in GB
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_db.md b/flyctl/cmd/fly_postgres_db.md
new file mode 100644
index 0000000000..a2957bd9a0
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_db.md
@@ -0,0 +1,30 @@
+Manage databases in a cluster
+
+
+## Usage
+~~~
+fly postgres db [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/postgres-db-list/)	 - list databases
+
+## Options
+
+~~~
+  -h, --help   help for db
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_db_list.md b/flyctl/cmd/fly_postgres_db_list.md
new file mode 100644
index 0000000000..880af67e32
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_db_list.md
@@ -0,0 +1,28 @@
+list databases
+
+
+## Usage
+~~~
+fly postgres db list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres db](/docs/flyctl/postgres-db/)	 - Manage databases in a cluster
+
diff --git a/flyctl/cmd/fly_postgres_detach.md b/flyctl/cmd/fly_postgres_detach.md
new file mode 100644
index 0000000000..38c3b8d5f2
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_detach.md
@@ -0,0 +1,28 @@
+Detach a postgres cluster from an app
+
+
+## Usage
+~~~
+fly postgres detach <POSTGRES APP> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for detach
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_events.md b/flyctl/cmd/fly_postgres_events.md
new file mode 100644
index 0000000000..9e4268c3f4
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_events.md
@@ -0,0 +1,30 @@
+Track major cluster events
+
+
+## Usage
+~~~
+fly postgres events [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/postgres-events-list/)	 - Outputs a formatted list of cluster events
+
+## Options
+
+~~~
+  -h, --help   help for events
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_events_list.md b/flyctl/cmd/fly_postgres_events_list.md
new file mode 100644
index 0000000000..eece9f054f
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_events_list.md
@@ -0,0 +1,34 @@
+Outputs a formatted list of cluster events
+
+
+## Usage
+~~~
+fly postgres events list [flags]
+~~~
+
+## Options
+
+~~~
+  -o, --all                Outputs all entries
+  -a, --app string         Application name
+  -d, --compact            Omit the 'Details' column
+  -c, --config string      Path to application configuration file
+  -e, --event string       Event type in a postgres cluster
+  -h, --help               help for list
+  -l, --limit string       Set the maximum number of entries to output (default: 20)
+  -i, --node-id string     Restrict entries to node with this ID
+  -n, --node-name string   Restrict entries to node with this name
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres events](/docs/flyctl/postgres-events/)	 - Track major cluster events
+
diff --git a/flyctl/cmd/fly_postgres_failover.md b/flyctl/cmd/fly_postgres_failover.md
new file mode 100644
index 0000000000..bbacb9e7c9
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_failover.md
@@ -0,0 +1,30 @@
+Failover to a new primary
+
+
+## Usage
+~~~
+fly postgres failover [flags]
+~~~
+
+## Options
+
+~~~
+      --allow-secondary-region   Allow failover to a machine in a secondary region. This is useful when the primary region is unavailable, but the secondary region is still healthy. This is only available for flex machines.
+  -a, --app string               Application name
+  -c, --config string            Path to application configuration file
+      --force                    Force a failover even if we can't connect to the active leader
+  -h, --help                     help for failover
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_import.md b/flyctl/cmd/fly_postgres_import.md
new file mode 100644
index 0000000000..f9a1b0b20d
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_import.md
@@ -0,0 +1,35 @@
+Imports database from a specified Postgres URI
+
+
+## Usage
+~~~
+fly postgres import <source-uri> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string       Application name
+      --clean            Drop database objects prior to creating them.
+  -c, --config string    Path to application configuration file
+      --create           Begin by creating the database itself and reconnecting to it. If --clean is also specified, the script drops and recreates the target database before reconnecting to it. (default true)
+      --data-only        Dump only the data, not the schema (data definitions).
+  -h, --help             help for import
+      --image string     Path to public image containing custom migration process
+      --no-owner         Do not set ownership of objects to match the original database. Makes dump restorable by any user. (default true)
+      --region string    Region to provision migration machine
+      --vm-size string   the size of the VM
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_list.md b/flyctl/cmd/fly_postgres_list.md
new file mode 100644
index 0000000000..53dd25ae30
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_list.md
@@ -0,0 +1,27 @@
+List postgres clusters
+
+
+## Usage
+~~~
+fly postgres list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_renew-certs.md b/flyctl/cmd/fly_postgres_renew-certs.md
new file mode 100644
index 0000000000..a0de7b45bb
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_renew-certs.md
@@ -0,0 +1,28 @@
+Renews the SSH certificates for the Postgres cluster. This is useful when the certificates have expired or need to be rotated.
+
+## Usage
+~~~
+fly postgres renew-certs [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string       Application name
+  -c, --config string    Path to application configuration file
+  -h, --help             help for renew-certs
+      --valid-days int   The number of days the certificate should be valid for. (default 36525)
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_restart.md b/flyctl/cmd/fly_postgres_restart.md
new file mode 100644
index 0000000000..de8a789260
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_restart.md
@@ -0,0 +1,30 @@
+Restarts each member of the Postgres cluster one by one. Downtime should be minimal.
+
+
+## Usage
+~~~
+fly postgres restart [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string           Application name
+  -c, --config string        Path to application configuration file
+      --force                Force a restart even we don't have an active leader
+  -h, --help                 help for restart
+      --skip-health-checks   Runs rolling restart process without waiting for health checks.
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_users.md b/flyctl/cmd/fly_postgres_users.md
new file mode 100644
index 0000000000..d09e69279e
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_users.md
@@ -0,0 +1,29 @@
+Manage users in a postgres cluster
+
+
+## Usage
+~~~
+fly postgres users [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/postgres-users-list/)	 - List users
+
+## Options
+
+~~~
+  -h, --help   help for users
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres](/docs/flyctl/postgres/)	 - Unmanaged Postgres cluster commands
+
diff --git a/flyctl/cmd/fly_postgres_users_list.md b/flyctl/cmd/fly_postgres_users_list.md
new file mode 100644
index 0000000000..a724fa7258
--- /dev/null
+++ b/flyctl/cmd/fly_postgres_users_list.md
@@ -0,0 +1,29 @@
+List users
+
+
+## Usage
+~~~
+fly postgres users list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly postgres users](/docs/flyctl/postgres-users/)	 - Manage users in a postgres cluster
+
diff --git a/flyctl/cmd/fly_proxy.md b/flyctl/cmd/fly_proxy.md
new file mode 100644
index 0000000000..c0823963db
--- /dev/null
+++ b/flyctl/cmd/fly_proxy.md
@@ -0,0 +1,33 @@
+Proxies connections to a Fly Machine through a WireGuard tunnel. By default,
+connects to the first Machine address returned by an internal DNS query on the app.
+
+## Usage
+~~~
+fly proxy <local:remote> [remote_host] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string         Application name
+  -b, --bind-addr string   Local address to bind to (default "127.0.0.1")
+  -c, --config string      Path to application configuration file
+  -h, --help               help for proxy
+  -o, --org string         The target Fly.io organization
+  -q, --quiet              Don't print progress indicators for WireGuard
+  -s, --select             Prompt to select from available Machines from the current application
+      --watch-stdin        Watches stdin and terminates once it gets closed
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_redis.md b/flyctl/cmd/fly_redis.md
new file mode 100644
index 0000000000..feb92bb8a9
--- /dev/null
+++ b/flyctl/cmd/fly_redis.md
@@ -0,0 +1,37 @@
+Launch and manage Redis databases managed by Upstash.com
+
+## Usage
+~~~
+fly redis [command] [flags]
+~~~
+
+## Available Commands
+* [connect](/docs/flyctl/redis-connect/)	 - Connect to a Redis database using redis-cli
+* [create](/docs/flyctl/redis-create/)	 - Create an Upstash Redis database
+* [dashboard](/docs/flyctl/redis-dashboard/)	 - View your Upstash Redis databases on the Upstash web console
+* [destroy](/docs/flyctl/redis-destroy/)	 - Permanently destroy an Upstash Redis database
+* [list](/docs/flyctl/redis-list/)	 - List Upstash Redis databases for an organization
+* [plans](/docs/flyctl/redis-plans/)	 - List available Redis plans
+* [proxy](/docs/flyctl/redis-proxy/)	 - Proxy to a Redis database
+* [reset](/docs/flyctl/redis-reset/)	 - Reset the password for an Upstash Redis database
+* [status](/docs/flyctl/redis-status/)	 - Show status of a Redis database
+* [update](/docs/flyctl/redis-update/)	 - Update an Upstash Redis database
+
+## Options
+
+~~~
+  -h, --help   help for redis
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_redis_connect.md b/flyctl/cmd/fly_redis_connect.md
new file mode 100644
index 0000000000..1fa522057d
--- /dev/null
+++ b/flyctl/cmd/fly_redis_connect.md
@@ -0,0 +1,27 @@
+Connect to a Redis database using redis-cli
+
+## Usage
+~~~
+fly redis connect [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help            help for connect
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_create.md b/flyctl/cmd/fly_redis_create.md
new file mode 100644
index 0000000000..bf1f69098c
--- /dev/null
+++ b/flyctl/cmd/fly_redis_create.md
@@ -0,0 +1,32 @@
+Create an Upstash Redis database
+
+## Usage
+~~~
+fly redis create [flags]
+~~~
+
+## Options
+
+~~~
+      --disable-eviction         Disallow writes when the max data size limit has been reached
+      --enable-eviction          Evict objects when memory is full
+  -h, --help                     help for create
+  -n, --name string              The name of your Redis database
+      --no-replicas              Don't prompt for selecting replica regions
+  -o, --org string               The target Fly.io organization
+  -r, --region string            The target region (see 'flyctl platform regions')
+      --replica-regions string   Comma-separated list of regions to deploy read replicas (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_dashboard.md b/flyctl/cmd/fly_redis_dashboard.md
new file mode 100644
index 0000000000..b6461a7a09
--- /dev/null
+++ b/flyctl/cmd/fly_redis_dashboard.md
@@ -0,0 +1,25 @@
+View your Upstash Redis databases on the Upstash web console
+
+## Usage
+~~~
+fly redis dashboard <org_slug> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for dashboard
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_destroy.md b/flyctl/cmd/fly_redis_destroy.md
new file mode 100644
index 0000000000..ad1d3768ab
--- /dev/null
+++ b/flyctl/cmd/fly_redis_destroy.md
@@ -0,0 +1,26 @@
+Permanently destroy an Upstash Redis database
+
+## Usage
+~~~
+fly redis destroy <name> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for destroy
+  -y, --yes    Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_list.md b/flyctl/cmd/fly_redis_list.md
new file mode 100644
index 0000000000..3bb0dd9e1a
--- /dev/null
+++ b/flyctl/cmd/fly_redis_list.md
@@ -0,0 +1,26 @@
+List Upstash Redis databases for an organization
+
+## Usage
+~~~
+fly redis list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_plans.md b/flyctl/cmd/fly_redis_plans.md
new file mode 100644
index 0000000000..075c25acc7
--- /dev/null
+++ b/flyctl/cmd/fly_redis_plans.md
@@ -0,0 +1,25 @@
+List available Redis plans
+
+## Usage
+~~~
+fly redis plans [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for plans
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_proxy.md b/flyctl/cmd/fly_redis_proxy.md
new file mode 100644
index 0000000000..c5244fc99e
--- /dev/null
+++ b/flyctl/cmd/fly_redis_proxy.md
@@ -0,0 +1,27 @@
+Proxy to a Redis database
+
+## Usage
+~~~
+fly redis proxy [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help            help for proxy
+  -o, --org string      The target Fly.io organization
+  -r, --region string   The target region (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_reset.md b/flyctl/cmd/fly_redis_reset.md
new file mode 100644
index 0000000000..d8a863d5dd
--- /dev/null
+++ b/flyctl/cmd/fly_redis_reset.md
@@ -0,0 +1,25 @@
+Reset the password for an Upstash Redis database
+
+## Usage
+~~~
+fly redis reset <name> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for reset
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_status.md b/flyctl/cmd/fly_redis_status.md
new file mode 100644
index 0000000000..732f4e0a8f
--- /dev/null
+++ b/flyctl/cmd/fly_redis_status.md
@@ -0,0 +1,26 @@
+Show status of a Redis database
+
+
+## Usage
+~~~
+fly redis status <name> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for status
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_redis_update.md b/flyctl/cmd/fly_redis_update.md
new file mode 100644
index 0000000000..a45ff2a8f7
--- /dev/null
+++ b/flyctl/cmd/fly_redis_update.md
@@ -0,0 +1,28 @@
+Update an Upstash Redis database
+
+## Usage
+~~~
+fly redis update <name> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help                     help for update
+  -o, --org string               The target Fly.io organization
+  -r, --region string            The target region (see 'flyctl platform regions')
+      --replica-regions string   Comma-separated list of regions to deploy read replicas (see 'flyctl platform regions')
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
+
diff --git a/flyctl/cmd/fly_releases.md b/flyctl/cmd/fly_releases.md
new file mode 100644
index 0000000000..02f7238e91
--- /dev/null
+++ b/flyctl/cmd/fly_releases.md
@@ -0,0 +1,31 @@
+List all the releases of the application onto the Fly platform,
+including type, when, success/fail and which user triggered the release.
+
+
+## Usage
+~~~
+fly releases [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for releases
+      --image           Display the Docker image reference of the release
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_scale.md b/flyctl/cmd/fly_scale.md
new file mode 100644
index 0000000000..916ce66d3d
--- /dev/null
+++ b/flyctl/cmd/fly_scale.md
@@ -0,0 +1,31 @@
+Scale application resources
+
+## Usage
+~~~
+fly scale [command] [flags]
+~~~
+
+## Available Commands
+* [count](/docs/flyctl/scale-count/)	 - Change an app's VM count to the given value
+* [memory](/docs/flyctl/scale-memory/)	 - Set VM memory
+* [show](/docs/flyctl/scale-show/)	 - Show current resources
+* [vm](/docs/flyctl/scale-vm/)	 - Change an app's VM to a named size (eg. shared-cpu-1x, performance-1x, performance-2x...)
+
+## Options
+
+~~~
+  -h, --help   help for scale
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_scale_count.md b/flyctl/cmd/fly_scale_count.md
new file mode 100644
index 0000000000..e4459ad4f4
--- /dev/null
+++ b/flyctl/cmd/fly_scale_count.md
@@ -0,0 +1,43 @@
+Change an app's VM count to the given value.
+
+For pricing, see https://fly.io/docs/about/pricing/
+
+## Usage
+~~~
+fly scale count [count] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+  -c, --config string               Path to application configuration file
+  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
+      --from-snapshot string        New volumes are restored from snapshot, use 'last' for most recent snapshot. The default is an empty volume
+  -h, --help                        help for count
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+      --max-per-region int          Max number of VMs per region (default -1)
+  -g, --process-group string        The process group to scale
+  -r, --region string               Comma separated list of regions to act on. Defaults to all regions where there is at least one machine running for the app
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+      --with-new-volumes            New machines each get a new volumes even if there are unattached volumes available
+  -y, --yes                         Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly scale](/docs/flyctl/scale/)	 - Scale app resources
+
diff --git a/flyctl/cmd/fly_scale_memory.md b/flyctl/cmd/fly_scale_memory.md
new file mode 100644
index 0000000000..9e82120469
--- /dev/null
+++ b/flyctl/cmd/fly_scale_memory.md
@@ -0,0 +1,28 @@
+Set VM memory to a number of megabytes
+
+## Usage
+~~~
+fly scale memory [memoryMB] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -h, --help                   help for memory
+  -g, --process-group string   The process group to apply the VM size to
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly scale](/docs/flyctl/scale/)	 - Scale app resources
+
diff --git a/flyctl/cmd/fly_scale_show.md b/flyctl/cmd/fly_scale_show.md
new file mode 100644
index 0000000000..392cab41ef
--- /dev/null
+++ b/flyctl/cmd/fly_scale_show.md
@@ -0,0 +1,28 @@
+Show current VM size and counts
+
+## Usage
+~~~
+fly scale show [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly scale](/docs/flyctl/scale/)	 - Scale app resources
+
diff --git a/flyctl/cmd/fly_scale_vm.md b/flyctl/cmd/fly_scale_vm.md
new file mode 100644
index 0000000000..480ffbb845
--- /dev/null
+++ b/flyctl/cmd/fly_scale_vm.md
@@ -0,0 +1,37 @@
+Change an application's VM size to one of the named VM sizes.
+
+For a full list of supported sizes use the command `flyctl platform vm-sizes`.
+
+Memory size can be set with the `--vm-memory` flag followed by the number of MB.
+
+For example: `flyctl scale vm shared-cpu-1x --vm-memory=2048`.
+
+For pricing, see https://fly.io/docs/about/pricing/
+
+## Usage
+~~~
+fly scale vm [size] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string             Application name
+  -c, --config string          Path to application configuration file
+  -h, --help                   help for vm
+  -g, --process-group string   The process group to apply the VM size to
+      --vm-memory int          Memory in MB for the VM
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly scale](/docs/flyctl/scale/)	 - Scale app resources
+
diff --git a/flyctl/cmd/fly_secrets.md b/flyctl/cmd/fly_secrets.md
new file mode 100644
index 0000000000..f70d0338e4
--- /dev/null
+++ b/flyctl/cmd/fly_secrets.md
@@ -0,0 +1,36 @@
+Secrets are provided to applications at runtime as ENV variables. Names are
+		case sensitive and stored as-is, so ensure names are appropriate for
+		the application and vm environment.
+		
+
+## Usage
+~~~
+fly secrets [command] [flags]
+~~~
+
+## Available Commands
+* [deploy](/docs/flyctl/secrets-deploy/)	 - Deploy staged secrets for an application
+* [import](/docs/flyctl/secrets-import/)	 - Set secrets as NAME=VALUE pairs from stdin
+* [list](/docs/flyctl/secrets-list/)	 - List application secret names, digests and creation times
+* [set](/docs/flyctl/secrets-set/)	 - Set one or more encrypted secrets for an application
+* [sync](/docs/flyctl/secrets-sync/)	 - Sync flyctl with the latest versions of app secrets, even if they were set elsewhere
+* [unset](/docs/flyctl/secrets-unset/)	 - Unset one or more encrypted secrets for an application
+
+## Options
+
+~~~
+  -h, --help   help for secrets
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_secrets_deploy.md b/flyctl/cmd/fly_secrets_deploy.md
new file mode 100644
index 0000000000..562da3cd7f
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_deploy.md
@@ -0,0 +1,29 @@
+Deploy staged secrets for an application
+
+## Usage
+~~~
+fly secrets deploy [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --detach          Return immediately instead of monitoring deployment progress
+      --dns-checks      Perform DNS checks during deployment (default true)
+  -h, --help            help for deploy
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_secrets_import.md b/flyctl/cmd/fly_secrets_import.md
new file mode 100644
index 0000000000..c0f077c75b
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_import.md
@@ -0,0 +1,30 @@
+Set one or more encrypted secrets for an application. Values are read from stdin as NAME=VALUE pairs
+
+## Usage
+~~~
+fly secrets import [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --detach          Return immediately instead of monitoring deployment progress
+      --dns-checks      Perform DNS checks during deployment (default true)
+  -h, --help            help for import
+      --stage           Set secrets but skip deployment for machine apps
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_secrets_list.md b/flyctl/cmd/fly_secrets_list.md
new file mode 100644
index 0000000000..02b91d9c8d
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_list.md
@@ -0,0 +1,30 @@
+List the secrets available to the application. It shows each secret's
+name, a digest of its value and the time the secret was last set. The
+actual value of the secret is only available to the application.
+
+## Usage
+~~~
+fly secrets list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_secrets_set.md b/flyctl/cmd/fly_secrets_set.md
new file mode 100644
index 0000000000..92a2573c2f
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_set.md
@@ -0,0 +1,30 @@
+Set one or more encrypted secrets for an application
+
+## Usage
+~~~
+fly secrets set [flags] NAME=VALUE NAME=VALUE ...
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --detach          Return immediately instead of monitoring deployment progress
+      --dns-checks      Perform DNS checks during deployment (default true)
+  -h, --help            help for set
+      --stage           Set secrets but skip deployment for machine apps
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_secrets_sync.md b/flyctl/cmd/fly_secrets_sync.md
new file mode 100644
index 0000000000..19a00e6c1a
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_sync.md
@@ -0,0 +1,30 @@
+Sync flyctl with the latest versions of app secrets, even if they were set elsewhere
+
+## Usage
+~~~
+fly secrets sync [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --detach          Return immediately instead of monitoring deployment progress
+      --dns-checks      Perform DNS checks during deployment (default true)
+  -h, --help            help for sync
+      --stage           Set secrets but skip deployment for machine apps
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_secrets_unset.md b/flyctl/cmd/fly_secrets_unset.md
new file mode 100644
index 0000000000..7bc591e1fc
--- /dev/null
+++ b/flyctl/cmd/fly_secrets_unset.md
@@ -0,0 +1,30 @@
+Unset one or more encrypted secrets for an application
+
+## Usage
+~~~
+fly secrets unset [flags] NAME NAME ...
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --detach          Return immediately instead of monitoring deployment progress
+      --dns-checks      Perform DNS checks during deployment (default true)
+  -h, --help            help for unset
+      --stage           Set secrets but skip deployment for machine apps
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
+
diff --git a/flyctl/cmd/fly_services.md b/flyctl/cmd/fly_services.md
new file mode 100644
index 0000000000..9369058200
--- /dev/null
+++ b/flyctl/cmd/fly_services.md
@@ -0,0 +1,28 @@
+Shows information about the services of the application.
+
+## Usage
+~~~
+fly services [command] [flags]
+~~~
+
+## Available Commands
+* [list](/docs/flyctl/services-list/)	 - List services
+
+## Options
+
+~~~
+  -h, --help   help for services
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_services_list.md b/flyctl/cmd/fly_services_list.md
new file mode 100644
index 0000000000..73d4507c21
--- /dev/null
+++ b/flyctl/cmd/fly_services_list.md
@@ -0,0 +1,27 @@
+List the services that are associated with an app
+
+## Usage
+~~~
+fly services list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly services](/docs/flyctl/services/)	 - Show the application's services
+
diff --git a/flyctl/cmd/fly_settings.md b/flyctl/cmd/fly_settings.md
new file mode 100644
index 0000000000..fada20a524
--- /dev/null
+++ b/flyctl/cmd/fly_settings.md
@@ -0,0 +1,30 @@
+Manage flyctl settings
+
+## Usage
+~~~
+fly settings [command] [flags]
+~~~
+
+## Available Commands
+* [analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
+* [autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
+* [synthetics](/docs/flyctl/settings-synthetics/)	 - Control synthetics agent execution
+
+## Options
+
+~~~
+  -h, --help   help for settings
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_settings_analytics.md b/flyctl/cmd/fly_settings_analytics.md
new file mode 100644
index 0000000000..bb8dbff285
--- /dev/null
+++ b/flyctl/cmd/fly_settings_analytics.md
@@ -0,0 +1,29 @@
+Control anonymized analytics collection
+
+## Usage
+~~~
+fly settings analytics [flags]
+~~~
+
+## Available Commands
+* [disable](/docs/flyctl/settings-analytics-disable/)	 - Disable analytics
+* [enable](/docs/flyctl/settings-analytics-enable/)	 - Enable analytics
+
+## Options
+
+~~~
+  -h, --help   help for analytics
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings](/docs/flyctl/settings/)	 - Manage flyctl settings
+
diff --git a/flyctl/cmd/fly_settings_analytics_disable.md b/flyctl/cmd/fly_settings_analytics_disable.md
new file mode 100644
index 0000000000..db952b4755
--- /dev/null
+++ b/flyctl/cmd/fly_settings_analytics_disable.md
@@ -0,0 +1,25 @@
+Disable analytics
+
+## Usage
+~~~
+fly settings analytics disable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for disable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
+
diff --git a/flyctl/cmd/fly_settings_analytics_enable.md b/flyctl/cmd/fly_settings_analytics_enable.md
new file mode 100644
index 0000000000..98b146df9b
--- /dev/null
+++ b/flyctl/cmd/fly_settings_analytics_enable.md
@@ -0,0 +1,25 @@
+Enable analytics
+
+## Usage
+~~~
+fly settings analytics enable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for enable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
+
diff --git a/flyctl/cmd/fly_settings_autoupdate.md b/flyctl/cmd/fly_settings_autoupdate.md
new file mode 100644
index 0000000000..e98adeaf45
--- /dev/null
+++ b/flyctl/cmd/fly_settings_autoupdate.md
@@ -0,0 +1,29 @@
+Control automatic updates
+
+## Usage
+~~~
+fly settings autoupdate [flags]
+~~~
+
+## Available Commands
+* [disable](/docs/flyctl/settings-autoupdate-disable/)	 - Disable automatic updates
+* [enable](/docs/flyctl/settings-autoupdate-enable/)	 - Enable automatic updates
+
+## Options
+
+~~~
+  -h, --help   help for autoupdate
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings](/docs/flyctl/settings/)	 - Manage flyctl settings
+
diff --git a/flyctl/cmd/fly_settings_autoupdate_disable.md b/flyctl/cmd/fly_settings_autoupdate_disable.md
new file mode 100644
index 0000000000..2b796c45b2
--- /dev/null
+++ b/flyctl/cmd/fly_settings_autoupdate_disable.md
@@ -0,0 +1,25 @@
+Disable automatic updates
+
+## Usage
+~~~
+fly settings autoupdate disable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for disable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
+
diff --git a/flyctl/cmd/fly_settings_autoupdate_enable.md b/flyctl/cmd/fly_settings_autoupdate_enable.md
new file mode 100644
index 0000000000..dce7f17c74
--- /dev/null
+++ b/flyctl/cmd/fly_settings_autoupdate_enable.md
@@ -0,0 +1,25 @@
+Enable automatic updates
+
+## Usage
+~~~
+fly settings autoupdate enable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for enable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
+
diff --git a/flyctl/cmd/fly_settings_synthetics.md b/flyctl/cmd/fly_settings_synthetics.md
new file mode 100644
index 0000000000..72be448fd3
--- /dev/null
+++ b/flyctl/cmd/fly_settings_synthetics.md
@@ -0,0 +1,29 @@
+Control synthetics agent execution
+
+## Usage
+~~~
+fly settings synthetics [flags]
+~~~
+
+## Available Commands
+* [disable](/docs/flyctl/settings-synthetics-disable/)	 - Disable synthetics
+* [enable](/docs/flyctl/settings-synthetics-enable/)	 - Enable synthetics
+
+## Options
+
+~~~
+  -h, --help   help for synthetics
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings](/docs/flyctl/settings/)	 - Manage flyctl settings
+
diff --git a/flyctl/cmd/fly_settings_synthetics_disable.md b/flyctl/cmd/fly_settings_synthetics_disable.md
new file mode 100644
index 0000000000..0b57ea2743
--- /dev/null
+++ b/flyctl/cmd/fly_settings_synthetics_disable.md
@@ -0,0 +1,25 @@
+Disable synthetics
+
+## Usage
+~~~
+fly settings synthetics disable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for disable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings synthetics](/docs/flyctl/settings-synthetics/)	 - Control synthetics agent execution
+
diff --git a/flyctl/cmd/fly_settings_synthetics_enable.md b/flyctl/cmd/fly_settings_synthetics_enable.md
new file mode 100644
index 0000000000..ba6e45904e
--- /dev/null
+++ b/flyctl/cmd/fly_settings_synthetics_enable.md
@@ -0,0 +1,25 @@
+Enable synthetics
+
+## Usage
+~~~
+fly settings synthetics enable [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for enable
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly settings synthetics](/docs/flyctl/settings-synthetics/)	 - Control synthetics agent execution
+
diff --git a/flyctl/cmd/fly_sftp.md b/flyctl/cmd/fly_sftp.md
new file mode 100644
index 0000000000..f0600236ba
--- /dev/null
+++ b/flyctl/cmd/fly_sftp.md
@@ -0,0 +1,31 @@
+Get or put files from a remote VM.
+
+## Usage
+~~~
+fly sftp [command] [flags]
+~~~
+
+## Available Commands
+* [find](/docs/flyctl/sftp-find/)	 - The SFTP FIND command lists files (from an optional root directory) on a remote VM.
+* [get](/docs/flyctl/sftp-get/)	 - The SFTP GET retrieves a file from a remote VM.
+* [put](/docs/flyctl/sftp-put/)	 - The SFTP PUT uploads a file to a remote VM.
+* [shell](/docs/flyctl/sftp-shell/)	 - The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
+
+## Options
+
+~~~
+  -h, --help   help for sftp
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_sftp_find.md b/flyctl/cmd/fly_sftp_find.md
new file mode 100644
index 0000000000..510c7e2e48
--- /dev/null
+++ b/flyctl/cmd/fly_sftp_find.md
@@ -0,0 +1,38 @@
+The SFTP FIND command lists files (from an optional root directory) on a remote VM.
+
+## Usage
+~~~
+fly sftp find [path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for find
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_sftp_get.md b/flyctl/cmd/fly_sftp_get.md
new file mode 100644
index 0000000000..4d0636c81b
--- /dev/null
+++ b/flyctl/cmd/fly_sftp_get.md
@@ -0,0 +1,39 @@
+The SFTP GET retrieves a file from a remote VM.
+
+## Usage
+~~~
+fly sftp get <remote-path> [local-path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for get
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -R, --recursive              Download directories recursively
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_sftp_put.md b/flyctl/cmd/fly_sftp_put.md
new file mode 100644
index 0000000000..6720fab9d0
--- /dev/null
+++ b/flyctl/cmd/fly_sftp_put.md
@@ -0,0 +1,40 @@
+The SFTP PUT uploads a file to a remote VM.
+
+## Usage
+~~~
+fly sftp put <local-path> [remote-path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for put
+      --machine string         Run the console in the existing machine with the specified ID
+  -m, --mode string            File mode/permissions for the uploaded file (default: 0644) (default "0644")
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -R, --recursive              Upload directories recursively
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_sftp_shell.md b/flyctl/cmd/fly_sftp_shell.md
new file mode 100644
index 0000000000..582f971864
--- /dev/null
+++ b/flyctl/cmd/fly_sftp_shell.md
@@ -0,0 +1,38 @@
+The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
+
+## Usage
+~~~
+fly sftp shell [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for shell
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_ssh.md b/flyctl/cmd/fly_ssh.md
new file mode 100644
index 0000000000..862ca06e15
--- /dev/null
+++ b/flyctl/cmd/fly_ssh.md
@@ -0,0 +1,31 @@
+Use SSH to log into or run commands on Machines
+
+## Usage
+~~~
+fly ssh [command] [flags]
+~~~
+
+## Available Commands
+* [console](/docs/flyctl/ssh-console/)	 - Connect to a running instance of the current app.
+* [issue](/docs/flyctl/ssh-issue/)	 - Issue a new SSH credential
+* [log](/docs/flyctl/ssh-log/)	 - Log of all issued SSH certs
+* [sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
+
+## Options
+
+~~~
+  -h, --help   help for ssh
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_ssh_console.md b/flyctl/cmd/fly_ssh_console.md
new file mode 100644
index 0000000000..8c946736c3
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_console.md
@@ -0,0 +1,38 @@
+Connect to a running instance of the current app.
+
+## Usage
+~~~
+fly ssh console [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for console
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
+
diff --git a/flyctl/cmd/fly_ssh_issue.md b/flyctl/cmd/fly_ssh_issue.md
new file mode 100644
index 0000000000..ce4152ba51
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_issue.md
@@ -0,0 +1,33 @@
+Issue a new SSH credential. With -agent, populate credential
+into SSH agent. With -hour, set the number of hours (1-72) for credential
+validity.
+
+## Usage
+~~~
+fly ssh issue [org] [path] [flags]
+~~~
+
+## Options
+
+~~~
+      --agent              Add key to SSH agent
+  -d, --dotssh             Store keys in ~/.ssh, like normal keys
+  -h, --help               help for issue
+      --hours int          Expiration, in hours (<72) (default 24)
+  -o, --org string         The target Fly.io organization
+      --overwrite          Overwrite existing SSH keys in same location, if we generated them
+  -u, --username strings   Unix usernames the SSH cert can authenticate as (default [root,fly])
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
+
diff --git a/flyctl/cmd/fly_ssh_log.md b/flyctl/cmd/fly_ssh_log.md
new file mode 100644
index 0000000000..354123fd9f
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_log.md
@@ -0,0 +1,27 @@
+Log of all issued SSH certs
+
+## Usage
+~~~
+fly ssh log [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for log
+  -j, --json         JSON output
+  -o, --org string   The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
+
diff --git a/flyctl/cmd/fly_ssh_sftp.md b/flyctl/cmd/fly_ssh_sftp.md
new file mode 100644
index 0000000000..a39df933c5
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_sftp.md
@@ -0,0 +1,31 @@
+Get or put files from a remote VM.
+
+## Usage
+~~~
+fly ssh sftp [command] [flags]
+~~~
+
+## Available Commands
+* [find](/docs/flyctl/ssh-sftp-find/)	 - The SFTP FIND command lists files (from an optional root directory) on a remote VM.
+* [get](/docs/flyctl/ssh-sftp-get/)	 - The SFTP GET retrieves a file from a remote VM.
+* [put](/docs/flyctl/ssh-sftp-put/)	 - The SFTP PUT uploads a file to a remote VM.
+* [shell](/docs/flyctl/ssh-sftp-shell/)	 - The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
+
+## Options
+
+~~~
+  -h, --help   help for sftp
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
+
diff --git a/flyctl/cmd/fly_ssh_sftp_find.md b/flyctl/cmd/fly_ssh_sftp_find.md
new file mode 100644
index 0000000000..9de037a972
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_sftp_find.md
@@ -0,0 +1,38 @@
+The SFTP FIND command lists files (from an optional root directory) on a remote VM.
+
+## Usage
+~~~
+fly ssh sftp find [path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for find
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_ssh_sftp_get.md b/flyctl/cmd/fly_ssh_sftp_get.md
new file mode 100644
index 0000000000..646dad5453
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_sftp_get.md
@@ -0,0 +1,39 @@
+The SFTP GET retrieves a file from a remote VM.
+
+## Usage
+~~~
+fly ssh sftp get <remote-path> [local-path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for get
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -R, --recursive              Download directories recursively
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_ssh_sftp_put.md b/flyctl/cmd/fly_ssh_sftp_put.md
new file mode 100644
index 0000000000..07812128af
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_sftp_put.md
@@ -0,0 +1,40 @@
+The SFTP PUT uploads a file to a remote VM.
+
+## Usage
+~~~
+fly ssh sftp put <local-path> [remote-path] [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for put
+      --machine string         Run the console in the existing machine with the specified ID
+  -m, --mode string            File mode/permissions for the uploaded file (default: 0644) (default "0644")
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -R, --recursive              Upload directories recursively
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_ssh_sftp_shell.md b/flyctl/cmd/fly_ssh_sftp_shell.md
new file mode 100644
index 0000000000..36c14c9ae2
--- /dev/null
+++ b/flyctl/cmd/fly_ssh_sftp_shell.md
@@ -0,0 +1,38 @@
+The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
+
+## Usage
+~~~
+fly ssh sftp shell [flags]
+~~~
+
+## Options
+
+~~~
+  -A, --address string         Address of VM to connect to
+  -a, --app string             Application name
+  -C, --command string         command to run on SSH session
+  -c, --config string          Path to application configuration file
+      --container string       Container to connect to
+  -h, --help                   help for shell
+      --machine string         Run the console in the existing machine with the specified ID
+  -o, --org string             The target Fly.io organization
+  -g, --process-group string   The target process group
+      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
+  -q, --quiet                  Don't print progress indicators for WireGuard
+  -r, --region string          The target region (see 'flyctl platform regions')
+  -s, --select                 select available instances
+  -u, --user string            Unix username to connect as (default "root")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
+
diff --git a/flyctl/cmd/fly_status.md b/flyctl/cmd/fly_status.md
new file mode 100644
index 0000000000..90e4645e44
--- /dev/null
+++ b/flyctl/cmd/fly_status.md
@@ -0,0 +1,35 @@
+Show the application's current status including application
+details, tasks, most recent deployment details and in which regions it is
+currently allocated.
+
+
+## Usage
+~~~
+fly status [flags]
+~~~
+
+## Options
+
+~~~
+      --all             Show completed instances
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+      --deployment      Always show deployment status
+  -h, --help            help for status
+  -j, --json            JSON output
+      --rate int        Refresh Rate for --watch (default 5)
+      --watch           Refresh details
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_storage.md b/flyctl/cmd/fly_storage.md
new file mode 100644
index 0000000000..8c3c3a5188
--- /dev/null
+++ b/flyctl/cmd/fly_storage.md
@@ -0,0 +1,34 @@
+Provision and manage Tigris object storage buckets
+
+
+## Usage
+~~~
+fly storage [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/storage-create/)	 - Provision a Tigris object storage bucket
+* [dashboard](/docs/flyctl/storage-dashboard/)	 - Visit the Tigris dashboard
+* [destroy](/docs/flyctl/storage-destroy/)	 - Permanently destroy a Tigris object storage bucket
+* [list](/docs/flyctl/storage-list/)	 - List your Tigris object storage buckets
+* [status](/docs/flyctl/storage-status/)	 - Show details about a Tigris storage bucket
+* [update](/docs/flyctl/storage-update/)	 - Update an existing Tigris object storage bucket
+
+## Options
+
+~~~
+  -h, --help   help for storage
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_storage_create.md b/flyctl/cmd/fly_storage_create.md
new file mode 100644
index 0000000000..3a9c3a2a54
--- /dev/null
+++ b/flyctl/cmd/fly_storage_create.md
@@ -0,0 +1,38 @@
+Provision a Tigris object storage bucket
+
+
+## Usage
+~~~
+fly storage create [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                 Application name
+  -c, --config string              Path to application configuration file
+  -h, --help                       help for create
+  -n, --name string                The name of your bucket
+  -o, --org string                 The target Fly.io organization
+  -p, --public                     Objects in the bucket should be publicly accessible
+      --shadow-access-key string   Shadow bucket access key
+      --shadow-endpoint string     Shadow bucket endpoint
+      --shadow-name string         Shadow bucket name
+      --shadow-region string       Shadow bucket region
+      --shadow-secret-key string   Shadow bucket secret key
+      --shadow-write-through       Write objects through to the shadow bucket
+  -y, --yes                        Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_storage_dashboard.md b/flyctl/cmd/fly_storage_dashboard.md
new file mode 100644
index 0000000000..4795b66d4a
--- /dev/null
+++ b/flyctl/cmd/fly_storage_dashboard.md
@@ -0,0 +1,29 @@
+Visit the Tigris dashboard
+
+## Usage
+~~~
+fly storage dashboard [bucket_name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for dashboard
+  -o, --org string      The target Fly.io organization
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_storage_destroy.md b/flyctl/cmd/fly_storage_destroy.md
new file mode 100644
index 0000000000..4e8f20d934
--- /dev/null
+++ b/flyctl/cmd/fly_storage_destroy.md
@@ -0,0 +1,28 @@
+Permanently destroy a Tigris object storage bucket
+
+## Usage
+~~~
+fly storage destroy [storage-bucket-name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_storage_list.md b/flyctl/cmd/fly_storage_list.md
new file mode 100644
index 0000000000..12f82000b8
--- /dev/null
+++ b/flyctl/cmd/fly_storage_list.md
@@ -0,0 +1,27 @@
+List your Tigris object storage buckets
+
+## Usage
+~~~
+fly storage list [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help         help for list
+  -o, --org string   The target Fly.io organization
+  -y, --yes          Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_storage_status.md b/flyctl/cmd/fly_storage_status.md
new file mode 100644
index 0000000000..4e65bb0a71
--- /dev/null
+++ b/flyctl/cmd/fly_storage_status.md
@@ -0,0 +1,29 @@
+Show details about a Tigris storage bucket
+
+
+## Usage
+~~~
+fly storage status [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for status
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_storage_update.md b/flyctl/cmd/fly_storage_update.md
new file mode 100644
index 0000000000..03c157d57c
--- /dev/null
+++ b/flyctl/cmd/fly_storage_update.md
@@ -0,0 +1,41 @@
+Update an existing Tigris object storage bucket
+
+
+## Usage
+~~~
+fly storage update <bucket_name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                 Application name
+      --clear-custom-domain        Remove a custom domain from a bucket
+      --clear-shadow               Remove an existing shadow bucket
+  -c, --config string              Path to application configuration file
+      --custom-domain string       A custom domain name pointing at your bucket
+  -h, --help                       help for update
+  -o, --org string                 The target Fly.io organization
+      --private                    Set a public bucket to be private
+  -p, --public                     Objects in the bucket should be publicly accessible
+      --shadow-access-key string   Shadow bucket access key
+      --shadow-endpoint string     Shadow bucket endpoint
+      --shadow-name string         Shadow bucket name
+      --shadow-region string       Shadow bucket region
+      --shadow-secret-key string   Shadow bucket secret key
+      --shadow-write-through       Write objects through to the shadow bucket
+  -y, --yes                        Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly storage](/docs/flyctl/storage/)	 - Provision and manage Tigris object storage buckets
+
diff --git a/flyctl/cmd/fly_synthetics.md b/flyctl/cmd/fly_synthetics.md
new file mode 100644
index 0000000000..ec599ccbdd
--- /dev/null
+++ b/flyctl/cmd/fly_synthetics.md
@@ -0,0 +1,28 @@
+Synthetic monitoring management.
+
+## Usage
+~~~
+fly synthetics [command] [flags]
+~~~
+
+## Available Commands
+* [agent](/docs/flyctl/synthetics-agent/)	 - Runs the Synthetics agent
+
+## Options
+
+~~~
+  -h, --help   help for synthetics
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_synthetics_agent.md b/flyctl/cmd/fly_synthetics_agent.md
new file mode 100644
index 0000000000..30595c859e
--- /dev/null
+++ b/flyctl/cmd/fly_synthetics_agent.md
@@ -0,0 +1,25 @@
+Runs the Synthetics agent in the foreground.
+
+## Usage
+~~~
+fly synthetics agent [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for agent
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly synthetics](/docs/flyctl/synthetics/)	 - Synthetic monitoring
+
diff --git a/flyctl/cmd/fly_tokens.md b/flyctl/cmd/fly_tokens.md
new file mode 100644
index 0000000000..c83cb6ce58
--- /dev/null
+++ b/flyctl/cmd/fly_tokens.md
@@ -0,0 +1,33 @@
+Manage Fly.io API tokens
+
+## Usage
+~~~
+fly tokens [command] [flags]
+~~~
+
+## Available Commands
+* [3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
+* [attenuate](/docs/flyctl/tokens-attenuate/)	 - Attenuate Fly.io API tokens
+* [create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+* [debug](/docs/flyctl/tokens-debug/)	 - Debug Fly.io API tokens
+* [list](/docs/flyctl/tokens-list/)	 - List tokens
+* [revoke](/docs/flyctl/tokens-revoke/)	 - Revoke tokens
+
+## Options
+
+~~~
+  -h, --help   help for tokens
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_tokens_3p.md b/flyctl/cmd/fly_tokens_3p.md
new file mode 100644
index 0000000000..702c42e68f
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_3p.md
@@ -0,0 +1,36 @@
+Add, manage, and discharge third-party tokens for a Fly.io API token.
+The token to be manipulated may either be passed in the -t argument or in FLY_API_TOKEN.
+Third-party caveats rely on a secret shared with between the third party and the
+author of the caveat. Pass this secret with --secret, --secret-file, or through the
+TOKEN_3P_SHARED_SECRET variable.
+
+
+## Usage
+~~~
+fly tokens 3p [command] [flags]
+~~~
+
+## Available Commands
+* [add](/docs/flyctl/tokens-3p-add/)	 - Add a third-party caveat
+* [add-discharge](/docs/flyctl/tokens-3p-add-discharge/)	 - Tack a discharge token onto a Fly.io API token
+* [discharge](/docs/flyctl/tokens-3p-discharge/)	 - Exchange a ticket for the token that discharges a third-party caveat
+* [ticket](/docs/flyctl/tokens-3p-ticket/)	 - Retrieve the ticket from an existing third-party caveat
+
+## Options
+
+~~~
+  -h, --help   help for 3p
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_3p_add-discharge.md b/flyctl/cmd/fly_tokens_3p_add-discharge.md
new file mode 100644
index 0000000000..6ae91f2dc4
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_3p_add-discharge.md
@@ -0,0 +1,28 @@
+Once obtained by exchanging a caveat ticket with a third-party service,
+add the matching discharge token to the Fly.io API token header, to include it with
+authentication attempts.
+
+## Usage
+~~~
+fly tokens 3p add-discharge [flags]
+~~~
+
+## Options
+
+~~~
+  -d, --discharge string   Third-party discharge token
+  -h, --help               help for add-discharge
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_3p_add.md b/flyctl/cmd/fly_tokens_3p_add.md
new file mode 100644
index 0000000000..b7bf1c478d
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_3p_add.md
@@ -0,0 +1,30 @@
+Add a caveat to the Fly.io token that requires a third-party service,
+identified by --location (a URL), to supply a discharge token in order to clear.
+
+
+## Usage
+~~~
+fly tokens 3p add [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help                 help for add
+  -l, --location string      URL identifying third-party service
+  -S, --secret string        (insecure) base64 shared secret for third-party caveat
+  -s, --secret-file string   file containing base64 shared secret for third-party caveat
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_3p_discharge.md b/flyctl/cmd/fly_tokens_3p_discharge.md
new file mode 100644
index 0000000000..e8d8dd1854
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_3p_discharge.md
@@ -0,0 +1,30 @@
+Given the ticket for a third-party caveat, generate the discharge token
+that satisfies the caveat.
+
+## Usage
+~~~
+fly tokens 3p discharge [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help                 help for discharge
+  -l, --location string      URL identifying third-party service
+  -S, --secret string        (insecure) base64 shared secret for third-party caveat
+  -s, --secret-file string   file containing base64 shared secret for third-party caveat
+      --ticket string        Third party caveat ticket
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_3p_ticket.md b/flyctl/cmd/fly_tokens_3p_ticket.md
new file mode 100644
index 0000000000..0340bca565
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_3p_ticket.md
@@ -0,0 +1,28 @@
+If a third-party caveat tied to the URL at --location is present in
+the Fly.io API token, retrieve its ticket, so it can be submitted to the service
+to retrieve a discharge token.
+
+## Usage
+~~~
+fly tokens 3p ticket [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help              help for ticket
+  -l, --location string   URL identifying third-party service
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_attenuate.md b/flyctl/cmd/fly_tokens_attenuate.md
new file mode 100644
index 0000000000..559eabfd19
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_attenuate.md
@@ -0,0 +1,30 @@
+Attenuate a Fly.io API token by appending caveats to it. The
+				token to be attenuated may either be passed in the -t argument
+				or in FLY_API_TOKEN. Caveats must be JSON encoded. See
+				https://github.com/superfly/macaroon for details on
+				macaroons and caveats.
+
+## Usage
+~~~
+fly tokens attenuate [flags]
+~~~
+
+## Options
+
+~~~
+  -f, --file string   Filename to read caveats from. Defaults to stdin
+  -h, --help          help for attenuate
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create.md b/flyctl/cmd/fly_tokens_create.md
new file mode 100644
index 0000000000..2ff1504cfd
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create.md
@@ -0,0 +1,33 @@
+Create Fly.io API tokens
+
+## Usage
+~~~
+fly tokens create [command] [flags]
+~~~
+
+## Available Commands
+* [deploy](/docs/flyctl/tokens-create-deploy/)	 - Create deploy tokens
+* [litefs-cloud](/docs/flyctl/tokens-create-litefs-cloud/)	 - Create LiteFS Cloud tokens
+* [machine-exec](/docs/flyctl/tokens-create-machine-exec/)	 - Create a machine exec token
+* [org](/docs/flyctl/tokens-create-org/)	 - Create org deploy tokens
+* [readonly](/docs/flyctl/tokens-create-readonly/)	 - Create read-only org tokens
+* [ssh](/docs/flyctl/tokens-create-ssh/)	 - Create token for SSH'ing to a single app
+
+## Options
+
+~~~
+  -h, --help   help for create
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_deploy.md b/flyctl/cmd/fly_tokens_create_deploy.md
new file mode 100644
index 0000000000..030900a5d9
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_deploy.md
@@ -0,0 +1,30 @@
+Create an API token limited to managing a single app and its resources. Also available as TOKENS DEPLOY. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
+
+## Usage
+~~~
+fly tokens create deploy [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string        Application name
+  -c, --config string     Path to application configuration file
+  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
+  -h, --help              help for deploy
+  -j, --json              JSON output
+  -n, --name string       Token name (default "flyctl deploy token")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_litefs-cloud.md b/flyctl/cmd/fly_tokens_create_litefs-cloud.md
new file mode 100644
index 0000000000..2bfdef6d53
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_litefs-cloud.md
@@ -0,0 +1,30 @@
+Create an API token limited to a single LiteFS Cloud cluster.
+
+## Usage
+~~~
+fly tokens create litefs-cloud [flags]
+~~~
+
+## Options
+
+~~~
+  -c, --cluster string    Cluster name
+  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
+  -h, --help              help for litefs-cloud
+  -j, --json              JSON output
+  -n, --name string       Token name (default "LiteFS Cloud token")
+  -o, --org string        The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_machine-exec.md b/flyctl/cmd/fly_tokens_create_machine-exec.md
new file mode 100644
index 0000000000..8d5dee48d0
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_machine-exec.md
@@ -0,0 +1,32 @@
+Create an API token that can execute a restricted set of commands on a machine. Commands can be specified on the command line or with the command and command-prefix flags. If no command is provided, all commands are allowed. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
+
+## Usage
+~~~
+fly tokens create machine-exec [command...] [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string               Application name
+  -C, --command strings          An allowed command with arguments. This command must match exactly
+  -p, --command-prefix strings   An allowed command with arguments. This command must match the prefix of a command
+  -c, --config string            Path to application configuration file
+  -x, --expiry duration          The duration that the token will be valid (default 175200h0m0s)
+  -h, --help                     help for machine-exec
+  -j, --json                     JSON output
+  -n, --name string              Token name (default "flyctl machine-exec token")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_org.md b/flyctl/cmd/fly_tokens_create_org.md
new file mode 100644
index 0000000000..61a508a8ce
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_org.md
@@ -0,0 +1,29 @@
+Create an API token limited to managing a single org and its resources. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
+
+## Usage
+~~~
+fly tokens create org [flags]
+~~~
+
+## Options
+
+~~~
+  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
+  -h, --help              help for org
+  -j, --json              JSON output
+  -n, --name string       Token name (default "Org deploy token")
+  -o, --org string        The target Fly.io organization
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_readonly.md b/flyctl/cmd/fly_tokens_create_readonly.md
new file mode 100644
index 0000000000..3d442020f2
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_readonly.md
@@ -0,0 +1,29 @@
+Create an API token limited to reading a single org and its resources. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
+
+## Usage
+~~~
+fly tokens create readonly [flags]
+~~~
+
+## Options
+
+~~~
+  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
+      --from-existing     Use an existing token as the basis for the read-only token
+  -h, --help              help for readonly
+  -j, --json              JSON output
+  -n, --name string       Token name (default "Read-only org token")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_create_ssh.md b/flyctl/cmd/fly_tokens_create_ssh.md
new file mode 100644
index 0000000000..c123d787b4
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_create_ssh.md
@@ -0,0 +1,30 @@
+Create token for SSH'ing to a single app. To be able to SSH to an app, this token is also allowed to connect to the org's wireguard network.
+
+## Usage
+~~~
+fly tokens create ssh [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string        Application name
+  -c, --config string     Path to application configuration file
+  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
+  -h, --help              help for ssh
+  -j, --json              JSON output
+  -n, --name string       Token name (default "flyctl ssh token")
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_debug.md b/flyctl/cmd/fly_tokens_debug.md
new file mode 100644
index 0000000000..c027623652
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_debug.md
@@ -0,0 +1,29 @@
+Decode and print a Fly.io API token. The token to be
+				debugged may either be passed in the -t argument or in FLY_API_TOKEN.
+				See https://github.com/superfly/macaroon for details Fly.io macaroon
+				tokens.
+
+## Usage
+~~~
+fly tokens debug [flags]
+~~~
+
+## Options
+
+~~~
+  -f, --file string   Filename to read caveats from. Defaults to stdin
+  -h, --help          help for debug
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_list.md b/flyctl/cmd/fly_tokens_list.md
new file mode 100644
index 0000000000..fab020864f
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_list.md
@@ -0,0 +1,29 @@
+List tokens
+
+## Usage
+~~~
+fly tokens list [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -o, --org string      The target Fly.io organization
+  -s, --scope string    either 'app' or 'org'
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_tokens_revoke.md b/flyctl/cmd/fly_tokens_revoke.md
new file mode 100644
index 0000000000..e2886931ef
--- /dev/null
+++ b/flyctl/cmd/fly_tokens_revoke.md
@@ -0,0 +1,25 @@
+Revoke one or more tokens.
+
+## Usage
+~~~
+fly tokens revoke [flags] ID ID ...
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for revoke
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
+
diff --git a/flyctl/cmd/fly_version.md b/flyctl/cmd/fly_version.md
new file mode 100644
index 0000000000..e519791198
--- /dev/null
+++ b/flyctl/cmd/fly_version.md
@@ -0,0 +1,30 @@
+Shows version information for the flyctl command itself, including version
+number and build date.
+
+## Usage
+~~~
+fly version [flags]
+~~~
+
+## Available Commands
+* [upgrade](/docs/flyctl/version-upgrade/)	 - Checks for available updates and automatically upgrades
+
+## Options
+
+~~~
+  -h, --help   help for version
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_version_upgrade.md b/flyctl/cmd/fly_version_upgrade.md
new file mode 100644
index 0000000000..841e88f9c7
--- /dev/null
+++ b/flyctl/cmd/fly_version_upgrade.md
@@ -0,0 +1,26 @@
+Checks for an update and if one is available, runs the appropriate
+command to upgrade the application.
+
+## Usage
+~~~
+fly version upgrade [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for upgrade
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly version](/docs/flyctl/version/)	 - Show version information for the flyctl command
+
diff --git a/flyctl/cmd/fly_volumes.md b/flyctl/cmd/fly_volumes.md
new file mode 100644
index 0000000000..c384d2edeb
--- /dev/null
+++ b/flyctl/cmd/fly_volumes.md
@@ -0,0 +1,35 @@
+Manage Fly Volumes. Volumes are persistent storage for Fly Machines. Learn how how volumes work: https://fly.io/docs/volumes/overview/.
+
+## Usage
+~~~
+fly volumes [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/volumes-create/)	 - Create a new volume for an app.
+* [destroy](/docs/flyctl/volumes-destroy/)	 - Destroy one or more volumes.
+* [extend](/docs/flyctl/volumes-extend/)	 - Extend a volume to the specified size.
+* [fork](/docs/flyctl/volumes-fork/)	 - Fork the specified volume.
+* [list](/docs/flyctl/volumes-list/)	 - List the volumes associated with an app.
+* [show](/docs/flyctl/volumes-show/)	 - Show the details of the specified volume.
+* [snapshots](/docs/flyctl/volumes-snapshots/)	 - Manage volume snapshots.
+* [update](/docs/flyctl/volumes-update/)	 - Update a volume for an app.
+
+## Options
+
+~~~
+  -h, --help   help for volumes
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_volumes_create.md b/flyctl/cmd/fly_volumes_create.md
new file mode 100644
index 0000000000..8518da81cc
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_create.md
@@ -0,0 +1,45 @@
+Create a new volume for an app. Volumes are persistent storage for Fly Machines. Learn how to add a volume to your app: https://fly.io/docs/launch/volume-storage/.
+
+## Usage
+~~~
+fly volumes create <volume name> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+  -c, --config string               Path to application configuration file
+  -n, --count int                   The number of volumes to create (default 1)
+  -h, --help                        help for create
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+  -j, --json                        JSON output
+      --no-encryption               Do not encrypt the volume contents. Volume contents are encrypted by default.
+  -r, --region string               The target region (see 'flyctl platform regions')
+      --require-unique-zone         Place the volume in a separate hardware zone from existing volumes to help ensure availability (default true)
+      --scheduled-snapshots         Enable scheduled automatic snapshots (default true)
+  -s, --size int                    The size of volume in gigabytes (default 1)
+      --snapshot-id string          Create the volume from the specified snapshot
+      --snapshot-retention int      Snapshot retention in days (default 5)
+      --unique-zone-app-wide        Checks all volumes in app for unique zone handling, instead of only volumes with the same name (which is the default)
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+  -y, --yes                         Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_destroy.md b/flyctl/cmd/fly_volumes_destroy.md
new file mode 100644
index 0000000000..8926b15ce4
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_destroy.md
@@ -0,0 +1,28 @@
+Destroy one or more volumes. When you destroy a volume, you permanently delete all its data.
+
+## Usage
+~~~
+fly volumes destroy <volume id> ... [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for destroy
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_extend.md b/flyctl/cmd/fly_volumes_extend.md
new file mode 100644
index 0000000000..6e14230d1f
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_extend.md
@@ -0,0 +1,30 @@
+Extend a volume to the specified size. Most Machines don't require a restart after extending a volume. Some older Machines get a message to manually restart the Machine to increase the size of the file system.
+
+## Usage
+~~~
+fly volumes extend <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for extend
+  -j, --json            JSON output
+  -s, --size string     Target volume size in gigabytes
+  -y, --yes             Accept all confirmations
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_fork.md b/flyctl/cmd/fly_volumes_fork.md
new file mode 100644
index 0000000000..7fb4f2c236
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_fork.md
@@ -0,0 +1,39 @@
+Fork the specified volume. Volume forking creates an independent copy of a storage volume for backup, testing, and experimentation without altering the original data.
+
+## Usage
+~~~
+fly volumes fork <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string                  Application name
+  -c, --config string               Path to application configuration file
+  -h, --help                        help for fork
+      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
+  -j, --json                        JSON output
+  -n, --name string                 The name of the new volume
+  -r, --region string               The target region. By default, the new volume will be created in the source volume's region.
+      --require-unique-zone         Place the volume in a separate hardware zone from existing volumes. This is the default. (default true)
+      --unique-zone-app-wide        Checks all volumes in app for unique zone handling, instead of only volumes with the same name (which is the default)
+      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+      --vm-cpus int                 Number of CPUs
+      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s, a10, none)
+      --vm-gpus int                 Number of GPUs. Must also choose the GPU model with --vm-gpu-kind flag
+      --vm-memory string            Memory (in megabytes) to attribute to the VM
+      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_list.md b/flyctl/cmd/fly_volumes_list.md
new file mode 100644
index 0000000000..3dc1d3d04a
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_list.md
@@ -0,0 +1,29 @@
+List the volumes associated with an app.
+
+## Usage
+~~~
+fly volumes list [flags]
+~~~
+
+## Options
+
+~~~
+      --all             Show all volumes including those in destroyed states
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for list
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_show.md b/flyctl/cmd/fly_volumes_show.md
new file mode 100644
index 0000000000..6663b1d84a
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_show.md
@@ -0,0 +1,28 @@
+Show the details of the specified volume.
+
+## Usage
+~~~
+fly volumes show <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string      Application name
+  -c, --config string   Path to application configuration file
+  -h, --help            help for show
+  -j, --json            JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_snapshots.md b/flyctl/cmd/fly_volumes_snapshots.md
new file mode 100644
index 0000000000..e0b2223103
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_snapshots.md
@@ -0,0 +1,29 @@
+Manage volume snapshots. A snapshot is a point-in-time copy of a volume. Snapshots can be used to create new volumes or restore a volume to a previous state.
+
+## Usage
+~~~
+fly volumes snapshots [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/volumes-snapshots-create/)	 - Create a volume snapshot.
+* [list](/docs/flyctl/volumes-snapshots-list/)	 - List snapshots.
+
+## Options
+
+~~~
+  -h, --help   help for snapshots
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_volumes_snapshots_create.md b/flyctl/cmd/fly_volumes_snapshots_create.md
new file mode 100644
index 0000000000..a85f79154a
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_snapshots_create.md
@@ -0,0 +1,27 @@
+Snapshot a volume
+
+
+## Usage
+~~~
+fly volumes snapshots create <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for create
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes snapshots](/docs/flyctl/volumes-snapshots/)	 - Manage volume snapshots.
+
diff --git a/flyctl/cmd/fly_volumes_snapshots_list.md b/flyctl/cmd/fly_volumes_snapshots_list.md
new file mode 100644
index 0000000000..d8a208438a
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_snapshots_list.md
@@ -0,0 +1,26 @@
+List snapshots associated with the specified volume.
+
+## Usage
+~~~
+fly volumes snapshots list <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes snapshots](/docs/flyctl/volumes-snapshots/)	 - Manage volume snapshots.
+
diff --git a/flyctl/cmd/fly_volumes_update.md b/flyctl/cmd/fly_volumes_update.md
new file mode 100644
index 0000000000..b51ae14022
--- /dev/null
+++ b/flyctl/cmd/fly_volumes_update.md
@@ -0,0 +1,31 @@
+Update a volume for an app. Volumes are persistent storage for
+		Fly Machines.
+
+## Usage
+~~~
+fly volumes update <volume id> [flags]
+~~~
+
+## Options
+
+~~~
+  -a, --app string               Application name
+  -c, --config string            Path to application configuration file
+  -h, --help                     help for update
+  -j, --json                     JSON output
+      --scheduled-snapshots      Activate/deactivate scheduled automatic snapshots
+      --snapshot-retention int   Snapshot retention in days
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
+
diff --git a/flyctl/cmd/fly_wireguard.md b/flyctl/cmd/fly_wireguard.md
new file mode 100644
index 0000000000..0f7eedab87
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard.md
@@ -0,0 +1,33 @@
+Commands that manage WireGuard peer connections
+
+## Usage
+~~~
+fly wireguard [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/wireguard-create/)	 - Add a WireGuard peer connection
+* [list](/docs/flyctl/wireguard-list/)	 - List all WireGuard peer connections
+* [remove](/docs/flyctl/wireguard-remove/)	 - Remove a WireGuard peer connection
+* [reset](/docs/flyctl/wireguard-reset/)	 - Reset WireGuard peer connection for an organization
+* [token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+* [websockets](/docs/flyctl/wireguard-websockets/)	 - Enable or disable WireGuard tunneling over WebSockets
+
+## Options
+
+~~~
+  -h, --help   help for wireguard
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly](/docs/flyctl/help/)	 - The Fly.io command line interface
+
diff --git a/flyctl/cmd/fly_wireguard_create.md b/flyctl/cmd/fly_wireguard_create.md
new file mode 100644
index 0000000000..6ac78f35f4
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_create.md
@@ -0,0 +1,26 @@
+Add a WireGuard peer connection to an organization
+
+## Usage
+~~~
+fly wireguard create [org] [region] [name] [file] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help             help for create
+      --network string   Custom network name
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/fly_wireguard_list.md b/flyctl/cmd/fly_wireguard_list.md
new file mode 100644
index 0000000000..8271ac42d6
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_list.md
@@ -0,0 +1,26 @@
+List all WireGuard peer connections
+
+## Usage
+~~~
+fly wireguard list [org] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/fly_wireguard_remove.md b/flyctl/cmd/fly_wireguard_remove.md
new file mode 100644
index 0000000000..6377441555
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_remove.md
@@ -0,0 +1,25 @@
+Remove a WireGuard peer connection from an organization
+
+## Usage
+~~~
+fly wireguard remove [org] [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for remove
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/fly_wireguard_reset.md b/flyctl/cmd/fly_wireguard_reset.md
new file mode 100644
index 0000000000..baa3d1b06e
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_reset.md
@@ -0,0 +1,25 @@
+Reset WireGuard peer connection for an organization
+
+## Usage
+~~~
+fly wireguard reset [org] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for reset
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/fly_wireguard_token.md b/flyctl/cmd/fly_wireguard_token.md
new file mode 100644
index 0000000000..197d7589fb
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token.md
@@ -0,0 +1,32 @@
+Commands that managed WireGuard delegated access tokens
+
+## Usage
+~~~
+fly wireguard token [command] [flags]
+~~~
+
+## Available Commands
+* [create](/docs/flyctl/wireguard-token-create/)	 - Create a new WireGuard token
+* [delete](/docs/flyctl/wireguard-token-delete/)	 - Delete a WireGuard token; token is name:<name> or token:<token>
+* [list](/docs/flyctl/wireguard-token-list/)	 - List all WireGuard tokens
+* [start](/docs/flyctl/wireguard-token-start/)	 - Start a new WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
+* [update](/docs/flyctl/wireguard-token-update/)	 - Rekey a WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
+
+## Options
+
+~~~
+  -h, --help   help for token
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/fly_wireguard_token_create.md b/flyctl/cmd/fly_wireguard_token_create.md
new file mode 100644
index 0000000000..dce2739d1f
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token_create.md
@@ -0,0 +1,25 @@
+Create a new WireGuard token
+
+## Usage
+~~~
+fly wireguard token create [org] [name] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for create
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+
diff --git a/flyctl/cmd/fly_wireguard_token_delete.md b/flyctl/cmd/fly_wireguard_token_delete.md
new file mode 100644
index 0000000000..efe2dad03e
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token_delete.md
@@ -0,0 +1,25 @@
+Delete a WireGuard token; token is name:<name> or token:<token>
+
+## Usage
+~~~
+fly wireguard token delete [org] [token] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for delete
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+
diff --git a/flyctl/cmd/fly_wireguard_token_list.md b/flyctl/cmd/fly_wireguard_token_list.md
new file mode 100644
index 0000000000..9a89218192
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token_list.md
@@ -0,0 +1,26 @@
+List all WireGuard tokens
+
+## Usage
+~~~
+fly wireguard token list [org] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for list
+  -j, --json   JSON output
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+
diff --git a/flyctl/cmd/fly_wireguard_token_start.md b/flyctl/cmd/fly_wireguard_token_start.md
new file mode 100644
index 0000000000..de82cbd941
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token_start.md
@@ -0,0 +1,25 @@
+Start a new WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
+
+## Usage
+~~~
+fly wireguard token start [name] [group] [region] [file] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for start
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+
diff --git a/flyctl/cmd/fly_wireguard_token_update.md b/flyctl/cmd/fly_wireguard_token_update.md
new file mode 100644
index 0000000000..61d9d9dcc3
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_token_update.md
@@ -0,0 +1,25 @@
+Rekey a WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
+
+## Usage
+~~~
+fly wireguard token update [name] [file] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for update
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
+
diff --git a/flyctl/cmd/fly_wireguard_websockets.md b/flyctl/cmd/fly_wireguard_websockets.md
new file mode 100644
index 0000000000..031419c914
--- /dev/null
+++ b/flyctl/cmd/fly_wireguard_websockets.md
@@ -0,0 +1,25 @@
+Enable or disable WireGuard tunneling over WebSockets
+
+## Usage
+~~~
+fly wireguard websockets [enable|disable] [flags]
+~~~
+
+## Options
+
+~~~
+  -h, --help   help for websockets
+~~~
+
+## Global Options
+
+~~~
+  -t, --access-token string   Fly API Access Token
+      --debug                 Print additional logs and traces
+      --verbose               Verbose output
+~~~
+
+## See Also
+
+* [fly wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
+
diff --git a/flyctl/cmd/flyctl.md b/flyctl/cmd/flyctl.md
deleted file mode 100644
index 55b50bb0fa..0000000000
--- a/flyctl/cmd/flyctl.md
+++ /dev/null
@@ -1,62 +0,0 @@
-This is flyctl, the Fly.io command line interface.
-
-## Usage
-~~~
-flyctl [flags]
-~~~
-
-## Available Commands
-* [agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-* [apps](/docs/flyctl/apps/)	 - Manage apps
-* [auth](/docs/flyctl/auth/)	 - Manage authentication
-* [certs](/docs/flyctl/certs/)	 - Manage certificates
-* [checks](/docs/flyctl/checks/)	 - Manage health checks
-* [config](/docs/flyctl/config/)	 - Manage an app's configuration
-* [console](/docs/flyctl/console/)	 - Run a console in a new or existing machine
-* [consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
-* [dashboard](/docs/flyctl/dashboard/)	 - Open web browser on Fly Web UI for this app
-* [deploy](/docs/flyctl/deploy/)	 - Deploy Fly applications
-* [dig](/docs/flyctl/dig/)	 - Make DNS requests against Fly.io's internal DNS server
-* [docs](/docs/flyctl/docs/)	 - View Fly documentation
-* [doctor](/docs/flyctl/doctor/)	 - The DOCTOR command allows you to debug your Fly environment
-* [extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
-* [image](/docs/flyctl/image/)	 - Manage app image
-* [ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-* [jobs](/docs/flyctl/jobs/)	 - Show jobs at Fly.io
-* [launch](/docs/flyctl/launch/)	 - Create and configure a new app from source code or a Docker image
-* [litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-* [logs](/docs/flyctl/logs/)	 - View app logs
-* [machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-* [orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-* [ping](/docs/flyctl/ping/)	 - Test connectivity with ICMP ping messages
-* [planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-* [platform](/docs/flyctl/platform/)	 - Fly platform information
-* [postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-* [proxy](/docs/flyctl/proxy/)	 - Proxies connections to a Fly Machine.
-* [redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-* [releases](/docs/flyctl/releases/)	 - List app releases
-* [scale](/docs/flyctl/scale/)	 - Scale app resources
-* [secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-* [services](/docs/flyctl/services/)	 - Show the application's services
-* [settings](/docs/flyctl/settings/)	 - Manage flyctl settings
-* [sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
-* [ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
-* [status](/docs/flyctl/status/)	 - Show app status
-* [tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-* [turboku](/docs/flyctl/turboku/)	 - Launch a Heroku app on Fly.io
-* [version](/docs/flyctl/version/)	 - Show version information for the flyctl command
-* [volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-* [wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
-## Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-  -h, --help                  help for flyctl
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-
diff --git a/flyctl/cmd/flyctl_agent.md b/flyctl/cmd/flyctl_agent.md
deleted file mode 100644
index 90b24c9b4d..0000000000
--- a/flyctl/cmd/flyctl_agent.md
+++ /dev/null
@@ -1,35 +0,0 @@
-The Fly agent is a background process that manages wireguard connections started by flyctl.
-Commands such as 'fly ssh' and 'fly proxy' use this agent.
-Generally, the agent starts and stops automatically. These commands are useful for debugging.
-
-
-## Usage
-~~~
-flyctl agent [command] [flags]
-~~~
-
-## Available Commands
-* [ping](/docs/flyctl/agent-ping/)	 - Ping the Fly agent
-* [restart](/docs/flyctl/agent-restart/)	 - Restart the Fly agent
-* [run](/docs/flyctl/agent-run/)	 - Run the Fly agent in the foreground
-* [start](/docs/flyctl/agent-start/)	 - Start the Fly agent
-* [stop](/docs/flyctl/agent-stop/)	 - Stop the Fly agent
-
-## Options
-
-~~~
-  -h, --help   help for agent
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_agent_ping.md b/flyctl/cmd/flyctl_agent_ping.md
deleted file mode 100644
index 1a99f1b6f7..0000000000
--- a/flyctl/cmd/flyctl_agent_ping.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Ping the Fly agent
-
-
-## Usage
-~~~
-flyctl agent ping [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for ping
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-
diff --git a/flyctl/cmd/flyctl_agent_restart.md b/flyctl/cmd/flyctl_agent_restart.md
deleted file mode 100644
index b0ee26889e..0000000000
--- a/flyctl/cmd/flyctl_agent_restart.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Restart the Fly agent
-
-
-## Usage
-~~~
-flyctl agent restart [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for restart
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-
diff --git a/flyctl/cmd/flyctl_agent_run.md b/flyctl/cmd/flyctl_agent_run.md
deleted file mode 100644
index aef7ffc30f..0000000000
--- a/flyctl/cmd/flyctl_agent_run.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Run the Fly agent in the foreground
-
-
-## Usage
-~~~
-flyctl agent run [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for run
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-
diff --git a/flyctl/cmd/flyctl_agent_start.md b/flyctl/cmd/flyctl_agent_start.md
deleted file mode 100644
index 8ae74cac3a..0000000000
--- a/flyctl/cmd/flyctl_agent_start.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Start the Fly agent
-
-
-## Usage
-~~~
-flyctl agent start [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for start
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-
diff --git a/flyctl/cmd/flyctl_agent_stop.md b/flyctl/cmd/flyctl_agent_stop.md
deleted file mode 100644
index 284f3c0a11..0000000000
--- a/flyctl/cmd/flyctl_agent_stop.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Stop the Fly agent
-
-
-## Usage
-~~~
-flyctl agent stop [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for stop
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl agent](/docs/flyctl/agent/)	 - Commands that manage the Fly agent, a background process that manages flyctl wireguard connections
-
diff --git a/flyctl/cmd/flyctl_apps.md b/flyctl/cmd/flyctl_apps.md
deleted file mode 100644
index 8582613d86..0000000000
--- a/flyctl/cmd/flyctl_apps.md
+++ /dev/null
@@ -1,38 +0,0 @@
-The APPS commands focus on managing your Fly applications.
-Start with the CREATE command to register your application.
-The LIST command will list all currently registered applications.
-
-
-## Usage
-~~~
-flyctl apps [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/apps-create/)	 - Create a new application
-* [destroy](/docs/flyctl/apps-destroy/)	 - Permanently destroys an app
-* [errors](/docs/flyctl/apps-errors/)	 - View application errors on Sentry.io
-* [list](/docs/flyctl/apps-list/)	 - List applications
-* [move](/docs/flyctl/apps-move/)	 - Move an app to another organization
-* [open](/docs/flyctl/apps-open/)	 - Open browser to current deployed application
-* [releases](/docs/flyctl/apps-releases/)	 - List app releases
-* [restart](/docs/flyctl/apps-restart/)	 - Restart an application
-
-## Options
-
-~~~
-  -h, --help   help for apps
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_apps_create.md b/flyctl/cmd/flyctl_apps_create.md
deleted file mode 100644
index 8ae96d3201..0000000000
--- a/flyctl/cmd/flyctl_apps_create.md
+++ /dev/null
@@ -1,32 +0,0 @@
-The APPS CREATE command will register a new application
-with the Fly platform. It will not generate a configuration file, but one
-may be fetched with 'fly config save -a <app_name>'
-
-## Usage
-~~~
-flyctl apps create [APPNAME] [flags]
-~~~
-
-## Options
-
-~~~
-      --generate-name    Generate an app name
-  -h, --help             help for create
-  -j, --json             JSON output
-      --name string      The app name to use
-      --network string   Specify custom network id
-  -o, --org string       The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_destroy.md b/flyctl/cmd/flyctl_apps_destroy.md
deleted file mode 100644
index 4a4ff6e7c9..0000000000
--- a/flyctl/cmd/flyctl_apps_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-The APPS DESTROY command will remove an application
-from the Fly platform.
-
-
-## Usage
-~~~
-flyctl apps destroy <APPNAME> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for destroy
-  -y, --yes    Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_errors.md b/flyctl/cmd/flyctl_apps_errors.md
deleted file mode 100644
index 5e80a51a90..0000000000
--- a/flyctl/cmd/flyctl_apps_errors.md
+++ /dev/null
@@ -1,27 +0,0 @@
-View application errors on Sentry.io
-
-## Usage
-~~~
-flyctl apps errors [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for errors
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_list.md b/flyctl/cmd/flyctl_apps_list.md
deleted file mode 100644
index aede4bcda2..0000000000
--- a/flyctl/cmd/flyctl_apps_list.md
+++ /dev/null
@@ -1,31 +0,0 @@
-The APPS LIST command will show the applications currently
-registered and available to this user. The list will include applications
-from all the organizations the user is a member of. Each application will
-be shown with its name, owner and when it was last deployed.
-
-
-## Usage
-~~~
-flyctl apps list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -j, --json         JSON output
-  -o, --org string   The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_move.md b/flyctl/cmd/flyctl_apps_move.md
deleted file mode 100644
index 967bb096e5..0000000000
--- a/flyctl/cmd/flyctl_apps_move.md
+++ /dev/null
@@ -1,30 +0,0 @@
-The APPS MOVE command will move an application to another
-organization the current user belongs to.
-
-
-## Usage
-~~~
-flyctl apps move <APPNAME> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help                 help for move
-  -o, --org string           The target Fly.io organization
-      --skip-health-checks   Update machines without waiting for health checks. (Machines only)
-  -y, --yes                  Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_open.md b/flyctl/cmd/flyctl_apps_open.md
deleted file mode 100644
index 27afe0299c..0000000000
--- a/flyctl/cmd/flyctl_apps_open.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Open browser to current deployed application. If an optional relative URI is specified, it is appended
-to the root URL of the deployed application.
-
-
-## Usage
-~~~
-flyctl apps open [RELATIVE_URI] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for open
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_releases.md b/flyctl/cmd/flyctl_apps_releases.md
deleted file mode 100644
index a631893606..0000000000
--- a/flyctl/cmd/flyctl_apps_releases.md
+++ /dev/null
@@ -1,31 +0,0 @@
-List all the releases of the application onto the Fly platform,
-including type, when, success/fail and which user triggered the release.
-
-
-## Usage
-~~~
-flyctl apps releases [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for releases
-      --image           Display the Docker image reference of the release
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_apps_restart.md b/flyctl/cmd/flyctl_apps_restart.md
deleted file mode 100644
index 19a5d2625b..0000000000
--- a/flyctl/cmd/flyctl_apps_restart.md
+++ /dev/null
@@ -1,27 +0,0 @@
-The APPS RESTART command will perform a rolling restart against all running VMs
-
-## Usage
-~~~
-flyctl apps restart [APPNAME] [flags]
-~~~
-
-## Options
-
-~~~
-      --force-stop           Performs a force stop against the target Machine. ( Machines only )
-  -h, --help                 help for restart
-      --skip-health-checks   Restarts app without waiting for health checks. ( Machines only )
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl apps](/docs/flyctl/apps/)	 - Manage apps
-
diff --git a/flyctl/cmd/flyctl_auth.md b/flyctl/cmd/flyctl_auth.md
deleted file mode 100644
index d7afb17f7a..0000000000
--- a/flyctl/cmd/flyctl_auth.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Authenticate with Fly (and logout if you need to).
-If you do not have an account, start with the AUTH SIGNUP command.
-If you do have an account, begin with the AUTH LOGIN subcommand.
-
-
-## Usage
-~~~
-flyctl auth [command] [flags]
-~~~
-
-## Available Commands
-* [docker](/docs/flyctl/auth-docker/)	 - Authenticate docker
-* [login](/docs/flyctl/auth-login/)	 - Log in a user
-* [logout](/docs/flyctl/auth-logout/)	 - Logs out the currently logged in user
-* [signup](/docs/flyctl/auth-signup/)	 - Create a new fly account
-* [token](/docs/flyctl/auth-token/)	 - Show the current auth token
-* [whoami](/docs/flyctl/auth-whoami/)	 - Displays the users email address/service identity currently
-authenticated and in use.
-
-
-## Options
-
-~~~
-  -h, --help   help for auth
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_auth_docker.md b/flyctl/cmd/flyctl_auth_docker.md
deleted file mode 100644
index 795c8ad045..0000000000
--- a/flyctl/cmd/flyctl_auth_docker.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Adds registry.fly.io to the docker daemon's authenticated
-registries. This allows you to push images directly to fly from
-the docker cli.
-
-
-## Usage
-~~~
-flyctl auth docker [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for docker
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_auth_login.md b/flyctl/cmd/flyctl_auth_login.md
deleted file mode 100644
index 1adf8b7273..0000000000
--- a/flyctl/cmd/flyctl_auth_login.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Logs a user into the Fly platform. Supports browser-based,
-email/password and one-time-password authentication. Defaults to using
-browser-based authentication.
-
-
-## Usage
-~~~
-flyctl auth login [flags]
-~~~
-
-## Options
-
-~~~
-      --email string      Login email
-  -h, --help              help for login
-  -i, --interactive       Log in with an email and password interactively
-      --otp string        One time password
-      --password string   Login password
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_auth_logout.md b/flyctl/cmd/flyctl_auth_logout.md
deleted file mode 100644
index 4e7fa2dcff..0000000000
--- a/flyctl/cmd/flyctl_auth_logout.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Log the currently logged-in user out of the Fly platform.
-To continue interacting with Fly, the user will need to log in again.
-
-
-## Usage
-~~~
-flyctl auth logout [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for logout
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_auth_signup.md b/flyctl/cmd/flyctl_auth_signup.md
deleted file mode 100644
index f14327d5c7..0000000000
--- a/flyctl/cmd/flyctl_auth_signup.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Creates a new fly account. The command opens the browser
-and sends the user to a form to provide appropriate credentials.
-
-
-## Usage
-~~~
-flyctl auth signup [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for signup
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_auth_token.md b/flyctl/cmd/flyctl_auth_token.md
deleted file mode 100644
index 8264c021dc..0000000000
--- a/flyctl/cmd/flyctl_auth_token.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Shows the authentication token that is currently in use.
-This can be used as an authentication token with API services,
-independent of flyctl.
-
-
-## Usage
-~~~
-flyctl auth token [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for token
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_auth_whoami.md b/flyctl/cmd/flyctl_auth_whoami.md
deleted file mode 100644
index ac6cb3f3dc..0000000000
--- a/flyctl/cmd/flyctl_auth_whoami.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Show the currently authenticated user
-
-## Usage
-~~~
-flyctl auth whoami [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for whoami
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl auth](/docs/flyctl/auth/)	 - Manage authentication
-
diff --git a/flyctl/cmd/flyctl_certs.md b/flyctl/cmd/flyctl_certs.md
deleted file mode 100644
index 5b51188283..0000000000
--- a/flyctl/cmd/flyctl_certs.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Manages the certificates associated with a deployed application.
-Certificates are created by associating a hostname/domain with the application.
-When Fly is then able to validate that hostname/domain, the platform gets
-certificates issued for the hostname/domain by Let's Encrypt.
-
-## Usage
-~~~
-flyctl certs [command] [flags]
-~~~
-
-## Available Commands
-* [add](/docs/flyctl/certs-add/)	 - Add a certificate for an app.
-* [check](/docs/flyctl/certs-check/)	 - Checks DNS configuration
-* [list](/docs/flyctl/certs-list/)	 - List certificates for an app.
-* [remove](/docs/flyctl/certs-remove/)	 - Removes a certificate from an app
-* [show](/docs/flyctl/certs-show/)	 - Shows certificate information
-
-## Options
-
-~~~
-  -h, --help   help for certs
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_certs_add.md b/flyctl/cmd/flyctl_certs_add.md
deleted file mode 100644
index 07d52d2774..0000000000
--- a/flyctl/cmd/flyctl_certs_add.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Add a certificate for an application. Takes a hostname
-as a parameter for the certificate.
-
-## Usage
-~~~
-flyctl certs add <hostname> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for add
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl certs](/docs/flyctl/certs/)	 - Manage certificates
-
diff --git a/flyctl/cmd/flyctl_certs_check.md b/flyctl/cmd/flyctl_certs_check.md
deleted file mode 100644
index 405a1a383d..0000000000
--- a/flyctl/cmd/flyctl_certs_check.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Checks the DNS configuration for the specified hostname.
-Displays results in the same format as the SHOW command.
-
-## Usage
-~~~
-flyctl certs check <hostname> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for check
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl certs](/docs/flyctl/certs/)	 - Manage certificates
-
diff --git a/flyctl/cmd/flyctl_certs_list.md b/flyctl/cmd/flyctl_certs_list.md
deleted file mode 100644
index b395e4f990..0000000000
--- a/flyctl/cmd/flyctl_certs_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-List the certificates associated with a deployed application.
-
-## Usage
-~~~
-flyctl certs list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl certs](/docs/flyctl/certs/)	 - Manage certificates
-
diff --git a/flyctl/cmd/flyctl_certs_remove.md b/flyctl/cmd/flyctl_certs_remove.md
deleted file mode 100644
index df5d893bf3..0000000000
--- a/flyctl/cmd/flyctl_certs_remove.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Removes a certificate from an application. Takes hostname
-as a parameter to locate the certificate.
-
-## Usage
-~~~
-flyctl certs remove <hostname> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for remove
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl certs](/docs/flyctl/certs/)	 - Manage certificates
-
diff --git a/flyctl/cmd/flyctl_certs_show.md b/flyctl/cmd/flyctl_certs_show.md
deleted file mode 100644
index f6617c8bb1..0000000000
--- a/flyctl/cmd/flyctl_certs_show.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Shows certificate information for an application.
-Takes hostname as a parameter to locate the certificate.
-
-## Usage
-~~~
-flyctl certs show <hostname> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl certs](/docs/flyctl/certs/)	 - Manage certificates
-
diff --git a/flyctl/cmd/flyctl_checks.md b/flyctl/cmd/flyctl_checks.md
deleted file mode 100644
index cd80ce204f..0000000000
--- a/flyctl/cmd/flyctl_checks.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Manage health checks
-
-## Usage
-~~~
-flyctl checks [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/checks-list/)	 - List health checks
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for checks
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_checks_list.md b/flyctl/cmd/flyctl_checks_list.md
deleted file mode 100644
index 1df976ece5..0000000000
--- a/flyctl/cmd/flyctl_checks_list.md
+++ /dev/null
@@ -1,29 +0,0 @@
-List health checks
-
-## Usage
-~~~
-flyctl checks list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string          Application name
-      --check-name string   Filter checks by name
-  -c, --config string       Path to application configuration file
-  -h, --help                help for list
-  -j, --json                JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl checks](/docs/flyctl/checks/)	 - Manage health checks
-
diff --git a/flyctl/cmd/flyctl_config.md b/flyctl/cmd/flyctl_config.md
deleted file mode 100644
index ded1d14a41..0000000000
--- a/flyctl/cmd/flyctl_config.md
+++ /dev/null
@@ -1,31 +0,0 @@
-The CONFIG commands allow you to work with an application's configuration.
-
-## Usage
-~~~
-flyctl config [command] [flags]
-~~~
-
-## Available Commands
-* [env](/docs/flyctl/config-env/)	 - Display an app's runtime environment variables
-* [save](/docs/flyctl/config-save/)	 - Save an app's config file
-* [show](/docs/flyctl/config-show/)	 - Show an app's configuration
-* [validate](/docs/flyctl/config-validate/)	 - Validate an app's config file
-
-## Options
-
-~~~
-  -h, --help   help for config
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_config_env.md b/flyctl/cmd/flyctl_config_env.md
deleted file mode 100644
index f5684e314e..0000000000
--- a/flyctl/cmd/flyctl_config_env.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Display an app's runtime environment variables. It displays a section for
-secrets and another for config file defined environment variables.
-
-## Usage
-~~~
-flyctl config env [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for env
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl config](/docs/flyctl/config/)	 - Manage an app's configuration
-
diff --git a/flyctl/cmd/flyctl_config_save.md b/flyctl/cmd/flyctl_config_save.md
deleted file mode 100644
index 531ab4a1b4..0000000000
--- a/flyctl/cmd/flyctl_config_save.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Save an application's configuration locally. The configuration data is
-retrieved from the Fly service and saved in TOML format.
-
-## Usage
-~~~
-flyctl config save [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for save
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl config](/docs/flyctl/config/)	 - Manage an app's configuration
-
diff --git a/flyctl/cmd/flyctl_config_show.md b/flyctl/cmd/flyctl_config_show.md
deleted file mode 100644
index 3b2ed3c85d..0000000000
--- a/flyctl/cmd/flyctl_config_show.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show an application's configuration. The configuration is presented
-in JSON format. The configuration data is retrieved from the Fly service.
-
-## Usage
-~~~
-flyctl config show [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-      --local           Parse and show local fly.toml as JSON
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl config](/docs/flyctl/config/)	 - Manage an app's configuration
-
diff --git a/flyctl/cmd/flyctl_config_validate.md b/flyctl/cmd/flyctl_config_validate.md
deleted file mode 100644
index b017aafb30..0000000000
--- a/flyctl/cmd/flyctl_config_validate.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Validates an application's config file against the Fly platform to
-ensure it is correct and meaningful to the platform.
-
-## Usage
-~~~
-flyctl config validate [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for validate
-      --machines        Forces apps v2 config validation
-      --nomad           Forces apps v1 config validation
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl config](/docs/flyctl/config/)	 - Manage an app's configuration
-
diff --git a/flyctl/cmd/flyctl_console.md b/flyctl/cmd/flyctl_console.md
deleted file mode 100644
index 74e4cad3c2..0000000000
--- a/flyctl/cmd/flyctl_console.md
+++ /dev/null
@@ -1,48 +0,0 @@
-Run a console in a new or existing machine. The console command is
-specified by the `console_command` configuration field. By default, a
-new machine is created by default using the app's most recently deployed
-image. An existing machine can be used instead with --machine.
-
-## Usage
-~~~
-flyctl console [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-  -C, --command string              command to run on SSH session
-  -c, --config string               Path to application configuration file
-      --dockerfile string           Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-      --entrypoint string           ENTRYPOINT replacement
-  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-  -h, --help                        help for console
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-  -i, --image string                image to use (default: current release)
-      --machine string              Run the console in the existing machine with the specified ID
-  -p, --port strings                Publish ports, format: port[:machinePort][/protocol[:handler[:handler...]]])
-                                    		i.e.: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
-                                    		To remove a port mapping use '-' as handler, i.e.: --port 80/tcp:-
-  -r, --region string               The target region (see 'flyctl platform regions')
-  -s, --select                      Select the machine on which to execute the console from a list
-  -u, --user string                 Unix username to connect as (default "root")
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_consul.md b/flyctl/cmd/flyctl_consul.md
deleted file mode 100644
index 2ac3a960a3..0000000000
--- a/flyctl/cmd/flyctl_consul.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Enable and manage Consul clusters
-
-## Usage
-~~~
-flyctl consul [command] [flags]
-~~~
-
-## Available Commands
-* [attach](/docs/flyctl/consul-attach/)	 - Attach Consul cluster to an app
-* [detach](/docs/flyctl/consul-detach/)	 - Detach Consul cluster from an app
-
-## Options
-
-~~~
-  -h, --help   help for consul
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_consul_attach.md b/flyctl/cmd/flyctl_consul_attach.md
deleted file mode 100644
index 5e4d27213f..0000000000
--- a/flyctl/cmd/flyctl_consul_attach.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Attach Consul cluster to an app, and setting the FLY_CONSUL_URL secret
-
-## Usage
-~~~
-flyctl consul attach [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string             Application name
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for attach
-      --variable-name string   The environment variable name that will be added to the consuming app. (default "FLY_CONSUL_URL")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
-
diff --git a/flyctl/cmd/flyctl_consul_detach.md b/flyctl/cmd/flyctl_consul_detach.md
deleted file mode 100644
index 75140b40e6..0000000000
--- a/flyctl/cmd/flyctl_consul_detach.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Detach Consul cluster from an app, and unsetting the FLY_CONSUL_URL secret
-
-## Usage
-~~~
-flyctl consul detach [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string             Application name
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for detach
-      --variable-name string   The secret name that will be removed from the app. (default "FLY_CONSUL_URL")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl consul](/docs/flyctl/consul/)	 - Enable and manage Consul clusters
-
diff --git a/flyctl/cmd/flyctl_dashboard.md b/flyctl/cmd/flyctl_dashboard.md
deleted file mode 100644
index eb56be0826..0000000000
--- a/flyctl/cmd/flyctl_dashboard.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Open web browser on Fly Web UI for this application
-
-## Usage
-~~~
-flyctl dashboard [flags]
-~~~
-
-## Available Commands
-* [metrics](/docs/flyctl/dashboard-metrics/)	 - Open web browser on Fly Web UI for this app's metrics
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_dashboard_metrics.md b/flyctl/cmd/flyctl_dashboard_metrics.md
deleted file mode 100644
index f87baf4094..0000000000
--- a/flyctl/cmd/flyctl_dashboard_metrics.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Open web browser on Fly Web UI for this application's metrics
-
-## Usage
-~~~
-flyctl dashboard metrics [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for metrics
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl dashboard](/docs/flyctl/dashboard/)	 - Open web browser on Fly Web UI for this app
-
diff --git a/flyctl/cmd/flyctl_deploy.md b/flyctl/cmd/flyctl_deploy.md
deleted file mode 100644
index 23a9da0e9e..0000000000
--- a/flyctl/cmd/flyctl_deploy.md
+++ /dev/null
@@ -1,73 +0,0 @@
-Deploy Fly applications from source or an image using a local or remote builder.
-
-		To disable colorized output and show full Docker build output, set the environment variable NO_COLOR=1.
-	
-
-## Usage
-~~~
-flyctl deploy [WORKING_DIRECTORY] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                       Application name
-      --build-arg stringArray            Set of build time variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --build-only                       Build but do not deploy
-      --build-secret stringArray         Set of build secrets of NAME=VALUE pairs. Can be specified multiple times. See https://docs.docker.com/engine/reference/commandline/buildx_build/#secret
-      --build-target string              Set the target build stage to build if the Dockerfile has more than one stage
-  -c, --config string                    Path to application configuration file
-      --detach                           Return immediately instead of monitoring deployment progress
-      --dockerfile string                Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-  -e, --env stringArray                  Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --exclude-regions strings          Deploy to all machines except machines in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --exclude-regions iad,sea --exclude-regions syd will exclude all three iad, sea, and syd regions. Applied after --only-regions. V2 machines platform only.
-      --file-literal stringArray         Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
-      --file-local stringArray           Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray          Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
-      --ha                               Create spare machines that increases app availability (default true)
-  -h, --help                             help for deploy
-      --host-dedication-id string        The dedication id of the reserved hosts for your organization (if any)
-      --ignorefile string                Path to a Docker ignore file. Defaults to the .dockerignore file in the working directory.
-  -i, --image string                     The Docker image to deploy
-      --image-label string               Image label to use when tagging and pushing to the fly registry. Defaults to "deployment-{timestamp}".
-      --immediate-max-concurrent int     Maximum number of machines to update concurrently when using the immediate deployment strategy. (default 16)
-      --label stringArray                Add custom metadata to an image via docker labels
-      --lease-timeout string             Time duration to lease individual machines while running deployment. All machines are leased at the beginning and released at the end.The lease is refreshed periodically for this same time, which is why it is short.flyctl releases leases in most cases. (default "13s")
-      --local-only                       Perform builds locally using the local docker daemon. The default is --remote-only.
-      --max-unavailable float            Max number of unavailable machines during rolling updates. A number between 0 and 1 means percent of total machines (default 0.33)
-      --nixpacks                         Deploy using nixpacks to build the image
-      --no-cache                         Do not use the build cache when building the image
-      --no-public-ips                    Do not allocate any new public IP addresses
-      --now                              Deploy now without confirmation
-      --only-regions strings             Deploy to machines only in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --only-regions iad,sea --only-regions syd will deploy to all three iad, sea, and syd regions. Applied before --exclude-regions. V2 machines platform only.
-      --process-groups strings           Deploy to machines only in these process groups
-      --provision-extensions             Provision any extensions assigned as a default to first deployments
-      --push                             Push image to registry after build is complete
-  -r, --region string                    The target region (see 'flyctl platform regions')
-      --release-command-timeout string   Time duration to wait for a release command finish running, or 'none' to disable. (default "5m0s")
-      --remote-only                      Perform builds on a remote builder instance instead of using the local docker daemon. This is the default. Use --local-only to build locally.
-      --smoke-checks                     Perform smoke checks during deployment (default true)
-      --strategy string                  The strategy for replacing running instances. Options are canary, rolling, bluegreen, or immediate. Default is canary, or rolling when max-per-region is set.
-      --update-only                      Do not create Machines for new process groups
-      --vm-cpu-kind string               The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                      Number of CPUs
-      --vm-gpu-kind string               If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string                 Memory (in megabytes) to attribute to the VM
-      --vm-size string                   The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --volume-initial-size int          The initial size in GB for volumes created on first deploy
-      --wait-timeout string              Time duration to wait for individual machines to transition states and become healthy. (default "5m0s")
-  -y, --yes                              Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_dig.md b/flyctl/cmd/flyctl_dig.md
deleted file mode 100644
index e7254b68c4..0000000000
--- a/flyctl/cmd/flyctl_dig.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Make DNS requests against Fly.io's internal DNS server. Valid types include
-AAAA and TXT (the two types our servers answer authoritatively), AAAA-NATIVE
-and TXT-NATIVE, which resolve with Go's resolver (they're slower,
-but may be useful if diagnosing a DNS bug) and A and CNAME
-(if you're using the server to test recursive lookups.)
-Note that this resolves names against the server for the current organization. You can
-set the organization with -o <org-slug>; otherwise, the command uses the organization
-attached to the current app (you can pass an app in with -a <appname>).
-
-## Usage
-~~~
-flyctl dig [type] <name> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dig
-  -o, --org string      The target Fly.io organization
-  -s, --short           Just print the answers, not DNS record details
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_docs.md b/flyctl/cmd/flyctl_docs.md
deleted file mode 100644
index 50ae3ebb8b..0000000000
--- a/flyctl/cmd/flyctl_docs.md
+++ /dev/null
@@ -1,27 +0,0 @@
-View Fly documentation on the Fly.io website. This command will open a
-browser to view the content.
-
-
-## Usage
-~~~
-flyctl docs [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for docs
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_doctor.md b/flyctl/cmd/flyctl_doctor.md
deleted file mode 100644
index dbf71065ca..0000000000
--- a/flyctl/cmd/flyctl_doctor.md
+++ /dev/null
@@ -1,32 +0,0 @@
-The DOCTOR command allows you to debug your Fly environment
-
-
-## Usage
-~~~
-flyctl doctor [flags]
-~~~
-
-## Available Commands
-* [diag](/docs/flyctl/doctor-diag/)	 - Send diagnostic information about your applications back to Fly.io.
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for doctor
-  -j, --json            JSON output
-  -v, --verbose         Print extra diagnostic information.
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_doctor_diag.md b/flyctl/cmd/flyctl_doctor_diag.md
deleted file mode 100644
index 9c951a820a..0000000000
--- a/flyctl/cmd/flyctl_doctor_diag.md
+++ /dev/null
@@ -1,34 +0,0 @@
-Send diagnostic information about your applications back to Fly.io,
-to help diagnose problems.
-
-This command will collect some local system information and a few files
-that you'd be sending us anyways in order to deploy, notably any Dockerfiles
-you might have associated with this application.
-
-
-## Usage
-~~~
-flyctl doctor diag [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --force           Send diagnostics even if we can't find your local Fly.io app
-  -h, --help            help for diag
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl doctor](/docs/flyctl/doctor/)	 - The DOCTOR command allows you to debug your Fly environment
-
diff --git a/flyctl/cmd/flyctl_extensions.md b/flyctl/cmd/flyctl_extensions.md
deleted file mode 100644
index 1d9c49dd0f..0000000000
--- a/flyctl/cmd/flyctl_extensions.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Extensions are additional functionality that can be added to your Fly apps
-
-## Usage
-~~~
-flyctl extensions [command] [flags]
-~~~
-
-## Available Commands
-* [planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-* [sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
-* [supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-* [tigris](/docs/flyctl/extensions-tigris/)	 - Provision and manage Tigris object storage buckets
-
-## Options
-
-~~~
-  -h, --help   help for extensions
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale.md b/flyctl/cmd/flyctl_extensions_planetscale.md
deleted file mode 100644
index 232543e493..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Provision and manage PlanetScale MySQL databases
-
-
-## Usage
-~~~
-flyctl extensions planetscale [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/extensions-planetscale-create/)	 - Provision a PlanetScale MySQL database
-* [dashboard](/docs/flyctl/extensions-planetscale-dashboard/)	 - Visit the PlanetScale MySQL database dashboard
-* [destroy](/docs/flyctl/extensions-planetscale-destroy/)	 - Permanently destroy a PlanetScale MySQL database
-* [list](/docs/flyctl/extensions-planetscale-list/)	 - List your provisioned PlanetScale MySQL databases
-* [status](/docs/flyctl/extensions-planetscale-status/)	 - Show details about a PlanetScale MySQL database
-
-## Options
-
-~~~
-  -h, --help   help for planetscale
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale_create.md b/flyctl/cmd/flyctl_extensions_planetscale_create.md
deleted file mode 100644
index 66e8ac83ce..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale_create.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Provision a PlanetScale MySQL database
-
-
-## Usage
-~~~
-flyctl extensions planetscale create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for create
-  -n, --name string     The name of your database
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl platform regions')
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale_dashboard.md b/flyctl/cmd/flyctl_extensions_planetscale_dashboard.md
deleted file mode 100644
index 51748b9e24..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale_dashboard.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Visit the PlanetScale MySQL database dashboard
-
-## Usage
-~~~
-flyctl extensions planetscale dashboard [database_name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale_destroy.md b/flyctl/cmd/flyctl_extensions_planetscale_destroy.md
deleted file mode 100644
index ca8c36bc95..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Permanently destroy a PlanetScale MySQL database
-
-## Usage
-~~~
-flyctl extensions planetscale destroy [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for destroy
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale_list.md b/flyctl/cmd/flyctl_extensions_planetscale_list.md
deleted file mode 100644
index 1e48678b5d..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List your provisioned PlanetScale MySQL databases
-
-## Usage
-~~~
-flyctl extensions planetscale list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -o, --org string   The target Fly.io organization
-  -y, --yes          Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_extensions_planetscale_status.md b/flyctl/cmd/flyctl_extensions_planetscale_status.md
deleted file mode 100644
index 6bbbed9817..0000000000
--- a/flyctl/cmd/flyctl_extensions_planetscale_status.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show details about a PlanetScale MySQL database
-
-
-## Usage
-~~~
-flyctl extensions planetscale status [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for status
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions planetscale](/docs/flyctl/extensions-planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_extensions_sentry.md b/flyctl/cmd/flyctl_extensions_sentry.md
deleted file mode 100644
index 9e5131a643..0000000000
--- a/flyctl/cmd/flyctl_extensions_sentry.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Setup a Sentry project for this app
-
-
-## Usage
-~~~
-flyctl extensions sentry [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/extensions-sentry-create/)	 - Provision a Sentry project for a Fly.io app
-* [dashboard](/docs/flyctl/extensions-sentry-dashboard/)	 - View application errors in the Sentry dashboard
-
-## Options
-
-~~~
-  -h, --help   help for sentry
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
-
diff --git a/flyctl/cmd/flyctl_extensions_sentry_create.md b/flyctl/cmd/flyctl_extensions_sentry_create.md
deleted file mode 100644
index f2c76ac818..0000000000
--- a/flyctl/cmd/flyctl_extensions_sentry_create.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Provision a Sentry project for a Fly.io app
-
-
-## Usage
-~~~
-flyctl extensions sentry create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for create
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
-
diff --git a/flyctl/cmd/flyctl_extensions_sentry_dashboard.md b/flyctl/cmd/flyctl_extensions_sentry_dashboard.md
deleted file mode 100644
index 8c33df781c..0000000000
--- a/flyctl/cmd/flyctl_extensions_sentry_dashboard.md
+++ /dev/null
@@ -1,28 +0,0 @@
-View application errors in the Sentry dashboard
-
-## Usage
-~~~
-flyctl extensions sentry dashboard [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions sentry](/docs/flyctl/extensions-sentry/)	 - Setup a Sentry project for this app
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase.md b/flyctl/cmd/flyctl_extensions_supabase.md
deleted file mode 100644
index 2e70d47176..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Provision and manage Supabase Postgres databases
-
-
-## Usage
-~~~
-flyctl extensions supabase [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/extensions-supabase-create/)	 - Provision a Supabase Postgres database
-* [dashboard](/docs/flyctl/extensions-supabase-dashboard/)	 - Visit the Supabase database dashboard
-* [destroy](/docs/flyctl/extensions-supabase-destroy/)	 - Permanently destroy a Supabase database
-* [list](/docs/flyctl/extensions-supabase-list/)	 - List your Supabase databases
-* [status](/docs/flyctl/extensions-supabase-status/)	 - Show details about a Supabase Postgres database
-
-## Options
-
-~~~
-  -h, --help   help for supabase
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase_create.md b/flyctl/cmd/flyctl_extensions_supabase_create.md
deleted file mode 100644
index adf12f3902..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase_create.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Provision a Supabase Postgres database
-
-
-## Usage
-~~~
-flyctl extensions supabase create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for create
-  -n, --name string     The name of your database
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl platform regions')
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase_dashboard.md b/flyctl/cmd/flyctl_extensions_supabase_dashboard.md
deleted file mode 100644
index 47069f0a83..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase_dashboard.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Visit the Supabase database dashboard
-
-## Usage
-~~~
-flyctl extensions supabase dashboard [database_name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-  -o, --org string      The target Fly.io organization
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase_destroy.md b/flyctl/cmd/flyctl_extensions_supabase_destroy.md
deleted file mode 100644
index c6645fad6c..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Permanently destroy a Supabase database
-
-## Usage
-~~~
-flyctl extensions supabase destroy [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for destroy
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase_list.md b/flyctl/cmd/flyctl_extensions_supabase_list.md
deleted file mode 100644
index da1c67198f..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List your Supabase databases
-
-## Usage
-~~~
-flyctl extensions supabase list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -o, --org string   The target Fly.io organization
-  -y, --yes          Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-
diff --git a/flyctl/cmd/flyctl_extensions_supabase_status.md b/flyctl/cmd/flyctl_extensions_supabase_status.md
deleted file mode 100644
index c40200943f..0000000000
--- a/flyctl/cmd/flyctl_extensions_supabase_status.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show details about a Supabase Postgres database
-
-
-## Usage
-~~~
-flyctl extensions supabase status [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for status
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions supabase](/docs/flyctl/extensions-supabase/)	 - Provision and manage Supabase Postgres databases
-
diff --git a/flyctl/cmd/flyctl_extensions_tigris.md b/flyctl/cmd/flyctl_extensions_tigris.md
deleted file mode 100644
index 4db11c6d7f..0000000000
--- a/flyctl/cmd/flyctl_extensions_tigris.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Provision and manage Tigris object storage buckets
-
-
-## Usage
-~~~
-flyctl extensions tigris [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/extensions-tigris-create/)	 - Provision a Tigris object storage bucket
-* [dashboard](/docs/flyctl/extensions-tigris-dashboard/)	 - Visit the Tigris dashboard
-* [destroy](/docs/flyctl/extensions-tigris-destroy/)	 - Permanently destroy a Tigris object storage bucket
-* [list](/docs/flyctl/extensions-tigris-list/)	 - List your Tigris object storage buckets
-
-## Options
-
-~~~
-  -h, --help   help for tigris
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions](/docs/flyctl/extensions/)	 - Extensions are additional functionality that can be added to your Fly apps
-
diff --git a/flyctl/cmd/flyctl_extensions_tigris_create.md b/flyctl/cmd/flyctl_extensions_tigris_create.md
deleted file mode 100644
index f6ab126996..0000000000
--- a/flyctl/cmd/flyctl_extensions_tigris_create.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Provision a Tigris object storage bucket
-
-
-## Usage
-~~~
-flyctl extensions tigris create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for create
-  -n, --name string     The name of your bucket
-  -o, --org string      The target Fly.io organization
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions tigris](/docs/flyctl/extensions-tigris/)	 - Provision and manage Tigris object storage buckets
-
diff --git a/flyctl/cmd/flyctl_extensions_tigris_dashboard.md b/flyctl/cmd/flyctl_extensions_tigris_dashboard.md
deleted file mode 100644
index e6b5c03b15..0000000000
--- a/flyctl/cmd/flyctl_extensions_tigris_dashboard.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Visit the Tigris dashboard
-
-## Usage
-~~~
-flyctl extensions tigris dashboard [bucket_name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions tigris](/docs/flyctl/extensions-tigris/)	 - Provision and manage Tigris object storage buckets
-
diff --git a/flyctl/cmd/flyctl_extensions_tigris_destroy.md b/flyctl/cmd/flyctl_extensions_tigris_destroy.md
deleted file mode 100644
index 42400cc20f..0000000000
--- a/flyctl/cmd/flyctl_extensions_tigris_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Permanently destroy a Tigris object storage bucket
-
-## Usage
-~~~
-flyctl extensions tigris destroy [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for destroy
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions tigris](/docs/flyctl/extensions-tigris/)	 - Provision and manage Tigris object storage buckets
-
diff --git a/flyctl/cmd/flyctl_extensions_tigris_list.md b/flyctl/cmd/flyctl_extensions_tigris_list.md
deleted file mode 100644
index 542eb5cfd3..0000000000
--- a/flyctl/cmd/flyctl_extensions_tigris_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List your Tigris object storage buckets
-
-## Usage
-~~~
-flyctl extensions tigris list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -o, --org string   The target Fly.io organization
-  -y, --yes          Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl extensions tigris](/docs/flyctl/extensions-tigris/)	 - Provision and manage Tigris object storage buckets
-
diff --git a/flyctl/cmd/flyctl_image.md b/flyctl/cmd/flyctl_image.md
deleted file mode 100644
index 117d997d57..0000000000
--- a/flyctl/cmd/flyctl_image.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Manage app image
-
-
-## Usage
-~~~
-flyctl image [command] [flags]
-~~~
-
-## Available Commands
-* [show](/docs/flyctl/image-show/)	 - Show image details.
-* [update](/docs/flyctl/image-update/)	 - Updates the app's image to the latest available version. (Fly Postgres only)
-
-## Options
-
-~~~
-  -h, --help   help for image
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_image_show.md b/flyctl/cmd/flyctl_image_show.md
deleted file mode 100644
index 7de1a6729e..0000000000
--- a/flyctl/cmd/flyctl_image_show.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show image details.
-
-
-## Usage
-~~~
-flyctl image show [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl image](/docs/flyctl/image/)	 - Manage app image
-
diff --git a/flyctl/cmd/flyctl_image_update.md b/flyctl/cmd/flyctl_image_update.md
deleted file mode 100644
index 2f477978e7..0000000000
--- a/flyctl/cmd/flyctl_image_update.md
+++ /dev/null
@@ -1,33 +0,0 @@
-This will update the application's image to the latest available version.
-The update will perform a rolling restart against each VM, which may result in a brief service disruption.
-
-## Usage
-~~~
-flyctl image update [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string           Application name
-  -c, --config string        Path to application configuration file
-      --detach               Return immediately instead of monitoring update progress. (Nomad only)
-  -h, --help                 help for update
-      --image string         Target a specific image. (Machines only)
-      --skip-health-checks   Skip waiting for health checks inbetween VM updates. (Machines only)
-      --strategy string      Deployment strategy. (Nomad only)
-  -y, --yes                  Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl image](/docs/flyctl/image/)	 - Manage app image
-
diff --git a/flyctl/cmd/flyctl_ips.md b/flyctl/cmd/flyctl_ips.md
deleted file mode 100644
index 16184aa557..0000000000
--- a/flyctl/cmd/flyctl_ips.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Commands for managing IP addresses associated with an application
-
-## Usage
-~~~
-flyctl ips [command] [flags]
-~~~
-
-## Available Commands
-* [allocate-v4](/docs/flyctl/ips-allocate-v4/)	 - Allocate an IPv4 address
-* [allocate-v6](/docs/flyctl/ips-allocate-v6/)	 - Allocate an IPv6 address
-* [list](/docs/flyctl/ips-list/)	 - List allocated IP addresses
-* [private](/docs/flyctl/ips-private/)	 - List instances private IP addresses
-* [release](/docs/flyctl/ips-release/)	 - Release an IP address
-
-## Options
-
-~~~
-  -h, --help   help for ips
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_ips_allocate-v4.md b/flyctl/cmd/flyctl_ips_allocate-v4.md
deleted file mode 100644
index cc445f1fc4..0000000000
--- a/flyctl/cmd/flyctl_ips_allocate-v4.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Allocates an IPv4 address to the application
-
-## Usage
-~~~
-flyctl ips allocate-v4 [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for allocate-v4
-  -r, --region string   The target region (see 'flyctl platform regions')
-      --shared          Allocates a shared IPv4
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-
diff --git a/flyctl/cmd/flyctl_ips_allocate-v6.md b/flyctl/cmd/flyctl_ips_allocate-v6.md
deleted file mode 100644
index a8c1ddf64a..0000000000
--- a/flyctl/cmd/flyctl_ips_allocate-v6.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Allocates an IPv6 address to the application
-
-## Usage
-~~~
-flyctl ips allocate-v6 [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string       Application name
-  -c, --config string    Path to application configuration file
-  -h, --help             help for allocate-v6
-      --network string   Target network name for a Flycast private IPv6 address
-  -o, --org string       The target Fly.io organization
-      --private          Allocate a private IPv6 address
-  -r, --region string    The target region (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-
diff --git a/flyctl/cmd/flyctl_ips_list.md b/flyctl/cmd/flyctl_ips_list.md
deleted file mode 100644
index 42aed02382..0000000000
--- a/flyctl/cmd/flyctl_ips_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Lists the IP addresses allocated to the application
-
-## Usage
-~~~
-flyctl ips list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-
diff --git a/flyctl/cmd/flyctl_ips_private.md b/flyctl/cmd/flyctl_ips_private.md
deleted file mode 100644
index 075dfdb245..0000000000
--- a/flyctl/cmd/flyctl_ips_private.md
+++ /dev/null
@@ -1,28 +0,0 @@
-List instances private IP addresses, accessible from within the Fly network
-
-## Usage
-~~~
-flyctl ips private [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for private
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-
diff --git a/flyctl/cmd/flyctl_ips_release.md b/flyctl/cmd/flyctl_ips_release.md
deleted file mode 100644
index 85c5a3eeb7..0000000000
--- a/flyctl/cmd/flyctl_ips_release.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Releases an IP address from the application
-
-## Usage
-~~~
-flyctl ips release [ADDRESS] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for release
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ips](/docs/flyctl/ips/)	 - Manage IP addresses for apps
-
diff --git a/flyctl/cmd/flyctl_jobs.md b/flyctl/cmd/flyctl_jobs.md
deleted file mode 100644
index 508cec1f41..0000000000
--- a/flyctl/cmd/flyctl_jobs.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Show jobs at Fly.io, including maybe ones you should apply to
-
-## Usage
-~~~
-flyctl jobs [flags]
-~~~
-
-## Available Commands
-* [open](/docs/flyctl/jobs-open/)	 - Open fly.io/jobs
-
-## Options
-
-~~~
-  -h, --help   help for jobs
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_jobs_open.md b/flyctl/cmd/flyctl_jobs_open.md
deleted file mode 100644
index ef181e2997..0000000000
--- a/flyctl/cmd/flyctl_jobs_open.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Open browser to https://fly.io/jobs/
-
-## Usage
-~~~
-flyctl jobs open [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for open
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl jobs](/docs/flyctl/jobs/)	 - Show jobs at Fly.io
-
diff --git a/flyctl/cmd/flyctl_launch.md b/flyctl/cmd/flyctl_launch.md
deleted file mode 100644
index 29c654203a..0000000000
--- a/flyctl/cmd/flyctl_launch.md
+++ /dev/null
@@ -1,75 +0,0 @@
-Create and configure a new app from source code or a Docker image
-
-## Usage
-~~~
-flyctl launch [flags]
-~~~
-
-## Options
-
-~~~
-      --build-arg stringArray            Set of build time variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --build-only                       Build but do not deploy
-      --build-secret stringArray         Set of build secrets of NAME=VALUE pairs. Can be specified multiple times. See https://docs.docker.com/engine/reference/commandline/buildx_build/#secret
-      --build-target string              Set the target build stage to build if the Dockerfile has more than one stage
-      --copy-config                      Use the configuration file if present without prompting
-      --detach                           Return immediately instead of monitoring deployment progress
-      --dockerfile string                Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-      --dockerignore-from-gitignore      If a .dockerignore does not exist, create one from .gitignore files
-  -e, --env stringArray                  Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --exclude-regions strings          Deploy to all machines except machines in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --exclude-regions iad,sea --exclude-regions syd will exclude all three iad, sea, and syd regions. Applied after --only-regions. V2 machines platform only.
-      --file-literal stringArray         Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
-      --file-local stringArray           Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray          Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
-      --generate-name                    Always generate a name for the app, without prompting
-      --ha                               Create spare machines that increases app availability (default true)
-  -h, --help                             help for launch
-      --host-dedication-id string        The dedication id of the reserved hosts for your organization (if any)
-      --ignorefile string                Path to a Docker ignore file. Defaults to the .dockerignore file in the working directory.
-  -i, --image string                     The Docker image to deploy
-      --image-label string               Image label to use when tagging and pushing to the fly registry. Defaults to "deployment-{timestamp}".
-      --immediate-max-concurrent int     Maximum number of machines to update concurrently when using the immediate deployment strategy. (default 16)
-      --internal-port int                Set internal_port for all services in the generated fly.toml (default -1)
-      --label stringArray                Add custom metadata to an image via docker labels
-      --lease-timeout string             Time duration to lease individual machines while running deployment. All machines are leased at the beginning and released at the end.The lease is refreshed periodically for this same time, which is why it is short.flyctl releases leases in most cases. (default "13s")
-      --local-only                       Perform builds locally using the local docker daemon. The default is --remote-only.
-      --max-unavailable float            Max number of unavailable machines during rolling updates. A number between 0 and 1 means percent of total machines (default 0.33)
-      --name string                      Name of the new app
-      --nixpacks                         Deploy using nixpacks to build the image
-      --no-cache                         Do not use the build cache when building the image
-      --no-deploy                        Do not immediately deploy the new app after fly launch creates and configures it
-      --no-public-ips                    Do not allocate any new public IP addresses
-      --now                              Deploy now without confirmation
-      --only-regions strings             Deploy to machines only in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --only-regions iad,sea --only-regions syd will deploy to all three iad, sea, and syd regions. Applied before --exclude-regions. V2 machines platform only.
-  -o, --org string                       The target Fly.io organization
-      --path string                      Path to the app source root, where fly.toml file will be saved (default ".")
-      --process-groups strings           Deploy to machines only in these process groups
-      --provision-extensions             Provision any extensions assigned as a default to first deployments
-      --push                             Push image to registry after build is complete
-  -r, --region string                    The target region (see 'flyctl platform regions')
-      --release-command-timeout string   Time duration to wait for a release command finish running, or 'none' to disable. (default "5m0s")
-      --remote-only                      Perform builds on a remote builder instance instead of using the local docker daemon. This is the default. Use --local-only to build locally.
-      --smoke-checks                     Perform smoke checks during deployment (default true)
-      --strategy string                  The strategy for replacing running instances. Options are canary, rolling, bluegreen, or immediate. Default is canary, or rolling when max-per-region is set.
-      --vm-cpu-kind string               The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                      Number of CPUs
-      --vm-gpu-kind string               If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string                 Memory (in megabytes) to attribute to the VM
-      --vm-size string                   The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --volume-initial-size int          The initial size in GB for volumes created on first deploy
-      --wait-timeout string              Time duration to wait for individual machines to transition states and become healthy. (default "5m0s")
-  -y, --yes                              Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud.md b/flyctl/cmd/flyctl_litefs-cloud.md
deleted file mode 100644
index 9d0b1e4d28..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Commands for managing LiteFS Cloud databases
-
-## Usage
-~~~
-flyctl litefs-cloud [command] [flags]
-~~~
-
-## Available Commands
-* [clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
-* [export](/docs/flyctl/litefs-cloud-export/)	 - Export LiteFS Cloud database
-* [import](/docs/flyctl/litefs-cloud-import/)	 - Import SQLite database into LiteFS Cloud
-* [regions](/docs/flyctl/litefs-cloud-regions/)	 - List LiteFS Cloud regions
-* [restore](/docs/flyctl/litefs-cloud-restore/)	 - Restore LiteFS Cloud database
-* [status](/docs/flyctl/litefs-cloud-status/)	 - Show LiteFS Cloud cluster status
-
-## Options
-
-~~~
-  -h, --help   help for litefs-cloud
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_clusters.md b/flyctl/cmd/flyctl_litefs-cloud_clusters.md
deleted file mode 100644
index ed59f70a21..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_clusters.md
+++ /dev/null
@@ -1,31 +0,0 @@
-"Commands for managing LiteFS Cloud clusters"
-
-
-## Usage
-~~~
-flyctl litefs-cloud clusters [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/litefs-cloud-clusters-create/)	 - Creates a LiteFS Cloud cluster
-* [destroy](/docs/flyctl/litefs-cloud-clusters-destroy/)	 - Delete a LiteFS Cloud cluster
-* [list](/docs/flyctl/litefs-cloud-clusters-list/)	 - Show LiteFS Cloud clusters
-
-## Options
-
-~~~
-  -h, --help   help for clusters
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_clusters_create.md b/flyctl/cmd/flyctl_litefs-cloud_clusters_create.md
deleted file mode 100644
index afa87878b5..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_clusters_create.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Creates a new LiteFS Cloud cluster.
-
-## Usage
-~~~
-flyctl litefs-cloud clusters create CLUSTERNAME [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help            help for create
-  -j, --json            JSON output
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl litefs-cloud regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_clusters_destroy.md b/flyctl/cmd/flyctl_litefs-cloud_clusters_destroy.md
deleted file mode 100644
index 1ec8520352..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_clusters_destroy.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Permanently deletes a LiteFS Cloud cluster.
-
-## Usage
-~~~
-flyctl litefs-cloud clusters destroy [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for destroy
-  -j, --json         JSON output
-  -o, --org string   The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_clusters_list.md b/flyctl/cmd/flyctl_litefs-cloud_clusters_list.md
deleted file mode 100644
index 510afce9ba..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_clusters_list.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Lists the LiteFS Cloud clusters in the organization.
-
-## Usage
-~~~
-flyctl litefs-cloud clusters list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -j, --json         JSON output
-      --limit int    Number of results to return (default 50)
-      --offset int   Index of results to return from
-  -o, --org string   The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud clusters](/docs/flyctl/litefs-cloud-clusters/)	 - Manage LiteFS Cloud clusters
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_export.md b/flyctl/cmd/flyctl_litefs-cloud_export.md
deleted file mode 100644
index fa7e0bcc2e..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_export.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Exports the current state of the database to a file.
-
-## Usage
-~~~
-flyctl litefs-cloud export [flags]
-~~~
-
-## Options
-
-~~~
-  -c, --cluster string    LiteFS Cloud cluster name
-  -d, --database string   LiteFS Cloud database name
-  -f, --force             Overwrite output file if it already exists
-  -h, --help              help for export
-  -j, --json              JSON output
-  -o, --org string        The target Fly.io organization
-      --output string     Output filename
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_import.md b/flyctl/cmd/flyctl_litefs-cloud_import.md
deleted file mode 100644
index acdd101034..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_import.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Imports a local SQLite database into a LiteFS Cloud cluster.
-
-## Usage
-~~~
-flyctl litefs-cloud import [flags]
-~~~
-
-## Options
-
-~~~
-  -c, --cluster string    LiteFS Cloud cluster name
-  -d, --database string   LiteFS Cloud database name
-  -h, --help              help for import
-      --input string      Input filename
-  -j, --json              JSON output
-  -o, --org string        The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_regions.md b/flyctl/cmd/flyctl_litefs-cloud_regions.md
deleted file mode 100644
index 0b4c076563..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_regions.md
+++ /dev/null
@@ -1,26 +0,0 @@
-View a list of LiteFS Cloud regions
-
-## Usage
-~~~
-flyctl litefs-cloud regions [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for regions
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_restore.md b/flyctl/cmd/flyctl_litefs-cloud_restore.md
deleted file mode 100644
index 764cc983c8..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_restore.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Restores a LiteFS Cloud database to a previous state.
-
-## Usage
-~~~
-flyctl litefs-cloud restore [flags]
-~~~
-
-## Options
-
-~~~
-  -c, --cluster string     LiteFS Cloud cluster name
-  -d, --database string    LiteFS Cloud database name
-  -h, --help               help for restore
-  -j, --json               JSON output
-  -o, --org string         The target Fly.io organization
-      --timestamp string   Time to restore to (ISO 8601)
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_litefs-cloud_status.md b/flyctl/cmd/flyctl_litefs-cloud_status.md
deleted file mode 100644
index 082e18570d..0000000000
--- a/flyctl/cmd/flyctl_litefs-cloud_status.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Lists the databases in the cluster with their replication position.
-
-## Usage
-~~~
-flyctl litefs-cloud status [flags]
-~~~
-
-## Options
-
-~~~
-  -c, --cluster string   LiteFS Cloud cluster name
-  -h, --help             help for status
-  -j, --json             JSON output
-  -o, --org string       The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl litefs-cloud](/docs/flyctl/litefs-cloud/)	 - LiteFS Cloud management commands
-
diff --git a/flyctl/cmd/flyctl_logs.md b/flyctl/cmd/flyctl_logs.md
deleted file mode 100644
index 12258e3e61..0000000000
--- a/flyctl/cmd/flyctl_logs.md
+++ /dev/null
@@ -1,35 +0,0 @@
-View application logs as generated by the application running on
-the Fly platform.
-
-Logs can be filtered to a specific instance using the --instance/-i flag or
-to all instances running in a specific region using the --region/-r flag.
-
-
-## Usage
-~~~
-flyctl logs [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string        Application name
-  -c, --config string     Path to application configuration file
-  -h, --help              help for logs
-  -i, --instance string   Filter by instance ID
-  -j, --json              JSON output
-  -r, --region string     The target region (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_machine.md b/flyctl/cmd/flyctl_machine.md
deleted file mode 100644
index 4ae4de2247..0000000000
--- a/flyctl/cmd/flyctl_machine.md
+++ /dev/null
@@ -1,45 +0,0 @@
-Manage Fly Machines. Fly Machines are super-fast, lightweight VMs that can be created,
-and then quickly started and stopped as needed with flyctl commands or with the
-Machines REST API.
-
-## Usage
-~~~
-flyctl machine [command] [flags]
-~~~
-
-## Available Commands
-* [api-proxy](/docs/flyctl/machine-api-proxy/)	 - Establish a proxy to the Machine API through a Wireguard tunnel for local connections
-* [clone](/docs/flyctl/machine-clone/)	 - Clone a Fly Machine.
-* [cordon](/docs/flyctl/machine-cordon/)	 - Deactivate all services on a machine
-* [create](/docs/flyctl/machine-create/)	 - Create, but don't start, a machine
-* [destroy](/docs/flyctl/machine-destroy/)	 - Destroy a Fly machine.
-* [exec](/docs/flyctl/machine-exec/)	 - Execute a command on a machine
-* [kill](/docs/flyctl/machine-kill/)	 - Kill (SIGKILL) a Fly machine
-* [leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
-* [list](/docs/flyctl/machine-list/)	 - List Fly machines
-* [restart](/docs/flyctl/machine-restart/)	 - Restart one or more Fly machines
-* [run](/docs/flyctl/machine-run/)	 - Run a machine
-* [start](/docs/flyctl/machine-start/)	 - Start one or more Fly machines
-* [status](/docs/flyctl/machine-status/)	 - Show current status of a running machine
-* [stop](/docs/flyctl/machine-stop/)	 - Stop one or more Fly machines
-* [uncordon](/docs/flyctl/machine-uncordon/)	 - Reactivate all services on a machine
-* [update](/docs/flyctl/machine-update/)	 - Update a machine
-
-## Options
-
-~~~
-  -h, --help   help for machine
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_machine_api-proxy.md b/flyctl/cmd/flyctl_machine_api-proxy.md
deleted file mode 100644
index bc15cdbf08..0000000000
--- a/flyctl/cmd/flyctl_machine_api-proxy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Establish a proxy to the Machine API through a Wireguard tunnel for local connections
-
-
-## Usage
-~~~
-flyctl machine api-proxy [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for api-proxy
-  -o, --org string   The target Fly.io organization
-  -q, --quiet        Don't print progress indicators for WireGuard
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_clone.md b/flyctl/cmd/flyctl_machine_clone.md
deleted file mode 100644
index db735d6e9a..0000000000
--- a/flyctl/cmd/flyctl_machine_clone.md
+++ /dev/null
@@ -1,45 +0,0 @@
-Clone a Fly Machine. The new Machine will be a copy of the specified Machine.
-If the original Machine has a volume, then a new empty volume will be created and attached to the new Machine.
-
-## Usage
-~~~
-flyctl machine clone [machine_id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                    Application name
-      --attach-volume string          Existing volume to attach to the new Machine in the form of <volume_id>[:/path/inside/machine]
-      --clear-auto-destroy            Disable auto destroy setting on the new Machine
-      --clear-cmd                     Set empty CMD on the new Machine so it uses default CMD for the image
-  -c, --config string                 Path to application configuration file
-      --detach                        Return immediately instead of monitoring deployment progress
-      --from-snapshot string          Clone attached volumes and restore from snapshot, use 'last' for most recent snapshot. The default is an empty volume.
-  -h, --help                          help for clone
-      --host-dedication-id string     The dedication id of the reserved hosts for your organization (if any)
-      --name string                   Optional name for the new Machine
-      --override-cmd string           Set CMD on the new Machine to this value
-  -g, --process-group string          Change the cloned Machine process group to what is specified here
-  -r, --region string                 The target region (see 'flyctl platform regions')
-      --standby-for strings           Comma separated list of Machine IDs to watch for. You can use '--standby-for=source' to create a standby for the cloned Machine.
-      --vm-cpu-kind string            The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                   Number of CPUs
-      --vm-gpu-kind string            If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string              Memory (in megabytes) to attribute to the VM
-      --vm-size string                The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --volume-requires-unique-zone   Require volume to be placed in separate hardware zone from existing volumes. Default false.
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_cordon.md b/flyctl/cmd/flyctl_machine_cordon.md
deleted file mode 100644
index 3133d6dbfc..0000000000
--- a/flyctl/cmd/flyctl_machine_cordon.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Deactivate all services on a machine
-
-
-## Usage
-~~~
-flyctl machine cordon [<id>...] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for cordon
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_create.md b/flyctl/cmd/flyctl_machine_create.md
deleted file mode 100644
index 737a661ed8..0000000000
--- a/flyctl/cmd/flyctl_machine_create.md
+++ /dev/null
@@ -1,60 +0,0 @@
-Create, but don't start, a machine
-
-
-## Usage
-~~~
-flyctl machine create <image> [command] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
-      --autostop                    Automatically stop a Machine when there are no network requests for it (default true)
-      --build-nixpacks              Build your image with nixpacks
-  -c, --config string               Path to application configuration file
-      --detach                      Return immediately instead of monitoring deployment progress
-      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-      --entrypoint string           The command to override the Docker ENTRYPOINT.
-  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
-      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
-  -h, --help                        help for create
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-      --id string                   Machine ID, if previously known
-      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
-  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
-  -n, --name string                 Machine name. Will be generated if omitted.
-      --org string                  The organization that will own the app
-  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
-                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
-                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
-  -r, --region string               The target region (see 'flyctl platform regions')
-      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
-                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
-      --rm                          Automatically remove the Machine when it exits. Sets the restart-policy to 'never' if not otherwise specified.
-      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
-      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
-      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-  -v, --volume strings              Volume to mount, in the form of <volume_id_or_name>:/path/inside/machine[:<options>]
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_destroy.md b/flyctl/cmd/flyctl_machine_destroy.md
deleted file mode 100644
index 4c20eed639..0000000000
--- a/flyctl/cmd/flyctl_machine_destroy.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Destroy a Fly machine.
-This command requires a machine to be in a stopped state unless the force flag is used.
-
-
-## Usage
-~~~
-flyctl machine destroy [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -f, --force           force kill machine regardless of current state
-  -h, --help            help for destroy
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_exec.md b/flyctl/cmd/flyctl_machine_exec.md
deleted file mode 100644
index 350702dfcb..0000000000
--- a/flyctl/cmd/flyctl_machine_exec.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Execute a command on a machine
-
-
-## Usage
-~~~
-flyctl machine exec [machine-id] <command> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for exec
-  -j, --json            JSON output
-      --timeout int     Timeout in seconds
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_kill.md b/flyctl/cmd/flyctl_machine_kill.md
deleted file mode 100644
index a05c2e8429..0000000000
--- a/flyctl/cmd/flyctl_machine_kill.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Kill (SIGKILL) a Fly machine
-
-
-## Usage
-~~~
-flyctl machine kill [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for kill
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_leases.md b/flyctl/cmd/flyctl_machine_leases.md
deleted file mode 100644
index 8c895b3086..0000000000
--- a/flyctl/cmd/flyctl_machine_leases.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Manage machine leases
-
-
-## Usage
-~~~
-flyctl machine leases [command] [flags]
-~~~
-
-## Available Commands
-* [clear](/docs/flyctl/machine-leases-clear/)	 - Clear machine leases
-* [view](/docs/flyctl/machine-leases-view/)	 - View machine leases
-
-## Options
-
-~~~
-  -h, --help   help for leases
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_leases_clear.md b/flyctl/cmd/flyctl_machine_leases_clear.md
deleted file mode 100644
index 5b1113db75..0000000000
--- a/flyctl/cmd/flyctl_machine_leases_clear.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Clear machine leases
-
-
-## Usage
-~~~
-flyctl machine leases clear [machine-id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for clear
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
-
diff --git a/flyctl/cmd/flyctl_machine_leases_view.md b/flyctl/cmd/flyctl_machine_leases_view.md
deleted file mode 100644
index ed79047c1a..0000000000
--- a/flyctl/cmd/flyctl_machine_leases_view.md
+++ /dev/null
@@ -1,29 +0,0 @@
-View machine leases
-
-
-## Usage
-~~~
-flyctl machine leases view [machine-id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for view
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine leases](/docs/flyctl/machine-leases/)	 - Manage machine leases
-
diff --git a/flyctl/cmd/flyctl_machine_list.md b/flyctl/cmd/flyctl_machine_list.md
deleted file mode 100644
index 1105178fa9..0000000000
--- a/flyctl/cmd/flyctl_machine_list.md
+++ /dev/null
@@ -1,30 +0,0 @@
-List Fly machines
-
-
-## Usage
-~~~
-flyctl machine list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -j, --json            JSON output
-  -q, --quiet           Only list machine ids
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_restart.md b/flyctl/cmd/flyctl_machine_restart.md
deleted file mode 100644
index 6bd094b45f..0000000000
--- a/flyctl/cmd/flyctl_machine_restart.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Restart one or more Fly machines
-
-
-## Usage
-~~~
-flyctl machine restart [<id>...] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string           Application name
-  -c, --config string        Path to application configuration file
-      --force                Force stop the machine(s)
-  -h, --help                 help for restart
-  -s, --signal string        Signal to stop the machine with (default: SIGINT)
-      --skip-health-checks   Restarts app without waiting for health checks. ( Machines only )
-      --time int             Seconds to wait before killing the machine
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_run.md b/flyctl/cmd/flyctl_machine_run.md
deleted file mode 100644
index c0735072fd..0000000000
--- a/flyctl/cmd/flyctl_machine_run.md
+++ /dev/null
@@ -1,63 +0,0 @@
-Run a machine
-
-
-## Usage
-~~~
-flyctl machine run <image> [command] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
-      --autostop                    Automatically stop a Machine when there are no network requests for it (default true)
-      --build-nixpacks              Build your image with nixpacks
-      --command string              Used with --shell. The command to run, if we're shelling into the Machine now (in case you don't have bash). (default "/bin/bash")
-  -c, --config string               Path to application configuration file
-      --detach                      Return immediately instead of monitoring deployment progress
-      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-      --entrypoint string           The command to override the Docker ENTRYPOINT.
-  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
-      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
-  -h, --help                        help for run
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-      --id string                   Machine ID, if previously known
-      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
-  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
-  -n, --name string                 Machine name. Will be generated if omitted.
-      --org string                  The organization that will own the app
-  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
-                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
-                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
-  -r, --region string               The target region (see 'flyctl platform regions')
-      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
-                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
-      --rm                          Automatically remove the Machine when it exits. Sets the restart-policy to 'never' if not otherwise specified.
-      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
-      --shell                       Open a shell on the Machine once created (implies --it --rm). If no app is specified, a temporary app is created just for this Machine and destroyed when the Machine is destroyed. See also --command and --user.
-      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
-      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
-      --user string                 Used with --shell. The username, if we're shelling into the Machine now. (default "root")
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-  -v, --volume strings              Volume to mount, in the form of <volume_id_or_name>:/path/inside/machine[:<options>]
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_start.md b/flyctl/cmd/flyctl_machine_start.md
deleted file mode 100644
index b9ca7d77df..0000000000
--- a/flyctl/cmd/flyctl_machine_start.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Start one or more Fly machines
-
-
-## Usage
-~~~
-flyctl machine start [<id>...] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for start
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_status.md b/flyctl/cmd/flyctl_machine_status.md
deleted file mode 100644
index b614b70304..0000000000
--- a/flyctl/cmd/flyctl_machine_status.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show current status of a running machine
-
-
-## Usage
-~~~
-flyctl machine status [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string       Application name
-  -c, --config string    Path to application configuration file
-  -d, --display-config   Display the machine config as JSON
-  -h, --help             help for status
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_stop.md b/flyctl/cmd/flyctl_machine_stop.md
deleted file mode 100644
index ede7709b6b..0000000000
--- a/flyctl/cmd/flyctl_machine_stop.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Stop one or more Fly machines
-
-
-## Usage
-~~~
-flyctl machine stop [<id>...] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for stop
-  -s, --signal string   Signal to stop the machine with (default: SIGINT)
-      --timeout int     Seconds to wait before sending SIGKILL to the machine
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_uncordon.md b/flyctl/cmd/flyctl_machine_uncordon.md
deleted file mode 100644
index 8288f44239..0000000000
--- a/flyctl/cmd/flyctl_machine_uncordon.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Reactivate all services on a machine
-
-
-## Usage
-~~~
-flyctl machine uncordon [<id>...] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for uncordon
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_machine_update.md b/flyctl/cmd/flyctl_machine_update.md
deleted file mode 100644
index b6daabf84c..0000000000
--- a/flyctl/cmd/flyctl_machine_update.md
+++ /dev/null
@@ -1,61 +0,0 @@
-Update a machine
-
-
-## Usage
-~~~
-flyctl machine update [machine_id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-      --autostart                   Automatically start a stopped Machine when a network request is received (default true)
-      --autostop                    Automatically stop a Machine when there are no network requests for it (default true)
-      --build-nixpacks              Build your image with nixpacks
-  -C, --command string              Command to run
-  -c, --config string               Path to application configuration file
-      --detach                      Return immediately instead of monitoring deployment progress
-      --dockerfile string           The path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-      --entrypoint string           The command to override the Docker ENTRYPOINT.
-  -e, --env stringArray             Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --file-literal stringArray    Set of literals to write to the Machine, in the form of /path/inside/machine=VALUE pairs, where VALUE is the base64-encoded raw content. Can be specified multiple times.
-      --file-local stringArray      Set of files to write to the Machine, in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray     Set of secrets to write to the Machine, in the form of /path/inside/machine=SECRET pairs, where SECRET is the name of the secret. The content of the secret must be base64 encoded. Can be specified multiple times.
-  -h, --help                        help for update
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-  -i, --image string                The Docker image to deploy
-      --kernel-arg stringArray      A list of kernel arguments to provide to the init. Can be specified multiple times.
-  -m, --metadata stringArray        Metadata in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --mount-point string          New volume mount point
-  -p, --port strings                The external ports and handlers for services, in the format: port[:machinePort][/protocol[:handler[:handler...]]])
-                                    	For example: --port 80/tcp --port 443:80/tcp:http:tls --port 5432/tcp:pg_tls
-                                    	To remove a port mapping use '-' as handler. For example: --port 80/tcp:-
-      --restart string              Set the restart policy for a Machine. Options include 'no', 'always', and 'on-fail'.
-                                    	Default is 'on-fail' for Machines created by 'fly deploy' and Machines with a schedule. Default is 'always' for Machines created by 'fly m run'.
-      --schedule string             Schedule a Machine run at hourly, daily and monthly intervals
-      --skip-dns-registration       Do not register the machine's 6PN IP with the internal DNS system
-      --skip-health-checks          Updates machine without waiting for health checks.
-      --skip-start                  Updates machine without starting it.
-      --standby-for strings         For Machines without services, a comma separated list of Machine IDs to act as standby for.
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --wait-timeout int            Seconds to wait for individual machines to transition states and become healthy. (default 300) (default 300)
-  -y, --yes                         Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl machine](/docs/flyctl/machine/)	 - Manage Fly Machines.
-
diff --git a/flyctl/cmd/flyctl_orgs.md b/flyctl/cmd/flyctl_orgs.md
deleted file mode 100644
index 8c69e69c6f..0000000000
--- a/flyctl/cmd/flyctl_orgs.md
+++ /dev/null
@@ -1,37 +0,0 @@
-Commands for managing Fly organizations. list, create, show and
-destroy organizations.
-Organization admins can also invite or remove users from Organizations.
-
-
-## Usage
-~~~
-flyctl orgs [command] [flags]
-~~~
-
-## Available Commands
-* [apps-v2](/docs/flyctl/orgs-apps-v2/)	 - Manage apps v2 default
-* [create](/docs/flyctl/orgs-create/)	 - Create an organization
-* [delete](/docs/flyctl/orgs-delete/)	 - Delete an organization
-* [invite](/docs/flyctl/orgs-invite/)	 - Invite user (by email) to organization
-* [list](/docs/flyctl/orgs-list/)	 - Lists organizations for current user
-* [remove](/docs/flyctl/orgs-remove/)	 - Remove a user from an organization
-* [show](/docs/flyctl/orgs-show/)	 - Show information about an organization
-
-## Options
-
-~~~
-  -h, --help   help for orgs
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_orgs_apps-v2.md b/flyctl/cmd/flyctl_orgs_apps-v2.md
deleted file mode 100644
index 242af0d4dd..0000000000
--- a/flyctl/cmd/flyctl_orgs_apps-v2.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Commands for managing apps v2 default on or off setting for the org
-
-## Usage
-~~~
-flyctl orgs apps-v2 [command] [flags]
-~~~
-
-## Available Commands
-* [default-off](/docs/flyctl/orgs-apps-v2-default-off/)	 - Default to _not_ using apps v2 for org
-* [default-on](/docs/flyctl/orgs-apps-v2-default-on/)	 - Default to using apps v2 for org
-* [show](/docs/flyctl/orgs-apps-v2-show/)	 - Show apps v2 default for org
-
-## Options
-
-~~~
-  -h, --help   help for apps-v2
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_apps-v2_default-off.md b/flyctl/cmd/flyctl_orgs_apps-v2_default-off.md
deleted file mode 100644
index c36b54aef2..0000000000
--- a/flyctl/cmd/flyctl_orgs_apps-v2_default-off.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Configure this org to _not_ use apps v2 by default for new apps
-
-## Usage
-~~~
-flyctl orgs apps-v2 default-off <org-slug> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for default-off
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs apps-v2](/docs/flyctl/orgs-apps-v2/)	 - Manage apps v2 default
-
diff --git a/flyctl/cmd/flyctl_orgs_apps-v2_default-on.md b/flyctl/cmd/flyctl_orgs_apps-v2_default-on.md
deleted file mode 100644
index 7966122c44..0000000000
--- a/flyctl/cmd/flyctl_orgs_apps-v2_default-on.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Configure this org to use apps v2 by default for new apps
-
-## Usage
-~~~
-flyctl orgs apps-v2 default-on <org-slug> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for default-on
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs apps-v2](/docs/flyctl/orgs-apps-v2/)	 - Manage apps v2 default
-
diff --git a/flyctl/cmd/flyctl_orgs_apps-v2_show.md b/flyctl/cmd/flyctl_orgs_apps-v2_show.md
deleted file mode 100644
index 0cef8af06c..0000000000
--- a/flyctl/cmd/flyctl_orgs_apps-v2_show.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Show whether apps v2 is default on or off for the org
-
-## Usage
-~~~
-flyctl orgs apps-v2 show <org-slug> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for show
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs apps-v2](/docs/flyctl/orgs-apps-v2/)	 - Manage apps v2 default
-
diff --git a/flyctl/cmd/flyctl_orgs_create.md b/flyctl/cmd/flyctl_orgs_create.md
deleted file mode 100644
index 55187a3859..0000000000
--- a/flyctl/cmd/flyctl_orgs_create.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Create a new organization. Other users can be invited to join the
-organization later.
-
-
-## Usage
-~~~
-flyctl orgs create [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for create
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_delete.md b/flyctl/cmd/flyctl_orgs_delete.md
deleted file mode 100644
index 37cef73083..0000000000
--- a/flyctl/cmd/flyctl_orgs_delete.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Delete an existing organization.
-
-
-## Usage
-~~~
-flyctl orgs delete [-yes] [slug] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for delete
-  -y, --yes    Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_invite.md b/flyctl/cmd/flyctl_orgs_invite.md
deleted file mode 100644
index 2018521b1f..0000000000
--- a/flyctl/cmd/flyctl_orgs_invite.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Invite a user, by email, to join organization. The invitation will be
-sent, and the user will be pending until they respond.
-
-
-## Usage
-~~~
-flyctl orgs invite [slug] [email] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for invite
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_list.md b/flyctl/cmd/flyctl_orgs_list.md
deleted file mode 100644
index 3ca0f6bc4d..0000000000
--- a/flyctl/cmd/flyctl_orgs_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Lists organizations available to current user.
-
-
-## Usage
-~~~
-flyctl orgs list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for list
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_remove.md b/flyctl/cmd/flyctl_orgs_remove.md
deleted file mode 100644
index dd44c0e13d..0000000000
--- a/flyctl/cmd/flyctl_orgs_remove.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Remove a user from an organization. User must have accepted a previous
-invitation to join (if not, see orgs revoke).
-
-
-## Usage
-~~~
-flyctl orgs remove [slug] [email] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for remove
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_orgs_show.md b/flyctl/cmd/flyctl_orgs_show.md
deleted file mode 100644
index f8f70c7aec..0000000000
--- a/flyctl/cmd/flyctl_orgs_show.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Shows information about an organization.
-Includes name, slug and type. Summarizes user permissions, DNS zones and
-associated member. Details full list of members and roles.
-
-
-## Usage
-~~~
-flyctl orgs show [slug] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for show
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl orgs](/docs/flyctl/orgs/)	 - Commands for managing Fly organizations
-
diff --git a/flyctl/cmd/flyctl_ping.md b/flyctl/cmd/flyctl_ping.md
deleted file mode 100644
index a2a8e115a3..0000000000
--- a/flyctl/cmd/flyctl_ping.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Test connectivity with ICMP ping messages.
-
-This runs over WireGuard; tell us which WireGuard tunnel to use by
-running from within an app directory (with a 'fly.toml'), passing the
-'-a' flag with an app name, or the '-o' flag with an org name.
-
-With no arguments, test connectivity to your gateway, the first hop
-in our network, to see if your WireGuard connection is working.
-
-The target argument can be either a ".internal" DNS name in our network
-(the name of your application) or "gateway".
-
-## Usage
-~~~
-flyctl ping [hostname] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string        Application name
-  -c, --config string     Path to application configuration file
-  -n, --count int         Number of probes to send (0=indefinite)
-  -h, --help              help for ping
-  -i, --interval string   Interval between ping probes (default "1s")
-  -o, --org string        The target Fly.io organization
-  -s, --size int          Size of probe to send (not including headers) (default 12)
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_planetscale.md b/flyctl/cmd/flyctl_planetscale.md
deleted file mode 100644
index 5bd4eafdf6..0000000000
--- a/flyctl/cmd/flyctl_planetscale.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Provision and manage PlanetScale MySQL databases
-
-
-## Usage
-~~~
-flyctl planetscale [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/planetscale-create/)	 - Provision a PlanetScale MySQL database
-* [dashboard](/docs/flyctl/planetscale-dashboard/)	 - Visit the PlanetScale MySQL database dashboard
-* [destroy](/docs/flyctl/planetscale-destroy/)	 - Permanently destroy a PlanetScale MySQL database
-* [list](/docs/flyctl/planetscale-list/)	 - List your provisioned PlanetScale MySQL databases
-* [status](/docs/flyctl/planetscale-status/)	 - Show details about a PlanetScale MySQL database
-
-## Options
-
-~~~
-  -h, --help   help for planetscale
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_planetscale_create.md b/flyctl/cmd/flyctl_planetscale_create.md
deleted file mode 100644
index 2e8129aff3..0000000000
--- a/flyctl/cmd/flyctl_planetscale_create.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Provision a PlanetScale MySQL database
-
-
-## Usage
-~~~
-flyctl planetscale create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for create
-  -n, --name string     The name of your database
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl platform regions')
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_planetscale_dashboard.md b/flyctl/cmd/flyctl_planetscale_dashboard.md
deleted file mode 100644
index f6d72766bf..0000000000
--- a/flyctl/cmd/flyctl_planetscale_dashboard.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Visit the PlanetScale MySQL database dashboard
-
-## Usage
-~~~
-flyctl planetscale dashboard [database_name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for dashboard
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_planetscale_destroy.md b/flyctl/cmd/flyctl_planetscale_destroy.md
deleted file mode 100644
index b2498a87b7..0000000000
--- a/flyctl/cmd/flyctl_planetscale_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Permanently destroy a PlanetScale MySQL database
-
-## Usage
-~~~
-flyctl planetscale destroy [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for destroy
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_planetscale_list.md b/flyctl/cmd/flyctl_planetscale_list.md
deleted file mode 100644
index 74ee2373e0..0000000000
--- a/flyctl/cmd/flyctl_planetscale_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List your provisioned PlanetScale MySQL databases
-
-## Usage
-~~~
-flyctl planetscale list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -o, --org string   The target Fly.io organization
-  -y, --yes          Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_planetscale_status.md b/flyctl/cmd/flyctl_planetscale_status.md
deleted file mode 100644
index 1b422b008b..0000000000
--- a/flyctl/cmd/flyctl_planetscale_status.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show details about a PlanetScale MySQL database
-
-
-## Usage
-~~~
-flyctl planetscale status [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for status
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl planetscale](/docs/flyctl/planetscale/)	 - Provision and manage PlanetScale MySQL databases
-
diff --git a/flyctl/cmd/flyctl_platform.md b/flyctl/cmd/flyctl_platform.md
deleted file mode 100644
index 88197f446b..0000000000
--- a/flyctl/cmd/flyctl_platform.md
+++ /dev/null
@@ -1,32 +0,0 @@
-The PLATFORM commands are for users looking for information
-about the Fly platform.
-
-
-## Usage
-~~~
-flyctl platform [command] [flags]
-~~~
-
-## Available Commands
-* [regions](/docs/flyctl/platform-regions/)	 - List regions
-* [status](/docs/flyctl/platform-status/)	 - Show current platform status with an optional filter for maintenance or incidents in json mode (eg. incidents, maintenance)
-* [vm-sizes](/docs/flyctl/platform-vm-sizes/)	 - List VM Sizes
-
-## Options
-
-~~~
-  -h, --help   help for platform
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_platform_regions.md b/flyctl/cmd/flyctl_platform_regions.md
deleted file mode 100644
index 68063f7db1..0000000000
--- a/flyctl/cmd/flyctl_platform_regions.md
+++ /dev/null
@@ -1,27 +0,0 @@
-View a list of regions where Fly has edges and/or datacenters
-
-
-## Usage
-~~~
-flyctl platform regions [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for regions
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl platform](/docs/flyctl/platform/)	 - Fly platform information
-
diff --git a/flyctl/cmd/flyctl_platform_status.md b/flyctl/cmd/flyctl_platform_status.md
deleted file mode 100644
index 897d6d22f5..0000000000
--- a/flyctl/cmd/flyctl_platform_status.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Show current Fly platform status in a browser or via json with the json flag
-
-
-## Usage
-~~~
-flyctl platform status [kind] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for status
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl platform](/docs/flyctl/platform/)	 - Fly platform information
-
diff --git a/flyctl/cmd/flyctl_platform_vm-sizes.md b/flyctl/cmd/flyctl_platform_vm-sizes.md
deleted file mode 100644
index 4c8f103cba..0000000000
--- a/flyctl/cmd/flyctl_platform_vm-sizes.md
+++ /dev/null
@@ -1,27 +0,0 @@
-View a list of VM sizes which can be used with the FLYCTL SCALE VM command
-
-
-## Usage
-~~~
-flyctl platform vm-sizes [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for vm-sizes
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl platform](/docs/flyctl/platform/)	 - Fly platform information
-
diff --git a/flyctl/cmd/flyctl_postgres.md b/flyctl/cmd/flyctl_postgres.md
deleted file mode 100644
index a3a86c4971..0000000000
--- a/flyctl/cmd/flyctl_postgres.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Manage Postgres clusters.
-
-
-## Usage
-~~~
-flyctl postgres [command] [flags]
-~~~
-
-## Available Commands
-* [attach](/docs/flyctl/postgres-attach/)	 - Attach a postgres cluster to an app
-* [barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-* [config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
-* [connect](/docs/flyctl/postgres-connect/)	 - Connect to the Postgres console
-* [create](/docs/flyctl/postgres-create/)	 - Create a new Postgres cluster
-* [db](/docs/flyctl/postgres-db/)	 - Manage databases in a cluster
-* [detach](/docs/flyctl/postgres-detach/)	 - Detach a postgres cluster from an app
-* [events](/docs/flyctl/postgres-events/)	 - Track major cluster events
-* [failover](/docs/flyctl/postgres-failover/)	 - Failover to a new primary
-* [import](/docs/flyctl/postgres-import/)	 - Imports database from a specified Postgres URI
-* [list](/docs/flyctl/postgres-list/)	 - List postgres clusters
-* [restart](/docs/flyctl/postgres-restart/)	 - Restarts each member of the Postgres cluster one by one.
-* [users](/docs/flyctl/postgres-users/)	 - Manage users in a postgres cluster
-
-## Options
-
-~~~
-  -h, --help   help for postgres
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_postgres_attach.md b/flyctl/cmd/flyctl_postgres_attach.md
deleted file mode 100644
index 9774c1a5fd..0000000000
--- a/flyctl/cmd/flyctl_postgres_attach.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Attach a postgres cluster to an app
-
-
-## Usage
-~~~
-flyctl postgres attach <POSTGRES APP> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string             Application name
-  -c, --config string          Path to application configuration file
-      --database-name string   The designated database name for this consuming app.
-      --database-user string   The database user to create. By default, we will use the name of the consuming app.
-  -h, --help                   help for attach
-      --superuser              Grants attached user superuser privileges (default true)
-      --variable-name string   The environment variable name that will be added to the consuming app.  (default "DATABASE_URL")
-  -y, --yes                    Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_barman.md b/flyctl/cmd/flyctl_postgres_barman.md
deleted file mode 100644
index e32938b60b..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Manage databases in a cluster
-
-
-## Usage
-~~~
-flyctl postgres barman [command] [flags]
-~~~
-
-## Available Commands
-* [backup](/docs/flyctl/postgres-barman-backup/)	 - Backup your database on barman
-* [check](/docs/flyctl/postgres-barman-check/)	 - Check your barman connection
-* [create](/docs/flyctl/postgres-barman-create/)	 - create barman machine
-* [list-backup](/docs/flyctl/postgres-barman-list-backup/)	 - List your barman backups
-* [recover](/docs/flyctl/postgres-barman-recover/)	 - Recover primary database with a barman backup
-* [show-backup](/docs/flyctl/postgres-barman-show-backup/)	 - Show a single barman backup
-* [switch-wal](/docs/flyctl/postgres-barman-switch-wal/)	 - Switch WAL to sync barman
-
-## Options
-
-~~~
-  -h, --help   help for barman
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_backup.md b/flyctl/cmd/flyctl_postgres_barman_backup.md
deleted file mode 100644
index 7321abddd9..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_backup.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Backup your database on barman
-
-## Usage
-~~~
-flyctl postgres barman backup [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for backup
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_check.md b/flyctl/cmd/flyctl_postgres_barman_check.md
deleted file mode 100644
index 7feb92228e..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_check.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Check your barman connection
-
-## Usage
-~~~
-flyctl postgres barman check [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for check
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_create.md b/flyctl/cmd/flyctl_postgres_barman_create.md
deleted file mode 100644
index 71b28cdaf1..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_create.md
+++ /dev/null
@@ -1,31 +0,0 @@
-create barman machine
-
-
-## Usage
-~~~
-flyctl postgres barman create [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string        Application name
-  -c, --config string     Path to application configuration file
-  -h, --help              help for create
-  -r, --region string     The target region (see 'flyctl platform regions')
-      --vm-size string    the size of the VM
-      --volume-size int   The volume size in GB
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_list-backup.md b/flyctl/cmd/flyctl_postgres_barman_list-backup.md
deleted file mode 100644
index f7ac3e7463..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_list-backup.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List your barman backups
-
-## Usage
-~~~
-flyctl postgres barman list-backup [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list-backup
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_recover.md b/flyctl/cmd/flyctl_postgres_barman_recover.md
deleted file mode 100644
index 7180dfbd9f..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_recover.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Recover primary database with a barman backup
-
-## Usage
-~~~
-flyctl postgres barman recover <primary machine ID> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string           Application name
-  -b, --backup-id string     choose one backup ID. Default: latest (default "latest")
-  -c, --config string        Path to application configuration file
-  -h, --help                 help for recover
-  -T, --target-time string   choose a target time for PITR. Example: "2023-05-16 20:55:05.958774+00:00". Default: last WAL file on barman
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_show-backup.md b/flyctl/cmd/flyctl_postgres_barman_show-backup.md
deleted file mode 100644
index f01ebc0505..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_show-backup.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Show a single barman backup
-
-## Usage
-~~~
-flyctl postgres barman show-backup <backup-id> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show-backup
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_barman_switch-wal.md b/flyctl/cmd/flyctl_postgres_barman_switch-wal.md
deleted file mode 100644
index 643d08f4ac..0000000000
--- a/flyctl/cmd/flyctl_postgres_barman_switch-wal.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Switch WAL to sync barman
-
-## Usage
-~~~
-flyctl postgres barman switch-wal [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for switch-wal
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres barman](/docs/flyctl/postgres-barman/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_config.md b/flyctl/cmd/flyctl_postgres_config.md
deleted file mode 100644
index f4275d888f..0000000000
--- a/flyctl/cmd/flyctl_postgres_config.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Show and manage Postgres configuration.
-
-
-## Usage
-~~~
-flyctl postgres config [command] [flags]
-~~~
-
-## Available Commands
-* [show](/docs/flyctl/postgres-config-show/)	 - Show Postgres configuration
-* [update](/docs/flyctl/postgres-config-update/)	 - Update Postgres configuration.
-
-## Options
-
-~~~
-  -h, --help   help for config
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_config_show.md b/flyctl/cmd/flyctl_postgres_config_show.md
deleted file mode 100644
index 81de077063..0000000000
--- a/flyctl/cmd/flyctl_postgres_config_show.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Show Postgres configuration
-
-## Usage
-~~~
-flyctl postgres config show [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
-
diff --git a/flyctl/cmd/flyctl_postgres_config_update.md b/flyctl/cmd/flyctl_postgres_config_update.md
deleted file mode 100644
index 852e64d228..0000000000
--- a/flyctl/cmd/flyctl_postgres_config_update.md
+++ /dev/null
@@ -1,40 +0,0 @@
-Update Postgres configuration.
-
-## Usage
-~~~
-flyctl postgres config update [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                          Application name
-  -c, --config string                       Path to application configuration file
-      --detach                              Return immediately instead of monitoring deployment progress
-      --force                               Skips pg-setting value verification.
-  -h, --help                                help for update
-      --log-min-duration-statement string   Sets the minimum execution time above which all statements will be logged. (ms)
-      --log-statement string                Sets the type of statements logged. (none, ddl, mod, all)
-      --maintenance-work-mem string         Sets the maximum amount of memory used for maintenance operations like ALTER TABLE, CREATE INDEX, and VACUUM
-      --max-connections string              Sets the maximum number of concurrent connections.
-      --max-replication-slots string        Specifies the maximum number of replication slots. This should typically match max_wal_senders.
-      --max-wal-senders string              Maximum number of concurrent connections from standby servers or streaming backup clients. (0 disables replication)
-      --shared-buffers string               Sets the amount of memory the database server uses for shared memory buffers
-      --shared-preload-libraries string     Sets the shared libraries to preload. (comma separated string)
-      --wal-level string                    Sets the level of information written to the WAL. (minimal, replica, logical).
-      --work-mem string                     Sets the maximum amount of memory each Postgres query can use
-  -y, --yes                                 Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres config](/docs/flyctl/postgres-config/)	 - Show and manage Postgres configuration.
-
diff --git a/flyctl/cmd/flyctl_postgres_connect.md b/flyctl/cmd/flyctl_postgres_connect.md
deleted file mode 100644
index 72c1a87e01..0000000000
--- a/flyctl/cmd/flyctl_postgres_connect.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Connect to the Postgres console
-
-
-## Usage
-~~~
-flyctl postgres connect [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string        Application name
-  -c, --config string     Path to application configuration file
-  -d, --database string   The name of the database you would like to connect to (default "postgres")
-  -h, --help              help for connect
-  -p, --password string   The postgres user password
-  -u, --user string       The postgres user to connect with (default "postgres")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_create.md b/flyctl/cmd/flyctl_postgres_create.md
deleted file mode 100644
index 7cfc1eb36d..0000000000
--- a/flyctl/cmd/flyctl_postgres_create.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Create a new Postgres cluster
-
-
-## Usage
-~~~
-flyctl postgres create [flags]
-~~~
-
-## Options
-
-~~~
-      --autostart                  Automatically start a stopped Postgres app when a network request is received
-      --consul-url string          Opt into using an existing consul as the backend store by specifying the target consul url.
-      --detach                     Return immediately instead of monitoring deployment progress
-      --flex                       Create a postgres cluster that's managed by Repmgr (default true)
-      --fork-from string           Specify a source Postgres application to fork from. Format: <app-name> or <app-name>:<volume-id>
-  -h, --help                       help for create
-      --image-ref string           Specify a non-default base image for the Postgres app
-      --initial-cluster-size int   Initial cluster size
-  -n, --name string                The name of your Postgres app
-  -o, --org string                 The target Fly.io organization
-  -p, --password string            The superuser password. The password will be generated for you if you leave this blank
-  -r, --region string              The target region (see 'flyctl platform regions')
-      --snapshot-id string         Creates the volume with the contents of the snapshot
-      --stolon                     Create a postgres cluster that's managed by Stolon
-      --vm-size string             the size of the VM
-      --volume-size int            The volume size in GB
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_db.md b/flyctl/cmd/flyctl_postgres_db.md
deleted file mode 100644
index 7fa8dfc314..0000000000
--- a/flyctl/cmd/flyctl_postgres_db.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Manage databases in a cluster
-
-
-## Usage
-~~~
-flyctl postgres db [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/postgres-db-list/)	 - list databases
-
-## Options
-
-~~~
-  -h, --help   help for db
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_db_list.md b/flyctl/cmd/flyctl_postgres_db_list.md
deleted file mode 100644
index ea0e8423e8..0000000000
--- a/flyctl/cmd/flyctl_postgres_db_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-list databases
-
-
-## Usage
-~~~
-flyctl postgres db list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres db](/docs/flyctl/postgres-db/)	 - Manage databases in a cluster
-
diff --git a/flyctl/cmd/flyctl_postgres_detach.md b/flyctl/cmd/flyctl_postgres_detach.md
deleted file mode 100644
index c4c7ec80a6..0000000000
--- a/flyctl/cmd/flyctl_postgres_detach.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Detach a postgres cluster from an app
-
-
-## Usage
-~~~
-flyctl postgres detach <POSTGRES APP> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for detach
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_events.md b/flyctl/cmd/flyctl_postgres_events.md
deleted file mode 100644
index cea3e5ea36..0000000000
--- a/flyctl/cmd/flyctl_postgres_events.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Track major cluster events
-
-
-## Usage
-~~~
-flyctl postgres events [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/postgres-events-list/)	 - Outputs a formatted list of cluster events
-
-## Options
-
-~~~
-  -h, --help   help for events
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_events_list.md b/flyctl/cmd/flyctl_postgres_events_list.md
deleted file mode 100644
index eb06720e38..0000000000
--- a/flyctl/cmd/flyctl_postgres_events_list.md
+++ /dev/null
@@ -1,34 +0,0 @@
-Outputs a formatted list of cluster events
-
-
-## Usage
-~~~
-flyctl postgres events list [flags]
-~~~
-
-## Options
-
-~~~
-  -o, --all                Outputs all entries
-  -a, --app string         Application name
-  -d, --compact            Omit the 'Details' column
-  -c, --config string      Path to application configuration file
-  -e, --event string       Event type in a postgres cluster
-  -h, --help               help for list
-  -l, --limit string       Set the maximum number of entries to output (default: 20)
-  -i, --node-id string     Restrict entries to node with this ID
-  -n, --node-name string   Restrict entries to node with this name
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres events](/docs/flyctl/postgres-events/)	 - Track major cluster events
-
diff --git a/flyctl/cmd/flyctl_postgres_failover.md b/flyctl/cmd/flyctl_postgres_failover.md
deleted file mode 100644
index 8c0e31fd89..0000000000
--- a/flyctl/cmd/flyctl_postgres_failover.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Failover to a new primary
-
-
-## Usage
-~~~
-flyctl postgres failover [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for failover
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_import.md b/flyctl/cmd/flyctl_postgres_import.md
deleted file mode 100644
index 02df8aee0a..0000000000
--- a/flyctl/cmd/flyctl_postgres_import.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Imports database from a specified Postgres URI
-
-
-## Usage
-~~~
-flyctl postgres import <source-uri> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string       Application name
-      --clean            Drop database objects prior to creating them.
-  -c, --config string    Path to application configuration file
-      --create           Begin by creating the database itself and reconnecting to it. If --clean is also specified, the script drops and recreates the target database before reconnecting to it. (default true)
-      --data-only        Dump only the data, not the schema (data definitions).
-  -h, --help             help for import
-      --image string     Path to public image containing custom migration process
-      --no-owner         Do not set ownership of objects to match the original database. Makes dump restorable by any user. (default true)
-      --region string    Region to provision migration machine
-      --vm-size string   the size of the VM
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_list.md b/flyctl/cmd/flyctl_postgres_list.md
deleted file mode 100644
index ce96dda529..0000000000
--- a/flyctl/cmd/flyctl_postgres_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List postgres clusters
-
-
-## Usage
-~~~
-flyctl postgres list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for list
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_restart.md b/flyctl/cmd/flyctl_postgres_restart.md
deleted file mode 100644
index e58ed64995..0000000000
--- a/flyctl/cmd/flyctl_postgres_restart.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Restarts each member of the Postgres cluster one by one. Downtime should be minimal.
-
-
-## Usage
-~~~
-flyctl postgres restart [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string           Application name
-  -c, --config string        Path to application configuration file
-      --force                Force a restart even we don't have an active leader
-  -h, --help                 help for restart
-      --skip-health-checks   Runs rolling restart process without waiting for health checks. ( Machines only )
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_users.md b/flyctl/cmd/flyctl_postgres_users.md
deleted file mode 100644
index 2efe73628d..0000000000
--- a/flyctl/cmd/flyctl_postgres_users.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Manage users in a postgres cluster
-
-
-## Usage
-~~~
-flyctl postgres users [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/postgres-users-list/)	 - List users
-
-## Options
-
-~~~
-  -h, --help   help for users
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres](/docs/flyctl/postgres/)	 - Manage Postgres clusters.
-
diff --git a/flyctl/cmd/flyctl_postgres_users_list.md b/flyctl/cmd/flyctl_postgres_users_list.md
deleted file mode 100644
index 9e6f70aebf..0000000000
--- a/flyctl/cmd/flyctl_postgres_users_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-List users
-
-
-## Usage
-~~~
-flyctl postgres users list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl postgres users](/docs/flyctl/postgres-users/)	 - Manage users in a postgres cluster
-
diff --git a/flyctl/cmd/flyctl_proxy.md b/flyctl/cmd/flyctl_proxy.md
deleted file mode 100644
index dc71412a76..0000000000
--- a/flyctl/cmd/flyctl_proxy.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Proxies connections to a Fly Machine through a WireGuard tunnel. By default,
-connects to the first Machine address returned by an internal DNS query on the app.
-
-## Usage
-~~~
-flyctl proxy <local:remote> [remote_host] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string         Application name
-  -b, --bind-addr string   Local address to bind to (default "127.0.0.1")
-  -c, --config string      Path to application configuration file
-  -h, --help               help for proxy
-  -o, --org string         The target Fly.io organization
-  -q, --quiet              Don't print progress indicators for WireGuard
-  -s, --select             Prompt to select from available Machines from the current application
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_redis.md b/flyctl/cmd/flyctl_redis.md
deleted file mode 100644
index 06ad248628..0000000000
--- a/flyctl/cmd/flyctl_redis.md
+++ /dev/null
@@ -1,37 +0,0 @@
-Launch and manage Redis databases managed by Upstash.com
-
-## Usage
-~~~
-flyctl redis [command] [flags]
-~~~
-
-## Available Commands
-* [connect](/docs/flyctl/redis-connect/)	 - Connect to a Redis database using redis-cli
-* [create](/docs/flyctl/redis-create/)	 - Create an Upstash Redis database
-* [dashboard](/docs/flyctl/redis-dashboard/)	 - View your Upstash Redis databases on the Upstash web console
-* [destroy](/docs/flyctl/redis-destroy/)	 - Permanently destroy an Upstash Redis database
-* [list](/docs/flyctl/redis-list/)	 - List Upstash Redis databases for an organization
-* [plans](/docs/flyctl/redis-plans/)	 - List available Redis plans
-* [proxy](/docs/flyctl/redis-proxy/)	 - Proxy to a Redis database
-* [reset](/docs/flyctl/redis-reset/)	 - Reset the password for an Upstash Redis database
-* [status](/docs/flyctl/redis-status/)	 - Show status of a Redis database
-* [update](/docs/flyctl/redis-update/)	 - Update an Upstash Redis database
-
-## Options
-
-~~~
-  -h, --help   help for redis
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_redis_connect.md b/flyctl/cmd/flyctl_redis_connect.md
deleted file mode 100644
index d6f8385e58..0000000000
--- a/flyctl/cmd/flyctl_redis_connect.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Connect to a Redis database using redis-cli
-
-## Usage
-~~~
-flyctl redis connect [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help            help for connect
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_create.md b/flyctl/cmd/flyctl_redis_create.md
deleted file mode 100644
index 7e4b9fc0d1..0000000000
--- a/flyctl/cmd/flyctl_redis_create.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Create an Upstash Redis database
-
-## Usage
-~~~
-flyctl redis create [flags]
-~~~
-
-## Options
-
-~~~
-      --disable-eviction         Disallow writes when the max data size limit has been reached
-      --enable-eviction          Evict objects when memory is full
-  -h, --help                     help for create
-  -n, --name string              The name of your Redis database
-      --no-replicas              Don't prompt for selecting replica regions
-  -o, --org string               The target Fly.io organization
-  -r, --region string            The target region (see 'flyctl platform regions')
-      --replica-regions string   Comma-separated list of regions to deploy read replicas (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_dashboard.md b/flyctl/cmd/flyctl_redis_dashboard.md
deleted file mode 100644
index 91e07c1ba8..0000000000
--- a/flyctl/cmd/flyctl_redis_dashboard.md
+++ /dev/null
@@ -1,25 +0,0 @@
-View your Upstash Redis databases on the Upstash web console
-
-## Usage
-~~~
-flyctl redis dashboard <org_slug> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for dashboard
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_destroy.md b/flyctl/cmd/flyctl_redis_destroy.md
deleted file mode 100644
index 0a2a4af80d..0000000000
--- a/flyctl/cmd/flyctl_redis_destroy.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Permanently destroy an Upstash Redis database
-
-## Usage
-~~~
-flyctl redis destroy <name> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for destroy
-  -y, --yes    Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_list.md b/flyctl/cmd/flyctl_redis_list.md
deleted file mode 100644
index a7e67a9110..0000000000
--- a/flyctl/cmd/flyctl_redis_list.md
+++ /dev/null
@@ -1,26 +0,0 @@
-List Upstash Redis databases for an organization
-
-## Usage
-~~~
-flyctl redis list [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for list
-  -o, --org string   The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_plans.md b/flyctl/cmd/flyctl_redis_plans.md
deleted file mode 100644
index f2a94b837e..0000000000
--- a/flyctl/cmd/flyctl_redis_plans.md
+++ /dev/null
@@ -1,25 +0,0 @@
-List available Redis plans
-
-## Usage
-~~~
-flyctl redis plans [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for plans
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_proxy.md b/flyctl/cmd/flyctl_redis_proxy.md
deleted file mode 100644
index cc9ebbde04..0000000000
--- a/flyctl/cmd/flyctl_redis_proxy.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Proxy to a Redis database
-
-## Usage
-~~~
-flyctl redis proxy [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help            help for proxy
-  -o, --org string      The target Fly.io organization
-  -r, --region string   The target region (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_reset.md b/flyctl/cmd/flyctl_redis_reset.md
deleted file mode 100644
index 571355faf6..0000000000
--- a/flyctl/cmd/flyctl_redis_reset.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Reset the password for an Upstash Redis database
-
-## Usage
-~~~
-flyctl redis reset <name> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for reset
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_status.md b/flyctl/cmd/flyctl_redis_status.md
deleted file mode 100644
index 69ae5e264e..0000000000
--- a/flyctl/cmd/flyctl_redis_status.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Show status of a Redis database
-
-
-## Usage
-~~~
-flyctl redis status <name> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for status
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_redis_update.md b/flyctl/cmd/flyctl_redis_update.md
deleted file mode 100644
index 45268e0394..0000000000
--- a/flyctl/cmd/flyctl_redis_update.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Update an Upstash Redis database
-
-## Usage
-~~~
-flyctl redis update <name> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help                     help for update
-  -o, --org string               The target Fly.io organization
-  -r, --region string            The target region (see 'flyctl platform regions')
-      --replica-regions string   Comma-separated list of regions to deploy read replicas (see 'flyctl platform regions')
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl redis](/docs/flyctl/redis/)	 - Launch and manage Redis databases managed by Upstash.com
-
diff --git a/flyctl/cmd/flyctl_releases.md b/flyctl/cmd/flyctl_releases.md
deleted file mode 100644
index 52b1c85650..0000000000
--- a/flyctl/cmd/flyctl_releases.md
+++ /dev/null
@@ -1,31 +0,0 @@
-List all the releases of the application onto the Fly platform,
-including type, when, success/fail and which user triggered the release.
-
-
-## Usage
-~~~
-flyctl releases [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for releases
-      --image           Display the Docker image reference of the release
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_scale.md b/flyctl/cmd/flyctl_scale.md
deleted file mode 100644
index 0c34280029..0000000000
--- a/flyctl/cmd/flyctl_scale.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Scale application resources
-
-## Usage
-~~~
-flyctl scale [command] [flags]
-~~~
-
-## Available Commands
-* [count](/docs/flyctl/scale-count/)	 - Change an app's VM count to the given value
-* [memory](/docs/flyctl/scale-memory/)	 - Set VM memory
-* [show](/docs/flyctl/scale-show/)	 - Show current resources
-* [vm](/docs/flyctl/scale-vm/)	 - Change an app's VM to a named size (eg. shared-cpu-1x, dedicated-cpu-1x, dedicated-cpu-2x...)
-
-## Options
-
-~~~
-  -h, --help   help for scale
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_scale_count.md b/flyctl/cmd/flyctl_scale_count.md
deleted file mode 100644
index f768e94ecb..0000000000
--- a/flyctl/cmd/flyctl_scale_count.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Change an app's VM count to the given value.
-
-For pricing, see https://fly.io/docs/about/pricing/
-
-## Usage
-~~~
-flyctl scale count [count] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-  -c, --config string               Path to application configuration file
-      --from-snapshot string        New volumes are restored from snapshot, use 'last' for most recent snapshot. The default is an empty volume
-  -h, --help                        help for count
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-      --max-per-region int          Max number of VMs per region (default -1)
-  -g, --process-group string        The process group to scale
-  -r, --region string               Comma separated list of regions to act on. Defaults to all regions where there is at least one machine running for the app
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --with-new-volumes            New machines each get a new volumes even if there are unattached volumes available
-  -y, --yes                         Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl scale](/docs/flyctl/scale/)	 - Scale app resources
-
diff --git a/flyctl/cmd/flyctl_scale_memory.md b/flyctl/cmd/flyctl_scale_memory.md
deleted file mode 100644
index a30f03adf6..0000000000
--- a/flyctl/cmd/flyctl_scale_memory.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Set VM memory to a number of megabytes
-
-## Usage
-~~~
-flyctl scale memory [memoryMB] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string             Application name
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for memory
-  -g, --process-group string   The process group to apply the VM size to
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl scale](/docs/flyctl/scale/)	 - Scale app resources
-
diff --git a/flyctl/cmd/flyctl_scale_show.md b/flyctl/cmd/flyctl_scale_show.md
deleted file mode 100644
index d9fe0f90fc..0000000000
--- a/flyctl/cmd/flyctl_scale_show.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Show current VM size and counts
-
-## Usage
-~~~
-flyctl scale show [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl scale](/docs/flyctl/scale/)	 - Scale app resources
-
diff --git a/flyctl/cmd/flyctl_scale_vm.md b/flyctl/cmd/flyctl_scale_vm.md
deleted file mode 100644
index 10409e15f7..0000000000
--- a/flyctl/cmd/flyctl_scale_vm.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Change an application's VM size to one of the named VM sizes.
-
-For a full list of supported sizes use the command 'flyctl platform vm-sizes'
-
-Memory size can be set with --memory=number-of-MB
-e.g. flyctl scale vm shared-cpu-1x --memory=2048
-
-For pricing, see https://fly.io/docs/about/pricing/
-
-## Usage
-~~~
-flyctl scale vm [size] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string             Application name
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for vm
-  -g, --process-group string   The process group to apply the VM size to
-      --vm-memory int          Memory in MB for the VM
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl scale](/docs/flyctl/scale/)	 - Scale app resources
-
diff --git a/flyctl/cmd/flyctl_secrets.md b/flyctl/cmd/flyctl_secrets.md
deleted file mode 100644
index 469625ed18..0000000000
--- a/flyctl/cmd/flyctl_secrets.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Secrets are provided to applications at runtime as ENV variables. Names are
-		case sensitive and stored as-is, so ensure names are appropriate for
-		the application and vm environment.
-		
-
-## Usage
-~~~
-flyctl secrets [command] [flags]
-~~~
-
-## Available Commands
-* [deploy](/docs/flyctl/secrets-deploy/)	 - Deploy staged secrets for an application
-* [import](/docs/flyctl/secrets-import/)	 - Set secrets as NAME=VALUE pairs from stdin
-* [list](/docs/flyctl/secrets-list/)	 - List application secret names, digests and creation times
-* [set](/docs/flyctl/secrets-set/)	 - Set one or more encrypted secrets for an application
-* [unset](/docs/flyctl/secrets-unset/)	 - Unset one or more encrypted secrets for an application
-
-## Options
-
-~~~
-  -h, --help   help for secrets
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_secrets_deploy.md b/flyctl/cmd/flyctl_secrets_deploy.md
deleted file mode 100644
index 29826c54af..0000000000
--- a/flyctl/cmd/flyctl_secrets_deploy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Deploy staged secrets for an application
-
-## Usage
-~~~
-flyctl secrets deploy [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --detach          Return immediately instead of monitoring deployment progress
-  -h, --help            help for deploy
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-
diff --git a/flyctl/cmd/flyctl_secrets_import.md b/flyctl/cmd/flyctl_secrets_import.md
deleted file mode 100644
index 378c231504..0000000000
--- a/flyctl/cmd/flyctl_secrets_import.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Set one or more encrypted secrets for an application. Values are read from stdin as NAME=VALUE pairs
-
-## Usage
-~~~
-flyctl secrets import [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --detach          Return immediately instead of monitoring deployment progress
-  -h, --help            help for import
-      --stage           Set secrets but skip deployment for machine apps
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-
diff --git a/flyctl/cmd/flyctl_secrets_list.md b/flyctl/cmd/flyctl_secrets_list.md
deleted file mode 100644
index 7be5c947b9..0000000000
--- a/flyctl/cmd/flyctl_secrets_list.md
+++ /dev/null
@@ -1,30 +0,0 @@
-List the secrets available to the application. It shows each secret's
-name, a digest of its value and the time the secret was last set. The
-actual value of the secret is only available to the application.
-
-## Usage
-~~~
-flyctl secrets list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-
diff --git a/flyctl/cmd/flyctl_secrets_set.md b/flyctl/cmd/flyctl_secrets_set.md
deleted file mode 100644
index 16bbe0cbc0..0000000000
--- a/flyctl/cmd/flyctl_secrets_set.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Set one or more encrypted secrets for an application
-
-## Usage
-~~~
-flyctl secrets set [flags] NAME=VALUE NAME=VALUE ...
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --detach          Return immediately instead of monitoring deployment progress
-  -h, --help            help for set
-      --stage           Set secrets but skip deployment for machine apps
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-
diff --git a/flyctl/cmd/flyctl_secrets_unset.md b/flyctl/cmd/flyctl_secrets_unset.md
deleted file mode 100644
index eeb01fb953..0000000000
--- a/flyctl/cmd/flyctl_secrets_unset.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Unset one or more encrypted secrets for an application
-
-## Usage
-~~~
-flyctl secrets unset [flags] NAME NAME ...
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --detach          Return immediately instead of monitoring deployment progress
-  -h, --help            help for unset
-      --stage           Set secrets but skip deployment for machine apps
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl secrets](/docs/flyctl/secrets/)	 - Manage application secrets with the set and unset commands.
-
diff --git a/flyctl/cmd/flyctl_services.md b/flyctl/cmd/flyctl_services.md
deleted file mode 100644
index 0ba2d1e01e..0000000000
--- a/flyctl/cmd/flyctl_services.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Shows information about the services of the application.
-
-## Usage
-~~~
-flyctl services [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/services-list/)	 - List services
-
-## Options
-
-~~~
-  -h, --help   help for services
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_services_list.md b/flyctl/cmd/flyctl_services_list.md
deleted file mode 100644
index cd04550406..0000000000
--- a/flyctl/cmd/flyctl_services_list.md
+++ /dev/null
@@ -1,27 +0,0 @@
-List the services that are associated with an app
-
-## Usage
-~~~
-flyctl services list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl services](/docs/flyctl/services/)	 - Show the application's services
-
diff --git a/flyctl/cmd/flyctl_settings.md b/flyctl/cmd/flyctl_settings.md
deleted file mode 100644
index d7e837fbdb..0000000000
--- a/flyctl/cmd/flyctl_settings.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Manage flyctl settings
-
-## Usage
-~~~
-flyctl settings [command] [flags]
-~~~
-
-## Available Commands
-* [analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
-* [autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
-
-## Options
-
-~~~
-  -h, --help   help for settings
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_settings_analytics.md b/flyctl/cmd/flyctl_settings_analytics.md
deleted file mode 100644
index be5c50efeb..0000000000
--- a/flyctl/cmd/flyctl_settings_analytics.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Control anonymized analytics collection
-
-## Usage
-~~~
-flyctl settings analytics [flags]
-~~~
-
-## Available Commands
-* [disable](/docs/flyctl/settings-analytics-disable/)	 - Disable analytics
-* [enable](/docs/flyctl/settings-analytics-enable/)	 - Enable analytics
-
-## Options
-
-~~~
-  -h, --help   help for analytics
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings](/docs/flyctl/settings/)	 - Manage flyctl settings
-
diff --git a/flyctl/cmd/flyctl_settings_analytics_disable.md b/flyctl/cmd/flyctl_settings_analytics_disable.md
deleted file mode 100644
index 213e6167ff..0000000000
--- a/flyctl/cmd/flyctl_settings_analytics_disable.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Disable analytics
-
-## Usage
-~~~
-flyctl settings analytics disable [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for disable
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
-
diff --git a/flyctl/cmd/flyctl_settings_analytics_enable.md b/flyctl/cmd/flyctl_settings_analytics_enable.md
deleted file mode 100644
index 5130e6225f..0000000000
--- a/flyctl/cmd/flyctl_settings_analytics_enable.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Enable analytics
-
-## Usage
-~~~
-flyctl settings analytics enable [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for enable
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings analytics](/docs/flyctl/settings-analytics/)	 - Control anonymized analytics collection
-
diff --git a/flyctl/cmd/flyctl_settings_autoupdate.md b/flyctl/cmd/flyctl_settings_autoupdate.md
deleted file mode 100644
index 0f2c53aee4..0000000000
--- a/flyctl/cmd/flyctl_settings_autoupdate.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Control automatic updates
-
-## Usage
-~~~
-flyctl settings autoupdate [flags]
-~~~
-
-## Available Commands
-* [disable](/docs/flyctl/settings-autoupdate-disable/)	 - Disable automatic updates
-* [enable](/docs/flyctl/settings-autoupdate-enable/)	 - Enable automatic updates
-
-## Options
-
-~~~
-  -h, --help   help for autoupdate
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings](/docs/flyctl/settings/)	 - Manage flyctl settings
-
diff --git a/flyctl/cmd/flyctl_settings_autoupdate_disable.md b/flyctl/cmd/flyctl_settings_autoupdate_disable.md
deleted file mode 100644
index 3b9d043a8c..0000000000
--- a/flyctl/cmd/flyctl_settings_autoupdate_disable.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Disable automatic updates
-
-## Usage
-~~~
-flyctl settings autoupdate disable [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for disable
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
-
diff --git a/flyctl/cmd/flyctl_settings_autoupdate_enable.md b/flyctl/cmd/flyctl_settings_autoupdate_enable.md
deleted file mode 100644
index 444bbc1e46..0000000000
--- a/flyctl/cmd/flyctl_settings_autoupdate_enable.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Enable automatic updates
-
-## Usage
-~~~
-flyctl settings autoupdate enable [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for enable
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl settings autoupdate](/docs/flyctl/settings-autoupdate/)	 - Control automatic updates
-
diff --git a/flyctl/cmd/flyctl_sftp.md b/flyctl/cmd/flyctl_sftp.md
deleted file mode 100644
index f0a2fd1d99..0000000000
--- a/flyctl/cmd/flyctl_sftp.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Get or put files from a remote VM.
-
-## Usage
-~~~
-flyctl sftp [command] [flags]
-~~~
-
-## Available Commands
-* [find](/docs/flyctl/sftp-find/)	 - The SFTP FIND command lists files (from an optional root directory) on a remote VM.
-* [get](/docs/flyctl/sftp-get/)	 - The SFTP GET retrieves a file from a remote VM.
-* [shell](/docs/flyctl/sftp-shell/)	 - The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
-
-## Options
-
-~~~
-  -h, --help   help for sftp
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_sftp_find.md b/flyctl/cmd/flyctl_sftp_find.md
deleted file mode 100644
index cf738a7469..0000000000
--- a/flyctl/cmd/flyctl_sftp_find.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP FIND command lists files (from an optional root directory) on a remote VM.
-
-## Usage
-~~~
-flyctl sftp find [path] [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for find
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_sftp_get.md b/flyctl/cmd/flyctl_sftp_get.md
deleted file mode 100644
index 90f3f2e111..0000000000
--- a/flyctl/cmd/flyctl_sftp_get.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP GET retrieves a file from a remote VM.
-
-## Usage
-~~~
-flyctl sftp get <path> [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for get
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_sftp_shell.md b/flyctl/cmd/flyctl_sftp_shell.md
deleted file mode 100644
index 7ee2a49cc6..0000000000
--- a/flyctl/cmd/flyctl_sftp_shell.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
-
-## Usage
-~~~
-flyctl sftp shell [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for shell
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl sftp](/docs/flyctl/sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_ssh.md b/flyctl/cmd/flyctl_ssh.md
deleted file mode 100644
index 37e697aa2f..0000000000
--- a/flyctl/cmd/flyctl_ssh.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Use SSH to log into or run commands on Machines
-
-## Usage
-~~~
-flyctl ssh [command] [flags]
-~~~
-
-## Available Commands
-* [console](/docs/flyctl/ssh-console/)	 - Connect to a running instance of the current app.
-* [issue](/docs/flyctl/ssh-issue/)	 - Issue a new SSH credential
-* [log](/docs/flyctl/ssh-log/)	 - Log of all issued SSH certs
-* [sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
-
-## Options
-
-~~~
-  -h, --help   help for ssh
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_ssh_console.md b/flyctl/cmd/flyctl_ssh_console.md
deleted file mode 100644
index 72a30cc726..0000000000
--- a/flyctl/cmd/flyctl_ssh_console.md
+++ /dev/null
@@ -1,37 +0,0 @@
-Connect to a running instance of the current app.
-
-## Usage
-~~~
-flyctl ssh console [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for console
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
-
diff --git a/flyctl/cmd/flyctl_ssh_issue.md b/flyctl/cmd/flyctl_ssh_issue.md
deleted file mode 100644
index c2d658e4fb..0000000000
--- a/flyctl/cmd/flyctl_ssh_issue.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Issue a new SSH credential. With -agent, populate credential
-into SSH agent. With -hour, set the number of hours (1-72) for credential
-validity.
-
-## Usage
-~~~
-flyctl ssh issue [org] [path] [flags]
-~~~
-
-## Options
-
-~~~
-      --agent              Add key to SSH agent
-  -d, --dotssh             Store keys in ~/.ssh, like normal keys
-  -h, --help               help for issue
-      --hours int          Expiration, in hours (<72) (default 24)
-  -o, --org string         The target Fly.io organization
-      --overwrite          Overwrite existing SSH keys in same location, if we generated them
-  -u, --username strings   Unix usernames the SSH cert can authenticate as (default [root,fly])
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
-
diff --git a/flyctl/cmd/flyctl_ssh_log.md b/flyctl/cmd/flyctl_ssh_log.md
deleted file mode 100644
index 67a6cab5ac..0000000000
--- a/flyctl/cmd/flyctl_ssh_log.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Log of all issued SSH certs
-
-## Usage
-~~~
-flyctl ssh log [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help         help for log
-  -j, --json         JSON output
-  -o, --org string   The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
-
diff --git a/flyctl/cmd/flyctl_ssh_sftp.md b/flyctl/cmd/flyctl_ssh_sftp.md
deleted file mode 100644
index fb45c3b314..0000000000
--- a/flyctl/cmd/flyctl_ssh_sftp.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Get or put files from a remote VM.
-
-## Usage
-~~~
-flyctl ssh sftp [command] [flags]
-~~~
-
-## Available Commands
-* [find](/docs/flyctl/ssh-sftp-find/)	 - The SFTP FIND command lists files (from an optional root directory) on a remote VM.
-* [get](/docs/flyctl/ssh-sftp-get/)	 - The SFTP GET retrieves a file from a remote VM.
-* [shell](/docs/flyctl/ssh-sftp-shell/)	 - The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
-
-## Options
-
-~~~
-  -h, --help   help for sftp
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh](/docs/flyctl/ssh/)	 - Use SSH to log into or run commands on Machines
-
diff --git a/flyctl/cmd/flyctl_ssh_sftp_find.md b/flyctl/cmd/flyctl_ssh_sftp_find.md
deleted file mode 100644
index 62acd71026..0000000000
--- a/flyctl/cmd/flyctl_ssh_sftp_find.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP FIND command lists files (from an optional root directory) on a remote VM.
-
-## Usage
-~~~
-flyctl ssh sftp find [path] [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for find
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_ssh_sftp_get.md b/flyctl/cmd/flyctl_ssh_sftp_get.md
deleted file mode 100644
index 801af478a8..0000000000
--- a/flyctl/cmd/flyctl_ssh_sftp_get.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP GET retrieves a file from a remote VM.
-
-## Usage
-~~~
-flyctl ssh sftp get <path> [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for get
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_ssh_sftp_shell.md b/flyctl/cmd/flyctl_ssh_sftp_shell.md
deleted file mode 100644
index df0693fd70..0000000000
--- a/flyctl/cmd/flyctl_ssh_sftp_shell.md
+++ /dev/null
@@ -1,37 +0,0 @@
-The SFTP SHELL command brings up an interactive SFTP session to fetch and push files from/to a VM.
-
-## Usage
-~~~
-flyctl ssh sftp shell [flags]
-~~~
-
-## Options
-
-~~~
-  -A, --address string         Address of VM to connect to
-  -a, --app string             Application name
-  -C, --command string         command to run on SSH session
-  -c, --config string          Path to application configuration file
-  -h, --help                   help for shell
-      --machine string         Run the console in the existing machine with the specified ID
-  -o, --org string             The target Fly.io organization
-  -g, --process-group string   The target process group
-      --pty                    Allocate a pseudo-terminal (default: on when no command is provided)
-  -q, --quiet                  Don't print progress indicators for WireGuard
-  -r, --region string          The target region (see 'flyctl platform regions')
-  -s, --select                 select available instances
-  -u, --user string            Unix username to connect as (default "root")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl ssh sftp](/docs/flyctl/ssh-sftp/)	 - Get or put files from a remote VM.
-
diff --git a/flyctl/cmd/flyctl_status.md b/flyctl/cmd/flyctl_status.md
deleted file mode 100644
index ab5803626b..0000000000
--- a/flyctl/cmd/flyctl_status.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Show the application's current status including application
-details, tasks, most recent deployment details and in which regions it is
-currently allocated.
-
-
-## Usage
-~~~
-flyctl status [flags]
-~~~
-
-## Available Commands
-* [instance](/docs/flyctl/status-instance/)	 - Show instance status
-
-## Options
-
-~~~
-      --all             Show completed instances
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-      --deployment      Always show deployment status
-  -h, --help            help for status
-  -j, --json            JSON output
-      --rate int        Refresh Rate for --watch (default 5)
-      --watch           Refresh details
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_status_instance.md b/flyctl/cmd/flyctl_status_instance.md
deleted file mode 100644
index 2f2aa63f02..0000000000
--- a/flyctl/cmd/flyctl_status_instance.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Show the instance's current status including checks and events.
-
-
-## Usage
-~~~
-flyctl status instance <INSTANCE_ID> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for instance
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl status](/docs/flyctl/status/)	 - Show app status
-
diff --git a/flyctl/cmd/flyctl_tokens.md b/flyctl/cmd/flyctl_tokens.md
deleted file mode 100644
index bb0c9ae13d..0000000000
--- a/flyctl/cmd/flyctl_tokens.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Manage Fly.io API tokens
-
-## Usage
-~~~
-flyctl tokens [command] [flags]
-~~~
-
-## Available Commands
-* [3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
-* [attenuate](/docs/flyctl/tokens-attenuate/)	 - Attenuate Fly.io API tokens
-* [create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
-* [debug](/docs/flyctl/tokens-debug/)	 - Debug Fly.io API tokens
-* [list](/docs/flyctl/tokens-list/)	 - List tokens
-* [revoke](/docs/flyctl/tokens-revoke/)	 - Revoke tokens
-
-## Options
-
-~~~
-  -h, --help   help for tokens
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_tokens_3p.md b/flyctl/cmd/flyctl_tokens_3p.md
deleted file mode 100644
index a0670f2606..0000000000
--- a/flyctl/cmd/flyctl_tokens_3p.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Add, manage, and discharge third-party tokens for a Fly.io API token.
-The token to be manipulated may either be passed in the -t argument or in FLY_API_TOKEN.
-Third-party caveats rely on a secret shared with between the third party and the
-author of the caveat. Pass this secret with --secret, --secret-file, or through the
-TOKEN_3P_SHARED_SECRET variable.
-
-
-## Usage
-~~~
-flyctl tokens 3p [command] [flags]
-~~~
-
-## Available Commands
-* [add](/docs/flyctl/tokens-3p-add/)	 - Add a third-party caveat
-* [add-discharge](/docs/flyctl/tokens-3p-add-discharge/)	 - Tack a discharge token onto a Fly.io API token
-* [discharge](/docs/flyctl/tokens-3p-discharge/)	 - Exchange a ticket for the token that discharges a third-party caveat
-* [ticket](/docs/flyctl/tokens-3p-ticket/)	 - Retrieve the ticket from an existing third-party caveat
-
-## Options
-
-~~~
-  -h, --help   help for 3p
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_3p_add-discharge.md b/flyctl/cmd/flyctl_tokens_3p_add-discharge.md
deleted file mode 100644
index a0dad1540c..0000000000
--- a/flyctl/cmd/flyctl_tokens_3p_add-discharge.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Once obtained by exchanging a caveat ticket with a third-party service,
-add the matching discharge token to the Fly.io API token header, to include it with
-authentication attempts.
-
-## Usage
-~~~
-flyctl tokens 3p add-discharge [flags]
-~~~
-
-## Options
-
-~~~
-  -d, --discharge string   Third-party discharge token
-  -h, --help               help for add-discharge
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_3p_add.md b/flyctl/cmd/flyctl_tokens_3p_add.md
deleted file mode 100644
index eef3f6ad9d..0000000000
--- a/flyctl/cmd/flyctl_tokens_3p_add.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Add a caveat to the Fly.io token that requires a third-party service,
-identified by --location (a URL), to supply a discharge token in order to clear.
-
-
-## Usage
-~~~
-flyctl tokens 3p add [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help                 help for add
-  -l, --location string      URL identifying third-party service
-  -S, --secret string        (insecure) base64 shared secret for third-party caveat
-  -s, --secret-file string   file containing base64 shared secret for third-party caveat
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_3p_discharge.md b/flyctl/cmd/flyctl_tokens_3p_discharge.md
deleted file mode 100644
index b6b4a52460..0000000000
--- a/flyctl/cmd/flyctl_tokens_3p_discharge.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Given the ticket for a third-party caveat, generate the discharge token
-that satisfies the caveat.
-
-## Usage
-~~~
-flyctl tokens 3p discharge [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help                 help for discharge
-  -l, --location string      URL identifying third-party service
-  -S, --secret string        (insecure) base64 shared secret for third-party caveat
-  -s, --secret-file string   file containing base64 shared secret for third-party caveat
-      --ticket string        Third party caveat ticket
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_3p_ticket.md b/flyctl/cmd/flyctl_tokens_3p_ticket.md
deleted file mode 100644
index 1fc5d0f7a7..0000000000
--- a/flyctl/cmd/flyctl_tokens_3p_ticket.md
+++ /dev/null
@@ -1,28 +0,0 @@
-If a third-party caveat tied to the URL at --location is present in
-the Fly.io API token, retrieve its ticket, so it can be submitted to the service
-to retrieve a discharge token.
-
-## Usage
-~~~
-flyctl tokens 3p ticket [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help              help for ticket
-  -l, --location string   URL identifying third-party service
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens 3p](/docs/flyctl/tokens-3p/)	 - Manage third-party (3P) caveats for Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_attenuate.md b/flyctl/cmd/flyctl_tokens_attenuate.md
deleted file mode 100644
index 529a571f19..0000000000
--- a/flyctl/cmd/flyctl_tokens_attenuate.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Attenuate a Fly.io API token by appending caveats to it. The
-				token to be attenuated may either be passed in the -t argument
-				or in FLY_API_TOKEN. Caveats must be JSON encoded. See
-				https://github.com/superfly/macaroon for details on
-				macaroons and caveats.
-
-## Usage
-~~~
-flyctl tokens attenuate [flags]
-~~~
-
-## Options
-
-~~~
-  -f, --file string   Filename to read caveats from. Defaults to stdin
-  -h, --help          help for attenuate
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_create.md b/flyctl/cmd/flyctl_tokens_create.md
deleted file mode 100644
index 048b24a6ab..0000000000
--- a/flyctl/cmd/flyctl_tokens_create.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Create Fly.io API tokens
-
-## Usage
-~~~
-flyctl tokens create [command] [flags]
-~~~
-
-## Available Commands
-* [deploy](/docs/flyctl/tokens-create-deploy/)	 - Create deploy tokens
-* [litefs-cloud](/docs/flyctl/tokens-create-litefs-cloud/)	 - Create LiteFS Cloud tokens
-* [org](/docs/flyctl/tokens-create-org/)	 - Create org deploy tokens
-* [readonly](/docs/flyctl/tokens-create-readonly/)	 - Create read-only org tokens
-
-## Options
-
-~~~
-  -h, --help   help for create
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_create_deploy.md b/flyctl/cmd/flyctl_tokens_create_deploy.md
deleted file mode 100644
index c6c73fe44f..0000000000
--- a/flyctl/cmd/flyctl_tokens_create_deploy.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Create an API token limited to managing a single app and its resources. Also available as TOKENS DEPLOY. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
-
-## Usage
-~~~
-flyctl tokens create deploy [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string        Application name
-  -c, --config string     Path to application configuration file
-  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
-  -h, --help              help for deploy
-  -j, --json              JSON output
-  -n, --name string       Token name (default "flyctl deploy token")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_create_litefs-cloud.md b/flyctl/cmd/flyctl_tokens_create_litefs-cloud.md
deleted file mode 100644
index 5ae363010d..0000000000
--- a/flyctl/cmd/flyctl_tokens_create_litefs-cloud.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Create an API token limited to a single LiteFS Cloud cluster.
-
-## Usage
-~~~
-flyctl tokens create litefs-cloud [flags]
-~~~
-
-## Options
-
-~~~
-  -c, --cluster string    Cluster name
-  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
-  -h, --help              help for litefs-cloud
-  -j, --json              JSON output
-  -n, --name string       Token name (default "LiteFS Cloud token")
-  -o, --org string        The target Fly.io organization
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_create_org.md b/flyctl/cmd/flyctl_tokens_create_org.md
deleted file mode 100644
index 3134bd25a8..0000000000
--- a/flyctl/cmd/flyctl_tokens_create_org.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Create an API token limited to managing a single org and its resources. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
-
-## Usage
-~~~
-flyctl tokens create org [flags]
-~~~
-
-## Options
-
-~~~
-  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
-  -h, --help              help for org
-  -j, --json              JSON output
-  -n, --name string       Token name (default "Org deploy token")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_create_readonly.md b/flyctl/cmd/flyctl_tokens_create_readonly.md
deleted file mode 100644
index 5887c7de53..0000000000
--- a/flyctl/cmd/flyctl_tokens_create_readonly.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Create an API token limited to reading a single org and its resources. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical.
-
-## Usage
-~~~
-flyctl tokens create readonly [flags]
-~~~
-
-## Options
-
-~~~
-  -x, --expiry duration   The duration that the token will be valid (default 175200h0m0s)
-      --from-existing     Use an existing token as the basis for the read-only token
-  -h, --help              help for readonly
-  -j, --json              JSON output
-  -n, --name string       Token name (default "Read-only org token")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens create](/docs/flyctl/tokens-create/)	 - Create Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_debug.md b/flyctl/cmd/flyctl_tokens_debug.md
deleted file mode 100644
index 454461909d..0000000000
--- a/flyctl/cmd/flyctl_tokens_debug.md
+++ /dev/null
@@ -1,29 +0,0 @@
-Decode and print a Fly.io API token. The token to be
-				debugged may either be passed in the -t argument or in FLY_API_TOKEN.
-				See https://github.com/superfly/macaroon for details Fly.io macaroon
-				tokens.
-
-## Usage
-~~~
-flyctl tokens debug [flags]
-~~~
-
-## Options
-
-~~~
-  -f, --file string   Filename to read caveats from. Defaults to stdin
-  -h, --help          help for debug
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_list.md b/flyctl/cmd/flyctl_tokens_list.md
deleted file mode 100644
index da25c032f1..0000000000
--- a/flyctl/cmd/flyctl_tokens_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-List tokens
-
-## Usage
-~~~
-flyctl tokens list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -s, --scope string    either 'app' or 'org' (default "app")
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_tokens_revoke.md b/flyctl/cmd/flyctl_tokens_revoke.md
deleted file mode 100644
index 46d6cb6754..0000000000
--- a/flyctl/cmd/flyctl_tokens_revoke.md
+++ /dev/null
@@ -1,25 +0,0 @@
-used like: 'fly tokens revoke [ids]'
-
-## Usage
-~~~
-flyctl tokens revoke [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for revoke
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl tokens](/docs/flyctl/tokens/)	 - Manage Fly.io API tokens
-
diff --git a/flyctl/cmd/flyctl_turboku.md b/flyctl/cmd/flyctl_turboku.md
deleted file mode 100644
index d81b519889..0000000000
--- a/flyctl/cmd/flyctl_turboku.md
+++ /dev/null
@@ -1,71 +0,0 @@
-Launch a Heroku app on Fly.io
-
-## Usage
-~~~
-flyctl turboku <heroku-app-name> <heroku-api-token> [flags]
-~~~
-
-## Options
-
-~~~
-      --build-arg stringArray            Set of build time variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --build-only                       Build but do not deploy
-      --build-secret stringArray         Set of build secrets of NAME=VALUE pairs. Can be specified multiple times. See https://docs.docker.com/engine/reference/commandline/buildx_build/#secret
-      --build-target string              Set the target build stage to build if the Dockerfile has more than one stage
-      --detach                           Return immediately instead of monitoring deployment progress
-      --dockerfile string                Path to a Dockerfile. Defaults to the Dockerfile in the working directory.
-  -e, --env stringArray                  Set of environment variables in the form of NAME=VALUE pairs. Can be specified multiple times.
-      --exclude-regions strings          Deploy to all machines except machines in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --exclude-regions iad,sea --exclude-regions syd will exclude all three iad, sea, and syd regions. Applied after --only-regions. V2 machines platform only.
-      --file-literal stringArray         Set of literals in the form of /path/inside/machine=VALUE pairs where VALUE is the content. Can be specified multiple times.
-      --file-local stringArray           Set of files in the form of /path/inside/machine=<local/path> pairs. Can be specified multiple times.
-      --file-secret stringArray          Set of secrets in the form of /path/inside/machine=SECRET pairs where SECRET is the name of the secret. Can be specified multiple times.
-      --ha                               Create spare machines that increases app availability (default true)
-  -h, --help                             help for turboku
-      --host-dedication-id string        The dedication id of the reserved hosts for your organization (if any)
-      --ignorefile string                Path to a Docker ignore file. Defaults to the .dockerignore file in the working directory.
-  -i, --image string                     The Docker image to deploy
-      --image-label string               Image label to use when tagging and pushing to the fly registry. Defaults to "deployment-{timestamp}".
-      --immediate-max-concurrent int     Maximum number of machines to update concurrently when using the immediate deployment strategy. (default 16)
-      --keep                             keep the app directory after deployment
-      --label stringArray                Add custom metadata to an image via docker labels
-      --lease-timeout string             Time duration to lease individual machines while running deployment. All machines are leased at the beginning and released at the end.The lease is refreshed periodically for this same time, which is why it is short.flyctl releases leases in most cases. (default "13s")
-      --local-only                       Perform builds locally using the local docker daemon. The default is --remote-only.
-      --max-unavailable float            Max number of unavailable machines during rolling updates. A number between 0 and 1 means percent of total machines (default 0.33)
-      --name string                      the name of the new app
-      --nixpacks                         Deploy using nixpacks to build the image
-      --no-cache                         Do not use the build cache when building the image
-      --no-deploy                        Do not immediately deploy the new app after fly launch creates and configures it
-      --no-public-ips                    Do not allocate any new public IP addresses
-      --now                              Deploy now without confirmation
-      --only-regions strings             Deploy to machines only in these regions. Multiple regions can be specified with comma separated values or by providing the flag multiple times. --only-regions iad,sea --only-regions syd will deploy to all three iad, sea, and syd regions. Applied before --exclude-regions. V2 machines platform only.
-  -o, --org string                       The target Fly.io organization
-      --process-groups strings           Deploy to machines only in these process groups
-      --provision-extensions             Provision any extensions assigned as a default to first deployments
-      --push                             Push image to registry after build is complete
-  -r, --region string                    The target region (see 'flyctl platform regions')
-      --release-command-timeout string   Time duration to wait for a release command finish running, or 'none' to disable. (default "5m0s")
-      --remote-only                      Perform builds on a remote builder instance instead of using the local docker daemon. This is the default. Use --local-only to build locally.
-      --smoke-checks                     Perform smoke checks during deployment (default true)
-      --strategy string                  The strategy for replacing running instances. Options are canary, rolling, bluegreen, or immediate. Default is canary, or rolling when max-per-region is set.
-      --vm-cpu-kind string               The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                      Number of CPUs
-      --vm-gpu-kind string               If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string                 Memory (in megabytes) to attribute to the VM
-      --vm-size string                   The VM size to set machines to. See "fly platform vm-sizes" for valid values
-      --volume-initial-size int          The initial size in GB for volumes created on first deploy
-      --wait-timeout string              Time duration to wait for individual machines to transition states and become healthy. (default "5m0s")
-  -y, --yes                              Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_version.md b/flyctl/cmd/flyctl_version.md
deleted file mode 100644
index e87776b74f..0000000000
--- a/flyctl/cmd/flyctl_version.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Shows version information for the flyctl command itself, including version
-number and build date.
-
-## Usage
-~~~
-flyctl version [flags]
-~~~
-
-## Available Commands
-* [upgrade](/docs/flyctl/version-upgrade/)	 - Checks for available updates and automatically upgrades
-
-## Options
-
-~~~
-  -h, --help   help for version
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_version_upgrade.md b/flyctl/cmd/flyctl_version_upgrade.md
deleted file mode 100644
index 4e84c3917f..0000000000
--- a/flyctl/cmd/flyctl_version_upgrade.md
+++ /dev/null
@@ -1,26 +0,0 @@
-Checks for an update and if one is available, runs the appropriate
-command to upgrade the application.
-
-## Usage
-~~~
-flyctl version upgrade [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for upgrade
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl version](/docs/flyctl/version/)	 - Show version information for the flyctl command
-
diff --git a/flyctl/cmd/flyctl_volumes.md b/flyctl/cmd/flyctl_volumes.md
deleted file mode 100644
index 2c7aa45e8f..0000000000
--- a/flyctl/cmd/flyctl_volumes.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Manage Fly Volumes.
-
-## Usage
-~~~
-flyctl volumes [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/volumes-create/)	 - Create a new volume for an app.
-* [destroy](/docs/flyctl/volumes-destroy/)	 - Destroy a volume.
-* [extend](/docs/flyctl/volumes-extend/)	 - Extend a volume to the specified size.
-* [fork](/docs/flyctl/volumes-fork/)	 - Fork the specified volume.
-* [list](/docs/flyctl/volumes-list/)	 - List the volumes associated with an app.
-* [show](/docs/flyctl/volumes-show/)	 - Show the details of the specified volume.
-* [snapshots](/docs/flyctl/volumes-snapshots/)	 - Manage volume snapshots
-* [update](/docs/flyctl/volumes-update/)	 - Update a volume for an app.
-
-## Options
-
-~~~
-  -h, --help   help for volumes
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_volumes_create.md b/flyctl/cmd/flyctl_volumes_create.md
deleted file mode 100644
index e53d652898..0000000000
--- a/flyctl/cmd/flyctl_volumes_create.md
+++ /dev/null
@@ -1,44 +0,0 @@
-Create a new volume for an app. Volumes are persistent storage for
-		Fly Machines. The default size is 3 GB. Learn how to add a volume to
-		your app: https://fly.io/docs/apps/volume-storage/
-
-## Usage
-~~~
-flyctl volumes create <volumename> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-  -c, --config string               Path to application configuration file
-  -n, --count int                   The number of volumes to create (default 1)
-  -h, --help                        help for create
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-  -j, --json                        JSON output
-      --no-encryption               Do not encrypt the volume contents. Volume contents are encrypted by default.
-  -r, --region string               The target region (see 'flyctl platform regions')
-      --require-unique-zone         Place the volume in a separate hardware zone from existing volumes. This is the default. (default true)
-  -s, --size int                    The size of volume in gigabytes. The default is 3. (default 3)
-      --snapshot-id string          Create the volume from the specified snapshot
-      --snapshot-retention int      Snapshot retention in days (min 5) (default 5)
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-  -y, --yes                         Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_destroy.md b/flyctl/cmd/flyctl_volumes_destroy.md
deleted file mode 100644
index 92ea34739a..0000000000
--- a/flyctl/cmd/flyctl_volumes_destroy.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Destroy a volume. When you destroy a volume, you permanently delete all its data.
-
-## Usage
-~~~
-flyctl volumes destroy [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for destroy
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_extend.md b/flyctl/cmd/flyctl_volumes_extend.md
deleted file mode 100644
index e09136ee29..0000000000
--- a/flyctl/cmd/flyctl_volumes_extend.md
+++ /dev/null
@@ -1,30 +0,0 @@
-Extend a volume to the specified size. Most Machines don't require a restart. Some older Machines get a message to manually restart the Machine to increase the size of the file system.
-
-## Usage
-~~~
-flyctl volumes extend [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for extend
-  -j, --json            JSON output
-  -s, --size string     Target volume size in gigabytes
-  -y, --yes             Accept all confirmations
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_fork.md b/flyctl/cmd/flyctl_volumes_fork.md
deleted file mode 100644
index 5b1a937e41..0000000000
--- a/flyctl/cmd/flyctl_volumes_fork.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Fork the specified volume. Volume forking creates an independent copy of a storage volume for backup, testing, and experimentation without altering the original data.
-
-## Usage
-~~~
-flyctl volumes fork [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string                  Application name
-  -c, --config string               Path to application configuration file
-  -h, --help                        help for fork
-      --host-dedication-id string   The dedication id of the reserved hosts for your organization (if any)
-  -j, --json                        JSON output
-  -n, --name string                 The name of the new volume
-      --require-unique-zone         Place the volume in a separate hardware zone from existing volumes. This is the default.
-      --vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
-      --vm-cpus int                 Number of CPUs
-      --vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb, l40s)
-      --vm-memory string            Memory (in megabytes) to attribute to the VM
-      --vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_list.md b/flyctl/cmd/flyctl_volumes_list.md
deleted file mode 100644
index e184022289..0000000000
--- a/flyctl/cmd/flyctl_volumes_list.md
+++ /dev/null
@@ -1,28 +0,0 @@
-List the volumes associated with an app.
-
-## Usage
-~~~
-flyctl volumes list [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for list
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_show.md b/flyctl/cmd/flyctl_volumes_show.md
deleted file mode 100644
index 1857138939..0000000000
--- a/flyctl/cmd/flyctl_volumes_show.md
+++ /dev/null
@@ -1,28 +0,0 @@
-Show the details of the specified volume.
-
-## Usage
-~~~
-flyctl volumes show [id] [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string      Application name
-  -c, --config string   Path to application configuration file
-  -h, --help            help for show
-  -j, --json            JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_snapshots.md b/flyctl/cmd/flyctl_volumes_snapshots.md
deleted file mode 100644
index 7a0c8ff336..0000000000
--- a/flyctl/cmd/flyctl_volumes_snapshots.md
+++ /dev/null
@@ -1,29 +0,0 @@
-"Commands for managing volume snapshots"
-
-
-## Usage
-~~~
-flyctl volumes snapshots [command] [flags]
-~~~
-
-## Available Commands
-* [list](/docs/flyctl/volumes-snapshots-list/)	 - List snapshots
-
-## Options
-
-~~~
-  -h, --help   help for snapshots
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_volumes_snapshots_list.md b/flyctl/cmd/flyctl_volumes_snapshots_list.md
deleted file mode 100644
index 215a91077f..0000000000
--- a/flyctl/cmd/flyctl_volumes_snapshots_list.md
+++ /dev/null
@@ -1,26 +0,0 @@
-List snapshots associated with the specified volume
-
-## Usage
-~~~
-flyctl volumes snapshots list <volume-id> [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for list
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes snapshots](/docs/flyctl/volumes-snapshots/)	 - Manage volume snapshots
-
diff --git a/flyctl/cmd/flyctl_volumes_update.md b/flyctl/cmd/flyctl_volumes_update.md
deleted file mode 100644
index 1c15b62ad6..0000000000
--- a/flyctl/cmd/flyctl_volumes_update.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Update a volume for an app. Volumes are persistent storage for
-		Fly Machines. Learn how to add a volume to
-		your app: https://fly.io/docs/apps/volume-storage/
-
-## Usage
-~~~
-flyctl volumes update <volumename> [flags]
-~~~
-
-## Options
-
-~~~
-  -a, --app string               Application name
-  -c, --config string            Path to application configuration file
-  -h, --help                     help for update
-  -j, --json                     JSON output
-      --snapshot-retention int   Snapshot retention in days (min 5)
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl volumes](/docs/flyctl/volumes/)	 - Manage Fly Volumes.
-
diff --git a/flyctl/cmd/flyctl_wireguard.md b/flyctl/cmd/flyctl_wireguard.md
deleted file mode 100644
index 94ea197dcb..0000000000
--- a/flyctl/cmd/flyctl_wireguard.md
+++ /dev/null
@@ -1,33 +0,0 @@
-Commands that manage WireGuard peer connections
-
-## Usage
-~~~
-flyctl wireguard [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/wireguard-create/)	 - Add a WireGuard peer connection
-* [list](/docs/flyctl/wireguard-list/)	 - List all WireGuard peer connections
-* [remove](/docs/flyctl/wireguard-remove/)	 - Remove a WireGuard peer connection
-* [reset](/docs/flyctl/wireguard-reset/)	 - Reset WireGuard peer connection for an organization
-* [token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-* [websockets](/docs/flyctl/wireguard-websockets/)	 - Enable or disable WireGuard tunneling over WebSockets
-
-## Options
-
-~~~
-  -h, --help   help for wireguard
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl](/docs/flyctl/help/)	 - The Fly.io command line interface
-
diff --git a/flyctl/cmd/flyctl_wireguard_create.md b/flyctl/cmd/flyctl_wireguard_create.md
deleted file mode 100644
index 644a7f350c..0000000000
--- a/flyctl/cmd/flyctl_wireguard_create.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Add a WireGuard peer connection to an organization
-
-## Usage
-~~~
-flyctl wireguard create [org] [region] [name] [file] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for create
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/cmd/flyctl_wireguard_list.md b/flyctl/cmd/flyctl_wireguard_list.md
deleted file mode 100644
index fc5e2c3e7b..0000000000
--- a/flyctl/cmd/flyctl_wireguard_list.md
+++ /dev/null
@@ -1,26 +0,0 @@
-List all WireGuard peer connections
-
-## Usage
-~~~
-flyctl wireguard list [org] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for list
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/cmd/flyctl_wireguard_remove.md b/flyctl/cmd/flyctl_wireguard_remove.md
deleted file mode 100644
index 8aa2c295ce..0000000000
--- a/flyctl/cmd/flyctl_wireguard_remove.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Remove a WireGuard peer connection from an organization
-
-## Usage
-~~~
-flyctl wireguard remove [org] [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for remove
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/cmd/flyctl_wireguard_reset.md b/flyctl/cmd/flyctl_wireguard_reset.md
deleted file mode 100644
index 20f702a1a2..0000000000
--- a/flyctl/cmd/flyctl_wireguard_reset.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Reset WireGuard peer connection for an organization
-
-## Usage
-~~~
-flyctl wireguard reset [org] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for reset
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/cmd/flyctl_wireguard_token.md b/flyctl/cmd/flyctl_wireguard_token.md
deleted file mode 100644
index 4cf403399b..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token.md
+++ /dev/null
@@ -1,32 +0,0 @@
-Commands that managed WireGuard delegated access tokens
-
-## Usage
-~~~
-flyctl wireguard token [command] [flags]
-~~~
-
-## Available Commands
-* [create](/docs/flyctl/wireguard-token-create/)	 - Create a new WireGuard token
-* [delete](/docs/flyctl/wireguard-token-delete/)	 - Delete a WireGuard token; token is name:<name> or token:<token>
-* [list](/docs/flyctl/wireguard-token-list/)	 - List all WireGuard tokens
-* [start](/docs/flyctl/wireguard-token-start/)	 - Start a new WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
-* [update](/docs/flyctl/wireguard-token-update/)	 - Rekey a WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
-
-## Options
-
-~~~
-  -h, --help   help for token
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/cmd/flyctl_wireguard_token_create.md b/flyctl/cmd/flyctl_wireguard_token_create.md
deleted file mode 100644
index 3f03446653..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token_create.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Create a new WireGuard token
-
-## Usage
-~~~
-flyctl wireguard token create [org] [name] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for create
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-
diff --git a/flyctl/cmd/flyctl_wireguard_token_delete.md b/flyctl/cmd/flyctl_wireguard_token_delete.md
deleted file mode 100644
index 759a804afe..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token_delete.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Delete a WireGuard token; token is name:<name> or token:<token>
-
-## Usage
-~~~
-flyctl wireguard token delete [org] [token] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for delete
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-
diff --git a/flyctl/cmd/flyctl_wireguard_token_list.md b/flyctl/cmd/flyctl_wireguard_token_list.md
deleted file mode 100644
index e23ee03139..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token_list.md
+++ /dev/null
@@ -1,26 +0,0 @@
-List all WireGuard tokens
-
-## Usage
-~~~
-flyctl wireguard token list [org] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for list
-  -j, --json   JSON output
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-
diff --git a/flyctl/cmd/flyctl_wireguard_token_start.md b/flyctl/cmd/flyctl_wireguard_token_start.md
deleted file mode 100644
index 92a56d8c8f..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token_start.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Start a new WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
-
-## Usage
-~~~
-flyctl wireguard token start [name] [group] [region] [file] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for start
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-
diff --git a/flyctl/cmd/flyctl_wireguard_token_update.md b/flyctl/cmd/flyctl_wireguard_token_update.md
deleted file mode 100644
index 6729f89e40..0000000000
--- a/flyctl/cmd/flyctl_wireguard_token_update.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Rekey a WireGuard peer connection associated with a token (set FLY_WIREGUARD_TOKEN)
-
-## Usage
-~~~
-flyctl wireguard token update [name] [file] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for update
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard token](/docs/flyctl/wireguard-token/)	 - Commands that managed WireGuard delegated access tokens
-
diff --git a/flyctl/cmd/flyctl_wireguard_websockets.md b/flyctl/cmd/flyctl_wireguard_websockets.md
deleted file mode 100644
index f04662a96e..0000000000
--- a/flyctl/cmd/flyctl_wireguard_websockets.md
+++ /dev/null
@@ -1,25 +0,0 @@
-Enable or disable WireGuard tunneling over WebSockets
-
-## Usage
-~~~
-flyctl wireguard websockets [enable|disable] [flags]
-~~~
-
-## Options
-
-~~~
-  -h, --help   help for websockets
-~~~
-
-## Global Options
-
-~~~
-  -t, --access-token string   Fly API Access Token
-      --debug                 Print additional logs and traces
-      --verbose               Verbose output
-~~~
-
-## See Also
-
-* [flyctl wireguard](/docs/flyctl/wireguard/)	 - Commands that manage WireGuard peer connections
-
diff --git a/flyctl/index.html.md b/flyctl/index.html.md
index c60dce5297..8c1e0837dc 100644
--- a/flyctl/index.html.md
+++ b/flyctl/index.html.md
@@ -1,14 +1,17 @@
 ---
-title: Introducing flyctl - The Fly.io CLI
+title: flyctl - The Fly.io CLI
 layout: docs
-sitemap: false
 edit: false
 nav: flyctl
 ---
 
-The `flyctl` command is your primary way to interact with Fly.io.
+flyctl, the Fly.io CLI, is one of the primary ways to interact with the Fly.io platform. You'll use the `fly` command to create and deploy apps, manage Machines and volumes, configure networking, and more.
 
-If you are doing anything with Fly.io, you'll need it. We have [flyctl installation instructions](/docs/hands-on/install-flyctl/) to guide you through installing it on your system. There's also [flyctl and continuous integration](/docs/flyctl/integrating/) which covers environment variables, JSON and other automation related information about flyctl.
+First, [install flyctl](/docs/flyctl/install/).
+
+Also check out [flyctl and continuous integration](/docs/flyctl/integrating/) which covers environment variables, JSON and other automation related information about flyctl.
+
+The following list includes some important commands to get started.
 
 ## Using your Fly.io Account
 
@@ -26,7 +29,6 @@ If you are doing anything with Fly.io, you'll need it. We have [flyctl installat
 
 * Show App Logs: [fly logs](/docs/flyctl/logs/)
 * Show App Deployment Status: [fly status](/docs/flyctl/status/)
-* Show App History: [fly history](/docs/flyctl/history/)
 * Show App Releases: [fly releases](/docs/flyctl/releases/)
 
 ## Configuring networking and certificates
diff --git a/flyctl/install.html.markerb b/flyctl/install.html.markerb
new file mode 100644
index 0000000000..dfe31c2881
--- /dev/null
+++ b/flyctl/install.html.markerb
@@ -0,0 +1,17 @@
+---
+title: Install flyctl
+layout: docs
+nav: flyctl
+redirect_from:
+  - /docs/getting-started/installing-flyctl/
+  - /docs/flyctl/installing/
+  - /docs/hands-on/installing/
+  - /docs/hands-on/install-flyctl/
+---
+
+<%= partial "/docs/partials/docs/flyctl_install" %>
+
+### Next steps
+
+- [Launch an app](/docs/getting-started/launch/)
+- [Browse what's possible on Fly.io](/docs/blueprints/)
diff --git a/flyctl/integrating.html.md b/flyctl/integrating.html.md
index 33385940ef..daf79724db 100644
--- a/flyctl/integrating.html.md
+++ b/flyctl/integrating.html.md
@@ -1,18 +1,17 @@
 ---
-title: Integrating Flyctl
+title: Integrating flyctl
 layout: docs
-sitemap: false
 nav: flyctl
 ---
 
 The flyctl command has a number of features that enable it to be seamlessly integrated with scripted and automated environments such as CI.
 
-## Environment Variables
+## Environment variables
 
 * `FLY_ACCESS_TOKEN` is an environment variable which can be used to pass an access token to an instance of Flyctl. The token may be obtained using `flyctl auth token`. A token with permission to manage a single app can be generated with `fly tokens create deploy`.
 * `FLY_APP` is an environment variable which is used as the application name.
 
 ## JSON output
 
-Most flyctl commands can produce JSON output using the `--json` or `-j` flag. The JSON may be streamed messages in JSON-NL format or a single JSON object, depending on what is being requested.
+Many flyctl commands can produce JSON output using the `--json` or `-j` flag. The JSON may be streamed messages in JSON-NL format or a single JSON object, depending on what is being requested.
 
diff --git a/getting-started/essentials.html.md b/getting-started/essentials.html.md
new file mode 100644
index 0000000000..7dce8f0641
--- /dev/null
+++ b/getting-started/essentials.html.md
@@ -0,0 +1,62 @@
+---
+title: "Fly.io essentials"
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/getting-started.png" alt="Illustration by Annie Ruygt of a figure steering a ship" class="w-full max-w-lg mx-auto">
+</figure>
+
+You really can [get an app up and running in just minutes](https://fly.io/speedrun/) on Fly.io.
+
+But if you want to know a bit more about what's what on the Fly.io platform, then read on. You can skip to the [glossary](#fly-io-glossary) for the tl;dr.
+
+Two big concepts to know about how Fly.io works, and one small one: Fly Machines, Fly Launch, and Fly Apps.
+
+## Fly Machines: The basic unit of Doing Stuff on Fly.io
+
+Fly Machines are fast-launching virtual machines (VMs) that are individually runnable and controllable. We build Machines out of the images you give us and we run them where you tell us to.
+
+Machines are the compute on Fly.io,[ our lowest level of orchestration](https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/). When you just have to run a VM of a specific size in a specific place, Machines are what you want. If you're thinking about individual VMs, rather than applications comprising groups of VMs, then you're thinking about Machines.
+
+Learn more about [Fly Machines](/docs/machines/).
+
+## Fly Launch: Manage applications built on Fly Machines
+
+Fly Launch is how you manage the whole lifecycle of an application on top of Machines, from starting to scaling to changing and redeploying. If you're not thinking of an individual VM, but rather of an application, like "sandwich-ratings.fly.dev", then you're thinking of Fly Launch.
+
+Fly Launch is our built-from-scratch-for-Fly-Machines orchestrator:
+
+- Create your app with the `fly launch` command. Fly Launch detects your framework and gives you useful defaults.
+- Configure your app's deployment and services with the [`fly.toml`](/docs/reference/configuration/) configuration file.
+- Deploy your app's Machines as a group with the `fly deploy` command.
+- Scale your app's Machines [horizontally](/docs/launch/scale-count/) or [vertically](/docs/launch/scale-machine/) with the `fly scale` command. [Scaling based on metrics](/docs/launch/autoscale-by-metric/) is also possible. 
+
+Again, Fly Launch is built on Machines: you can use Fly Launch to manage the scale of your application with a single command, or you can interact directly with Machines for fine-grained control.
+
+Learn more about [Fly Launch](/docs/launch/).
+
+## Fly Apps: We're not here to tell you what to build
+
+Fly Apps are how we group Machines on the Fly.io platform. A Fly App can be a web app, or a database, or a bunch of task Machines, or whatever you want to deploy. When we talk about "your app" in our how-to docs, we're talking about a Fly App.
+
+You can manage a Fly App's Machines as a group with Fly Launch features, or you can run and manage individual Machines with the Machines API or with `fly machine` flyctl commands. You can even do all of these things in one Fly App. 
+
+Learn more about [Fly Apps](/docs/apps/overview/).
+
+## Fly.io glossary
+
+**The Fly.io platform**: All the primitives, products, and features that make up the Fly.io public cloud.
+
+**[Fly Apps](/docs/apps/):** The way Machines are grouped for admin and management on the Fly.io platform.
+
+**[Fly GPUs](/docs/gpus/):** Machines, but with GPUs. They boot up with GPU drivers installed and you can run `nvidia-smi` right away.
+
+**[Fly Launch](/docs/launch/):** Our orchestrator that includes some good stuff for app hosting, like the `fly launch` command to get started, `fly.toml` for configuration, the `fly deploy` command to deploy all your app's Machines into new versions/releases, and the `fly scale` command to scale Machines.
+
+**[Fly Machines](/docs/machines/):** [Firecracker microVMs](https://firecracker-microvm.github.io/) that launch quickly in any [region supported by Fly.io](/docs/reference/regions/). A VM, or virtual machine, functions like a physical computer, but is software-based. Multiple VMs can run, completely isolated, on one physical host. If you've deployed an app on Fly.io, then it's running on Fly Machines. There’s a fast [REST API](/docs/machines/api/) to manage Machines, but you can also use flyctl&mdash;the Fly CLI&mdash;to manage everything from the command line. And then there’s Fly Launch, which combines flyctl commands with a shared config to manage your app’s Machines as a group.
+
+**[Fly Volumes](/docs/volumes/):** Local persistent storage for Fly Machines. Every Fly Volume can be attached to one Machine at a time and belongs to one Fly App.
+
+**[Organizations](/docs/security/org-roles-permissions/)**: Administrative entities on Fly.io that let you to manage billing, control access by adding and removing members, and share app development environments.
diff --git a/getting-started/get-started-by-framework.html.markerb b/getting-started/get-started-by-framework.html.markerb
new file mode 100644
index 0000000000..bf1d778f34
--- /dev/null
+++ b/getting-started/get-started-by-framework.html.markerb
@@ -0,0 +1,16 @@
+---
+title: "Get started with your language or framework"
+layout: docs
+nav: firecracker
+toc: false
+---
+
+Fly Launch scanners detect and deploy the following kinds of apps automatically:
+
+<%= partial "/docs/languages-and-frameworks/partials/scanner_guides" %>
+
+Don't see your framework or language in the list? Fly Launch can deploy almost any app from a [Dockerfile](/docs/languages-and-frameworks/dockerfile/). Learn more about what [Fly Launch](/docs/launch/) does.
+
+<figure class="text-center">
+  <img src="http://github.com/static/images/speedrun-guidebooks.webp" srcset="http://github.com/service/http://github.com/static/images/speedrun-guidebooks@2x.webp%202x " alt="Illustration by Annie Ruygt of Frankie the Fly.io hot air balloon character with one hand on their hip and the other hand out, palm up, with images floating above the hand representing the Elixir, Ruby, Laravel, and Django programming languages">
+</figure>
diff --git a/getting-started/index.html.md b/getting-started/index.html.md
index 49fce4d92b..27364861bb 100644
--- a/getting-started/index.html.md
+++ b/getting-started/index.html.md
@@ -1,25 +1,31 @@
 ---
 title: "Getting started"
 layout: docs
-sitemap: false
 nav: firecracker
+toc: false
 ---
 
-<figure>
-  <img src="http://github.com/static/images/docs-guide.webp" srcset="http://github.com/service/http://github.com/static/images/docs-guide@2x.webp%202x " alt="Illustration by Annie Ruygt of a chair and a small table holding a hot drink, on a rooftop, with a city skyline and hot-air balloons in the background">
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/get-started.png" alt="Illustration by Annie Ruygt of a bird reading from a book" class="max-w-lg">
 </figure>
 
-This section of the Fly.io docs is all about getting you up and running quickly.
+Get up and running on Fly.io:
 
-Follow [Hands-on](/docs/hands-on/) which takes you through creating an account, installing `flyctl`, the Fly.io command-line tool, and launching a simple demo app.
+- **[Quickstart](/docs/getting-started/launch/):** Launch your own app now.
 
-If you'd rather jump right in, try [Speedrun](/docs/speedrun/) to launch your own app fast.
+- **[Launch hellofly demo app](/docs/getting-started/launch-demo):** Walk through installing the flyctl command-line tool and creating an account, then launch a simple "hellofly" demo app.
 
-Once that's done, check out our in-depth docs:
+- **[Deep dive demo](/docs/deep-dive/):** get a fully-functioning app running in the first few minutes, explore how the pieces fit together, and even integrate AI functionality that makes use of GPUs
 
-* **[Language & Framework Guides](/docs/languages-and-frameworks/)**: Comprehensive and starter guides for your favorite languages and frameworks.
-* **[Migrate from Heroku](/docs/rails/getting-started/migrate-from-heroku/)**: See how you'd move an existing Rails app and supporting services from Heroku to Fly.io.
-* **[Fly Launch](/docs/apps)**: You've tried the `fly launch` command. Now learn how to use all the Fly Launch features that help you manage and run your apps.
-* **[Databases & Storage](/docs/database-storage-guides/)**: Options for persistent data storage on the Fly Platform
-* **[Fly Machines](/docs/machines/)**: Go deeper with our VMs, and use them to run your projects and tasks.
-* **[Reference](/docs/reference)**: The details of how the Fly Platform works.
+- **[Choose your language or framework](/docs/getting-started/get-started-by-framework/):** Get started on Fly.io with the tech _you_ love.
+
+- **[Fly.io essentials](/docs/getting-started/essentials):** A primer on Fly Machines and Fly Launch, plus the Fly.io glossary. It's all here.
+
+## Learn more
+
+* [Fly Launch](/docs/apps): You've tried the `fly launch` command. Now learn how to use all the Fly Launch features that help you manage and run your apps.
+* [Going to production checklist](/docs/apps/going-to-production/): Considerations for setting up a production environment on Fly.io.
+* [Fly.io Blueprints](/docs/blueprints/): A library of patterns and examples that you can apply in your own projects.
+* [Databases & Storage](/docs/database-storage-guides/): Options for persistent data storage on Fly.io.
+* [Fly Machines](/docs/machines/): Go deeper with our fast-launching VMs, and use them to run your projects and tasks.
+* [Networking](/docs/networking): How to connect to an app service, use a custom domain, and take advantage of private networking and dynamic request routing.
diff --git a/getting-started/launch-demo.html.markerb b/getting-started/launch-demo.html.markerb
new file mode 100644
index 0000000000..9987b3c885
--- /dev/null
+++ b/getting-started/launch-demo.html.markerb
@@ -0,0 +1,176 @@
+---
+title: "Launch a demo app"
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/hands-on/view-app/
+  - /docs/hands-on/start/
+  - /docs/hands-on/create-app/
+  - /docs/hands-on/connecting-to-an-app/
+  - /docs/hands-on/
+  - /docs/hands-on/launch-app/
+  - /docs/hands-on/check-app-status/
+  - /docs/hands-on/open-app/
+  - /docs/hands-on/deploy-app/
+  - /docs/hands-on/next/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/launch-demo.png" alt="Illustration by Annie Ruygt of a rocket on the launch pad" class="w-full max-w-lg mx-auto">
+</figure>
+
+In this step-by-step guide you'll use Fly Launch to deploy a simple "hello fly" demo app to Fly.io. 
+
+The first step is installing all the tools you need to work with Fly Launch. Which is one tool: flyctl.
+
+## 1. Install flyctl
+
+<%= partial "/docs/partials/docs/flyctl_install" %>
+
+## 2. Sign up or sign in
+
+Sign up for an account or [sign in](#sign-in-to-your-flyio-account) to your existing account.
+
+### Sign up for a Fly.io account
+
+<%= partial "/docs/partials/sign_up" %>
+
+### Sign in to your Fly.io account
+
+<%= partial "/docs/partials/sign_in" %>
+
+## 3. Launch the demo app
+
+Fly Launch helps you quickly deploy almost any kind of app using a Docker image. For this example, you'll use our pre-built Docker image, `flyio/hellofly:latest`, to create and deploy the demo app.
+
+Running `fly launch` to create a new app generates a [`fly.toml` config file](/docs/reference/configuration/) with some useful defaults that you can tweak through a web interface before deploying the app. When you run a command post-deploy, flyctl looks for a `fly.toml` file to get the app name and the configuration to apply.
+
+To create the demo app, run:
+
+```cmd
+fly launch --image flyio/hellofly:latest
+```
+
+You'll get a summary of the defaults for your app. For example:
+
+```output 
+Using image flyio/hellofly:latest
+Creating app in /Users/username/my-app-name
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+Organization: MyName                 (fly launch defaults to the personal org)
+Name:         my-app-name            (derived from your directory name)
+Region:       Secaucus, NJ (US)      (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? (y/N)
+```
+
+Fly launch creates an app name by appending a random name to your project directory name. App names must be globally unique.
+
+To change any settings, type `y` at the prompt to open the Fly Launch page, then click **Confirm Settings** to confirm and deploy the demo app.
+
+Or just type `n` to accept the default and deploy the app.
+
+Example `fly launch` output:
+
+```output
+Created app 'my-app-name' in organization 'personal'
+Admin URL: https://fly.io/apps/my-app-name
+Hostname: my-app-name.fly.dev
+Wrote config file fly.toml
+Validating /Users/username/my-app-dir/fly.toml
+Platform: machines
+✓ Configuration is valid
+==> Building image
+Searching for image 'flyio/hellofly:latest' remotely...
+image found: img_z1nr0lpjz9v5q98w
+
+Watch your deployment at https://fly.io/apps/my-app-name/monitoring
+
+Provisioning ips for my-app-name
+  Dedicated ipv6: 2a09:8280:1::42:a8f4
+  Shared ipv4: 66.241.124.213
+  Add a dedicated ipv4 with: fly ips allocate-v4
+
+This deployment will:
+ * create 2 "app" machines
+
+No machines in group app, launching a new machine
+Creating a second machine to increase service availability
+Finished launching new machines
+-------
+NOTE: The machines for [app] have services with 'auto_stop_machines = true' that will be stopped when idling
+-------
+Visit your newly deployed app at https://my-app-name.fly.dev/
+```
+
+## 4. Check your app's status
+
+After the app is deployed, use the `fly status` command to get the basic details about your new app. For example:
+
+```cmd
+fly status
+```
+```output
+App
+  Name     = hellofly          
+  Owner    = personal       
+  Hostname = hellofly.fly.dev
+  Image    = flyio/hellofly:latest
+
+Machines
+PROCESS	ID            	VERSION	REGION	STATE  	ROLE   CHECKS	LAST UPDATED
+app    	148e453b7d7289	1      	ord   	started	      	        2023-05-17T17:39:37Z
+app    	5683d311c3228e	1      	ord   	stopped	      	        2023-05-17T17:38:44Z
+```
+
+In this example, the app has a DNS hostname of `hellofly.fly.dev`. The app has two Machines running in the ord (Chicago) region. We recommend running at least two Machines to improve availability.
+
+## 5. Visit your app
+
+You can connect to your deployed app with the `fly apps open` command, which opens a browser to `https://<my-app-name>.fly.dev/` for a secure connection.
+
+You've successfully launched your first app on Fly.io!
+
+For fun, add `/<your-name>` to `fly apps open` and your name will be appended to the app's path to add an extra greeting from the hellofly application.
+
+```cmd
+fly apps open /fred
+```
+```out
+opening https:http://hellofly.fly.dev/fred ...
+```
+
+You just deployed an app on Fly.io!
+
+## Deploy changes
+
+You probably don't need to make any changes to our demo app. But when you do make changes to an app on Fly.io, deploy a new release with:
+
+```cmd
+fly deploy
+```
+
+Now that you have a working demo app, learn [what you can do with Fly Launch](/docs/launch/).
+
+## Delete the demo app
+
+When you're done playing with the demo app, delete it so you're not using unnecessary resources:
+
+```
+fly apps destroy
+```
+
+## Grow and scale
+
+Read about some of the ways you can increase availability, capacity, and performance with Fly.io:
+
+* Follow the blueprint for [extra Machines for more resilient apps](/docs/blueprints/resilient-apps-multiple-machines/)
+* Read up on [App availability and resiliency](/docs/reference/app-availability/)
+* [Autoscale Machines based on load or custom metrics](/docs/reference/autoscaling/)
+* [Scale Machine CPU and RAM](/docs/apps/scale-machine/) 
+* [Scale Machine count](/docs/apps/scale-count/)
+* Try out [Fly GPUs](/docs/gpus/)
diff --git a/getting-started/launch.html.markerb b/getting-started/launch.html.markerb
new file mode 100644
index 0000000000..51deeba784
--- /dev/null
+++ b/getting-started/launch.html.markerb
@@ -0,0 +1,44 @@
+---
+title: "Quickstart: Launch your app"
+layout: docs
+nav: firecracker
+toc: false
+---
+
+Welcome to Fly Launch. Fly Launch works with a Dockerfile or scans and configures apps for most [common languages and frameworks](/docs/getting-started/get-started-by-framework/).
+
+To deploy your app on Fly.io for the first time:
+
+<div class="important">
+1. [Install flyctl](/docs/flyctl/install/) &ndash; the [open-source](https://github.com/superfly/flyctl+external) Fly.io CLI.
+
+2. Create an account with `fly auth signup` or log in with `fly auth login`.
+
+3. Run `fly launch` from inside your project source directory to create, configure, and (for most apps) deploy a new application.
+
+4. If prompted, run `fly deploy` to deploy your new app (or to redeploy after changes!).
+</div>
+
+<figure class="max-w-sm">
+  <img src="http://github.com/static/images/moto-jump.png" alt="Illustration by Annie Ruygt of a phoenix jumping with a motor bike">
+</figure>
+
+## Next steps
+
+1. Run `fly status` to show the status of your app and Machines.
+2. Run `fly apps open` to open your app in your browser.
+3. Learn some [Fly.io essentials](/docs/getting-started/essentials/) and continue to [explore what you can do with Fly Launch](/docs/launch/).
+
+## Grow and scale
+
+Check out some of the ways you can increase availability, capacity, and performance with Fly.io:
+
+* Follow the blueprint for [extra Machines for more resilient apps](/docs/blueprints/resilient-apps-multiple-machines/)
+* Read up on [App availability and resiliency](/docs/reference/app-availability/)
+* [Autoscale Machines based on load or custom metrics](/docs/reference/autoscaling/)
+* [Scale Machine CPU and RAM](/docs/apps/scale-machine/)
+* [Scale Machine count](/docs/apps/scale-count/)
+* Try out [Fly GPUs](/docs/gpus/)
+
+
+If you have questions, need help, or want to talk about what you're building, visit our [community forum](https://community.fly.io).
diff --git a/getting-started/log-in-to-fly.html.markerb b/getting-started/log-in-to-fly.html.markerb
deleted file mode 100644
index 58afbe36d4..0000000000
--- a/getting-started/log-in-to-fly.html.markerb
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: Sign up and sign in to Fly.io
-layout: docs
-sitemap: false
-nav: firecracker
-toc: false
----
-
-## No account? Sign up for Fly.io
-
-<%= partial "/docs/partials/sign_up" %>
-
-## Already have a Fly.io account? Sign in
-
-<%= partial "/docs/partials/sign_in" %>
diff --git a/getting-started/multi-region-databases.html.md b/getting-started/multi-region-databases.html.md
deleted file mode 100644
index 92832b3af4..0000000000
--- a/getting-started/multi-region-databases.html.md
+++ /dev/null
@@ -1,319 +0,0 @@
----
-title: "Multi-region Postgres (Legacy)"
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-<div class="callout">This document applies to legacy Fly Postgres on Apps V1 (orchestrated by Nomad). Docs for newer Fly Postgres clusters live at **[Fly Postgres](/docs/postgres/)**</div>
-
-Most read-heavy, PostgreSQL-backed applications work natively across regions on Fly.io, no architectural changes required. Deploying an app and database in multiple regions takes advantage of two Fly features:
-
-1. Regional read replicas
-1. The `fly-replay` header
-
-With regional read replicas configured, the `fly-replay` header lets you specify exactly which requests need to be serviced by the primary, writable database. When we detect this header, we will replay the entire request to the region you specify. It looks something like this:
-
-<img src="http://github.com/static/images/fly-global-postgres.webp"  alt="Diagram of app + global postgres on Fly.io">
-
-In most runtimes, it's straightforward to catch a read-only database error in a replica region and serve a response with the appropriate replay header.
-
-This guide is all about PostgreSQL, but the deployment topology will work with MySQL, MongoDB, and any other database with read replica support.
-
-<aside class="callout">
-
-## Existing application support
-
-Be aware that there is already some framework support for going multi-region with Postgres on Fly. The Postgres portions outlined here are still relevant even if you use one of the available libraries.
-
-The following libraries help applications when working with globally replicated Postgres databases.
-
-### Elixir/Phoenix
-
-[`fly_postgres`](https://github.com/superfly/fly_postgres_elixir) - Library for working with local read-replica postgres databases and performing writes through RPC calls to other nodes in the primary Fly.io region.
-
-This does not use the `fly-replay` header approach outlined here, but instead uses Elixir clustering to RPC write database operations to a node running in the primary region. This is Postgres specific.
-
-### Ruby/Rails
-
-[`fly-ruby`](https://github.com/superfly/fly-ruby) - Ruby gem for handling requests within a Fly.io multi-region database setup.
-
-This uses the `fly-replay` header and works equally well with Postgres, MySQL and other databases. Check out the Advanced Rails guide [Multi-region Deployments](https://fly.io/docs/rails/advanced-guides/multi-region/) for more information.
-</aside>
-
-## Create a PostgreSQL cluster
-
-If you don't already have a PostgreSQL cluster running, you can create one with the `fly` CLI:
-
-```cmd
-fly pg create --name chaos-postgres --region scl
-```
-
-Choose a high-availability configuration to create a two-node PostgreSQL cluster in Santiago Chile, one leader for writes, one replica for redundancy.
-
-## Add read replicas
-
-Adding read replicas is simple. Just create more disks to match the existing one(s):
-
-```
-fly volumes create pg_data -a chaos-postgres --size 10 --region ord
-fly volumes create pg_data -a chaos-postgres --size 10 --region ams
-fly volumes create pg_data -a chaos-postgres --size 10 --region syd
-```
-
-If you already have a Postgres cluster called `chaos-postgres` running, you can check the volume name and size using `fly volumes list -a chaos-postgres`.
-
-Then, add one new VM for each new volume:
-
-```cmd
-fly scale count 6 -a chaos-postgres
-```
-
-The `chaos-postgres` cluster will now have read replicas in Atlanta, Chicago, Amsterdam, and Sydney. When you run `fly status -a chaos-postgres` you should see output like this:
-
-```text
-ID             PROCESS VERSION REGION DESIRED STATUS                  HEALTH CHECKS
-240eb1cd       app     2       ams    run     running (replica)       3 total, 3 passing
-83b849fa       app     2       ord    run     running (replica)       3 total, 3 passing
-d8e8a317       app     2       syd    run     running (replica)       3 total, 3 passing
-4c27cd52       app     2       scl    run     running (replica)       3 total, 3 passing
-987f4b41       app     2       scl    run     running (leader)        3 total, 3 passing
-```
-
-## Configure connection strings
-
-### Attach database to application
-To hook your app up to your cluster, run the `attach` command from your application directory:
-
-```cmd
-fly pg attach chaos-postgres
-```
-
-This installs a `DATABASE_URL` secret in your application, which is available to your app processes as an environment variable. The command also prints the connection string to the console.
-
-### Connect to regional replicas
-
-The generated connection string uses port `5432` to connect to PostgreSQL. This port always forwards you to a writable instance. Port `5433` is direct to the PostgreSQL member, and used to connect to read replicas directly.
-
-You can use the proxy port (`5432`) to connect from every region, but it will be quite slow. Especially because we put our PostgreSQL cluster in Santiago. Connecting to "local" replicas is much quicker, but does take some app logic.
-
-The basic logic to connect is:
-
-1. Set a `PRIMARY_REGION` environment variable on your app, `scl` for our `chaos-postgres` cluster.
-2. Check the `FLY_REGION` environment variable at connect time, use `DATABASE_URL` as is when `FLY_REGION=scl`
-3. Modify the `DATABASE_URL` when running in other regions:
-   1. Change the port to `5433`
-
-This is what it looks like in Ruby:
-
-```ruby
-class Fly
-  def self.database_url
-    primary = ENV["PRIMARY_REGION"]
-    current = ENV["FLY_REGION"]
-    db_url = ENV["DATABASE_URL"]
-
-    if primary.blank? || current.blank? || primary == current
-      return db_url
-    end
-
-    u = URI.parse(db_url)
-    u.port = 5433
-
-    return u.to_s
-  end
-end
-```
-
-Running this in `scl` will use the built-in `DATABASE_URL` and connect to port `5432`:
-
-```
-postgres://<user>:<password>@top1.nearest.of.chaos-postgres.internal:5432/rails_on_fly?sslmode=disable
-```
-
-In the other regions, the app will connect to port `5433`:
-```
-postgres://<user>:<password>@top1.nearest.of.chaos-postgres.internal:5433/rails_on_fly?sslmode=disable
-```
-
-
-## Connecting external services
-
-Sometimes we need to be able to allow external services to connect to our Postgres instance.  While we don't open up any external ports by default, we can achieve this through some simple configuration changes.
-
-### Allocating an IP address
-
-If you haven't already, you will need to allocate an IP address to your application.  You can view your list of IP's by running the following command from your application directory:
-```cmd
-fly ips list
-```
-
-You can allocate an IPv4 address by running the following:
-```cmd
-fly ips allocate-v4
-```
-If your network supports IPv6:
-```cmd
-fly ips allocate-v6
-```
-
-If you're not sure which one to use, just provision one of each and you should be good to go.
-
-
-### External port configuration
-
-Now that we have an IP address, let's configure our app to expose an external port and direct incoming requests to our Postgres instance.
-
-If you haven't already pulled down your `fly.toml` configuration file, you can do so by running:
-```cmd
-fly config save --app <app-name>
-```
-
-Now, let's open up our `fly.toml` file and configure our port mappings by defining a new `Service`.
-
-```toml
-[[services]]
-  internal_port = 5432 # Postgres instance
-  protocol = "tcp"
-
-
-# Open port 10000 for plaintext connections.
-[[services.ports]]
-  handlers = []
-  port = 10000
-```
-
-For additional information on services and service ports:
-[The services sections](https://fly.io/docs/reference/configuration/#the-services-sections)
-
-### Deploying configuration changes
-Once your `Service` has been specified, it's time to deploy our new configuration.
-
-**Before running the command below, be sure to verify the version of Postgres you are running.  As an example, if you are running Postgres 12.x you would specify `flyio/postgres:12` as your target image.**
-```cmd
-fly deploy . --app <app-name> --image flyio/postgres:<major-version>
-```
-
-
-After the deploy completes, you can verify your `Service` configuration by running the `info` command:
-
-```cmd
-fly info
-```
-```output
-...
-Services
-PROTOCOL PORTS
-TCP      10000 => 5432 []
-...
-```
-### Establishing external connection
-
-Now that you have your `Service` and port mappings in place, you should now be able to establish new connections to your Postgres using the `<app-name>.fly.dev` hostname along with your external facing port.
-
-```cmd
-psql postgres://postgres:<password>@<app-name>.fly.dev:10000
-```
-
-
-## Restoring a PostgreSQL cluster
-
-Fly.io performs daily storage-based snapshots of each of your provisioned volumes. These snapshots can
-be used to restore your dataset into a new Postgres application.
-### Listing snapshots
-
-Snapshots are volume specific, so you will need to first identify a volume to target. You can list your volumes by running the `volumes list` command with your Postgres app name.
-
-```cmd
-fly volumes list -a chaos-postgres
-```
-```output
-ID                   NAME    SIZE REGION ATTACHED VM CREATED AT
-vol_x915grn008vn70qy pg_data 10GB syd    b780ce3d    2 weeks ago
-vol_ke628r677pvwmnpy pg_data 10GB syd    359d0e24    2 weeks ago
-```
-
-Once you have identified which volume to target, you can go ahead and list your snapshots by running the following command:
-```cmd
-fly volumes snapshots list <volume-id>
-```
-```output
-ID                  SIZE   CREATED AT
-vs_2AjJ4lGqQwDbRfxm 29 MiB 2 hours ago
-vs_BAARBQxZKl6JKU04 27 MiB 1 day ago
-vs_OPQXXna6kA2Qnhz8 26 MiB 2 days ago
-```
-### Restoring from a snapshot
-
-To restore a Postgres application from a snapshot, simply specify the `--snapshot-id` argument when running the `create` command as shown below:
-```cmd
-fly postgres create --snapshot-id <snapshot-id>
-```
-
-## Detect write requests
-
-### Catch read-only errors
-PostgreSQL conveniently sends a "read only transaction" error when you attempt to write to a read replica. All you need to do to detect write requests is catch this error.
-
-### Replay the request
-
-Once caught, just send a `fly-replay` header specifying the primary region. For `chaos-postgres`, send `fly-replay: region=scl`, and we'll take care of the rest.
-
-If you're working in Rails, just add this to your `ApplicationController`:
-
-```ruby
-class ApplicationController < ActionController::Base
-  rescue_from ActiveRecord::StatementInvalid do |e|
-    if e.cause.is_a?(PG::ReadOnlySqlTransaction)
-      r = ENV["PRIMARY_REGION"]
-      response.headers["fly-replay"] = "region=#{r}"
-      Rails.logger.info "Replaying request in #{r}"
-      render plain: "retry in region #{r}", status: 409
-    else
-      raise e
-    end
-  end
-end
-```
-
-## Library support
-
-We would like to build libraries to make this seamless for most application frameworks and runtimes. If you have a particular app you'd like to distribute with PostgreSQL, [post in our community forums](https://community.fly.io/t/multi-region-database-guide/1600) and we'll write some code for you.
-
-## Consistency model
-
-This is a fairly typical read replica model. Read replicas are usually eventually consistent, and can fall behind the leader. Running read replicas across the world _can_ exacerbate this effect and make read replicas stale more frequently.
-
-### Request with writes
-
-Requests to the primary region are strongly consistent. When you use the replay header to target a particular region, the entire request runs against the leader database. Your application will behave like you expect.
-
-### Read only requests
-
-Most apps accept a `POST` or `PUT`, do a bunch of writes, and then redirect the user to a `GET` request. In most cases, the database will replicate the changes before the user makes the second request. But not always!
-
-Most read heavy applications aren't especially sensitive to stale data on subsequent requests. A lagging read replica might result in an out of date view for users, but this might be reasonable for your use case.
-
-If your app is sensitive to this (meaning, you never, under any circumstances want to show users stale data), you should be careful using read replicas.
-
-### Managing eventual consistency
-
-For apps that are sensitive to consistency issues, you can add a counter or timestamp to user sessions that indicates what "version" of the database a particular user is expecting. When the user makes a request and the session's data version differs from the replica, you can use the same `fly-replay` header to redirect their request to the primary region – and then you'll know it's not stale.
-
-In theory, you _could_ run PostgreSQL with synchronous replication and block until replicas receive writes. This probably won't work well for far flung read replicas.
-
-## This is wrong for some apps
-
-We built this set of features for read heavy apps that are primary HTTP request based. That is, most requests only perform reads and only some requests include writes.
-
-#### Write-heavy workloads
-
-If you write to the database on every request, this will not work for you. You will need to make some architectural changes to run a write-heavy app in multiple regions.
-
-Some apps write background info like metrics or audit logs on every request, but are otherwise read heavy. If you're running an application like this, you should consider using something like [nats.io](https://nats.io) to send information to your primary region asynchronously.
-
-Truly write-heavy apps require latency aware data partitioning, either at the app level or in a database engine. There are lots of interesting new databases that have features for this, try them out!
-
-#### Long lived connections
-
-If your app makes heavy use of long lived connections with interpolated writes, like websockets, this will not work for you. This technique is specific to HTTP request/response based apps that bundle writes up into specific requests.
diff --git a/getting-started/sign-up-sign-in.html.markerb b/getting-started/sign-up-sign-in.html.markerb
new file mode 100644
index 0000000000..3e41207478
--- /dev/null
+++ b/getting-started/sign-up-sign-in.html.markerb
@@ -0,0 +1,20 @@
+---
+title: Sign up and sign in to Fly.io
+layout: docs
+sitemap: false
+nav: firecracker
+toc: false
+redirect_from: 
+  - /docs/hands-on/sign-up/
+  - /docs/hands-on/sign-in/
+  - /docs/getting-started/log-in-to-fly/
+  - /docs/hands-on/sign-up-sign-in/
+---
+
+## No account? Sign up for Fly.io
+
+<%= partial "/docs/partials/sign_up" %>
+
+## Already have a Fly.io account? Sign in
+
+<%= partial "/docs/partials/sign_in" %>
diff --git a/getting-started/troubleshooting.html.md b/getting-started/troubleshooting.html.md
index 988ca30290..1c11124dad 100644
--- a/getting-started/troubleshooting.html.md
+++ b/getting-started/troubleshooting.html.md
@@ -1,10 +1,13 @@
 ---
-title: Troubleshooting your deployment
+title: Troubleshoot your deployment
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/troubleshooting.png" alt="Illustration by Annie Ruygt of a figure looking through a magnifying glass at a balloon" class="w-full max-w-lg mx-auto">
+</figure>
+
 This section gives you some ideas of how to start troubleshooting if your deployment doesn't work as expected. If you're still stuck after reading, then visit our [community forum](https://community.fly.io/) for more help.
 
 ## Try this first
@@ -39,7 +42,7 @@ Any failures in the `fly doctor` output point to where you can start troubleshoo
 
 ### Review your `fly.toml` configuration
 
-Double-check the formatting and configuration options in your `fly.toml` file. Besides [checking port numbers](#warning-the-app-is-listening-on-the-incorrect-address-host-and-port-checking), you should also review any recent changes and make sure you're following the conventions described in [Fly Launch configuration](/docs/reference/configuration/).
+Double-check the formatting and configuration options in your `fly.toml` file. Besides [checking port numbers](#warning-the-app-is-listening-on-the-incorrect-address-host-and-port-checking), you should also review any recent changes and make sure you're following the conventions described in the [app configuration](/docs/reference/configuration/) docs.
 
 ## Get more information about failures
 
@@ -102,7 +105,7 @@ For example, if your app listens on `0.0.0.0:3000`, then set `internal_port = 30
 
 A lot of frameworks will listen on `localhost`/`127.0.0.1` by default so that the developer can connect to the app. Different frameworks also define different default ports, like 3000, 8000, or 8080, for example. It can be easy to make a mistake and configure your app in a way that makes it impossible for the Fly Proxy to route requests to it. And it can be difficult to debug, especially if your framework doesn't print the listening address to logs and your image doesn't have `netstat` or `ss` tools.
 
-Learn more about [connecting to an app service](/docs/getting-started/app-services/).
+Learn more about [connecting to an app service](/docs/networking/app-services/).
 
 ### Example - Configure port and host in a Fastify Node app
 
@@ -156,6 +159,10 @@ fastify.listen({ port: 3000, host: '0.0.0.0' }, function (err, address) {
 
 Then make sure that the `internal_port` value in `fly.toml` is set to `3000`.
 
+## Smoke checks failing
+
+Smoke checks run during deployment to make sure that a crashing app doesn't get successfully deployed to all your app's Machines. If possible, the smoke check failure output includes an excerpt of the logs to help you diagnose the issue with your app. Common issues with new apps might include [Machine size](#out-of-memory-oom-or-high-cpu-usage), missing environment variables, or other problems with the app's configuration.
+
 ## Health checks failing
 
 We don't automatically add health checks to your `fly.toml` file when you create your app. The health checks that you subsequently add to your app can fail for a number of reasons.
@@ -226,6 +233,20 @@ That's because buildpacks come with lots of dependencies to build different stac
 
 That said, if the build used to work, then you can try using a previous, fixed buildpack version so it's back in a known good state.
 
+### Image Size Limit 
+
+If your deployment fails with the `Not enough space to unpack image, possibly exceeds maximum of 8GB uncompressed` error, this is because we have limits on the image size you can use to run your Machine.
+
+For our non-GPU Machines, there's an 8GB maximum rootfs size. This means your images need to be under 8GB to run on these machines. While we do have [Fly GPU Machines](https://fly.io/docs/gpus/) that provide 50GB rootfs size, these might not be your cup of tea. We advise either [reducing the image size](/docs/blueprints/using-base-images-for-faster-deployments/) or storing the image in a Fly volume or an object store:
+
+1. **Fly Volumes**: You can create [Fly volumes](/docs/volumes/) for your machines and download your image to the volumes from somewhere when the volume is empty. If you need to create more machines or volumes, you can fork from the already existing, populated volume.
+
+2. **Object Store**: Another option is to store the image in an object store such as [Tigris](/docs/tigris/), and mount the object storage as read-only to a specified path within your machine. This can be done using something like [S3FS](https://github.com/s3fs-fuse/s3fs-fuse).
+
+
+
+
 ## Related topics
 
 - [Troubleshoot apps when a host is unavailable](/docs/apps/trouble-host-unavailable/)
+- [Fly.io error codes and troubleshooting](/docs/monitoring/error-codes/)
diff --git a/going-to-production/index.html.md b/going-to-production/index.html.md
deleted file mode 100644
index 9e0d1cff0b..0000000000
--- a/going-to-production/index.html.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Going to Production
-layout: framework_docs
-toc: false
-order: 1
-subnav_glob: docs/going-to-production/*.html.*
-related_pages:
-  - /docs/going-to-production/the-basics
-  - /docs/going-to-production/monitoring
-status: beta
----
-
-You have a serious project or service and you're looking for guidance on how to
-setup a good production environment on Fly.io.
-
-There are many facets of an application and what is considered production-ready
-can vary from one framework to another. This serves as an outline and guide to
-additional resources.
-
-## First Things First
-
-Any application intended for production use should do the following things first.
-
-1. Setup a [High Availability DB server](/docs/postgres/advanced-guides/high-availability-and-global-replication/) - Prevents interruption of service when machines or VMs are restarted.
-2. Run [2+ app servers](/docs/apps/scale-count/) - Prevents interruption of service when machines or VMs are restarted.
-3. Sign up for a [Plan](/plans) to get email support.
-
-With the foundation pieces in place, there are additional things to consider.
diff --git a/going-to-production/monitoring.html.md b/going-to-production/monitoring.html.md
deleted file mode 100644
index 0782ddc115..0000000000
--- a/going-to-production/monitoring.html.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: Monitoring
-layout: framework_docs_overview
-toc: false
-order: 3
-status: beta
----
-
-Production applications benefit from active monitoring. Sometimes we need to know what's happening right now with RAM resources and sometimes we need to know what which user accessed a specific resource last week.
-
-This section covers resources around monitoring your production applications on Fly.io.
\ No newline at end of file
diff --git a/going-to-production/monitoring/exporting-logs.html.md b/going-to-production/monitoring/exporting-logs.html.md
deleted file mode 100644
index b33bcc79c5..0000000000
--- a/going-to-production/monitoring/exporting-logs.html.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Exporting Logs
-layout: framework_docs
-objective: Aggregate your logs to a service of your choice.
-order: 1
-status: beta
----
-
-Your applications' output to `stdout` become logs in Fly.io. The logs for all VM instances within any given app can be viewed within an app's Monitoring page. However, these logs are intermingled and do not persist very long.
-
-If you need or want your logs to be aggregated to one spot, more organized, or to persist longer than we keep them, you can!
-
-## The Fly Log Shipper
-
-Here's the easiest way to ship your logs to a location of your choosing.
-
-We provide [an application](https://github.com/superfly/fly-log-shipper) that hooks into Fly.io's internal log stream. We've named it Fly Log Shipper. You run this in your Fly.io organization like any other application!
-
-This runs [Vector](https://vector.dev/), which grabs the logs and sends them to a location of your choosing (via a Vector [sink](https://vector.dev/docs/reference/configuration/sinks/)).
-
-You can select one or more items from the list of supported [Providers (sinks)](https://github.com/superfly/fly-log-shipper#provider-configuration) and configure the application to run those sinks.
-
-Each provider just needs some environment variables (or secrets) set for them to work.
-
-## Using the Fly Log Shipper
-
-Here's an example. To ship logs to [Logtail](https://betterstack.com/logtail), you would do the following:
-
-```bash
-# Make a directory for your log shipper app
-mkdir logshippper
-cd logshippper
-
-# Create the app but don't deploy just yet
-fly launch --no-deploy --image ghcr.io/superfly/fly-log-shipper:latest
-
-# Set some secrets. The secret / env var you set
-# determines which "sinks" are configured
-fly secrets set ORG=personal
-fly secrets set ACCESS_TOKEN=$(fly auth token)
-fly secrets set LOGTAIL_TOKEN=<token provided by logtail source>
-```
-
-You can configure as many providers as you'd like by adding more secrets. The secrets needed are determined by [which provider(s)](https://github.com/superfly/fly-log-shipper#provider-configuration) you want to use.
-
-Before launching your application, you should edit the generated `fly.toml` file and delete the entire `[[services]]` section. Replace it with this:
-
-```toml
-[[services]]
-  http_checks = []
-  internal_port = 8686
-```
-
-Then you can deploy it:
-
-```cmd
-fly deploy
-```
-
-## Shipping Specific Logs
-
-By default, the log shipper gets logs from *every* application running within your organization (which organization is set by the `ORG` secret/environment variable).
-
-To narrow that down, you can set a [`SUBJECT`](https://github.com/superfly/fly-log-shipper#subject) environment variable in your instance of the Fly Log Shipper. That can be set as a secret, or as an environment variable in your `fly.toml` file.
-
-Subjects are in the format `logs.<app_name>.<region>.<instance_id>`. You can set the Log Shipper to narrow down to a specific instance, a specific region, and/or a specific application.
-
-There are [2 wildcards](https://docs.nats.io/nats-concepts/subjects#wildcards) you can use:
-
-* `*` wildcards go between strings and can be used multiple times
-* `>` wildcards go at the end of a string and can be used once
-
-For example, to only ship logs for an application named `sandwich`, you would set the `SUBJECT` environment variable like so (in your Log Shipper `fly.toml` file):
-
-```toml
-[env]
-  SUBJECT = "logs.sandwich.>"
-```
-
-This uses wildcard `>` to say to grab all logs from application `sandwich` no matter what region or instance they came from.
-
-Another example:
-
-```toml
-[env]
-  SUBJECT = "logs.*.dfw.>"
-```
-
-This `SUBJECT` says to grab logs from all instances of any applications hosted in the `dfw` region.
-
-## Configuring Vector
-
-Based on your provider (or preferences), it may be necessary to customize the [Vector configuration](https://vector.dev/docs/reference/configuration/). This is done with a `vector.toml` configuration file and, thanks to [Machine files](https://fly.io/docs/reference/configuration/#the-files-section), it's as simple as copying the [source](https://github.com/superfly/fly-log-shipper/blob/3b780b3a3c68fdbbbb55430d7d9ff1eb377fdbf0/vector-configs/vector.toml) `vector.toml` to a local directory, modifying it according to your requirements, then saving it and redeploying:
-
-```sh
-fly deploy --file-local="/etc/vector/vector.toml=/path/to/local/vector.toml"
-```
-
-That's it! The baked in config file is overwritten and Vector will use your modified config.
-
-## Internals
-
-Fly.io ships logs through a [NATS](https://nats.io) stream. This is available to all of your applications via `nats://[fdaa::3]:4223`, which is where the Log Shipper grabs the logs.
-
-The Vector configuration to grab those logs within the Log Shipper is [seen here](https://github.com/superfly/fly-log-shipper/blob/main/vector-configs/vector.toml).
-
-You can contribute to (or, you know, fork) this repository to add providers (sinks) of your own!
-
-## Avoiding Duplicate Log Messages In High Availability Apps
-
-If you would like to run more than one Machine for high availability, the [NATS](https://docs.nats.io/) endpoint supports [subscription queues](https://docs.nats.io/nats-concepts/core-nats/queue) to ensure messages are only sent to one subscriber of the named queue. The `QUEUE` secret can be set to configure an arbitrary queue name if you want to run multiple log processes for HA and avoid duplicate messages being shipped.
-
-```toml
-[env]
-  QUEUE = "org-logs"
-```
diff --git a/going-to-production/monitoring/publishing-metrics.html.md b/going-to-production/monitoring/publishing-metrics.html.md
deleted file mode 100644
index 7ee3dce89f..0000000000
--- a/going-to-production/monitoring/publishing-metrics.html.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: Publishing Metrics
-layout: framework_docs
-objective: View and publish custom metrics.
-order: 2
-status: beta
----
-
-Fly.io provides metrics for your applications at [https://fly-metrics.net](https://fly-metrics.net).
-
-In addition to viewing the provided metrics, your applications can publish their own custom metrics!
-
-You can read all about viewing metrics (via Grafana or over its API) and publishing your own metrics [in the Metrics documentation](/docs/reference/metrics/).
diff --git a/going-to-production/the-basics.html.md b/going-to-production/the-basics.html.md
deleted file mode 100644
index 27c74a0d94..0000000000
--- a/going-to-production/the-basics.html.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: The Basics
-layout: framework_docs_overview
-toc: false
-order: 2
-status: beta
----
-
-Setting up a production ready web application is more than putting it on a public server to be reachable by the public. We need to think about things like database availability, environment isolation, secret management, monitoring, and more.
-
-This section focuses on those aspects that deal with set up, systems availability, and the like. This doesn't aim to be a step-by-step guide, but an organized set of resources to help configure and deploy a production ready environment that meets your team's needs.
diff --git a/going-to-production/the-basics/production-databases.html.md b/going-to-production/the-basics/production-databases.html.md
deleted file mode 100644
index dd698dec3b..0000000000
--- a/going-to-production/the-basics/production-databases.html.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: Production Databases
-layout: framework_docs
-objective: Information on setting up and managing a production database.
-order: 1
-status: beta
----
-
-For a production [Postgres database](/docs/postgres/), a [High Availability server](/docs/postgres/advanced-guides/high-availability-and-global-replication/) should be used. That means it runs multiple instances of the database server. This is important because when one server is rebooted, your app doesn't lose database access for a period of time. Otherwise, at some point, your database will have an outage.
-
-**Additional Resources:**
-
-- [Database Backup and Restore](/docs/postgres/managing/backup-and-restore/)
-- [Postgres DB Migrator](https://github.com/fly-apps/postgres-migrator) - Fly app that works to streamline Postgres migrations.
diff --git a/going-to-production/the-basics/production-staging-isolation.html.md b/going-to-production/the-basics/production-staging-isolation.html.md
deleted file mode 100644
index eb1dc8d16d..0000000000
--- a/going-to-production/the-basics/production-staging-isolation.html.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Production and Staging Isolation
-layout: framework_docs
-objective: How to separate a production environment from staging, testing, dev, whatever.
-order: 2
-status: beta
----
-
-There are various reasons and approaches to isolating different environments. Regardless of the motivation, [Fly Organizations](/docs/flyctl/orgs/) may be a good way to isolate more sensitive environments.
-
-## Fly Organizations
-
-Read up on [Organizations in Fly.io](/docs/flyctl/orgs/). An org has members, separate billing controls, and separate private networks. For teams that want to separate production environments from staging and development, the "org" is a great starting point and draws a hard line separation.
-
-When setting up a Fly.io account, by default, applications are deployed to a "personal" account. That works great for individuals but when you are ready to share access to apps among multiple people, use orgs.
-
-## Production Fly Organization
-
-Create an [Organization in Fly.io](/docs/flyctl/orgs/) for your team and apps. Creating an organization makes it easy to invite other developers, manage billing with a company credit card, and deploy apps to a shared environment.
-
-Use the [Dashboard](https://fly.io/dashboard/) to manage your organizations, members and invites.
-
-The `flyctl` CLI also supports organization operations.
-
-- `fly orgs help`
-- [Fly.io orgs command docs](/docs/flyctl/orgs/)
-
-Invite your team members to the Organization.
-
-```cmd
-fly orgs invite …
-```
-
-## Networks in an Organization
-
-Multiple apps can be deployed to an organization. Any applications deployed to the same organization are [accessible to each other in the private network](/docs/reference/private-networking/).
-
-## Staging Organization
-
-Create additional organizations for "staging" or "testing" environments to fully isolate them from the production environment.
-
-```cmd
-fly orgs create <my-org-staging>
-```
-
-Databases are applications as well. Create a new Postgres cluster in a staging organization for applications deployed in the organization. Multiple apps can share the Postgres server and the apps can create their own databases in a server in the staging org.
-
-Depending on your needs and usage, a staging database cluster can be smaller than the production one as it likely receives less traffic.
-
-Create a Postgres cluster in your staging org:
-
-```cmd
-fly postgres create
-```
-
-As a suggestion, if the production database is named `my-app-db`, the staging version could be named `my-app-db-stage`.
diff --git a/gpus/getting-started-gpus.html.md b/gpus/getting-started-gpus.html.md
index dc72e44530..618170891a 100644
--- a/gpus/getting-started-gpus.html.md
+++ b/gpus/getting-started-gpus.html.md
@@ -25,18 +25,19 @@ Configuration is done by different means depending on whether you're using Fly L
 
 ### Specify the GPU model
 
-Assuming that you're going the [Fly Launch](/docs/apps/) way and configuring your Machines app-wide, you can include a line like the following in your `fly.toml` file before running `fly deploy` for the first time:
+Assuming that you're going the [Fly Launch](/docs/launch/) way and configuring your Machines app-wide, you can include a line like the following in your `fly.toml` file before running `fly deploy` for the first time:
 
 ```
 vm.size = "a100-40gb"
 ```
 
-The `a100-40gb` preset is the `a100-pcie-40gb` GPU with the `performance-8x` CPU config and 32GB RAM. You can exert more granular control over resources using the [`[[vm]]` table](https:///docs/reference/configuration/#the-vm-section) in `fly.toml`.
+The `a100-40gb` preset is the `a100-pcie-40gb` GPU with the `performance-8x` CPU config and 32GB RAM. You can exert more granular control over resources using the [`[[vm]]` table](/docs/reference/configuration/#the-vm-section) in `fly.toml`.
 
-Run `fly platform vm-sizes` to get the list of presets, and [check out the pricing page](https:///docs/about/pricing/#gpus-and-fly-machines) to help you plan ahead.
+Run `fly platform vm-sizes` to get the list of presets, and check out the [pricing page](/docs/about/pricing/#gpus-and-fly-machines) to help you plan ahead.
 
 ### Specify the region
-But you're not done! For `fly deploy` to succeed in provisioning your Machine(s), the app's `primary_region` must match a region that hosts the kind of GPU you're asking for. At the time of writing, `a100-pcie-40gb` GPUs are only available in `ord`. Set the initial region in `fly.toml`:
+
+But you're not done! For `fly deploy` to succeed in provisioning your Machine(s), the app's `primary_region` must match a region that hosts the kind of GPU you're asking for. At the time of writing, `a100-40gb` GPUs are only available in `ord`. Set the initial region in `fly.toml`:
 
 ```
 primary_region = "ord"  # If you change this, ensure it's to a region that offers the GPU model you want
@@ -44,26 +45,28 @@ primary_region = "ord"  # If you change this, ensure it's to a region that offer
 
 Currently GPUs are available in the following regions:
 
+- `a10`: `ord`
 - `l40s`: `ord`
 - `a100-40gb`: `ord`
-- `a100-80gb`: `ams`, `iad`, `mia`, `sjc`, `syd`
+- `a100-80gb`: `iad`, `sjc`, `syd`, `ams`
 
 
 ### Change GPU model
+
 GPU models are located in different regions, so you'll likely have to destroy any existing Machines before redeploying using a different GPU spec.
 
 
 ## Choosing a Docker base image
 
-Many open-source ML projects have ready-made Docker images; for example: [Ollama](https://ollama.ai/blog/ollama-is-now-available-as-an-official-docker-image), [Basaran](https://github.com/hyperonym/basaran), [LocalAI](https://localai.io/basics/getting_started/). Check out [GitHub `fly-apps` repos with the `gpu` topic](https://github.com/orgs/fly-apps/repositories?q=topic%3Agpu) for some examples.
+Many open-source ML projects have ready-made Docker images; for example: [Ollama](https://ollama.ai/blog/ollama-is-now-available-as-an-official-docker-image+external), [Basaran](https://github.com/hyperonym/basaran+external), [LocalAI](https://localai.io/basics/getting_started/+external). Check out [GitHub `fly-apps` repos with the `gpu` topic](https://github.com/orgs/fly-apps/repositories?q=topic%3Agpu+external) for some examples.
 
-If you're building your own image, choose a base image that [NVIDIA supports](https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#system-requirements); `ubuntu:22.04` is a solid choice that's compatible with the CUDA driver GPU Machines use. You can launch a vanilla Ubuntu image and run `nvidia-smi` with no further setup.
+If you're building your own image, choose a base image that [NVIDIA supports](https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#system-requirements+external); `ubuntu:22.04` is a solid choice that's compatible with the CUDA driver GPU Machines use. You can launch a vanilla Ubuntu image and run `nvidia-smi` with no further setup.
 
 From there, install whatever packages your project needs. This will include some libraries from NVIDIA if you want to do something more than admire the output of `nvidia-smi`.
 
 ## Installing NVIDIA libraries
 
-You don't need to install any `cuda-drivers` packages in the Docker image, but you'll want some subset of [NVIDIA's GPU-accelerated libraries](https://developer.nvidia.com/gpu-accelerated-libraries)—`libcublas-12-2` (linear algebra) and `libcudnn8` (deep-learning primitives) are a common combination, along with [`cuda-nvcc`](https://developer.nvidia.com/cuda-llvm-compiler)  for compiling stuff with CUDA support.
+You don't need to install any `cuda-drivers` packages in the Docker image, but you'll want some subset of [NVIDIA's GPU-accelerated libraries](https://developer.nvidia.com/gpu-accelerated-libraries+external). `libcublas-12-2` (linear algebra) and `libcudnn8` (deep-learning primitives) are a common combination, along with [`cuda-nvcc`](https://developer.nvidia.com/cuda-llvm-compiler+external) for compiling stuff with CUDA support.
 
 In general, you'll install NVIDIA libs using your Linux package manager. In a Python environment, it's possible to skip system-wide installation and use pip packages instead.
 
@@ -83,18 +86,18 @@ Machine learning tends to involve large quantities of data. We're working with a
 - The root file system of a Fly Machine is ephemeral -- it's reset from its Docker image on every restart. It's also limited to 50GB on GPU-enabled Machines.
 - Fly Volumes are limited to 500GB, and are attached to a physical server. The Machine must run on the same hardware as the volume it mounts.
 
-Unless you've got a constant workload, you'll likely want to shut down GPU Machines when they're not needed&mdash;either manually with `fly machine stop`, or using the Fly Proxy autostop and autostart features&mdash;to save money. Saving data on a persistent Fly Volume means you don't have to download large amounts of data, or reconstitute a large Docker image into a rootfs, whenever the Machine restarts. You'll probably want to store models, at least, on a volume.
+Unless you've got a constant workload, you'll likely want to shut down GPU Machines when they're not needed&mdash;you can do this manually with `fly machine stop`, [have the main process exit](/docs/launch/autostop-autostart/#apps-that-shut-down-when-idle) when idle, or use the Fly Proxy [autostop and autostart](/docs/launch/autostop-autostart/) features&mdash;to save money. Saving data on a persistent Fly Volume means you don't have to download large amounts of data, or reconstitute a large Docker image into a rootfs, whenever the Machine restarts. You'll probably want to store models, at least, on a volume.
 
 ## Using swap
 
-Designing your workload and provisioning appropriate resources for it are the first line of defence against losing work by running out of memory (system RAM or VRAM). 
+Designing your workload and provisioning appropriate resources for it are the first line of defense against losing work by running out of memory (system RAM or VRAM). 
 
 You can also enable swap for system RAM on a Fly Machine, simply by including a line like the following in `fly.toml`:
 
 ```
-swap_size_mb = 32768    # This enables 32GB swap
+swap_size_mb = 8192    # This enables 8GB swap
 ```
 
 Keep in mind that this consumes the commensurate amount of space on the Machine's root file system, leaving less capacity for whatever else you want to store there.
 
-If you need more system RAM and fastest performance, also scale up with `fly scale memory`.
+If you need more system RAM and faster performance, also scale up with `fly scale memory`.
diff --git a/gpus/gpu-quickstart.html.markerb b/gpus/gpu-quickstart.html.markerb
index d3ee644aa0..1d351a57d2 100644
--- a/gpus/gpu-quickstart.html.markerb
+++ b/gpus/gpu-quickstart.html.markerb
@@ -5,10 +5,6 @@ toc: false
 nav: firecracker
 ---
 
-<div class="important icon">
-Fly GPUs are only available on GPU-enabled accounts. You can join the waitlist [here](https://fly.io/gpu).
-</div>
-
 1. You can use any base image for your Dockerfile, but it is convenient to base it on `ubuntu:22.04` and install libraries from NVIDIA's official apt repository: `RUN apt install -y cuda-nvcc-12-2 libcublas-12-2 libcudnn8` is usually enough.
 
     <div class = "note icon">
@@ -21,16 +17,13 @@ Fly GPUs are only available on GPU-enabled accounts. You can join the waitlist [
 1. From flyctl, create an app using either `fly launch` or `fly apps create`.
 
     <div class="note icon">
-    **Note**: GPUs are not available in all regions.
-
-    There are three GPU types available: Nvidia L40S, A100-PCIe-40GB and A100-SXM4-80GB ([datasheet](https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/a100/pdf/nvidia-a100-datasheet-nvidia-us-2188504-web.pdf)). And we offer two Machine size presets `a100-40gb` and `a100-80gb` available in the following regions:
-
-    Currently GPUs are available in the following regions:
+    **Note**: GPUs are not available in all regions. There are these GPU types available: Nvidia A10, L40S, A100-PCIe-40GB, and A100-SXM4-80GB.
+    
+    <br>Currently GPUs are available in the following regions:
+    - `a10`: `ord`
     - `l40s`: `ord`
     - `a100-40gb`: `ord`
-    - `a100-80gb`: `ams`, `iad`, `mia`, `sjc`, `syd`
-
-    <br>Follow [this thread](https://community.fly.io/t/fly-gpus-are-here/16110) for updates.
+    - `a100-80gb`: `iad`, `sjc`, `syd`, `ams`
     </div>
 
 1. Create or modify the `fly.toml` config file in the project source directory, replacing values with your own:
@@ -52,7 +45,7 @@ Fly GPUs are only available on GPU-enabled accounts. You can join the waitlist [
 
     <div class="note icon">
     **Notes**:
-    - Make sure `vm.size` is set in `fly.toml`, valid values are `a100-40gb`, `a100-80gb` and `l40s`.
+    - Make sure `vm.size` is set in `fly.toml`, valid values are `a10`, `l40s`, `a100-40gb` and `a100-80gb`.
     - Make sure to include a `[[mounts]]` section in `fly.toml`.
     - The volume gets created automatically by `fly deploy`.
     - Use the volume to store the models and large files that can't be shipped as a docker image.
@@ -67,16 +60,18 @@ Fly GPUs are only available on GPU-enabled accounts. You can join the waitlist [
 
 That's pretty much it to get an app running with a Machine on a GPU.
 
+## Volumes and GPU Machines
+
 <div class="important icon">
-**Important**: If you create any additional volumes, they need to be created with the same constraints as your Machine. See the following example.
+**Important**: If you create any additional volumes, they need to be created with the same constraints as your Machine.
 </div>
 
-A volume needs to be created with the same constraints as your Machine. Here's an example of creating a one hundred gigabyte volume for storing ML models in the `ord` region, on a machine with a GPU:
+Here's an example of creating a new one hundred gigabyte volume for storing ML models in the `ord` region, on a machine with a GPU:
 
 ```cmd
 fly volumes create models \
   --size 100 \
-  --vm-gpu-kind a100-pcie-40gb \
+  --vm-gpu-kind a100-40gb \
   --region ord
 ```
 
@@ -100,9 +95,10 @@ COPY --from=builder /usr/local/bin/deviceQuery /usr/local/bin/deviceQuery
 CMD ["sleep", "inf"]
 ```
 
-## Examples
+## Examples using Fly GPUs
 
-- Elixir Llama2-13b on Fly.io GPUs: https://gist.github.com/chrismccord/59a5e81f144a4dfb4bf0a8c3f2673131
+- Elixir Llama2-13b on Fly GPUs: https://gist.github.com/chrismccord/59a5e81f144a4dfb4bf0a8c3f2673131
 - Github fly-apps repos with the `gpu` topic: https://github.com/orgs/fly-apps/repositories?q=topic%3Agpu
 - Fly.io CUDA example: https://gist.github.com/dangra/f8123001fe0f2453a8cd638b89738465
-- Deploying CLIP on Fly: https://gist.github.com/simonw/52c7734e34cac2b26ea1378845674edc
+- Deploying CLIP on Fly.io: https://gist.github.com/simonw/52c7734e34cac2b26ea1378845674edc
+
diff --git a/gpus/index.html.md b/gpus/index.html.md
index cddd374ecd..13faadaf55 100644
--- a/gpus/index.html.md
+++ b/gpus/index.html.md
@@ -7,22 +7,34 @@ toc: false
 
 Fly.io has GPUs! If you have workloads that would benefit from GPU acceleration, Fly GPU Machines may be for you.
 
-<div class="important icon">
-Fly GPUs are only available to vetted orgs right now. Sign up [here](https://fly.io/gpu)! If you leave a good explanation on the waitlist of who you are and what you want to build with GPUs, you'll hear from us pretty quickly.
-</div>
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/bullet.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon admiring a fast-pacing motor bike" class="max-w-lg">
+</figure>
 
 ## What can I use Fly GPUs for?
 
-Three models of GPU are available: NVIDIA A100 40G PCIe, A100 80G SXM, and L40S. 
+Four models of GPU are available: A10, L40S, NVIDIA A100 40G PCIe and A100 80G SXM.
 
-A100 units are all about the tensor cores, and are positioned for inference, model training, and intensive high-precision computation tasks like scientific simulations. As their names suggest, they have 40GB and 80GB of GPU memory. ([A100 datasheet](https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/a100/pdf/nvidia-a100-datasheet-nvidia-us-2188504-web.pdf))
+A100 units are all about the tensor cores, and are positioned for inference, model training, and intensive high-precision computation tasks like scientific simulations. As their names suggest, they have 40GB and 80GB of GPU memory. ([A100 datasheet](https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/a100/pdf/nvidia-a100-datasheet-nvidia-us-2188504-web.pdf+external))
+
+L40S cards are all-rounders; they've got tensor cores, RT cores, and NVENC/NVDEC, and have 48GB of GPU RAM. Choose the L40S to accelerate graphics or video workloads, as well as for inference. ([L40S datasheet](https://resources.nvidia.com/en-us-l40s/l40s-datasheet-28413+external))
+
+A10 cards are all-arounders with less GPU RAM. They've got tensor cores, shader cores, NVENC/NVDEC, and can run Llama 3 8B at float16 without breaking the bank. Choose the A10 when you don't need more than 8 billion parameters. This works great for smaller large language models, Stable Diffusion, and other such workflows. ([A10 datasheet](https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/a10/pdf/a10-datasheet.pdf+external))
 
-The L40S cards are all-rounders; they've got tensor cores, RT cores, and NVENC/NVDEC, and have 48GB of GPU RAM. Choose the L40S to accelerate graphics or video workloads, as well as for inference. ([L40S datasheet](https://resources.nvidia.com/en-us-l40s/l40s-datasheet-28413))
 
 Right now each Fly GPU Machine uses a single full GPU. A single GPU is well suited to rendering, encoding/decoding, inference, and a smidgen of fine tuning. Training large models from scratch requires much, much beefier resources.
 
 Go to the [GPU Quickstart](https://fly.io/docs/gpus/gpu-quickstart/) to get off the ground fast, or read more practicalities in [Getting started with Fly GPUs](/docs/gpus/getting-started-gpus/).
 
+## Regions with GPUs
+
+Currently GPUs are available in the following regions:
+
+- `a10`: `ord`
+- `l40s`: `ord`
+- `a100-40gb`: `ord`
+- `a100-80gb`: `iad`, `sjc`, `syd`, `ams`
+
 ## Examples
 
 Here's some more inspiration for your GPU Machines project:
@@ -31,4 +43,4 @@ Here's some more inspiration for your GPU Machines project:
 - [Elixir Llama2-13b on Fly.io GPUs](https://gist.github.com/chrismccord/59a5e81f144a4dfb4bf0a8c3f2673131)
 - [Fly.io CUDA example](https://gist.github.com/dangra/f8123001fe0f2453a8cd638b89738465)
 - [Deploying CLIP on Fly.io](https://gist.github.com/simonw/52c7734e34cac2b26ea1378845674edc)
-- [GitHub `fly-apps` repos with the `gpu` topic](https://github.com/orgs/fly-apps/repositories?q=topic%3Agpu)
\ No newline at end of file
+- [GitHub `fly-apps` repos with the `gpu` topic](https://github.com/orgs/fly-apps/repositories?q=topic%3Agpu)
diff --git a/gpus/python-gpu-example.html.md b/gpus/python-gpu-example.html.md
index 4078d70bad..491e661606 100644
--- a/gpus/python-gpu-example.html.md
+++ b/gpus/python-gpu-example.html.md
@@ -21,7 +21,7 @@ git clone git@github.com:fly-apps/python_gpu_example.git && cd python_gpu_exampl
 
 ### Edit app configuration in `fly.toml`
 * Change `app` to match the name of the app you just created.
-* Optionally, `primary_region`&mdash;make sure to choose a region in which GPU Machines are available. Check the [docs](https://fly.io/docs/gpus/gpu-quickstart/) for GPU regions.
+* Optionally, `primary_region`&mdash;make sure to choose a [region in which GPU Machines are available](/docs/gpus/#regions-with-gpus).
 * Optionally, change the NONROOT_USER `build.arg`&mdash;if you do, also edit the `destination` of the volume mount in `mounts` to match.
 * Optionally, tweak `swap_size_mb`.
 
@@ -37,7 +37,11 @@ git clone git@github.com:fly-apps/python_gpu_example.git && cd python_gpu_exampl
 
 ### Jupyter notebook
 
-The easiest way to visit a private Fly App with the browser is with `fly proxy` command, which proxies a local port to a Machine.
+The easiest way to visit a private Fly App with the browser is with the `fly proxy` command, which proxies a local port to a Machine.
+
+```
+fly proxy 8888:8888
+```
 
 Run `fly logs` to find a line like 
 
diff --git a/guides.html.erb b/guides.html.erb
deleted file mode 100644
index e91561ee10..0000000000
--- a/guides.html.erb
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Guides and Examples
-layout: docs
-toc: false
-nav: firecracker
----
-
-A collection of guides and examples for working with apps and databases on Fly.io.
-
-<br><br>
-<ul>
-  <li>
-    <%= nav_link "Going to production", "/docs/going-to-production/" %>
-  </li>
-  <li>
-    <%= nav_link "Custom domains for SaaS", "/docs/app-guides/custom-domains-with-fly/" %>
-  </li>
-  <li>
-    <%= nav_link "Deploy with GitHub Actions", "/docs/app-guides/continuous-deployment-with-github-actions/" %>
-  </li>
-  <li>
-    <%= nav_link "Run multiple processes", "/docs/app-guides/multiple-processes/" %>
-  </li>
-  <li>
-    <%= nav_link "Run UDP services", "/docs/app-guides/udp-and-tcp/" %>
-  </li>
-  <li>
-    <%= nav_link "Crontab with Supercronic", "/docs/app-guides/supercronic/" %>
-  </li>
-</ul>
-
diff --git a/guides.html.markerb b/guides.html.markerb
new file mode 100644
index 0000000000..52ad7d0407
--- /dev/null
+++ b/guides.html.markerb
@@ -0,0 +1,12 @@
+---
+title: Guides and Examples
+layout: docs
+toc: false
+nav: firecracker
+---
+
+A collection of guides and examples for working with Fly.io.
+
+- <%= nav_link "Going to production", "/docs/going-to-production/" %>
+- <%= nav_link "Crontab with Supercronic", "/docs/app-guides/supercronic/" %>
+- <%= nav_link "Run an ssh server ", "/docs/app-guides/opensshd/" %>
diff --git a/hands-on/check-app-status.html.markerb b/hands-on/check-app-status.html.markerb
deleted file mode 100644
index 08b14326fb..0000000000
--- a/hands-on/check-app-status.html.markerb
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Check Your App's Status
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
-redirect_from: 
-  - /docs/hands-on/view-app/
----
-
-Now that the application has been deployed, let's find out more about its deployment. The command `fly status` will give you the basic details.
-
-```cmd
-fly status
-```
-```out
-App
-  Name     = hellofly          
-  Owner    = personal       
-  Hostname = hellofly.fly.dev
-  Image    = flyio/hellofly:latest
-  Platform = machines       
-
-Machines
-PROCESS	ID            	VERSION	REGION	STATE  	CHECKS	LAST UPDATED
-app    	148e453b7d7289	1      	ord   	started	      	2023-05-17T17:39:37Z
-app    	5683d311c3228e	1      	ord   	stopped	      	2023-05-17T17:38:44Z
-```
-
-In this example, the application has been deployed with a DNS hostname of `hellofly.fly.dev`. Your deployment's name will, of course, be different. We can also see that the app has 2 Machines running in the ord (Chicago) region. We recommend running at least 2 machines to improve availability in case of hardware or host failure.
-
-[Next: Visit Your App on Fly.io](/docs/hands-on/open-app/)
diff --git a/hands-on/images/helloflyandfred.webp b/hands-on/images/helloflyandfred.webp
deleted file mode 100644
index f75c815b55..0000000000
Binary files a/hands-on/images/helloflyandfred.webp and /dev/null differ
diff --git a/hands-on/index.html.markerb b/hands-on/index.html.markerb
deleted file mode 100644
index 0d596ac3ec..0000000000
--- a/hands-on/index.html.markerb
+++ /dev/null
@@ -1,17 +0,0 @@
----
-title: Hands-on with Fly.io
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
-redirect_from: 
-- /docs/hands-on/start/
----
-
-<figure>
-  <img src="http://github.com/static/images/hands-on.webp" srcset="http://github.com/service/http://github.com/static/images/hands-on@2x.webp%202x " alt="">
-</figure>
-
-In this work-through you'll use Fly Launch to deploy a simple "hello fly" app to the Fly Platform. The first step is installing all the tools you need to work with Fly Launch. Which is one tool: flyctl.
-
-[Next: Install flyctl](/docs/hands-on/install-flyctl/)
diff --git a/hands-on/install-flyctl.html.markerb b/hands-on/install-flyctl.html.markerb
deleted file mode 100644
index f147172e5b..0000000000
--- a/hands-on/install-flyctl.html.markerb
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Install flyctl
-layout: docs
-sitemap: false
-nav: hands_on
-toc: true
-redirect_from: 
-  - /docs/getting-started/installing-flyctl/
-  - /docs/hands-on/installing/
-  - /docs/flyctl/installing/
----
-
-flyctl is a command-line utility that lets you work with Fly.io, from creating your account to deploying your applications. It runs on your local device so you'll want to install the version that's appropriate for your operating system.
-
-<h2 id="macos" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
-  <a href="#macos" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
-  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="24" height="24" viewBox="0 0 24 24">
-    <path d="M22 17.607c-.786 2.28-3.139 6.317-5.563 6.361-1.608.031-2.125-.953-3.963-.953-1.837 0-2.412.923-3.932.983-2.572.099-6.542-5.827-6.542-10.995 0-4.747 3.308-7.1 6.198-7.143 1.55-.028 3.014 1.045 3.959 1.045.949 0 2.727-1.29 4.596-1.101.782.033 2.979.315 4.389 2.377-3.741 2.442-3.158 7.549.858 9.426zm-5.222-17.607c-2.826.114-5.132 3.079-4.81 5.531 2.612.203 5.118-2.725 4.81-5.531z" />
-  </svg>
-  macOS
-</h2>
-
-If you have the [Homebrew](https://brew.sh) package manager installed, flyctl can be installed by running:
-
-```cmd
-brew install flyctl
-```
-
-If not, you can run the install script:
-
-```cmd
-curl -L https://fly.io/install.sh | sh
-```
-If you used curl to install flyctl, then you need to add the flyctl directory to your shell rc file. Check the output of the install script for the entries to copy and paste into the file. Now you can use the `flyctl` command from any directory. Or for maximum efficiency, you can use the `fly` command! 
-
-<h2 id="linux" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
-  <a href="#linux" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
-  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="24" height="24" viewBox="0 0 24 24">
-    <path d="M20.581 19.049c-.55-.446-.336-1.431-.907-1.917.553-3.365-.997-6.331-2.845-8.232-1.551-1.595-1.051-3.147-1.051-4.49 0-2.146-.881-4.41-3.55-4.41-2.853 0-3.635 2.38-3.663 3.738-.068 3.262.659 4.11-1.25 6.484-2.246 2.793-2.577 5.579-2.07 7.057-.237.276-.557.582-1.155.835-1.652.72-.441 1.925-.898 2.78-.13.243-.192.497-.192.74 0 .75.596 1.399 1.679 1.302 1.461-.13 2.809.905 3.681.905.77 0 1.402-.438 1.696-1.041 1.377-.339 3.077-.296 4.453.059.247.691.917 1.141 1.662 1.141 1.631 0 1.945-1.849 3.816-2.475.674-.225 1.013-.879 1.013-1.488 0-.39-.139-.761-.419-.988zm-9.147-10.465c-.319 0-.583-.258-1-.568-.528-.392-1.065-.618-1.059-1.03 0-.283.379-.37.869-.681.526-.333.731-.671 1.249-.671.53 0 .69.268 1.41.579.708.307 1.201.427 1.201.773 0 .355-.741.609-1.158.868-.613.378-.928.73-1.512.73zm1.665-5.215c.882.141.981 1.691.559 2.454l-.355-.145c.184-.543.181-1.437-.435-1.494-.391-.036-.643.48-.697.922-.153-.064-.32-.11-.523-.127.062-.923.658-1.737 1.451-1.61zm-3.403.331c.676-.168 1.075.618 1.078 1.435l-.31.19c-.042-.343-.195-.897-.579-.779-.411.128-.344 1.083-.115 1.279l-.306.17c-.42-.707-.419-2.133.232-2.295zm-2.115 19.243c-1.963-.893-2.63-.69-3.005-.69-.777 0-1.031-.579-.739-1.127.248-.465.171-.952.11-1.343-.094-.599-.111-.794.478-1.052.815-.346 1.177-.791 1.447-1.124.758-.937 1.523.537 2.15 1.85.407.851 1.208 1.282 1.455 2.225.227.871-.71 1.801-1.896 1.261zm6.987-1.874c-1.384.673-3.147.982-4.466.299-.195-.563-.507-.927-.843-1.293.539-.142.939-.814.46-1.489-.511-.721-1.555-1.224-2.61-2.04-.987-.763-1.299-2.644.045-4.746-.655 1.862-.272 3.578.057 4.069.068-.988.146-2.638 1.496-4.615.681-.998.691-2.316.706-3.14l.62.424c.456.337.838.708 1.386.708.81 0 1.258-.466 1.882-.853.244-.15.613-.302.923-.513.52 2.476 2.674 5.454 2.795 7.15.501-1.032-.142-3.514-.142-3.514.842 1.285.909 2.356.946 3.67.589.241 1.221.869 1.279 1.696l-.245-.028c-.126-.919-2.607-2.269-2.83-.539-1.19.181-.757 2.066-.997 3.288-.11.559-.314 1.001-.462 1.466zm4.846-.041c-.985.38-1.65 1.187-2.107 1.688-.88.966-2.044.503-2.168-.401-.131-.966.36-1.493.572-2.574.193-.987-.023-2.506.431-2.668.295 1.753 2.066 1.016 2.47.538.657 0 .712.222.859.837.092.385.219.709.578 1.09.418.447.29 1.133-.635 1.49zm-8-13.006c-.651 0-1.138-.433-1.534-.769-.203-.171.05-.487.253-.315.387.328.777.675 1.281.675.607 0 1.142-.519 1.867-.805.247-.097.388.285.143.382-.704.277-1.269.832-2.01.832z" />
-  </svg>
-  Linux
-</h2>
-
-Run the install script:
-
-```cmd
-curl -L https://fly.io/install.sh | sh
-```
-
-<h2 id="windows" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
-  <a href="#windows" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
-  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="20" height="20" viewBox="0 0 24 24">
-    <path d="M0 12v-8.646l10-1.355v10.001h-10zm11 0h13v-12l-13 1.807v10.193zm-1 1h-10v7.646l10 1.355v-9.001zm1 0v9.194l13 1.806v-11h-13z"/>
-  </svg>
-  Windows
-</h2>
-
-Run the PowerShell install script:
-
-```cmd
-pwsh -Command "iwr https://fly.io/install.ps1 -useb | iex"
-```
-
-If you encounter an error saying the `pwsh` command is not found, `powershell` can be used instead, though we recommend [installing the latest version of PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows).
-
-Next:
-* If this is your first time with Fly.io, then [Sign up](/docs/hands-on/sign-up/).
-* If you already have a Fly.io account, then [Sign in to Fly.io](/docs/hands-on/sign-in/).
diff --git a/hands-on/launch-app.html.markerb b/hands-on/launch-app.html.markerb
deleted file mode 100644
index 7a2a698915..0000000000
--- a/hands-on/launch-app.html.markerb
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: Launch the App
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
-redirect_from: 
-  - /docs/hands-on/create-app/
-  - /docs/hands-on/deploy-app/
-
----
-
-Fly Launch helps you quickly deploy almost any kind of app using a Docker image. To learn more about the different ways to get your app ready to deploy, refer to [Fly Launch](/docs/apps/launch/).
-
-For this example, you can use our pre-built Docker image, `flyio/hellofly:latest`, to create and deploy an app. 
-
-Each Fly Launch application uses a `fly.toml` file to tell the system how to deploy it. The `fly.toml` file can be automatically generated with the `fly launch` command, which will provide some useful defaults that you can tweak through a web interface before deploying the app.
-
-Run:
-
-```cmd
-fly launch --image flyio/hellofly:latest
-```
-
-You'll get a summary of the defaults chosen for your app:
-
-```output 
-Using image flyio/hellofly:latest
-Creating app in /Users/username/my-app-name
-We're about to launch your app on Fly.io. Here's what you're getting:
-
-Organization: MyName                 (fly launch defaults to the personal org)
-Name:         my-app-name            (derived from your directory name)
-Region:       Secaucus, NJ (US)      (this is the fastest region for you)
-App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
-Postgres:     <none>                 (not requested)
-Redis:        <none>                 (not requested)
-
-? Do you want to tweak these settings before proceeding? (y/N)
-```
-
-Type `y` at the prompt to open the Fly Launch page, where you can make changes to your app config.
-
-For this example, the only settings you might want to change are the app name and the [region](/docs/reference/regions/) to deploy in. App names can include only numbers, lowercase letters, and dashes.
-
-Click **Confirm Settings** to confirm and deploy the example app.
-
-You can return to your terminal to view the progress of the app deployment:
-
-```output
-Waiting for launch data... Done
-Created app 'my-app-name' in organization 'personal'
-Admin URL: https://fly.io/apps/my-app-name
-Hostname: my-app-name.fly.dev
-Wrote config file fly.toml
-Validating /Users/username/my-app-dir/fly.toml
-Platform: machines
-✓ Configuration is valid
-==> Building image
-Searching for image 'flyio/hellofly:latest' remotely...
-image found: img_z1nr0lpjz9v5q98w
-
-Watch your deployment at https://fly.io/apps/my-app-name/monitoring
-
-Provisioning ips for my-app-name
-  Dedicated ipv6: 2a09:8280:1::42:a8f4
-  Shared ipv4: 66.241.124.213
-  Add a dedicated ipv4 with: fly ips allocate-v4
-
-This deployment will:
- * create 2 "app" machines
-
-No machines in group app, launching a new machine
-Creating a second machine to increase service availability
-Finished launching new machines
--------
-NOTE: The machines for [app] have services with 'auto_stop_machines = true' that will be stopped when idling
-
--------
-
-Visit your newly deployed app at https://my-app-name.fly.dev/
-```
-
-<div class="note icon">
-**Note:** If you've just signed up, then you'll also be prompted at some point for credit card payment information. Refer to [Billing](/docs/about/billing/) and [Pricing](/docs/about/pricing) for more details.
-</div>
-
-When you run a command, flyctl always checks to see if `fly.toml` exists in the current directory, and then checks the `app` value at the start of the file. Many commands use this app name to determine which Fly App to apply to by default. The `fly.toml` file also defines how the app will be built (from a pre-built Docker image, in this case), the ports for services, and further configuration to be applied to the app when it deploys.
-
-[Next: Check your app's status](/docs/hands-on/check-app-status/)
diff --git a/hands-on/next.html.markerb b/hands-on/next.html.markerb
deleted file mode 100644
index ac24662e8e..0000000000
--- a/hands-on/next.html.markerb
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Learn more
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
----
-
-What's next? Well, this is only the start of your travels with Fly.io.
-
-* **[Language & Framework Guides](/docs/languages-and-frameworks/)**: Comprehensive and starter guides for your favorite languages and frameworks.
-* **[Fly Launch](/docs/apps)**: You've tried the `fly launch` command. Now learn how to use all the Fly Launch features that help you manage and run your apps.
-* **[Databases & Storage](/docs/database-storage-guides/)**: Options for persistent data storage on the Fly Platform
-* **[Fly Machines](/docs/machines/)**: Go deeper with our VMs, and use them to run your projects and tasks.
-* **[Reference](/docs/reference)**: The details of how the Fly Platform works.
-
-When you are ready to move real traffic to your app, check out the ways you can increase availability, capacity and performance with Fly.io:
-
-* Read up on our [App Availability and Resiliency](/docs/reference/app-availability/) features
-* [Scale Machine CPU and RAM](/docs/apps/scale-machine/) 
-* [Scale Machine Count](/docs/apps/scale-count/) 
-* [Autostart and Autostop Machines](/docs/apps/autostart-stop/) in response to traffic
-
-## Community
-
-Get active on our [Community Forum](https://community.fly.io/) to help and be helped, and be the first to hear about our latest features.
-
-## Articles
-
-Check out our articles on the [Fly.io Blog](/blog), [Phoenix Files](/phoenix-files), [Ruby Dispatch](/ruby-dispatch), [Laravel Bytes](/laravel-bytes), [Django Beats](/django-beats/), and [JavaScript Journal](/javascript-journal/).
diff --git a/hands-on/open-app.html.markerb b/hands-on/open-app.html.markerb
deleted file mode 100644
index 85adeb7868..0000000000
--- a/hands-on/open-app.html.markerb
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Visit Your App on Fly.io
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
-redirect_from: /docs/hands-on/connecting-to-an-app/
----
-
-The quickest way to connect to your deployed app is with the `fly apps open` command, which opens a browser on the http version of the site. That http connection will automatically be upgraded to an https secured connection (when using the fly.dev domain) to connect to it securely. 
-
-For fun, add `/<your-name>` to `fly apps open` and your name will be appended to the app's path to add an extra greeting from the hellofly application.
-
-```cmd
-fly apps open /fred
-```
-```out
-Opening http://hellofly.fly.dev/fred
-```
-
-<img src="http://github.com/docs/hands-on/images/helloflyandfred.webp" alt="Hello from Fly Screenshot" class="rounded-xl shadow-lg">
-
-You've successfully launched your first Fly App.
-
-[Next: Learn more about what you can do with Fly.io](/docs/hands-on/next/)
diff --git a/hands-on/sign-in.html.markerb b/hands-on/sign-in.html.markerb
deleted file mode 100644
index 7cb957f286..0000000000
--- a/hands-on/sign-in.html.markerb
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: Sign In
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
----
-
-<%= partial "/docs/partials/sign_in" %>
-
-[Next: Launch a Fly App](/docs/hands-on/launch-app/)
diff --git a/hands-on/sign-up.html.markerb b/hands-on/sign-up.html.markerb
deleted file mode 100644
index 4abdee2d91..0000000000
--- a/hands-on/sign-up.html.markerb
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: Sign up
-layout: docs
-sitemap: false
-nav: hands_on
-toc: false
----
-
-<%= partial "/docs/partials/sign_up" %>
-
-[Next: Sign in to Fly.io](/docs/hands-on/sign-in/)
diff --git a/hiring/hiring.html.md b/hiring/hiring.html.md
index 5d18c14e8b..15418fb4a4 100644
--- a/hiring/hiring.html.md
+++ b/hiring/hiring.html.md
@@ -21,7 +21,7 @@ There are other good things about our process:
 
 - We don&#39;t time the challenges, and you can get them done in dribs and drabs of your spare time if that&#39;s best for you.
 - We don&#39;t look over your shoulder, can&#39;t see your typos, and aren&#39;t driving up your cortisol with loaded sighs and  "hmms" as you work. We want to see you in your best light.
-- You get to use your own dev setup, which, of course, includes Internet connectivity and the ability to Google things, because that is how all code in the industry is actually written.
+- You get to use your own dev setup, which, of course, includes Internet connectivity and the ability to Google things and work with LLMs, because that is how all code in the industry is actually written.
 
 Our challenges aren&#39;t artificial. There are no binary trees to invert. We just extract work we&#39;ve actually done ourselves, and simplify it to the point where we think it can get done in a few hours. Our challenges all have objective rubrics (that turns out to be the hard part of developing a work-sample challenge!) and we can usually grade them pretty mechanically.
 
@@ -34,7 +34,7 @@ A typical hiring process for an engineering job at Fly.io looks like this:
 1. You send us an email. There&#39;s an email address at the bottom of all our job descriptions.
 1. We say "hi", lay out our hiring challenges, and give you some time to ask us questions. We&#39;re happy to field questions!
 1. When you&#39;re ready, we deliver you a series of at-home challenges (usually 2-3). You knock them out one at a time. If things go roughly with any of them, we&#39;ll let you know.
-1. If you knock out all the challenges, we&#39;ll schedule a "work day", our last challenge. That&#39;s "day" as in "day in the life" — we don&#39;t ask for a full day of your time! During the work day, you&#39;ll collaborate with us on Slack on an engineering design project.
+1. If you knock out all the challenges, we&#39;ll schedule a 60-90 minute discussion in Slack with one of our team members, which we refer to internally as a structured interview. No coding, no video, no microphones; just a typed discussion in Slack so we can better understand how you think about and collaborate on the kinds of problems we tackle at Fly.io.
 1. That&#39;s it! If everything goes well, the next step is us working out an offer with you.
 
 ## What About Time Limits?
@@ -43,47 +43,47 @@ We don't take delivery time into account when grading challenges. Take a day, ta
 
 We have only two caveats to offer about the amount of time you spend on challenges:
 
-1. If you really do take a month to do the challenges, our staffing situation might change by the time you're done, and we 
+1. If you really do take a month to do the challenges, our staffing situation might change by the time you're done, and we
 won't be able to move forward immediately. So: if it's going to be a while before you can get to the challenges, let us know,
 and we'll be able to warn you if there's any time sensitivity on the role you're applying to. We don't want to have you doing
 challenges for a role that isn't open by the time you're done!
 
-2. We've said it already but we'll say it again: we've tried to calibrate these challenges (by running them many times) so 
+2. We've said it already but we'll say it again: we've tried to calibrate these challenges (by running them many times) so
 they take roughly the same amount of time as an interview would. You can put as much time into them as you'd like; we're not
-going to notice. But if you're getting sore about the amount of time they're taking, you should reach out to us and we 
-can try to figure out what's happening. Sometimes, you might be overthinking the challenge; other times, the role you're 
+going to notice. But if you're getting sore about the amount of time they're taking, you should reach out to us and we
+can try to figure out what's happening. Sometimes, you might be overthinking the challenge; other times, the role you're
 applying to might not be a perfect fit for where you're coming from.
 
 ## What If I Have Questions?
 
-You can't lose points by asking us questions. Generally, we look at questions as a positive indicator. 
+You can't lose points by asking us questions. Generally, we look at questions as a positive indicator.
 
 There are questions you might ask that we can't answer. That's fine; we'll just give evasive answers. Don't moderate
 your questions for our sake. You might be surprised at how much we're willing to cough up.
 
 A lot of hiring systems keep their cards close to the vest, and (deliberately or otherwise) evaluate candidates based
-on their ability to navigate a murky process. That's not us. 
+on their ability to navigate a murky process. That's not us.
 
 We want to predict how well you'll function on our team doing real work. In a real working week, if our processes were
-so murky that sniffing them out was a real test of your skill, on like a day-to-day basis, we'd have problems of our 
-own to fix. We want to see you in your best light. 
+so murky that sniffing them out was a real test of your skill, on like a day-to-day basis, we'd have problems of our
+own to fix. We want to see you in your best light.
 
 ## What About Start Dates?
 
 This is important: we can only make offers with start dates 1 month out or
 less. If you're looking for a role to start a couple months from now (when
 you graduate, etc), you're generally welcome to run through our process and
-get a "soft yes" from us. 
+get a "soft yes" from us.
 
-When you're available to take an offer starting within a month, you can 
-ping us, and we'll extend an offer. 
+When you're available to take an offer starting within a month, you can
+ping us, and we'll extend an offer if the role is still open.
 
 A word of warning: while we expect to be hiring most of our roles pretty
 much continuously, the economy can get spooky. We can't make promises about
-openings several months out from now. An offer is a commitment, and that's 
+openings several months out from now. An offer is a commitment, and that's
 the one thing we can't do if you're looking to start several months from
 now. We'll do our best to stay up-front about this stuff!
 
 ## What About Compensation?
 
-At Fly.io, we're focused on getting pay equity (the fairness kind) embedded as close to the core of our philosophy as possible. We want to eliminate as much bias in the hiring process as we can, and we don't want anyone who works here to second-guess themselves on how hard they negotiated their offer. So, we designed our salaries to be intentionally simple and straightforward: everyone at a given level is offered the same salary and options, regardless of their role, geography, and previous experience.
\ No newline at end of file
+At Fly.io, we're focused on getting pay equity (the fairness kind) embedded as close to the core of our philosophy as possible. We want to eliminate as much bias in the hiring process as we can, and we don't want anyone who works here to second-guess themselves on how hard they negotiated their offer. So, we designed our salaries to be intentionally simple and straightforward: everyone at a given level is offered the same salary and options, regardless of their role, geography, and previous experience.
diff --git a/hiring/index.html.md b/hiring/index.html.md
index 9f94dcfdfd..7a9c453233 100644
--- a/hiring/index.html.md
+++ b/hiring/index.html.md
@@ -6,6 +6,10 @@ toc: false
 nav: devjobs
 ---
 
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/engineering-jobs.png" alt="Illustration by Annie Ruygt of a bird working on a laptopn" class="w-full max-w-lg mx-auto">
+</figure>
+
 **We're psyched to talk to you about working with us!** Fly.io is doing
 something ambitious: we're building a new public cloud, one designed,
 from the jump, for developers, that runs code close to users wherever
diff --git a/hiring/working.html.md b/hiring/working.html.md
index 74367460fb..6e1316cc91 100644
--- a/hiring/working.html.md
+++ b/hiring/working.html.md
@@ -14,9 +14,9 @@ Like most companies, we do most of our daily work on a Slack. Slack isn&#39;t gr
 ## We're Committed To Diversity And Mutual Respect
 
 We believe in diverse and equitable teams. We're working together on a hard problem, the work
-itself gets challenging, and our teams won't work without mutual respect. Fly.io is used by people of 
+itself gets challenging, and our teams won't work without mutual respect. Fly.io is used by people of
 all skill levels, all over the world, from many different backgrounds and with many different goals.
-We're believers in the value of glue work and empathy, with each other and our users. 
+We're believers in the value of glue work and empathy, with each other and our users.
 
 ## Fly.io Hires Around The World
 
@@ -28,7 +28,7 @@ We have team members in Europe, Rwanda, South Africa, Mexico, Argentina, Canada,
 
 We'll do our best, but it's tricky. We've got access to some legal resources, but our luck, with H1Bs in particular, hasn't
 been great. Whatever we say about visas, remember that it's USCIS making the decisions, and USCIS has a different definition
-of "responsive" than we do. 
+of "responsive" than we do.
 
 So the short answer on visa sponsorships is: we'll try, but you should take a job here on the assumption that you'll be working
 remote indefinitely.
@@ -42,21 +42,18 @@ We&#39;re a product for developers, by developers. We have a [thriving community
 ## Leveling
 
 Levels at Fly.io are relatively informal. We're pretty flat, as companies
-go. Small teams, like we just said. Our current [engineering leveling](/docs/hiring/levels/) looks
+go. Small teams, like we just said. Our current [leveling](/docs/hiring/company-levels/) looks
 roughly like:
 
 * Level 1: Early-career or intern-level demonstrated aptitude. An L1 might need
   ongoing support from other team members to deliver work.
-  
+
 * Level 2: See Level 1 and Level 3, and interpolate.
 
 * Level 3: An L3 can lead a team. We use "L3" and "Senior" interchangeably.
 
 * Staff: We're still working out what this means here. We'll generally
-  call out staff roles individually. 
-  
-We also hire engineering management (EMs). Like most modern tech companies,
-EM is a separate track from line engineering.
+  call out staff roles individually.
 
 ## We&#39;re Ruthless About Doing Customer-Visible Work
 
@@ -66,7 +63,7 @@ We want our teams to set their own direction as much as possible, but we&#39;ll
 
 It&#39;s a platform for shipping our customers apps. It&#39;s on 24/7/365.
 
-We made a decision early on not to stick ops teams with the whole on-call challenge. So we all share it. At our current team size, on-call is 2 days roughly every month and a half or so. Most on-call is quiet! Because we all share the rotation, noisy alarms would drive all of us batty.
+We made a decision early on not to stick ops teams with the whole on-call challenge. So we all share it. At our current team size, on-call is 1 week roughly every 9 months or so. Most on-call is quiet! Because we all share the rotation, noisy alarms would drive all of us batty.
 
 If you get socked with a rough on-call, we&#39;ll ask you to take the next day off.
 
diff --git a/images/Managed_Postgres.png b/images/Managed_Postgres.png
new file mode 100644
index 0000000000..ca5be6ba2d
Binary files /dev/null and b/images/Managed_Postgres.png differ
diff --git a/images/cluster-from-home-to-fly-app-1.png b/images/cluster-from-home-to-fly-app-1.png
new file mode 100644
index 0000000000..4ef96d76e9
Binary files /dev/null and b/images/cluster-from-home-to-fly-app-1.png differ
diff --git a/images/cluster-from-home-to-fly-app-2.png b/images/cluster-from-home-to-fly-app-2.png
new file mode 100644
index 0000000000..7d66070233
Binary files /dev/null and b/images/cluster-from-home-to-fly-app-2.png differ
diff --git a/images/cpu-quota.png b/images/cpu-quota.png
new file mode 100644
index 0000000000..13994bc99f
Binary files /dev/null and b/images/cpu-quota.png differ
diff --git a/images/cpu-quota.webp b/images/cpu-quota.webp
new file mode 100644
index 0000000000..ed1ef9715d
Binary files /dev/null and b/images/cpu-quota.webp differ
diff --git a/images/mcp-proxy-wrap-flog.png b/images/mcp-proxy-wrap-flog.png
new file mode 100644
index 0000000000..cad5dd7c26
Binary files /dev/null and b/images/mcp-proxy-wrap-flog.png differ
diff --git a/images/mermaid-diagram-1.png b/images/mermaid-diagram-1.png
new file mode 100644
index 0000000000..b5417d9a79
Binary files /dev/null and b/images/mermaid-diagram-1.png differ
diff --git a/images/mermaid-diagram-2.png b/images/mermaid-diagram-2.png
new file mode 100644
index 0000000000..771caf43b1
Binary files /dev/null and b/images/mermaid-diagram-2.png differ
diff --git a/images/orgtoken.png b/images/orgtoken.png
new file mode 100644
index 0000000000..b9948965bd
Binary files /dev/null and b/images/orgtoken.png differ
diff --git a/images/tigris-launch-ui.png b/images/tigris-launch-ui.png
new file mode 100644
index 0000000000..ce3eaa7ea7
Binary files /dev/null and b/images/tigris-launch-ui.png differ
diff --git a/index.html.md b/index.html.md
index f81a382d03..88fdcc4a66 100644
--- a/index.html.md
+++ b/index.html.md
@@ -1,36 +1,154 @@
 ---
 title: "Fly.io developer documentation"
 layout: docs
-sitemap: false
+toc: false
+breadcrumbs: false
 nav: firecracker
 ---
 
-Deploy your project in a few minutes with [Fly Launch](/docs/apps/). Then do more with [Fly Machines](/docs/machines/).
+<div class="grid grid-cols-2 items-center">
+  <div>
+## Ready to get started?
 
-## Run your entire stack near your users
+**Step 1:** Install `flyctl`
 
-Deploy in any [region](/docs/reference/regions/). Manage your worker [processes](/docs/apps/processes/) alongside your web server. Back it with a [Fly Postgres](/docs/postgres/) app, or bring your own exotic database. Whatever supporting infrastructure you need! It's all just VMs.
+```cmd
+brew install flyctl
+```
 
-[Try our Speedrun](/docs/speedrun/)
+<small>Not using `brew`? Check out the [installation guide](/docs/flyctl/install/)</small>
 
-[Learn more about Fly Launch](/docs/apps/)
+**Step 2:** Run `fly launch`
+  </div>
 
-## Scale at your own pace
+  <figure>
+    <img src="http://github.com/static/images/doc-main.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon waving to a bird sitting on a hour roof" class="w-full max-w-lg mx-auto">
+  </figure>
+</div>
 
-[flyctl](/docs/flyctl/) helps you herd VMs, but puts the power in your hands.
+## Explore Fly.io by features
 
-Scale locally, or put your app next to your users in ten more cities. Either way, it's [one command](/docs/apps/scale-count/). Add CPU oomph or RAM, again with [one command](/docs/apps/scale-machine/). Pay for what you use, and have your VMs stop when they're idle, so you don't use more than you need.
+<div class="note">
+  <ul class="grid grid-cols-2 sm:grid-cols-3 text-lg font-medium gap-6 px-4 py-6">
+    <li><a href="http://github.com/docs/machines/">Fly Machines</a></li>
+    <li><a href="http://github.com/docs/volumes/">Fly Volumes</a></li>
+    <li><a href="http://github.com/docs/security/">Security</a></li>
+    <li><a href="http://github.com/docs/gpus/">Fly GPUs</a></li>
+    <li><a href="http://github.com/docs/networking/">Networking</a></li>
+    <li><a href="http://github.com/docs/mpg/">Managed Postgres</a></li>
+    <li><a href="http://github.com/docs/kubernetes/">Fly Kubernetes</a></li>
+    <li><a href="http://github.com/docs/database-storage-guides/">Database & Storage</a></li>
+    <li><a href="http://github.com/docs/monitoring/">Monitoring</a></li>
+  </ul>
+</div>
 
-<figure>
-  <img src="http://github.com/static/images/docs-intro.webp" srcset="http://github.com/service/http://github.com/static/images/docs-intro@2x.webp%202x " alt="">
-</figure>
 
-## Control individual VMs
+<div class="grid grid-cols-2 py-8">
+  <div>
+## Get answers in your language
+
+Or framework. You know what we mean. Check out the docs specific to your tech so you can move faster.
+  </div>
+  <div class="h-full">
+    <div class="grid grid-cols-3 h-full gap-2">
+      <a
+        href="http://github.com/docs/elixir/getting-started/"
+        class="btn h-full rounded-xl"
+      >
+        Phoenix
+      </a>
+      <a
+        href="http://github.com/docs/languages-and-frameworks/static/"
+        class="btn h-full rounded-xl"
+      >
+        Static
+      </a>
+      <a
+        href="http://github.com/docs/rails/getting-started/"
+        class="btn h-full rounded-xl"
+      >
+        Ruby on Rails
+      </a>
+      <a
+        href="http://github.com/docs/languages-and-frameworks/dockerfile/"
+        class="btn h-full rounded-xl"
+      >
+        Docker
+      </a>
+      <a
+        href="http://github.com/docs/languages-and-frameworks/golang/"
+        class="btn h-full rounded-xl"
+      >
+        Go
+      </a>
+      <a
+        href="http://github.com/docs/rust/"
+        class="btn h-full rounded-xl"
+      >
+        Rust
+      </a>
+      <a
+        href="http://github.com/docs/django/getting-started/"
+        class="btn h-full rounded-xl"
+      >
+        Django
+      </a>
+      <a
+        href="http://github.com/docs/laravel/"
+        class="btn h-full rounded-xl"
+      >
+        Laravel
+      </a>
+      <a
+        href="http://github.com/docs/js/"
+        class="btn h-full rounded-xl"
+      >
+        JavaScript
+      </a>
+    </div>
+  </div>
+</div>
 
-The Fly Launch platform-as-a-service is there to make your apps easy to launch and manage. When you outgrow its opinions, micromanage your app VMs with `fly machines` commands, or drop down a level of abstraction to the [Machines](/docs/machines/working-with-machines/) API. Launch [tiny, fast-booting VMs](/docs/machines/) from your app! The perfect way to run user code, or try that sketchy TypeScript snippet ChatGPT suggested.
+<div class="flex justify-center">
+## How does Fly.io work?
+</div>
+
+<figure>
+  <img src="http://github.com/static/images/fly-map.png" alt="" class="w-full">
+</figure>
 
-[Learn more about Fly Machines](/docs/machines/)
+<div class="grid grid-cols-2 items-center">
+  <figure>
+    <img src="http://github.com/static/images/help.png" alt="Illustration by Annie Ruygt of Frankie the hot air balloon waving to a bird sitting on a hour roof" class="w-full max-w-lg mx-auto">
+  </figure>
+  <div class="space-y-2">
+    <h2>Could you use more help?</h2>
+    <p>Our Community forum and Support team have the answers.</p>
+  </div>
+</div>
 
-## Build your own cloud
+<div class="grid grid-cols-2 gap-6">
+  <div class="note">
+    <h3>Community Forum</h3>
+    <ul class="ml-1">
+      <li>Free to use</li>
+      <li>Discuss Fly.io with other users</li>
+      <li>See new Fly.io developments first</li>
+      <li>Searchable backlog</li>
+      <li>Quick answers to common issues</li>
+    </ul>
+    <a href="https://community.fly.io/" class="btn mt-4">Learn more</a>
+  </div>
 
-Go ahead and build your own cloud on top of Fly Machines! Did we mention it's all just VMs? Fly.io features don't care what shape your project takes. A powerful CLI, remote Docker builds, private networking, persistent storage, logging, metrics, secrets management, load balancing, certs, autoscaling, dynamic request routing...it's all available, whatever scale and complexity you're working with.
\ No newline at end of file
+  <div class="note">
+    <h3>Support</h3>
+    <ul class="ml-1">
+      <li>Plans start at $29/month</li>
+      <li>Guaranteed response time</li>
+      <li>Run by Fly.io engineers, not chat bots</li>
+      <li>Technical architecture support</li>
+      <li>Public metrics</li>
+    </ul>
+    <a href="https://fly.io/support" class="btn mt-4">Learn more</a>
+  </div>
+</div>
diff --git a/js/frameworks.html.erb b/js/frameworks.html.erb
deleted file mode 100644
index a2ebe88eb1..0000000000
--- a/js/frameworks.html.erb
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: JS Framework Guides
-layout: framework_docs_overview
-toc: false
-order: 4
----
-
-<figure>
-  <img src="http://github.com/static/images/docs-guide.webp" srcset="http://github.com/service/http://github.com/static/images/docs-guide@2x.webp%202x " alt="">
-</figure>
-
-Each one of the language guides will take you through creating and deploying a simple application.
-
-<ul class="py-4">
-  <% current_page.children.sort_by {|child| child.data[:order] || 99}.each do |page| %>
-    <li>
-      <%= link_to_page page %>
-    </li>
-  <% end %>
-</ul>
-
-<p>If you don't see a framework supported here that you'd like to run on Fly.io, <%=link_to "tell us in the Community", "https://community.fly.io/" %>.</p>
diff --git a/js/frameworks.html.markerb b/js/frameworks.html.markerb
new file mode 100644
index 0000000000..dae7061e9e
--- /dev/null
+++ b/js/frameworks.html.markerb
@@ -0,0 +1,22 @@
+---
+title: JS Framework Guides
+layout: framework_docs_overview
+toc: false
+order: 4
+---
+
+<figure>
+  <img src="http://github.com/static/images/js-lander.png" alt="Illustration by Annie Ruygt of two 3-eyed humanoids relaxing with a drink" class="w-full mx-auto">
+</figure>
+
+<p>Each one of the language guides will take you through creating and deploying a simple application.</p>
+
+<ul class="py-4">
+  <% current_page.children.sort_by {|child| child.data[:order] || 99}.each do |page| %>
+    <li>
+      <%= link_to_page page %>
+    </li>
+  <% end %>
+</ul>
+
+<p>If you don't see a framework supported here that you'd like to run on Fly.io, <%=link_to "tell us in the Community", "https://community.fly.io/" %>.</p>
diff --git a/js/frameworks/astro.html.markerb b/js/frameworks/astro.html.markerb
new file mode 100644
index 0000000000..f6335f05b2
--- /dev/null
+++ b/js/frameworks/astro.html.markerb
@@ -0,0 +1,110 @@
+---
+title: "Run an Astro App"
+layout: framework_docs
+redirect_from:
+ - /docs/languages-and-frameworks/astro/
+ - /docs/getting-started/astro/
+objective: Astro is the web framework for content-driven websites.
+order: 1
+---
+
+<% app_name = "hello-next" %>
+<%= partial "partials/intro", locals: { runtime: "Astro", link: "https://astro.build/" } %>
+
+You can deploy your [Astro](https://astro.build/) app on Fly.io with minimal effort, our CLI will do the heavy lifting. You can use your existing Astro app or you can create one from scratch.
+
+
+Astro applications can be served as either **static pages** _or_ with **server-side rendering (SSR)**. On this page you'll find guides to deploying both varieties.
+
+
+## _Deploy a static Astro site_
+
+<%= partial "partials/flyctl" %>
+
+Next, if you don't have an existing Astro application, you can create one with the following command:
+
+```cmd
+npm create astro@latest
+```
+
+With the project setup out of the way, you're ready to start deploying! If you don't have a Dockerfile yet, `fly launch` will generate one for you, as well as prepare a `fly.toml` file.
+
+```cmd
+cd my-astro-app
+fly launch
+```
+```output
+Scanning source code
+Detected an Astro app
+Creating app in [redacted]/my-astro-app
+We're about to launch your NodeJS app on Fly.io. Here's what you're getting:
+
+Organization: Your Name                (fly launch defaults to the personal org)
+Name:         my-astro-app             (derived from your directory name)
+Region:       Seattle, Washington (US) (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM   (most apps need about 1GB of RAM)
+Postgres:     <none>                   (not requested)
+Redis:        <none>                   (not requested)
+
+? Do you want to tweak these settings before proceeding? (y/N) No
+Created app 'my-astro-app' in organization 'personal'
+Admin URL: https://fly.io/apps/my-astro-app
+Hostname: my-astro-app.fly.dev
+installing: npm install @flydotio/dockerfile@latest --save-dev
+
+...
+
+found 0 vulnerabilities
+     create  Dockerfile
+Wrote config file fly.toml
+Validating [redacted]/my-astro-app/fly.toml
+Platform: machines
+✓ Configuration is valid
+
+==> Building image
+...
+--> Building image done
+==> Pushing image to fly
+...
+--> Pushing image done
+...
+
+Watch your deployment at https://fly.io/apps/my-astro-app/monitoring
+
+Provisioning ips for my-astro-app
+  Dedicated ipv6: 2a09:6739:1::30:xxxx:0
+  Shared ipv4: 66.241.124.xxx
+  Add a dedicated ipv4 with: fly ips allocate-v4
+
+This deployment will:
+ * create 2 "app" machines
+
+No machines in group app, launching a new machine
+Creating a second machine to increase service availability
+Finished launching new machines
+-------
+NOTE: The machines for [app] have services with 'auto_stop_machines = true' that will be stopped when idling
+
+-------
+Checking DNS configuration for my-astro-app.fly.dev
+
+Visit your newly deployed app at https://my-astro-app.fly.dev/
+```
+
+<%= partial "partials/launched" %>
+
+## _Deploy an Astro site with SSR_
+
+Astro supports server-side rendering (SSR) through the use of **adapters**. There are a handful of adapters that are officially maintained by the Astro team. When using the [`@astrojs/node`](https://docs.astro.build/en/guides/integrations-guide/node/) adapter, Fly.io will automatically detect this during `fly launch` and if no existing Dockerfile is found, it will generate a new one with the appropriate start command and environment variables.
+
+You can add the necessary Node adapter like so:
+
+```cmd
+npx astro add node
+```
+
+This will install `@astrojs/node` and make the appropriate changes to your `astro.config.*` file in one step.
+
+## Generating your Astro Dockerfile
+
+As discussed earlier, running `fly launch` will generate a Dockerfile for you if one does not already exist. Separately, you can also generate your Dockerfile using [Dockerfile generator](https://www.npmjs.com/package/@flydotio/dockerfile). Once installed, it can be run using `npx dockerfile` for Node applications or `bunx dockerfile` for Bun applications. You'll see it referenced throughout this article for various use cases.
\ No newline at end of file
diff --git a/js/frameworks/deno.html.markerb b/js/frameworks/deno.html.markerb
index 408221d4eb..5e6004ed48 100644
--- a/js/frameworks/deno.html.markerb
+++ b/js/frameworks/deno.html.markerb
@@ -1,10 +1,10 @@
 ---
 title: "Run a Deno App"
-layout: language-and-framework-docs
-sitemap: false
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/deno/
  - /docs/getting-started/deno/
+objective: Deno is the open-source JavaScript runtime for the modern web.
 order: 2
 ---
 
@@ -62,12 +62,12 @@ And connect to localhost:8080 to confirm that you have a working Deno applicatio
 
 ## Install Flyctl and Login
 
-We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/log-in-to-fly/).
+We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
 
 ## Configuring the App for Fly.io
 
 Each Fly App needs a `fly.toml` file to tell the system how we'd like to deploy it.
-That file can be automatically generated with the command `flyctl launch` command. This command will also generate a Dockerfile for deployment.
+That file can be automatically generated with the command `fly launch` command. This command will also generate a Dockerfile for deployment.
 
 ```cmd
 fly launch
@@ -89,7 +89,7 @@ Then, pick the region you want to deploy in.
 
 ## Inside `fly.toml`
 
-The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly-side application slot of the same name, "hellodeno". If we look at the `fly.toml` configuration file we can see the name in there:
+The `fly.toml` file now contains a default configuration for deploying your app. While creating that file, `fly` has also created a Fly-side application slot with the same name, "hellodeno". If we look at the `fly.toml` configuration file we can see the name in there:
 
 ```toml
 app = "empty-sea-2541"
@@ -113,9 +113,9 @@ We are now ready to deploy our containerized app to Fly.io. At the command line,
 fly deploy
 ```
 
-This will lookup our `fly.toml` file and get the app name `empty-sea-2541` from there.
+This will get the app name `empty-sea-2541` from our `fly.toml` file.
 
-Then `flyctl` will start the process of deploying our application to Fly.io using the Dockerfile. Flyctl will return you to the command line when it's done.
+Then, `fly` will start deploying our application to Fly.io using the Dockerfile. `fly` will return you to the command line when it's done.
 
 ## Viewing the Deployed App
 
diff --git a/js/frameworks/meteor.html.markerb b/js/frameworks/meteor.html.markerb
new file mode 100644
index 0000000000..79a4e54036
--- /dev/null
+++ b/js/frameworks/meteor.html.markerb
@@ -0,0 +1,323 @@
+---
+title: "Run a Meteor App"
+layout: framework_docs
+objective: Meteor is a full-stack JavaScript framework for building modern web and mobile applications.
+order: 3
+---
+
+<% app_name = "hello-meteor" %>
+<%= partial "partials/intro", locals: { runtime: "Meteor", link: "https://meteor.com/" } %>
+
+<div class="callout">
+This guide is intended for users of Meteor 3. If you're using Meteor 2 and want to migrate, please see the <a href="https://v3-migration-docs.meteor.com/">Meteor 3.0 migration guide</a>.
+</div>
+
+Meteor is a full-stack JavaScript framework for building modern web and mobile applications. You get real-time features for free, built-in accounts, TypeScript support, and a powerful CLI tool for creating and managing your app.
+
+We'll start off by installing Meteor:
+
+```cmd
+npx meteor
+```
+```output
+=> Arch: os.osx.arm64
+=> Meteor Release: 3.0.0
+Downloading |█████████████████████████████████░░░░░░░| 82%
+```
+
+## _Generate the Meteor app_
+
+We'll assume you have NodeJS installed already. Meteor 3 requires NodeJS v20 or higher. We'll be using a skeleton web application generated by Meteor. This is a bare-bones app that does not need a MongoDB database.
+
+Let's create the new project by running `meteor create`. We'll choose a "minimal" skeleton, which is a good choice for a new project and to get up and running quickly.
+
+```cmd
+meteor create hello-meteor --minimal --release 3.0.0
+```
+```output
+Created a new Meteor app in 'hello-meteor'.
+
+To run your new app:
+  cd hello-meteor
+  meteor
+
+If you are new to Meteor, try some of the learning resources here:
+  https://www.meteor.com/tutorials
+
+When you’re ready to deploy and host your new Meteor application, check out
+Cloud:
+  https://www.meteor.com/cloud
+```
+
+## _Preview your Application_
+
+You can preview your production build locally, simply by executing the command `meteor`.
+
+```cmd
+meteor
+```
+```output
+[[[[[ ~/hello-meteor ]]]]]
+
+=> Started proxy.
+=> Started HMR server.
+=> Started your app.
+
+=> App running at: http://localhost:3000/
+```
+
+## _Install flyctl and Login_
+
+We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
+
+## _Deploy the app on Fly.io_
+
+Each Fly App needs a `fly.toml` file to tell the system how we'd like to deploy it.
+That file can be automatically generated with  `fly launch`. This command will also generate a Dockerfile for deployment.
+
+```cmd
+fly launch
+```
+```output
+Scanning source code
+Detected a Meteor app
+Creating app in ~/Demo/hello-meteor
+We're about to launch your Meteor app on Fly.io. Here's what you're getting:
+
+Organization: Demo                       (fly launch defaults to the personal org)  
+Name:         hello-meteor               (generated)
+Region:       Johannesburg, South Africa (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM     (most apps need about 1GB of RAM)
+Postgres:     <none>                     (not requested)
+Redis:        <none>                     (not requested)
+Tigris:       <none>                     (not requested)
+
+? Do you want to tweak these settings before proceeding? No
+Created app 'hello-meteor' in organization 'demo'
+Admin URL: https://fly.io/apps/hello-meteor
+Hostname: hello-meteor.fly.dev
+installing: npm install @flydotio/dockerfile@latest --save-dev
+
+added 33 packages, and audited 143 packages in 4s
+
+32 packages are looking for funding
+  run `npm fund` for details
+
+found 0 vulnerabilities
+     create  Dockerfile
+Wrote config file fly.toml
+Validating ~/Demo/hello-meteor/fly.toml
+✓ Configuration is valid
+==> Building image
+Remote builder fly-builder-frosty-night-3947 ready
+==> Building image with Docker
+...
+
+Watch your deployment at https://fly.io/apps/hello-meteor/monitoring
+
+Provisioning ips for hello-meteor
+  Dedicated ipv6: 2a09:8280:1::3c:c2d4:0
+  Shared ipv4: 66.241.124.224
+  Add a dedicated ipv4 with: fly ips allocate-v4
+
+This deployment will:
+ * create 2 "app" machines
+
+No machines in group app, launching a new machine
+
+Creating a second machine to increase service availability
+Finished launching new machines
+-------
+NOTE: The machines for [app] have services with 'auto_stop_machines = true' that will be stopped when idling
+
+-------
+Checking DNS configuration for hello-meteor.fly.dev
+
+Visit your newly deployed app at https://hello-meteor.fly.dev/
+...
+```
+
+## _Inside `fly.toml`_
+
+The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly.io application slot of the same name, "hello-meteor". If we look at the `fly.toml` configuration file we can see the name in there:
+
+```toml
+app = "hello-meteor"
+primary_region = "jnb"
+
+[env]
+  PORT = "3000"
+  ROOT_URL = "https://hello-meteor.fly.dev/"
+
+[http_service]
+  internal_port = 3000
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ["app"]
+...
+```
+
+We make sure to set the `ROOT_URL` and `PORT` environment variables. These are important to Meteor. When you eventually add a [custom domain](/docs/networking/custom-domain/) to your app, you'll want to make sure your `ROOT_URL` is set to the domain name.
+
+The `flyctl` command will always refer to this file in the current directory if it exists, specifically for the `app` name/value at the start. That name will be used to identify the application to the Fly.io platform.
+
+The rest of the file contains settings to be applied to the application when it deploys.
+
+## _Viewing the Deployed App_
+
+If you want to find out more about the deployment. The command `fly status` will give you all the essential details.
+
+```cmd
+fly status
+```
+```output
+App
+  Name     = hello-meteor
+  Owner    = personal
+  Hostname = hello-meteor.fly.dev
+  Image    = hello-meteor:deployment-01J2S3S8A9TDR1D2AYZSYJWTHH
+
+Machines
+PROCESS	ID            	VERSION	REGION	STATE  	ROLE	CHECKS	LAST UPDATED
+app    	3287154db00658	1      	jnb   	started	    	      	2024-07-14T17:26:16Z
+app    	4d890d17a6d768	1      	jnb   	stopped	    	      	2024-07-14T17:23:03Z
+```
+
+## _Connecting to the App_
+
+The quickest way to browse your newly deployed application is with the `fly apps open` command.
+
+```cmd
+fly apps open
+```
+```output
+Opening https://hello-meteor.fly.dev/
+```
+
+Your browser will be sent to the displayed URL.
+
+## _Session Affinity (aka 'Sticky Sessions')_
+
+Sticky sessions are a feature of a load balancer that ensures that all requests from a client are routed to the same server. This can be important for Meteor applications depending on the client/server architecture of your app, as it ensures that the client is always connected to the same server, and that any changes made to the server are reflected in the client.
+
+The easiest way to achieve this on Fly.io is to run your app with a maximum of one Machine per region. The [Fly Proxy](/docs/reference/fly-proxy/) will take care of load balancing clients — sending requests to the Machine closest to them.
+
+A better option, is to use [dynamic request routing](/docs/networking/dynamic-request-routing) with the `fly-replay` response header. You'll need to implement some additional code (roughly 18 lines) that uses the `meteor/webapp` package and plugs into your app's server-side entry point. This example uses middleware to create a client-side cooking containing the Machine ID to "pin" requests to. The process is explained in greater detail [here](/docs/blueprints/sticky-sessions/).
+
+First, install `cookie-parser`:
+
+```cmd
+npm install cookie-parser
+```
+Now create a new file called `sticky.js` wherever you keep your server server-side code:
+
+```js
+import { WebApp } from 'meteor/webapp';
+import cookieParser from "cookie-parser";
+
+WebApp.connectHandlers.use(cookieParser());
+
+WebApp.connectHandlers.use('/',(request, response, next) => {
+  if (!process.env.FLY_MACHINE_ID) {
+    next();
+  } else if (!request.cookies["fly-machine-id"]) {
+    const maxAge = 24 * 60 * 60 * 1000; // 24 hours
+    response.cookie("fly-machine-id", process.env.FLY_MACHINE_ID, { maxAge });
+    next();
+  } else if (request.cookies["fly-machine-id"] !== process.env.FLY_MACHINE_ID) {
+    response.set('Fly-Replay', `instance=${request.cookies["fly-machine-id"]}`)
+    response.status(307)
+    response.send()
+  } else {
+    next();
+  }
+});
+
+```
+
+Make sure to import that module when initializing your Meteor server, then you should see clients routed to the same Fly Machine for the duration of the session.
+
+## _Bonus Points_
+
+Let's take a look at a slightly more advanced app that uses a MongoDB database for storing account details and user data — but also for real-time UI updates.
+
+First, we'll need a MongoDB database to connect to. If you have one, great! If not, it's easy to deploy a development MongoDB database on Fly.io. If you're deploying a production app, we recommend that you look at a managed service like [MongoDB Atlas](https://www.mongodb.com/atlas).
+
+Save the below as your `mongo.fly.toml`, then run `fly launch -c mongo.fly.toml --no-deploy` to create the database app without deploying it.
+
+```toml
+app = "hello-mongo"
+primary_region = "jnb"
+
+[build]
+  image = 'mongodb/mongodb-community-server'
+
+[experimental]
+  cmd = ["mongod", "--bind_ip_all", "--ipv6"]
+
+[[services]]
+  internal_port = 27017
+  protocol = "tcp"
+
+  [[services.ports]]
+    handlers = ["tls"]
+    port = 27017
+    force_https = false
+
+[[vm]]
+  memory = '1gb'
+  cpu_kind = 'shared'
+  cpus = 1
+
+[[mounts]]
+  source = "mongo_data"
+  destination = "/data/db"
+
+```
+
+Now, set the default username and password for the database:
+
+```cmd
+fly secrets set MONGODB_INITDB_ROOT_USERNAME=admin MONGODB_INITDB_ROOT_PASSWORD=password
+```
+
+And finally, deploy it:
+
+```cmd
+fly deploy --no-public-ips
+```
+
+Ok, now we can deploy our Meteor app. We'll use the Simple Tasks example app:
+
+```cmd
+fly launch --from https://github.com/fredmaiaarantes/simpletasks --no-deploy
+```
+
+This simultaneously clones the GitHub repo and launches the new app on Fly.io
+
+Set the `MONGO_URL` secret so Meteor knows where to connect to:
+
+```cmd
+fly secrets set MONGO_URL=mongodb://admin:password@hello-mongo.internal:27017/meteor
+```
+
+And deploy the app:
+```cmd
+fly deploy
+```
+
+And finally, open the app. It'll take a second longer on the first run while database migrations are performed:
+
+```cmd
+fly apps open
+```
+
+That's it! You should see the app running:
+
+<img src="http://github.com/static/images/simple-tasks.webp" alt="A screenshot of the Simple Tasks Meteor app login page.">
+
+## _Arrived at Destination_
+
+You have successfully built, deployed, and connected to your first Meteor application on Fly.io.
diff --git a/js/frameworks/nextjs.html.markerb b/js/frameworks/nextjs.html.markerb
index 465fb69241..c0abb35e3d 100644
--- a/js/frameworks/nextjs.html.markerb
+++ b/js/frameworks/nextjs.html.markerb
@@ -1,61 +1,120 @@
 ---
-title: "Run a NextJS App"
-layout: language-and-framework-docs
-sitemap: false
+title: "Run a Next.js App"
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/nextjs/
  - /docs/getting-started/nextjs/
+objective: NextJS is the React Framework for the Web.
 order: 4
 ---
 
 <% app_name = "hello-next" %>
-<%= partial "partials/intro", locals: { runtime: "NextJS", link: "https://nextjs.org/" } %>
+<%= partial "partials/intro", locals: { runtime: "Next.js", link: "https://nextjs.org/" } %>
 
-You can deploy your [NextJS](https://nextjs.org/) app on Fly with minimal effort, our CLI will do the heavy lifting. You can use your existing NextJS app or you can [create one using the tutorial](https://nextjs.org/learn/basics/create-nextjs-app) and then come back here to deploy your app.
+You can deploy your [Next.js](https://nextjs.org/) app on Fly with minimal effort, our CLI will do the heavy lifting. We'll be using a standard app generated with [`create-next-app`](https://nextjs.org/docs/pages/api-reference/create-next-app) CLI tool provided by Next.js.
 
-## _Deploy an existing NextJS app_
+## _Generate the Next.js app_
 
-If you just want to see how Fly deployment works, follow these steps.
+We'll assume you have NodeJS installed already and can run `npx`. Refer to the [documentation](https://nextjs.org/docs/pages/api-reference/create-next-app#interactive) if you would like to use `yarn`, `pnpm` or `bun`.
+
+Now let's create a new project by running the `create-next-app`. This will scaffold a new project asking you if you'd like to set up some basic tooling such as TypeScript.
+
+```cmd
+npx create-next-app@latest hello-nextjs
+```
+```output
+✔ Would you like to use TypeScript? … No / Yes
+
+...
+
+Initializing project with template: app-tw
+
+Installing dependencies:
+- react
+
+...
+
+Installing devDependencies:
+- typescript
+
+...
+
+Success! Created hello-nextjs at /.../hello-nextjs
+```
+
+Great! You should be able to run our app locally with `cd hello-nextjs && npm run dev` and access it at http://localhost:3000.
+
+## _Deploy to Fly.io_
 
 <%= partial "partials/flyctl" %>
 
-Now let's launch your NextJS app from the root of your application.
+Now let's launch your Next.js app from the root of your application.
 
 ```cmd
-cd nextjs-blog
+cd hello-nextjs
 fly launch
 ```
 ```output
-Creating app in /Users/me/nextjs-blog
 Scanning source code
 Detected a Next.js app
-? Choose an app name (leave blank to generate one): nextjs-blog
-? Select Organization: flyio (flyio)
-Some regions require a paid plan (bom, fra, maa).
-See https://fly.io/plans to set up a plan.
+Creating app in /Users/mentels/work/hello-nextjs
+We're about to launch your Next.js app on Fly.io. Here's what you're getting:
 
-? Choose a region for deployment: Ashburn, Virginia (US) (iad)
-App will use 'iad' region as primary
+Organization: mentels                (fly launch defaults to the personal org)
+Name:         hello-nextjs           (derived from your directory name)
+Region:       Warsaw, Poland         (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+Sentry:       false                  (not requested)
 
-Created app 'nextjs-blog' in organization 'personal'
-Admin URL: https://fly.io/apps/nextjs-blog
-Hostname: nextjs-blog.fly.dev
-     create  Dockerfile
-Wrote config file fly.toml
-Validating /Users/rubys/tmp/nextjs-blog/fly.toml
-Platform: machines
-✓ Configuration is valid
+? Do you want to tweak these settings before proceeding? No
+Created app 'hello-nextjs' in organization 'personal'
+Admin URL: https://fly.io/apps/hello-nextjs
+Hostname: hello-nextjs.fly.dev
 
-If you need custom packages installed, or have problems with your deployment
-build, you may need to edit the Dockerfile for app-specific changes. If you
-need help, please post on https://community.fly.io.
+...
 
-Now: run 'fly deploy' to deploy your Next.js app.
+Visit your newly deployed app at https://hello-nextjs.fly.dev/
 ```
 
 <%= partial "partials/launched" %>
 
-## Generating your NextJS Dockerfile
+In the process we've generated a [`fly.toml`](https://fly.io/docs/reference/configuration/) and `Dockerfile` in the root of the project. Change them if you need to customize your deployment.
+****
+The following sections cover further steps you can apply for your Next.js app deployment.
+
+## Standalone builds (recommended)
+
+To reduce the size of the final image deployed to Fly.io, **we recommend using the [standalone output](https://nextjs.org/docs/app/api-reference/next-config-js/output#automatically-copying-traced-files)** in your `next.config.js` (or `next.config.mjs`) file:
+
+```javascript
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  output: "standalone"
+};
+
+export default nextConfig;
+```
+
+When running `fly launch` or using the [Dockerfile generator](https://www.npmjs.com/package/@flydotio/dockerfile), if this `"standalone"` value is set in your Next config, your Dockerfile will be updated such that only the files necessary for a production environment will be used in the final image. Using the standalone setting and updating your Dockerfile can reduce your total image size by ~400mb, so we highly recommend this approach!
+
+You can also manually update your Dockerfile to accommodate a standalone Next.js app. After running the build script (`npm run build`), there should typically be a final `COPY` instruction towards the end of one's Dockerfile. Replace that with the following:
+
+```dockerfile
+COPY --from=build /app/.next/standalone /app
+COPY --from=build /app/.next/static /app/.next/static
+COPY --from=build /app/public /app/public
+```
+
+Lastly, update your `CMD` to the following:
+
+```dockerfile
+CMD [ "node", "server.js" ]
+```
+
+
+## Generating your Next.js Dockerfile
 
 While you're welcome to write your own Dockerfile, the easiest way to get started with this is to use the [Dockerfile generator](https://www.npmjs.com/package/@flydotio/dockerfile). Once installed, it can be run using `npx dockerfile` for Node applications or `bunx dockerfile` for Bun applications. You'll see it referenced throughout this article for various use cases.
 
@@ -82,23 +141,12 @@ our [Vanilla with Candy Sprinkles](https://fly.io/blog/vanilla-candy-sprinkles/)
 blog entry and select the configuration that most closely matches your
 application.  If you still have questions, post on our [community forum](https://community.fly.io/).
 
-
-
-## Static site generation with databases
-
-Some applications may require database access at build time. By default, the build machine on Fly.io does not have access to your production
-database.  This means you won't be able to access your database from
-inside methods like `getStaticProps`.
-
-Should this be something your application requires, there are two approaches for addressing this: **build time secrets** and
-**deferring the static site generation** until after deployment.
-
 ### Build time secrets
 
 This approach allows you to inject secrets (such as database URLs) that are only available at build time.
 
 <div class="note icon">
-**This approach will not work for SQLite3,** as the build machine still won’t have access to your volume. However, it can be used with PostgreSQL, MySQL and other such databases.
+**This approach will not work for SQLite3,** as the build Machine still won’t have access to your volume. However, it can be used with PostgreSQL, MySQL and other such databases.
 </div>
 
 First, you need to obtain the secrets you will need to deploy.  Often this
@@ -112,7 +160,7 @@ Next, you need to modify your Dockerfile to mount a secret. The easiest way to d
 npx dockerfile --mount-secret=DATABASE_URL
 ```
 
-It is possible to mount multiple secrets, and you can read more about [mounting secrets](https://fly.io/docs/reference/build-secrets/#mounting-secrets) for further details. 
+It is possible to mount multiple secrets, and you can read more about [mounting secrets](/docs/apps/build-secrets/#mounting-secrets) for further details.
 
 Finally, you need to pass the secret on each deploy:
 
@@ -131,7 +179,7 @@ your deployment secrets and environment variables.
 
 This involves replacing the entry point in your Dockerfile (typically your `CMD`) with a script
 and having that script run `npm build` (or equivalent) prior to starting
-your server.  
+your server.
 
 You can let the [Dockerfile generator](https://www.npmjs.com/package/@flydotio/dockerfile) take care of these
 changes for you:
@@ -142,18 +190,18 @@ npx dockerfile --build=defer
 
 Downsides of this approach:
 
-* Your deployment machines will need enough memory to run a build.  See:
+* Your deployment Machines will need enough memory to run a build.  See:
   [`fly scale memory`](https://fly.io/docs/flyctl/scale-memory/) and
   [`swap_size_mb`](https://fly.io/docs/reference/configuration/#swap_size_mb-option) for two options.
 * You may need to adjust the [grace_period](https://fly.io/docs/reference/configuration/#http_service-checks) for any HTTP service checks.
-* If you are only running one machine there will be a period of time where
+* If you are only running one Machine there will be a period of time where
   your server is inaccessible while the site is being statically generated.
-* If you run multiple machines, the static site generation will be run on
+* If you run multiple Machines, the static site generation will be run on
   each increasing the total time before any changes are fully deployed.
 
 ## Exposing environment variables to the browser
 
-If you're a NextJS user you might know that it supports [exposing environment variables to the browser](https://nextjs.org/docs/basic-features/environment-variables#exposing-environment-variables-to-the-browser) using variables with names starting with `NEXT_PUBLIC_`. **These variables are fixed at build time**, and unlike runtime environment variables (which are only available on the server), they can't be changed unless the application is built again.
+If you're a Next.js user you might know that it supports [exposing environment variables to the browser](https://nextjs.org/docs/basic-features/environment-variables#exposing-environment-variables-to-the-browser) using variables with names starting with `NEXT_PUBLIC_`. **These variables are fixed at build time**, and unlike runtime environment variables (which are only available on the server), they can't be changed unless the application is built again.
 
 In order to make these `NEXT_PUBLIC_` variables available, you can add them as `ARG` variables in your Dockerfile, as seen in the example below. **This should come after any actual build steps** (if you've used the Dockerfile generator or the Dockerfile created from `fly launch`, this would be after the line `FROM base as build`).
 
diff --git a/js/frameworks/nuxtjs.html.markerb b/js/frameworks/nuxtjs.html.markerb
index 2cbf0bd0cd..610b18254a 100644
--- a/js/frameworks/nuxtjs.html.markerb
+++ b/js/frameworks/nuxtjs.html.markerb
@@ -1,24 +1,28 @@
 ---
 title: "Run a Nuxt App"
-layout: language-and-framework-docs
-sitemap: false
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/nuxtjs/
  - /docs/getting-started/nuxtjs/
+objective: Nuxt is the intuitive Vue Framework.
 order: 6
 ---
 
 <% app_name = "hello-nuxt" %>
 <%= partial "partials/intro", locals: { runtime: "Nuxt", link: "https://nuxt.com/" } %>
 
-You can deploy your [Nuxt](https://nuxt.com) app on Fly with minimal effort, our CLI will do the heavy lifting. You can use your existing Nuxt app or you can [create one using the tutorial](https://nuxt.com/docs/getting-started/installation) then come back here to deploy your app.
+You can deploy your [Nuxt](https://nuxt.com) app on Fly with minimal effort, our CLI will do the heavy lifting.
 
-## _Generate the Nuxt app_
-
-If you just want to see how Fly deployment works, follow these steps.
+## _Deploy a Nuxt app_
 
 <%= partial "partials/flyctl" %>
 
+If you don't already have a Nuxt app, you can create one:
+
+```cmd
+npx nuxi@latest init hello-nuxt
+```
+
 Now let's launch your Nuxt app.
 
 <%= partial "partials/launch", locals: { detected: "Nuxt", app_name: app_name } %>
diff --git a/js/frameworks/partials/_flyctl.html.erb b/js/frameworks/partials/_flyctl.html.erb
index 7d52ef9885..4eb9bdd58d 100644
--- a/js/frameworks/partials/_flyctl.html.erb
+++ b/js/frameworks/partials/_flyctl.html.erb
@@ -1 +1 @@
-First, [install flyctl](/docs/hands-on/install-flyctl/), your Fly.io app command center, and [sign up to Fly.io](/docs/getting-started/log-in-to-fly/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
+First, [install flyctl](/docs/flyctl/install/), the Fly.io CLI, and [sign up to Fly.io](/docs/getting-started/sign-up-sign-in/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
diff --git a/js/frameworks/partials/_intro.html.erb b/js/frameworks/partials/_intro.html.erb
index 0a223eb812..fc76fda061 100644
--- a/js/frameworks/partials/_intro.html.erb
+++ b/js/frameworks/partials/_intro.html.erb
@@ -1,5 +1,5 @@
 Getting an application running on Fly.io is essentially working out how to package it as a deployable image<%- if defined?(database) %> and attach it to a database<%- end %>.
-Once packaged it can be deployed to the Fly.io global application platform.
+Once packaged it can be deployed to the Fly.io platform.
 
 In this guide we'll learn how to deploy <%= "#{runtime.downcase.match(/^[aeiou]/) ? "an" : "a"} #{defined?(link) ? "[#{runtime}](#{link})" : "#{runtime}"}" %>
 <%= locals.key?(:type) ? type : "application" %>
diff --git a/js/frameworks/redwood.html.markerb b/js/frameworks/redwood.html.markerb
index 9d9e06723c..01f6526b0f 100644
--- a/js/frameworks/redwood.html.markerb
+++ b/js/frameworks/redwood.html.markerb
@@ -1,30 +1,30 @@
 ---
 title: "Run a RedwoodJS App"
-layout: language-and-framework-docs
-sitemap: false
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/redwood/
  - /docs/getting-started/redwood/
+objective: Redwood is the full-stack web framework designed to help you grow from side project to startup.
 order: 10
 ---
 
 <% app_name = "hello-redwood" %>
 <%= partial "partials/intro", locals: { runtime: "RedwoodJS", link: "https://redwoodjs.com/" } %>
 
-We'll be using the standard web application generated by [RedwoodJS](https://redwoodjs.com). [Check out the Redwood tutorial](https://redwoodjs.com/docs/tutorial/foreword) which guides you through building and deploying a database-backed application on Fly.io.
+We'll be using the standard web application generated by [RedwoodJS](https://redwoodjs.com).
 
-<%= partial "partials/flyctl" %>
+## _Deploy a Redwood app_
 
-## _Generate a Redwood app_
+<%= partial "partials/flyctl" %>
 
-Now let's generate a shiny, new Redwood app and set it up for Fly deployment.
+Now let's generate a new Redwood app and set it up.
 
 ```cmd
 yarn create redwood-app my-redwood-project
 cd my-redwood-project
 ```
 
-Now check out the [Redwood Quick Start guide](https://redwoodjs.com/docs/quick-start) to get your development
-environment setup and to generate some data models.
+You can check out the [Redwood Quick Start guide](https://redwoodjs.com/docs/quick-start) to get your development
+environment setup and to generate some data models. Once you're happy with your app, we can deploy it:
 
 <%= partial "partials/launch", locals: { detected: "RedwoodJS", app_name: app_name } %>
diff --git a/js/frameworks/remix.html.markerb b/js/frameworks/remix.html.markerb
index 3cceec2a61..684760bae9 100644
--- a/js/frameworks/remix.html.markerb
+++ b/js/frameworks/remix.html.markerb
@@ -1,46 +1,111 @@
 ---
 title: "Run a Remix App"
-layout: language-and-framework-docs
-sitemap: false
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/remix/
  - /docs/getting-started/remix/
+objective: Remix is a full stack web framework that lets you focus on the user interface and work back through web standards to deliver a fast, slick, and resilient user experience.
 order: 12
 ---
 
+<figure>
+  <img src="http://github.com/static/images/remix.png" alt="Illustration by Annie Ruygt of a color wave accross the sky" class="w-full mx-auto">
+</figure>
+
 <% app_name = "hello-remix" %>
 <%= partial "partials/intro", locals: { runtime: "Remix", link: "https://remix.run/" } %>
 
-We'll be using the standard web application generated by [Remix](https://remix.run/). This
-is a bare-bones app with no database. If you're feeling ambitious, [check out the Remix tutorial](https://remix.run/docs/en/v1/tutorials/jokes) for building and deploying an SQLite-backed app on Fly.io.
-
-## _Generate the Remix app_
+We'll be using the standard web application generated by [Remix](https://remix.run/). This is a bare-bones app with no database.
 
-If you just want to see how Fly deployment works, follow these steps.
+## _Deploy a Remix app_
 
 We'll assume you have NodeJS installed already and can run `npm`. We recommend
-using `npm` over `yarn`, as `npm` is what Remix [references in their documentation](https://remix.run/docs/en/v1/tutorials/blog).
+using `npm` over `yarn`, as `npm` is what Remix [references in their documentation](https://remix.run/docs/en/main/tutorials/blog).
 
 <%= partial "partials/flyctl" %>
 
-Now let's generate a shiny, new Remix app.
-
-When asked where you want to deploy, pick `Fly.io`.
+Now let's generate a new Remix app. When asked where you want to deploy, pick `Fly.io`.
 
 ```cmd
 npx create-remix@latest
 ```
+
 ```output
-R E M I X
+Need to install the following packages:
+create-remix@2.10.0
+Ok to proceed? (y) y
+
+ remix   v2.10.0 💿 Let's build a better website...
+
+   dir   Where should we create your new project?
+         ./my-remix-app
+
+      ◼  Using basic template See https://remix.run/guides/templates for more
+      ✔  Template copied
 
-💿 Welcome to Remix! Let's get you set up with a new project.
+   git   Initialize a new git repository?
+         Yes
 
-? Where would you like to create your app? ./<%= app_name %>
-? Where do you want to deploy? Fly.io
-? TypeScript or JavaScript? TypeScript
-? Do you want me to run `npm install`? Yes
+  deps   Install dependencies with npm?
+         Yes
+
+      ✔  Dependencies installed
+
+      ✔  Git initialized
+
+  done   That's it!
+
+         Enter your project directory using cd ./my-remix-app
+         Check out README.md for development and deploy instructions.
+
+         Join the community at https://rmx.as/discord
 ...
 ```
-<%= partial "partials/launch", locals: { detected: "Remix", app_name: app_name } %>
+
+Now you're ready to deploy:
+
+```cmd
+cd my-remix-app
+fly launch
+```
+
+```output
+Scanning source code
+Detected a Remix app
+Creating app in .../my-remix-app
+We're about to launch your Remix app on Fly.io. Here's what you're getting:
+
+Organization: Jane Developer                  (fly launch defaults to the personal org)
+Name:         my-remix-app-restless-moon-4797 (generated)
+Region:       Ashburn, Virginia (US)          (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM          (most apps need about 1GB of RAM)
+Postgres:     <none>                          (not requested)
+Redis:        <none>                          (not requested)
+Tigris:       <none>                          (not requested)
+
+? Do you want to tweak these settings before proceeding? No
+Created app 'my-remix-app-restless-moon-4797' in organization 'personal'
+Admin URL: https://fly.io/apps/my-remix-app-restless-moon-4797
+Hostname: my-remix-app-restless-moon-4797.fly.dev
+installing: npm install @flydotio/dockerfile@latest --save-dev
+
+added 22 packages, and audited 841 packages in 2s
+
+258 packages are looking for funding
+  run `npm fund` for details
+
+found 0 vulnerabilities
+     create  Dockerfile
+    execute  flyctl secrets set SESSION_SECRET
+Secrets are staged for the first deployment
+Wrote config file fly.toml
+Validating /Users/rubys/tmp/my-remix-app/fly.toml
+✓ Configuration is valid
+==> Building image
+
+. . .
+
+Visit your newly deployed app at https://my-remix-app-restless-moon-4797.fly.dev/
+```
 
 <%= partial "partials/launched" %>
diff --git a/js/frameworks/svelte.html.markerb b/js/frameworks/svelte.html.markerb
index 8604b7900a..40d73492e1 100644
--- a/js/frameworks/svelte.html.markerb
+++ b/js/frameworks/svelte.html.markerb
@@ -1,10 +1,10 @@
 ---
 title: "Run a SvelteKit App"
-layout: language-and-framework-docs
-sitemap: false
+layout: framework_docs
 redirect_from:
  - /docs/languages-and-frameworks/sveltekit/
  - /docs/getting-started/sveltekit/
+objective: SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte
 order: 14
 ---
 
@@ -18,7 +18,7 @@ We'll be using the standard web application generated by [SvelteKit](https://kit
 We'll assume you have NodeJS installed already and can run `npm`. We recommend
 using `npm` over `yarn`, as `npm` is what SvelteKit [references in their documentation](https://kit.svelte.dev/docs/creating-a-project).
 
-Now let's create a new project by running `npm create`. This will scaffold a new project asking you if you'd like to set up some basic tooling such as TypeScript.
+Let's create a new project by running `npm create`. This will scaffold a new project asking you if you'd like to set up some basic tooling such as TypeScript.
 
 ```cmd
 npm create svelte@latest hello-sveltekit
@@ -57,7 +57,7 @@ Stuck? Visit us at https://svelte.dev/chat
 ...
 ```
 
-Now, let's run `npm install` to install the necessary dependencies and proceed with configuring the adapter.
+You can run `npm install` to install the necessary dependencies and proceed with configuring the adapter.
 
 ## _Configuring the Adapter_
 
@@ -96,12 +96,12 @@ Once the build process is complete, you can preview your production build locall
 
 ## _Install Flyctl and Login_
 
-We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/log-in-to-fly/).
+We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
 
-## _Launch the app on Fly_
+## _Deploy the app on Fly.io_
 
 Each Fly App needs a `fly.toml` file to tell the system how we'd like to deploy it.
-That file can be automatically generated with the command `flyctl launch` command. This command will also generate a Dockerfile for deployment.
+That file can be automatically generated with  `fly launch`. This command will also generate a Dockerfile for deployment.
 
 ```cmd
 fly launch
@@ -135,7 +135,7 @@ Now: run 'fly deploy' to deploy your Node app.
 
 ## _Inside `fly.toml`_
 
-The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly-side application slot of the same name, "hello-sveltekit". If we look at the `fly.toml` configuration file we can see the name in there:
+The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly.io application slot of the same name, "hello-sveltekit". If we look at the `fly.toml` configuration file we can see the name in there:
 
 ```toml
 app = "hello-sveltekit"
@@ -157,15 +157,13 @@ The rest of the file contains settings to be applied to the application when it
 
 ## Deploying to Fly.io
 
-We are now ready to deploy our containerized app to Fly.io. At the command line, just run:
+We are now ready to deploy our containerized app to Fly.io:
 
 ```cmd
 fly deploy
 ```
 
-This will lookup our `fly.toml` file and get the app name `hello-sveltekit` from there.
-
-Then `flyctl` will start the process of deploying our application to Fly.io using the Dockerfile. Flyctl will return you to the command line when it's done.
+This will get the app name `hello-sveltekit` from our `fly.toml` and start the process of deploying our application to Fly.io using the Dockerfile. `fly` will return you to the command line when it's done.
 
 ## _Viewing the Deployed App_
 
diff --git a/js/index.html.markerb b/js/index.html.markerb
index 323fc8d93c..24efa308ce 100644
--- a/js/index.html.markerb
+++ b/js/index.html.markerb
@@ -17,13 +17,13 @@ or React Server Components.
 
 If you have questions or comments about running JavaScript applications on Fly.io, create a new topic in [the Fly.io community Forum](https://community.fly.io/) and tag it with "nodejs" so the right people from Fly.io and our community can give you the support you need.
 
-## [Getting Started](./getting-started)
+## Getting Started
 
 Run through the [Starter Node.js App](https://fly.io/blog/vanilla-candy-sprinkles/) to get a feel for what it's like to deploy to Fly. If you're short on time, just do the first section and you'll have a Node.js app running in just a few minutes.
 
-## [The Basics](./the-basics)
+## The Basics
 
-Covers everything you need to setup, run, and manage production Node.js apps on Fly. These documents also identify some common problems you may encounter and provides some pointers on how to resolve them.
+[The Basics](/docs/js/the-basics/) covers everything you need to set up, run, and manage production Node.js apps on Fly. These documents also identify some common problems you may encounter and provides some pointers on how to resolve them.
 
 <!--
 ## [Advanced Guides](./advanced-guides)
diff --git a/js/prisma/index.html.md b/js/prisma/index.html.md
new file mode 100644
index 0000000000..b452032ec5
--- /dev/null
+++ b/js/prisma/index.html.md
@@ -0,0 +1,17 @@
+---
+title: Prisma
+layout: framework_docs
+blog_path: /javascript-journal
+order: 4
+---
+
+[Prisma](https://www.prisma.io/) is a popular Object-Relational Mapping (ORM) library.  You can find plenty of ready to run [Fullstack examples](https://github.com/prisma/prisma-examples?tab=readme-ov-file#prisma-orm) on the Prisma site using Next.js, Nuxt, Remix and Sveltekit.
+
+Prisma supports a [wide range of Databases](https://www.prisma.io/docs/orm/overview/databases), for deployment to Fly.io,
+[PostgreSQL](https://www.prisma.io/docs/orm/overview/databases/postgresql) and [Sqlite](https://www.prisma.io/docs/orm/overview/databases/sqlite) are recommended.  Sqlite is more convenient for development and scales well vertically.  PostgreSQL is fine
+for development and scales well horizontally.  If you are not sure which to pick, start with PostgreSQL.  It is also possible to start with SQLite and convert later.
+
+For most applications using one of these two databases, [fly launch](https://fly.io/docs/reference/fly-launch/) will pick a configuration that will get you up and running.  For more information, click on one of the following links:
+
+* [SQLite](./sqlite)
+* [PostgreSQL](./postgres)
\ No newline at end of file
diff --git a/js/prisma/postgres.html.md b/js/prisma/postgres.html.md
new file mode 100644
index 0000000000..461c7daf53
--- /dev/null
+++ b/js/prisma/postgres.html.md
@@ -0,0 +1,73 @@
+---
+title: PostgreSQL
+layout: framework_docs
+blog_path: /javascript-journal
+order: 1
+---
+
+[PostgreSQL](https://www.postgresql.org/) is a safe choice for production. Determination of the
+database provider and location of the database will be done by parsing your `prisma/schema.prisma` file:
+
+```config
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+```
+
+`fly launch` will create a [PostgreSQL database](https://fly.io/docs/postgres/) suitable for development.
+For production, see our [list of recommended providers](https://fly.io/docs/postgres/getting-started/what-you-should-know/#recommended-external-providers).
+
+<div class="note icon">Fly.io has an [upcoming managed databases product built it on top of Percona](https://community.fly.io/t/everybody-gets-containers-sidecars-and-init-containers-in-fks/23020#p-84110-why-it-matters-1) but availability dates and pricing have yet to be announced.</div>
+
+
+## Dockerfile
+
+If your application does not have a `Dockerfile`, `fly launch` will create a `Dockerfile` for you. 
+If at a later time you would like to replace your `Dockerfile`, you can do so by running:
+
+```
+npx dockerfile
+```
+
+See [fly-apps/dockerfile-node](https://github.com/fly-apps/dockerfile-node?tab=readme-ov-file#overview) for a list of available options.
+
+## Migrations and seeds
+
+[prisma migrate](https://www.prisma.io/docs/orm/prisma-client/deployment/deploy-database-changes-with-prisma-migrate) will be run on every deploy, applying the migrations found in your `prisma/migrations` directory against your production database.  The command to be run is
+controlled by your [`fly.toml`](https://fly.io/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment):
+
+```toml
+[deploy]
+  release_command = 'npx prisma migrate deploy'
+```
+
+If a [seed command](https://www.prisma.io/docs/orm/prisma-migrate/workflows/seeding) is found in your `package.json`, it will be run once, at `fly launch` time,
+immediately after the first migration.
+
+## Conversion from SQLite
+
+Converting from SQLite starts by updating your `prisma/schema.prisma` to match what you see at the top of this post.  Next, remove all your existing migrations in your `prisma/migrations` directory and recreate them:
+
+```
+rm -rf prisma/migrations
+export DATABASE_URL=postgres://$USER@localhost/localdb
+npx prisma migrate dev --name init
+```
+
+Remove the `[processes]` and `[mounts]` sections from the `fly.toml` and add the `[deploy]` section you see above.
+
+Download your existing SQLite database and use [pgloader](https://pgloader.readthedocs.io/en/latest/ref/sqlite.html) to covert it to to postgres:
+
+```bash
+fly sftp get /data/dev.db
+pgloader sqlite:./dev.db pgsql://$USER@localhost/localdb
+```
+
+Import the resulting database.  For Fly Postgres use [`fly postgres import`](https://fly.io/docs/flyctl/postgres-import/).
+
+Set the `DATABASE_URL` secret using [`fly secrets set`](https://fly.io/docs/flyctl/secrets-set/).
+
+Run `fly deploy`.
+
+Once you are up and running, you can delete your volume using [`fly volumes destroy`](https://fly.io/docs/flyctl/volumes-destroy/).
diff --git a/js/prisma/sqlite.html.md b/js/prisma/sqlite.html.md
new file mode 100644
index 0000000000..75181e4e25
--- /dev/null
+++ b/js/prisma/sqlite.html.md
@@ -0,0 +1,129 @@
+---
+title: Sqlite
+layout: framework_docs
+blog_path: /javascript-journal
+order: 1
+---
+
+Most Prisma demos use [SQLite](https://www.sqlite.org/index.html), as it will get you up and running fast. As an embedded database, it will run fast in production also, some
+report anywhere from [10 to 600](https://www.youtube.com/watch?v=XcAYkriuQ1o) times faster that PostgreSQL. 
+
+Sqlite publishes a page of [appropriate uses of SQLite](https://www.sqlite.org/whentouse.html). There are few downsides to be aware of:
+
+  * You can only have a single writer at a time on a SQLite database.  This may not be an issue from a performance perspective as dozens of small writes may still complete faster than dozens of concurrent writes using other databases.
+  * You are effectively limited to a single machine.  Machines can scale quite large these days, but requests from around the world will need to make the transit and back to this machine.  [LiteFS](https://fly.io/docs/litefs/) can provide read replicas.
+  * There will be momentary site unavailability when you deploy a new version.  For most applications this will be a few hundred milliseconds.
+
+  Below is a description of the starting point that `fly launch` will provide for you.
+
+## Dockerfile
+
+If your application does not have a `Dockerfile`, `fly launch` will create a `Dockerfile` for you.  Determination of the
+database provider and location of the database will be done by parsing your `prisma/schema.prisma` file:
+
+```config
+datasource db {
+  provider = "sqlite"
+  url      = "file:./dev.db"
+}
+```
+
+If you do have a pre-existing `Dockerfile`, the `CMD` to start your application will be overridden in your `fly.toml` in order to run a startup script (as described [below](#setup-script)).  These lines will look like:
+
+```toml
+[processes]
+  app = "node dbsetup.js npm run start"
+```
+
+If at a later time you would like to replace your `Dockerfile`, you can do so by running:
+
+```
+npx dockerfile
+```
+
+See [fly-apps/dockerfile-node](https://github.com/fly-apps/dockerfile-node?tab=readme-ov-file#overview) for a list of available options.
+
+
+## Volume
+
+In order to survive restarts and deploys, your database will be placed on a [volume](https://fly.io/docs/volumes/overview/).  This is controlled by the [mounts section](https://fly.io/docs/reference/configuration/#the-mounts-section) in your `fly.toml`:
+
+```toml
+[mounts]
+  source = "data"
+  destination="/data"
+  auto_extend_size_threshold = 80
+  auto_extend_size_increment = "1GB"
+  auto_extend_size_limit = "10GB"
+```
+
+Your volume will start at 1 Gigabyte and grow up to 10 Gigabytes whenever it reaches 80% of capacity.  Adjust these values as needed and run `fly deploy` to make the new values effective.
+
+## Migrations and seeds
+
+[prisma migrate](https://www.prisma.io/docs/orm/prisma-client/deployment/deploy-database-changes-with-prisma-migrate) will be run every time your server starts, applying the migrations found in your `prisma/migrations` directory against your production database.
+
+If a [seed command](https://www.prisma.io/docs/orm/prisma-migrate/workflows/seeding) is found in your `package.json`, it will be run once, at `fly launch` time,
+immediately after the first migration.
+
+## Backing up
+
+Because SQLite runs on a single machine, it is susceptible to host and volume failures. For this
+reason [LiteStream](https://litestream.io/) is automatically configured during `fly launch` for Prisma applications that use SQLite, if you confirm that you want Tigris configured:
+
+```
+Tigris:       private bucket         (determined from app source)
+
+? Do you want to tweak these settings before proceeding? No
+```
+
+This will cause 5 secrets to be set: 
+`AWS_ACCESS_KEY_ID`,
+`AWS_ENDPOINT_URL_S3`,
+`AWS_REGION`,
+`AWS_SECRET_ACCESS_KEY`, and
+`BUCKET_NAME`
+
+And a `litestream.yml` file to be created:
+
+```yaml
+# This is the configuration file for litestream.
+#
+# For more details, see: https://litestream.io/reference/config/
+#
+dbs:
+  - path: /data/dev.db
+    replicas:
+      - type: s3
+        endpoint: $AWS_ENDPOINT_URL_S3
+        bucket: $BUCKET_NAME
+        path: litestream/dev.db
+        access-key-id: $AWS_ACCESS_KEY_ID
+        secret-access-key: $AWS_SECRET_ACCESS_KEY
+```
+
+If we generate a `Dockerfile` for you, installation of Litestream will be included in the `Dockerfile`.  Otherwise, [@flydotio/litestream](https://www.npmjs.com/package/@flydotio/litestream) will be added to your `package.json` as a dependency.
+
+In the event of a catastrophic failure, simply delete your machine and volume and run `fly deploy`.  Your database will be automatically restored from backup.
+
+If you decide later you don't want LiteStream backups, delete the storage and secrets:
+
+```
+fly storage destroy
+fly secrets unset AWS_ACCESS_KEY_ID AWS_ENDPOINT_URL_S3 AWS_REGION AWS_SECRET_ACCESS_KEY BUCKET_NAME
+```
+
+## Setup Script
+
+Depending on whether or not we generate a `Dockerfile` for you, an `ENTRYPOINT` script named `docker-entrypoint.js` or a setup script named `dbsetup.js` will be created.  This script will perform the following functions:
+
+* Create a symbolic link from your database location to the volume.  This will enable you to continue to develop and test on your local machine and still retain persistence of your database in production.
+* Restore your database from LiteStream if it doesn't currently exist.
+* Run database migrations
+* Run your seed command if the database doesn't exist
+* Run [`litestream replicate`](https://litestream.io/reference/replicate/) to to monitor & continuously replicate SQLite database.
+* Launch your application
+
+Depending on your application and what framework it uses, this script may perform other functions.
+
+Feel free to adapt this script as needed.
diff --git a/js/shopify.html.markerb b/js/shopify.html.markerb
new file mode 100644
index 0000000000..3ec977ac0c
--- /dev/null
+++ b/js/shopify.html.markerb
@@ -0,0 +1,60 @@
+---
+title: Shopify
+layout: framework_docs
+blog_path: /javascript-journal
+order: 3
+---
+
+Fly.io has built in support for [Shopify Remix applications](https://shopify.dev/docs/apps/build): simply [scaffold](https://shopify.dev/docs/apps/build/scaffold-app), [build](https://shopify.dev/docs/apps/build/build?framework=remix), and [launch](https://fly.io/shopify).
+
+<%= youtube "https://www.youtube.com/watch?v=F4qL3nCFg3E" %>
+
+-- [https://x.com/i/status/1892986447788966011](https://x.com/i/status/1892986447788966011)
+
+To see this in action, [Scaffold an app](https://shopify.dev/docs/apps/build/scaffold-app) and immediately proceed to fly launch:
+
+```
+shopify app init
+cd app
+fly launch
+```
+
+(substitute the name you gave to your app for `app` in the `cd` line above)
+
+## Configuration
+
+`fly launch` parses the output of [shopify app env show](https://shopify.dev/docs/api/shopify-cli/app/app-env-show).
+
+The value of `SHOPIFY_API_SECRET` will be set as a [fly secret](https://fly.io/docs/apps/secrets/).  The remainder will be placed into your `fly.toml`:
+
+```toml
+[env]
+  PORT = '3000'
+  SCOPES = 'write_products'
+  SHOPIFY_API_KEY = '…'
+  SHOPIFY_APP_URL = 'https://….fly.dev'
+```
+
+<div class="important icon">
+  If you're using the Fly dashboard UI to launch your app directly from GitHub, you'll need to manually update the auto-generated `fly.toml` with these Shopify-related environment variables after the deployment completes.
+</div>
+
+## Scaling
+
+By default, all Machines will automatically be configured to stop when not in use, and restart on the next request; this is fine for development purposes, but for production you will need to adjust this to meet [Shopify performance requirements](https://shopify.dev/docs/apps/launch/built-for-shopify/requirements#performance).
+
+Depending on your requirements:
+
+* [suspend](https://community.fly.io/t/autosuspend-is-here-machine-suspension-is-enabled-everywhere/20942) can generally reduce startup time from hundreds of milliseconds to a single digit number of milliseconds.  Some applications may experience time skew issues, and there are other limits, so this is not the default.
+* Setting `min_machines_running` to 1 in the [http service section](https://fly.io/docs/reference/configuration/#the-http_service-section) of your `fly.toml` can make sure that there always is a started machine to process requests.
+* setting `auto_stop_machines` to `off` in the [http service section](https://fly.io/docs/reference/configuration/#the-http_service-section) will prevent your Machines from being stopped all together.
+
+You can also [Scale Machine CPU and RAM](https://fly.io/docs/launch/scale-machine/), and  [Scale the number of Machines](https://fly.io/docs/launch/scale-count/).
+
+## Database
+
+Shopify's template starts you off with SQLite using Prisma.  Of particular note:
+  * By virtue of only running on a single Machine, SQLlite3 apps will experience brief unavailabilty during deploys. For a typical application without any new migrations, this will be on the order of a few hundred milliseconds.
+  * For PostgreSQL applications without any volumes, [rolling deploys](https://fly.io/docs/launch/deploy/#deployment-strategy) are the default, avoiding any downtime.
+
+Additional information is available on [deploying Prisma apps on Fly.io](../prisma/).
diff --git a/js/the-basics.html.md b/js/the-basics.html.md
index 26dd6a553c..f1f326ce6b 100644
--- a/js/the-basics.html.md
+++ b/js/the-basics.html.md
@@ -15,7 +15,7 @@ These guides will help you get through the basics of setting up your JavaScript
 
 ## Installing flyctl and logging in
 
-In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 Once you have logged on, below are a number of topics.  Review the ones you want, and in review them in any order.  Once you are ready, run:
 
diff --git a/js/the-basics/database.html.md b/js/the-basics/database.html.md
index 8dcb6b5c22..69f0a7d6c1 100644
--- a/js/the-basics/database.html.md
+++ b/js/the-basics/database.html.md
@@ -16,7 +16,7 @@ and will by default automatically set, `DATABASE_URL` to this path when we eithe
 or can detect the database.
 
 For cases where an external database is used, you can set this yourself using
-[`fly secrets set`](https://fly.io/docs/reference/secrets/#setting-secrets).
+[`fly secrets set`](/docs/apps/secrets/#set-secrets).
 
 ## Accessing the DATABASE_URL value
 
@@ -24,52 +24,52 @@ The way you access the `DATABASE_URL` value depends on the module or ORM you are
 
 For Prisma, ensure your `prisma/schema.prisma` file contains:
 
-```
-url = env("DATABASE_URL")
+```js
+const url = env("DATABASE_URL")
 ```
 
 For drizzle/sqlite3:
 
-```
-db = drizzle(new Database(new URL(process.env.DATABASE_URL).pathname));
+```js
+const db = drizzle(new Database(new URL(process.env.DATABASE_URL).pathname));
 ```
 
 For drizzle/postgres:
 
-```
+```js
 const pool = new Pool({ connectionString: process.env.DATABASE_URL });
 const db = drizzle(pool)
 ```
 
 For knex/sqlite3:
 
-```
+```js
   client: 'sqlite3',
   connection: { filename: new URL(process.env.DATABASE_URL).pathname },
 ```
 
 For knex/pg:
 
-```
+```js
   client: 'pg',
   connection: process.env.DATABASE_URL
 ```
 
 for sqlite3:
 
-```
+```js
 const db = new sqlite3.Database(new URL(process.env.DATABASE_URL).pathname);
 ```
 
 for postgres:
 
-```
-client = new pg.Client({connectionString: process.env.DATABASE_URL});
+```js
+const client = new pg.Client({connectionString: process.env.DATABASE_URL});
 ```
 
 for mongodb:
 
-```
+```js
 const client = new mongodb.MongoClient(process.env.DATABASE_URL);
 ```
 
@@ -79,8 +79,8 @@ If your database is hosted external to fly.io, you generally will want to connec
 it securely.  The way to do so varies by database and adapter.  An example for
 postgres can be found at [node-postgres features > ssl](https://node-postgres.com/features/ssl).
 
-Equally importantly, if your database is hosted within the
-[fly.io private network](https://fly.io/docs/reference/private-networking/), you will _not_
+Equally important, if your database is hosted within the
+[Fly.io private network](https://fly.io/docs/networking/private-networking/), you will _not_
 want to connect with SSL/TLS connection options.
 
 ## Migrations
diff --git a/js/the-basics/listening-ports.html.md b/js/the-basics/listening-ports.html.md
index fc58fcce4e..a3aca8a7e7 100644
--- a/js/the-basics/listening-ports.html.md
+++ b/js/the-basics/listening-ports.html.md
@@ -2,12 +2,12 @@
 title: Listening Ports
 layout: framework_docs
 objective: Connecting your application to the internet.
-order: 4
+order: 5
 ---
 
 When you run your application locally you typically test it in your browser by navigating
 to a page like `http://localhost:3000/`.  The number after the colon is called a _port_.
-For most Node.js application this port is 3000, for some it is 8080, but it can be any number between 1024 an 65535.
+For most Node.js applications this port is 3000, for some it is 8080, but it can be any number between 1024 and 65535.
 
 If you are using a high level framework, it will generally take care of this for you.
 For lower level frameworks, you likely have code such as the following, typically in
@@ -64,7 +64,7 @@ Other frameworks may require you to change command used to start your applicatio
 
 If you need to expose additional ports, you will need to add a
 [`services` section](https://fly.io/docs/reference/configuration/#the-services-sections) for each additional port.  Be sure to review our
-[Public Network Services](https://fly.io/docs/reference/services/) page before proceeding, in particular:
+[Public Network Services](https://fly.io/docs/networking/services/) page before proceeding, in particular:
 
   * If you want your port other than 80/443 to be available on IPv4 you will need to [allocate a dedicated IPv4 address](https://fly.io/docs/flyctl/ips-allocate-v4/).
   * If you want to take advantage of our TLS services, you will want to add _"tls"_ to the list of connection handlers.
diff --git a/js/the-basics/object-storage.html.md b/js/the-basics/object-storage.html.md
new file mode 100644
index 0000000000..f29a51adaa
--- /dev/null
+++ b/js/the-basics/object-storage.html.md
@@ -0,0 +1,56 @@
+---
+title: Object Storage
+layout: framework_docs
+objective: Provision a Tigris Bucket and access it via a `S3Client`
+order: 4
+---
+
+[Tigris](https://tigrisdata.com) is a globally caching, S3-compatible object storage service built on Fly.io infrastructure.
+
+## Launching a new Application?
+
+If `@aws-sdk/client-s3` is listed as a dependency in your `package.json`, Tigris will be automatically selected by fly launch. This can be overridden in the launch UI:
+
+![Tigris Launch-UI](/docs/images/tigris-launch-ui.png)
+
+## Adding Tigris to an existing application?
+
+Create a storage bucket using `fly storage create`:
+
+```cmd
+fly storage create
+```
+```output
+? Choose a name, use the default, or leave blank to generate one: 
+Your Tigris project (xxx) is ready. See details and next steps with: https://fly.io/docs/tigris/
+
+Setting the following secrets on xxx:
+AWS_ACCESS_KEY_ID: tid_xxx
+AWS_ENDPOINT_URL_S3: https://fly.storage.tigris.dev
+AWS_REGION: auto
+AWS_SECRET_ACCESS_KEY: tsec_xxxxx
+BUCKET_NAME: xxx
+
+Secrets are staged for the first deployment
+```
+
+## Usage
+
+Once provisioned, no further configuration is required to access your bucket using the `S3Client` class:
+
+```javascript
+const S3 = new S3Client()
+```
+
+## Demo
+
+[`node-dictaphone`](https://github.com/fly-apps/node-dictaphone) contains a demo application that captures audio,
+uploads the result to a Tigris bucket, where it can be selected and replayed:
+
+```
+fly launch --from https://github.com/fly-apps/node-dictaphone.git
+```
+
+## Find out more!
+
+Now that you are up and running, there is a lot more to explore on the [Tigris Global Object Storage](/docs/tigris/) page. Highlights include public buckets, migrating to Tigris with shadow buckets, pricing, and AWS API compatibility.
diff --git a/js/the-basics/scaling.html.md b/js/the-basics/scaling.html.md
index 841bdd4f8c..d2f8d6e2f0 100644
--- a/js/the-basics/scaling.html.md
+++ b/js/the-basics/scaling.html.md
@@ -2,7 +2,7 @@
 title: Scaling
 layout: framework_docs
 objective: Scaling your application to meet demand
-order: 6
+order: 7
 ---
 
 Scaling an application is a complex subject with many variables, in this page we will focus on a number of factors that are largely universal: number of CPU cores, memory, and both the number and placement of virtual machines.
@@ -29,6 +29,17 @@ Once you have settled on a size, some links to get you started:
 
 These options are not mutually exclusive.  A good starting point may be 512MB of RAM and 1024MB of swap.
 
+Note: if you do elect to use swap, Node.js may not make full use of the extra memory, resulting in an `JavaScript heap out of memory` error,  You can instruct it to use more by setting an environment variable in your `fly.toml`:
+
+```toml
+[env]
+NODE_OPTIONS='--max-old-space-size=4096'
+```
+
+See the [Node.js documentation](https://nodejs.org/api/cli.html#--max-old-space-sizesize-in-megabytes) for more information.
+
+
+
 ## CPU Cores
 
 By default, JavaScript applications (whether they be Node.js, Deno, or Bun)
diff --git a/js/the-basics/secrets.html.md b/js/the-basics/secrets.html.md
index caf4a219fc..6fe130d26c 100644
--- a/js/the-basics/secrets.html.md
+++ b/js/the-basics/secrets.html.md
@@ -2,14 +2,14 @@
 title: Secrets
 layout: framework_docs
 objective: Making credentials available to your production
-order: 5
+order: 6
 ---
 
 Running an application often involves a number of credentials, containing such things as database passwords, S3 buckets, and session encryption keys.
 
 During development you will typically use [environment files](https://nodejs.org/dist/latest-v20.x/docs/api/cli.html#--env-fileconfig).  For security reasons, these files are generally excluded from being committed to version control or being deployed to production.
 
-This means that you need another mechanism for setting up your production environment.  For fly.io, that mechanism is [secrets](https://fly.io/docs/reference/secrets/).
+This means that you need another mechanism for setting up your production environment.  For Fly.io, that mechanism is [secrets](/docs/apps/secrets/).
 
 There are two ways to set secrets.  You can use the [fly secrets set](https://fly.io/docs/flyctl/secrets-set/) command:
 
diff --git a/js/the-basics/volumes.html.md b/js/the-basics/volumes.html.md
index 84eb42a171..d180eaf72b 100644
--- a/js/the-basics/volumes.html.md
+++ b/js/the-basics/volumes.html.md
@@ -7,7 +7,7 @@ order: 3
 
 If your application writes configuration, session, or user data to the file system
 and you want this data to persist across restarts you will need a
-[fly volume](https://fly.io/docs/reference/volumes/).  This doesn't apply if your
+[fly volume](/docs/volumes/).  This doesn't apply if your
 data is stored in a database elsewhere (for example in PostgreSQL, MySQL, or MongoDB),
 but does apply if you are using Sqlite3.
 
diff --git a/kubernetes/clusters.html.markerb b/kubernetes/clusters.html.markerb
new file mode 100644
index 0000000000..830b049f3c
--- /dev/null
+++ b/kubernetes/clusters.html.markerb
@@ -0,0 +1,65 @@
+---
+title: Create an FKS cluster
+layout: docs
+toc: false
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+To create a Kubernetes cluster, run:
+
+```cmd
+fly ext k8s create [--name <name> | --org <org> | --region <region>]
+```
+
+Once a cluster is provisioned, it will return a kubeconfig that can be used to connect to your cluster's Kubernetes API server using kubectl.
+
+For example:
+
+```yaml
+apiVersion: v1
+clusters:
+  - name: fks-flyio-fksdemo
+    cluster:
+      certificate-authority-data: ...
+      server: https://fks-flyio-fksdemo.flycast:6443
+      extensions:
+      ...
+      ...
+contexts:
+  - context:
+      cluster: fks-flyio-fksdemo
+      user: default
+    name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+  - name: default
+    user:
+    ...
+    ...
+```
+
+Your cluster is accessible over your organization's [private WireGuard network](/docs/reference/private-networking). To connect to your cluster, you need a WireGuard configuration. 
+
+Follow the [Private Network VPN instructions](/docs/networking/private-networking/#private-network-vpn) to set up a permanent WireGuard connection to your Fly.io IPv6 private network.
+
+Once set up, you can use `kubectl`:
+
+```
+> kubectl get ns
+NAME              STATUS   AGE
+kube-public       Active   22d
+kube-node-lease   Active   22d
+default           Active   22d
+kube-system       Active   22d
+```
+
+## Related topics
+
+- [Connect to an FKS cluster](/docs/kubernetes/connect-clusters/)
+- [Configure FKS Services](/docs/kubernetes/services)
diff --git a/kubernetes/connect-clusters.html.markerb b/kubernetes/connect-clusters.html.markerb
new file mode 100644
index 0000000000..8c756719b5
--- /dev/null
+++ b/kubernetes/connect-clusters.html.markerb
@@ -0,0 +1,53 @@
+---
+title: Connect to an FKS cluster
+layout: docs
+toc: false
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+Fly Kubernetes clusters are accessible over an organization's [private WireGuard network](/docs/reference/private-networking). To connect to a cluster, you need a WireGuard configuration. 
+Follow the [Private Network VPN instructions](/docs/networking/private-networking/#private-network-vpn) to set up a permanent WireGuard connection to your Fly.io IPv6 private network.
+
+To connect to your cluster, you need a kubeconfig file. These are generated when your [cluster is created](/docs/kubernetes/clusters/). They can also be retrieved using `flyctl`.
+First, we need our cluster name:
+
+```
+> fly ext k8s ls
+NAME                                    ORG             PRIMARY REGION
+fks-flyio-fksdemo                       flyio           iad
+```
+
+Then, we can use `flyctl` to save our kubeconfig to disk. It is automatically saved with the name `kubeconfig` in the current directory
+
+```
+> fly ext k8s save-kubeconfig
+> ls
+kubeconfig somefile.txt
+```
+
+With the kubeconfig file, you can connect to your cluster. To make life easier, you can move the kubeconfig file to the default location kubectl searches for it, `$HOME/.kube`, under the name `config`.
+Alternatively set the environment variable `KUBECONFIG` to the path to the kubeconfig file
+
+```
+export KUBECONFIG=/path/to/kubeconfig
+```
+
+Once set up, you can use `kubectl`:
+
+```
+> kubectl get ns
+NAME              STATUS   AGE
+kube-public       Active   22d
+kube-node-lease   Active   22d
+default           Active   22d
+kube-system       Active   22d
+```
+
+## Related topics
+
+- [Create an FKS cluster](/docs/kubernetes/clusters/)
+- [Configure FKS Services](/docs/kubernetes/services)
diff --git a/kubernetes/fks-features.html.markerb b/kubernetes/fks-features.html.markerb
new file mode 100644
index 0000000000..9377cfb73e
--- /dev/null
+++ b/kubernetes/fks-features.html.markerb
@@ -0,0 +1,57 @@
+---
+title: Fly Kubernetes features
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/k8s-features.png" alt="Illustration by Annie Ruygt of a ship's wheel" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly Kubernetes benefits from the features of the Fly.io platform.
+
+## Fly.io infrastructure
+
+FKS is built on top of Fly.io infrastructure:
+
+* Compute is backed by [Fly Machines](/docs/machines/), our fast-launching VMs built with Firecracker. 
+* Volumes are handled with [Fly Volumes](/docs/volumes/); local, fast NVMe drives.  
+* Networking is built on our [internal WireGuard mesh](/docs/networking/private-networking/#private-network-vpn) with routing performed by Fly Proxy.
+
+## Cluster scalability
+
+Pods are scheduled across our fleet of bare-metal servers, not limited to a specific node. Workloads are automatically distributed across the fleet, enabling a cluster to scale with ease.
+
+## Security
+
+With Fly Kubernetes, you get all the security benefits of our platform.
+
+  * Private network traffic flows over our internal WireGuard mesh, ensuring it is encrypted.
+  * FKS clusters are secured within a private VPN.
+  * Compute is built on Firecracker microVMs — lightweight and secure virtual machines. This provides improved isolation guarantees ensuring your application code is safe.
+  * Volumes are encrypted at rest for additional protection of the data on the volume.
+  * Secrets are automatically stored in an encrypted vault.
+
+## Simple and secure client authentication
+
+Connect to your cluster using kubectl. Clients are authenticated with our API tokens. They expire after an hour and are rotated automatically after expiration.
+
+## Not supported
+
+There are a few features we don't support yet but are part of the roadmap:
+
+  * Sidecars and init processes
+  * EmptyDir volumes
+  * Horizontal pod autoscaling
+  * Network policies
+  * CronJob
+
+Features we don't support:
+
+  * Node affinity
+  * Inter-pod (anti) affinity
+  * DaemonSets
+
+## Pricing
+
+See the [pricing page](/docs/about/pricing/#fly-kubernetes) for information on FKS pricing.
diff --git a/kubernetes/fks-quickstart.html.markerb b/kubernetes/fks-quickstart.html.markerb
new file mode 100644
index 0000000000..a62906ff04
--- /dev/null
+++ b/kubernetes/fks-quickstart.html.markerb
@@ -0,0 +1,162 @@
+---
+title: Fly Kubernetes Quickstart
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/kubernetes.png" alt="Illustration by Annie Ruygt of a figure sailing a ship with a balloon overhead" class="w-full max-w-lg mx-auto">
+</figure>
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+To create a Kubernetes cluster, run:
+
+```cmd
+fly ext k8s create
+```
+This will start the provisioning process. You'll be asked for a cluster name, the organization, and the region in which to create the cluster.
+
+Once a cluster is provisioned, it will return a kubeconfig that can be used to connect to your cluster's Kubernetes API server using kubectl.
+
+For example:
+
+```yaml
+apiVersion: v1
+clusters:
+  - name: fks-flyio-fksdemo
+    cluster:
+      certificate-authority-data: ...
+      server: https://fks-flyio-fksdemo.flycast:6443
+      extensions:
+      ...
+      ...
+contexts:
+  - context:
+      cluster: fks-flyio-fksdemo
+      user: default
+    name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+  - name: default
+    user:
+    ...
+    ...
+```
+
+We're going to save the output into a file named `kubeconfig` and create an environment variable `KUBECONFIG` that points to the file:
+
+```cmd
+export KUBECONFIG=/path/to/kubeconfig/file
+```
+
+Our cluster is accessible over our organization's [private WireGuard network](/docs/reference/private-networking). To connect to our cluster, we need a WireGuard configuration. 
+
+Follow the [Private Network VPN instructions](/docs/networking/private-networking/#private-network-vpn) to set up a permanent WireGuard connection to your Fly.io IPv6 private network.
+
+From there, you can use standard YAML configuration to drive Kubernetes. Here's a simple deployment example from the [Kubernetes official documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment):
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+```
+
+This creates a `ReplicaSet` with 3 nginx pods. Using kubectl, we can apply this:
+
+```cmd
+kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml
+```
+```output
+deployment.apps/nginx-deployment created
+```
+
+We can see our deployment:
+
+```cmd
+kubectl get deployments
+```
+```output
+NAME               READY   UP-TO-DATE   AVAILABLE   AGE
+nginx-deployment   3/3     3            3           7s
+```
+
+We can view the logs of all the pods in the deployment:
+
+```cmd
+kubectl logs -l app=nginx
+```
+```output
+Pulling container image registry-1.docker.io/library/nginx:1.14.2
+Pulling container image registry-1.docker.io/library/nginx:1.14.2
+Pulling container image registry-1.docker.io/library/nginx:1.14.2
+Successfully prepared image registry-1.docker.io/library/nginx:1.14.2 (1.597714717s)
+Successfully prepared image registry-1.docker.io/library/nginx:1.14.2 (1.493016957s)
+Successfully prepared image registry-1.docker.io/library/nginx:1.14.2 (1.604003393s)
+Configuring firecracker
+Configuring firecracker
+Configuring firecracker
+...
+```
+
+## What we don't support
+
+- Multi-container pods (coming soon)
+- Network policies
+- Horizontal pod autoscaling
+- Gateway API
+- Daemon sets
+- EmptyDir volumes
+- Interactive pods (`kubectl run --interactive --tty`)
+
+On container specs, we don't support the following fields:
+
+- `workingDir`
+- `ports`
+- `livenessProbe`
+- `readinessProbe`
+- `startupProbe`
+- `resizePolicy`
+- `stdin`
+- `stdinOnce`
+- `tty`
+- `EnvVarSource.fieldRef`
+- `EnvVarSource.resourceFieldRef`
+- `volumeDevices`
+- `lifecycle`
+- `terminationMessagePath`
+- `terminationMessagePolicy`
+- `imagePullPolicy`
+- `securityContext`
+
+## Other caveats
+
+Right now we don't get logs from a single pod. If you try to get logs from a single pod, you'll get the logs from every pod in the namespace.
+
+## Related topics
+
+- [Create an FKS cluster](/docs/kubernetes/clusters/)
+- [Connect to an FKS cluster](/docs/kubernetes/connect-clusters/)
+- [Configure FKS Services](/docs/kubernetes/services)
diff --git a/kubernetes/index.html.markerb b/kubernetes/index.html.markerb
new file mode 100644
index 0000000000..391f43ad94
--- /dev/null
+++ b/kubernetes/index.html.markerb
@@ -0,0 +1,26 @@
+---
+title: Fly Kubernetes
+layout: docs
+toc: false
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+Fly Kubernetes (FKS) is a fully managed Kubernetes service built on the Fly.io platform. Deploy Kubernetes clusters without the hassle of managing and operating the control plane. Learn more about [why and how we made FKS](https://fly.io/blog/fks/) in our blog.
+
+- **[Fly Kubernetes quickstart](/docs/kubernetes/fks-quickstart/):** Get up and running right away with our quickstart guide.
+
+- **[Fly Kubernetes features](/docs/kubernetes/fks-features/):** An overview of FKS benefits and supported features.
+
+- **[Create an FKS cluster](/docs/kubernetes/clusters/):** Create an FKS cluster with flyctl.
+
+- **[Connect to an FKS cluster](/docs/kubernetes/connect-clusters/):** Connect to an FKS cluster on your private network.
+
+- **[Configure FKS Services](/docs/kubernetes/services):** Configure ClusterIP and LoadBalancer services.
+
+- **[Use GPUs with FKS](/docs/kubernetes/using-gpus/):** Use Fly GPU Machines in your FKS cluster.
+
+- **[Use volumes with FKS](/docs/kubernetes/using-volumes/):** Use Fly Volumes for PersistentVolumes in FKS.
diff --git a/kubernetes/services.html.markerb b/kubernetes/services.html.markerb
new file mode 100644
index 0000000000..fa102f47d8
--- /dev/null
+++ b/kubernetes/services.html.markerb
@@ -0,0 +1,184 @@
+---
+title: Configure FKS Services
+layout: docs
+toc: false
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+A [Kubernetes Service](https://kubernetes.io/docs/concepts/services-networking/service/+external) exposes applications running on your cluster.
+Fly Kubernetes supports ClusterIP and LoadBalancer Services.
+
+You can create a Service with a service configuration file. Here's an example ClusterIP service:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: fksdemo-service
+spec:
+  selector:
+    app: fksdemo
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+```
+
+Using kubectl, create the service:
+
+```
+> kubectl apply -f service.yaml
+```
+
+To view your service:
+
+```
+> kubectl get svc
+NAME              TYPE        CLUSTER-IP            EXTERNAL-IP   PORT(S)   AGE
+kubernetes        ClusterIP   fdaa:3:dde8:0:1::3a   <none>        443/TCP   32h
+fksdemo-service   ClusterIP   fdaa:3:dde8:0:1::3b   <none>        80/TCP    11s
+```
+
+## Exposing Services publicly
+
+Services can be exposed to the public internet with a Service of type LoadBalancer.
+
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: fksdemo-service-public
+spec:
+  selector:
+    app: fksdemo
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+  type: LoadBalancer
+```
+
+The domain name and IP address to access the Service over the internet can be found using kubectl. In the below output, the values are found
+under the `EXTERNAL-IP` column.  
+
+```
+> kubectl get svc
+NAME                     TYPE           CLUSTER-IP            EXTERNAL-IP                                                                                           PORT(S)   AGE
+kubernetes               ClusterIP      fdaa:3:dde8:0:1::3a   <none>                                                                                                443/TCP   32h
+fksdemo-service          ClusterIP      fdaa:3:dde8:0:1::3b   <none>                                                                                                80/TCP    26m
+fksdemo-service-public   LoadBalancer   fdaa:3:dde8:0:1::3c   fksdemo-service-public.svc.fks-default-vz5dlqz7v4ylrnpq.fly.dev,2a09:8280:1::31:ab8:0,137.66.25.254   80/TCP    8s
+```
+
+## Fly.io connection Handlers
+
+Fly.io connection handlers modify your connection before it reaches your application.
+Learn more about [connection handlers](/docs/networking/services/#connection-handlers). 
+
+Connection handlers are supported with a custom annotation to a Service object. The annotations have the form:
+
+```yaml
+"service.fly.io/<exposed port name/number>-handlers": "<handler1,handler2,...handlerN>"
+```
+
+The example below adds an HTTP and TLS handler for port 443.
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: fksdemo-service
+  annotations:
+    "service.fly.io/https-handlers": "http,tls" # can replace https with 443
+spec:
+  selector:
+    app: fksdemo
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8080
+```
+
+### TLS Options
+
+[TLS options](https://fly.io/docs/reference/configuration/#services-ports-tls_options) are used to configure the TLS settings
+of a service with a TLS connection handler. Fly's edge will use these settings to terminate TLS for your application. Refer
+to the [documentation](https://fly.io/docs/reference/configuration/#services-ports-tls_options) for details. 
+
+TLS options are set using custom annotations. There are 3 annotations, one for each setting:
+
+
+  * `service.fly.io/<exposed port name/number>-tls-alpn` - Sets the ALPN for negotiation with clients. Values must be comma-separated.
+  * `service.fly.io/<exposed port name/number>-tls-versions` - Sets which TLS versions are allowed. Values must be comma-separated.
+  * `service.fly.io/<exposed port name/number>-tls-default-self-signed` - If true, serves a self-signed certificate if none exists.
+
+The most common use case for TLS options is to support gRPC. For example:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: fksdemo-service
+  annotations:
+    "service.fly.io/https-handlers": "tls"
+    "service.fly.io/https-tls-alpn": "h2"
+spec:
+  selector:
+    app: fksdemo
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8080
+```
+
+## Concurrency limits
+
+[Concurrency limits](/docs/reference/configuration/#services-concurrency) are used to limit the load on your application.
+By default, the soft limit is set to 20 and the hard limit is set to 25.
+Learn more about [concurrency limits](/docs/reference/configuration/#services-concurrency).
+
+They can be configured on your Services using custom annotations. There are 3 annotations used to configure the limits:
+
+  * `service.fly.io/concurrency-kind` - sets the metric used to measure concurrency
+  * `service.fly.io/concurrency-limit-soft` - sets the concurrency soft limit
+  * `service.fly.io/concurrency-limit-hard` - sets the concurrency hard limit
+
+Below is an example of setting this in your Service
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: fksdemo-service
+  annotations:
+    "service.fly.io/concurrency-kind": "connections"
+    "service.fly.io/concurrency-limit-soft": 20 
+    "service.fly.io/concurrency-limit-hard": 25 
+```
+
+## Not supported
+
+We currently do not support:
+
+* NodePort Services
+* UDP protocol
+
+## Related topics
+
+- [Create an FKS cluster](/docs/kubernetes/clusters/)
+- [Connect to an FKS cluster](/docs/kubernetes/connect-clusters/)
diff --git a/kubernetes/using-gpus.html.markerb b/kubernetes/using-gpus.html.markerb
new file mode 100644
index 0000000000..cae6e8faa2
--- /dev/null
+++ b/kubernetes/using-gpus.html.markerb
@@ -0,0 +1,43 @@
+---
+title: Using GPUs with FKS
+layout: docs
+toc: false
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+GPUs are available on Fly Kubernetes. Information about our GPUs can be found in our [Fly GPUs documentation](https://fly.io/docs/gpus/#what-can-i-use-fly-gpus-for).
+
+GPUs are consumed by requesting a GPU resource, similarly to requesting `cpu` or `memory`. There is a custom resource `gpu.fly.io/<gpu type>` that is used to request
+GPUs. Note that:
+
+* The available GPU types are: `a10`, `l40s`, `a100-pcie-40gb` and `a100-sxm4-80gb`. Check the [documentation](https://fly.io/docs/gpus/#regions-with-gpus) for which regions they are available in.
+* Pods are deployed in the same region as your cluster. You can place your Pod in a particular region by adding a `fly.io/region: <region>` annotation to your Pod's metadata.
+* GPU resource requests should only specify the `limits` section.
+* You can specify CPU and memory resources alongside GPU resources. The minimum number of cores supported is 2 and the minimum amount of memory is 4096 MiB. The VMs
+deployed will always be performance Machines.
+* The valid number of GPUs you can request are: 1, 2, 4 and 8.
+* You can only request one type of GPU at a time
+
+Below is an example of a Pod with a GPU:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ollama
+  annotations:
+    fly.io/region: ams # optional
+spec:
+  containers:
+    - name: ollama
+      image: ollama/ollama:latest
+      resources:
+        limits:
+          gpu.fly.io/a100-80gb: 1
+```
+
+This will deploy a GPU Machine with the size `a100-80gb` with 1 GPU core in the region `ams`.
diff --git a/kubernetes/using-volumes.html.markerb b/kubernetes/using-volumes.html.markerb
new file mode 100644
index 0000000000..5e3c181ae1
--- /dev/null
+++ b/kubernetes/using-volumes.html.markerb
@@ -0,0 +1,167 @@
+---
+title: Using volumes with FKS
+layout: docs
+toc: true
+nav: firecracker
+---
+
+<div class= "important icon">
+Fly Kubernetes is in beta and not recommended for critical production usage. To report issues or provide feedback, email us at beta@fly.io.
+</div>
+
+Fly Kubernetes supports [persistent volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/+external) and
+[generic ephemeral volumes](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes+external).
+There are general considerations to keep in mind when using volumes in Fly Kubernetes:
+
+* Volumes are built on top of [Fly Volumes](/docs/volumes/). They are local NVME drives and require your Pod to be deployed in the same region as the volume.
+* Only one persistent or ephemeral volume can be mounted at a time.
+* The maximum storage size available is 500GB.
+
+## Persistent Volumes
+
+PersistentVolumes are managed through PersistentVolumeClaims (PVCs). PersistentVolumes (PVs) are tied to the lifecycle of a
+PersistentVolumeClaim. By default, creating a PVC creates an underlying PV and deleting a PVC deletes the PV bound to it.
+
+Below is an example of configuring a PersistentVolume to use with a Pod:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: myclaim
+spec:
+  selector:
+    matchLabels:
+      region: iad
+  storageClassName: flyio-volume
+  accessModes:
+    - ReadWriteOncePod
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+    - name: nginx
+      image: nginx:latest
+      volumeMounts:
+        - mountPath: "/var/www/html"
+          name: mypd
+      resources:
+        limits:
+          memory: "512Mi"
+          cpu: "1"
+  volumes:
+    - name: mypd
+      persistentVolumeClaim:
+        claimName: myclaim
+```
+
+In our configuration:
+
+* The `storageClassName` must be set to either `flyio-volume` or `flyio-volume-retain`. You can view the available storage classes with `kubectl get sc`. The default StorageClass is `flyio-volume`.
+* `selector` is optional. It serves a dual purpose. First, it ensures that a PVC is bound to a PV in the region specified in the selector.
+Second, if a PVC requires dynamic provisioning of the underlying Fly Volume, it is provisioned in the specified region. If not set, the
+volume is created in the region of the cluster.
+* `accessModes` only supports `ReadWriteOncePod`.
+
+After applying the configuration, you can view the PVC and PV generated by the definition using `kubectl`.
+
+```
+> kubectl get pvc
+NAME          STATUS   VOLUME                 CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+myclaim       Bound    pvc-r1plo75g59d25l0r   5Gi        RWOP           flyio-volume   9s
+```
+
+```
+> kubectl get pv
+NAME                   CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                 STORAGECLASS   REASON   AGE
+pvc-r1plo75g59d25l0r   5Gi        RWOP           Delete           Bound    default/myclaim       flyio-volume            55s
+```
+
+### Reclaim policy
+
+Fly Kubernetes supports both the `Delete` and `Retain` policy for PersistentVolumes.
+
+* StorageClass `flyio-volume` has a reclaim policy set to `Delete`
+* StorageClass `flyio-volume-retain` has a reclaim policy set to `Retain`
+
+By default, `flyio-volume` is used.
+
+When using the `flyio-volume-retain` StorageClass, you are responsible for deleting the PersistentVolume object and its underlying Fly Volume.
+The details of the underlying storage are found in the annotations of the PersistentVolume. Using the PV from above
+
+```
+> kubectl describe pv pvc-r1plo75g59d25l0r
+Name:            pvc-r1plo75g59d25l0r
+Labels:          region=iad
+Annotations:     fly.io/app: fks-default-vz5dlqz7v4ylrnpq
+                 fly.io/region: iad
+                 pv.kubernetes.io/provisioned-by: volume.csi.fly.io
+                 volume.fly.io/id: vol_r1plo75g59d25l0r
+Finalizers:      [kubernetes.io/pv-protection]
+StorageClass:    flyio-volume
+Status:          Bound
+Claim:           default/myclaim
+Reclaim Policy:  Delete
+Access Modes:    RWOP
+VolumeMode:      Filesystem
+Capacity:        5Gi
+Node Affinity:   <none>
+Message:
+Source:
+    Type:              CSI (a Container Storage Interface (CSI) volume source)
+    Driver:            volume.csi.fly.io
+    FSType:            ext4
+    VolumeHandle:      vol_r1plo75g59d25l0r
+    ReadOnly:          false
+    VolumeAttributes:  <none>
+Events:                <none>
+```
+
+The annotation `fly.io/app` specifies which Fly app the volumes belongs to. The annotation `volume.fly.io/id` gives you the ID of the volume.
+You can delete the Fly Volume using `flyctl`
+
+```
+fly vol rm pvc-r1plo75g59d25l0r -a fks-default-vz5dlqz7v4ylrnpq
+```
+
+## Generic ephemeral volumes
+
+Fly Kubernetes supports ephemeral volumes through generic ephemeral volumes. It uses the same underlying PVC and PV machinery. Kubernetes
+handles creating the PVC and its corresponding PV and deleting both objects when the Pod is deleted. Below is an example of creating a Pod
+with a generic ephemeral volume: 
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+      image: nginx:latest
+      volumeMounts:
+        - mountPath: "/var/www/html"
+          name: scratch-volume
+      resources:
+        limits:
+          memory: "512Mi"
+          cpu: "1"
+  volumes:
+    - name: scratch-volume
+      ephemeral:
+        volumeClaimTemplate:
+          spec:
+            accessModes:
+              - ReadWriteOncePod
+            storageClassName: "flyio-volume"
+            resources:
+              requests:
+                storage: 5Gi
+```
+
+For generic ephemeral volumes to work as expected, `storageClassName` must be set to `flyio-volume`.
diff --git a/languages-and-frameworks/crystal.html.markerb b/languages-and-frameworks/crystal.html.markerb
index 55008a4068..0e2b26a82e 100644
--- a/languages-and-frameworks/crystal.html.markerb
+++ b/languages-and-frameworks/crystal.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: "Run a Crystal App"
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/crystal/
 ---
 
diff --git a/languages-and-frameworks/dockerfile.html.markerb b/languages-and-frameworks/dockerfile.html.markerb
index 263ce51ae2..41f2d7c9cc 100644
--- a/languages-and-frameworks/dockerfile.html.markerb
+++ b/languages-and-frameworks/dockerfile.html.markerb
@@ -1,16 +1,23 @@
 ---
-title: Deploy via Dockerfile
+title: Deploy with a Dockerfile
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/dockerfile/
 ---
 
-You already have a project wrapped up in a [docker container](https://docs.docker.com/engine/reference/builder/)? Great! Just deploy that!
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/docker.png" alt="Illustration by Annie Ruygt of a whale carrying containers with fish looking on" class="w-full max-w-lg mx-auto">
+</figure>
 
-The `fly launch` command detects your Dockerfile, builds it, and then deploys your app.  Need some extra config? No sweat, we've got you covered.
+Fly Launch can deploy your app from a [Dockerfile](https://docs.docker.com/reference/dockerfile/+external).
+
+The `fly launch` command detects your Dockerfile, builds it, and then deploys your app. Need some extra config? No sweat, we've got you covered.
+
+## Create and configure your app
+
+Run `fly launch` from your project's source directory.
 
 <div class="important icon">
-If you want to configure more than the basic settings, things like secrets or environment variables for example, then run `fly launch --no-deploy` so that you can [edit the `fly.toml` file](#more-config) before the first deployment.
+If you want to configure more than the basic settings, things like secrets or environment variables for example, run `fly launch --no-deploy` so that you can [edit the `fly.toml` file](#more-config) before the first deployment.
 </div>
 
 ```cmd
@@ -44,9 +51,9 @@ Type `n` if you're happy with the defaults listed, otherwise type `y` to open th
 
 After you click **Confirm Settings**, Fly Launch creates your app, generates a `fly.toml` file for your project with the settings, and then deploys the app.
 
-## _More config!_
+### Add environment variables and secrets
 
-Most Dockerfiles expect some configuration settings through `ENV`. The generated `fly.toml` file has a place for you to add your custom `ENV` settings. It's the `[env]` block.
+Most Dockerfiles expect some configuration settings through `ENV`. Add your custom `ENV` settings to the `[env]` section of the generated `fly.toml` file. For example:
 
 ```toml
 [env]
@@ -56,7 +63,7 @@ Most Dockerfiles expect some configuration settings through `ENV`. The generated
 
 Add the values your Dockerfile requires.
 
-Sometimes you have secrets that shouldn't be checked in to `git` or shared publicly. For those settings, you can set them using [`fly secrets`](https://fly.io/docs/reference/secrets/#setting-secrets).
+Sometimes you have secrets that shouldn't be checked in to `git` or shared publicly. You can set secrets using the [`fly secrets`](/docs/apps/secrets/#set-secrets) command. For example:
 
 ```cmd
 flyctl secrets set MY_SECRET=romance
@@ -65,7 +72,7 @@ flyctl secrets set MY_SECRET=romance
 Secrets are staged for the first deployment
 ```
 
-You can list the secrets you've already set using `fly secrets list`
+You can list the secrets you've already set using `fly secrets list`. For example:
 
 ```cmd
 fly secrets list
@@ -77,7 +84,7 @@ MY_SECRET b9e37b7b239ee4aefc75352fe3fa6dc6 1m20s ago
 
 The values aren't displayed, since they're secret!
 
-## _Deploy your app_
+### Deploy your app
 
 If you didn't deploy the new app, or you've made changes and want to redeploy, then you can do that now.
 
@@ -115,15 +122,24 @@ Visit your newly deployed app at https://my-app-name.fly.dev/
 
 By default, `fly deploy` builds the image using a remote builder. If you have Docker running locally and want to build locally, then run `fly deploy --local-only`. After the image is built, the app gets deployed.
 
-## _Open your app_
+### Open your app
 
 Run `fly apps open`, or just go to the URL specified in the output, to open your deployed app in a browser.
 
-You're off and running!
+## Stateful apps
+
+Lots of apps have some state that they want to keep. Learn more about the options for [databases and storage](/docs/database-storage-guides/) on Fly.io.
+
+## Grow and scale
+
+Check out some of the ways you can increase availability, capacity, and performance with Fly.io:
 
-## _Taking it further_
+* Follow the blueprint for [extra Machines for more resilient apps](/docs/blueprints/resilient-apps-multiple-machines/)
+* Read up on [App availability and resiliency](/docs/reference/app-availability/)
+* [Autoscale Machines based on load or custom metrics](/docs/reference/autoscaling/)
+* [Scale Machine CPU and RAM](/docs/apps/scale-machine/) 
+* [Scale Machine count](/docs/apps/scale-count/)
+* Try out [Fly GPUs](/docs/gpus/)
 
-Lots of apps have some state that they want to keep. Here are a couple resources to check out for ways to do that.
 
-- **[Persistent Volumes:](https://fly.io/docs/volumes/)** You can create [persistent volumes](https://fly.io/docs/volumes/) for reading and writing data that changes but isn't blown away when you deploy again.
-- **[Postgres Database:](https://fly.io/docs/reference/postgres/#about-postgres-on-fly)** Deploy a [Fly Postgres Database](https://fly.io/docs/reference/postgres/#about-postgres-on-fly). It automatically creates a `DATABASE_URL` ENV when you attach it to your app.
+If you have questions, need help, or want to talk about what you're building, visit our [community forum](https://community.fly.io).
diff --git a/languages-and-frameworks/dotnet.html.markerb b/languages-and-frameworks/dotnet.html.markerb
index 1429605526..3545e4f0bf 100644
--- a/languages-and-frameworks/dotnet.html.markerb
+++ b/languages-and-frameworks/dotnet.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: "Run a .NET App"
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/dotnet/
 ---
 
@@ -46,7 +45,7 @@ Now, let's proceed to deploy this application to Fly.
 
 ## _Install Flyctl and Login_
 
-We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/log-in-to-fly/).
+We are ready to start working with Fly.io, and that means we need `flyctl`, our CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
 
 ## _Launch the app on Fly_
 
diff --git a/languages-and-frameworks/golang.html.markerb b/languages-and-frameworks/golang.html.markerb
index 07e3a67999..522ee0bc8e 100644
--- a/languages-and-frameworks/golang.html.markerb
+++ b/languages-and-frameworks/golang.html.markerb
@@ -1,17 +1,24 @@
 ---
 title: "Run a Go App"
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/golang/
 ---
 
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/golang.png" alt="Illustration by Annie Ruygt of a seated gopher dreaming" class="w-full max-w-lg mx-auto">
+</figure>
+
 <%= partial "partials/intro", locals: { runtime: "Go" } %>
 
-## _The Example Application_
+<div class="note icon">
+Already have a Go Fly App? Try adding [Tigris](https://www.tigrisdata.com/docs/overview/+external) for file storage. Tigris is scalable, secure, global object storage and you can [integrate it quickly with your Go app](#add-tigris-global-storage-optional).
+</div>
+
+## _The example application_
 
 You can get the code for the example from [the GitHub repository](https://github.com/fly-apps/go-example). Just `git clone https://github.com/fly-apps/go-example` to get a local copy.
 
-The `go-example` application is, as you'd expect for an example, small. It's a Go application that uses the http server and templates from the standard library. Here's all the code from `main.go`:
+The `go-example` application is, as you'd expect for an example, small. It's a Go application that uses the HTTP server and templates from the standard library. Here's all the code from `main.go`:
 
 ```golang
 package main
@@ -48,7 +55,7 @@ func main() {
 }
 ```
 
-The `main` function starts a server that responds with a html page showing the fly region that served the request. The template lives in `./templates/` and is embedded into the binary using the [embed](https://golang.org/pkg/embed/) package in go 1.16+.
+The `main` function starts a server that responds with an HTML page showing the fly region that served the request. The template lives in `./templates/` and is embedded into the binary using the [embed](https://golang.org/pkg/embed/) package in go 1.16+.
 
 The template itself, `index.html.tmpl`, is very simple too:
 
@@ -66,15 +73,15 @@ The template itself, `index.html.tmpl`, is very simple too:
 </html>
 ```
 
-## _Building the Application_
+## _Building the application_
 
-As with most Go applications, a simple `go build` will create a hellofly binary which we can run. It'll default to using port 8080 and you can view it on localhost:8080 with your browser. So, the raw application works. Now to package it up for Fly.
+As with most Go applications, a simple `go build` will create a `hellofly` binary which we can run. It'll default to using port 8080 and you can view it on localhost:8080 with your browser. So, the raw application works. Now to package it up for Fly.
 
-## _Install Flyctl and Login_
+## _Install flyctl and log in_
 
-We are ready to start working with Fly and that means we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+We are ready to start working with Fly and that means we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
-## _Launch the app on Fly_
+## _Launch the app on Fly.io_
 
 To launch an app on fly, run `flyctl launch` in the directory with your source code. This will create and configure a fly app for you by inspecting your source code, then prompt you to deploy.
 
@@ -83,75 +90,83 @@ flyctl launch
 ```
 ```output
 Scanning source code
- Detected Go app
- Using the following build configuration
-         Builder: paketobuildpacks/builder:base
-         Buildpacks: gcr.io/paketo-buildpacks/go
- ? Select organization: Demo (demo)
- ? Select region: ord (Chicago, Illinois (US))
-Created app hellofly in organization personal
-Wrote config file fly.toml
-Your app is ready. Deploy with `flyctl deploy`
-? Would you like to deploy now? Yes
-
-Deploying hellofly
+WARN no go.sum file found, please adjust your Dockerfile to remove references to go.sum
+Detected a Go app
+Creating app in /path/to/your/app
+We're about to launch your Go app on Fly.io. Here's what you're getting:
+
+Organization: Your                   (fly launch defaults to the personal org)
+Name:         hellofly               (derived from your directory name)
+Region:       Ashburn, Virginia (US) (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? n
 ...
+Your app is ready! Deploy with `flyctl deploy`
 ```
 
 First, this command scans your source code to determine how to build a deployment image as well as identify any other configuration your app needs, such as secrets and exposed ports.
 
-After your source code is scanned and the results are printed, you'll be prompted for an organization. Organizations are a way of sharing application and resources between Fly users. Every fly account has a personal organization, called `personal`, which is only visible to your account. Let's select that for this guide.
+After your source code is scanned and the results are printed, you'll be prompted to ask if you want to change any of the defaults `flyctl` has set. 
 
-Next, you'll be prompted to select a region to deploy in. The closest region to you is selected by default. You can use this or change to another region.
+Choosing yes will bring you to a page in your browser where you can change any configuration, such as the region to deploy into or the size of the VM created.
 
-At this point, `flyctl` creates an app for you and writes your configuration to a `fly.toml` file. You'll then be prompted to build and deploy your app. Once complete, your app will be running on fly.
+Once that is complete, `flyctl` will create a `fly.toml` file containing the configuration selected. It might then begin a deployment, or let you know you should start a deployment yourself via `flyctl deploy`.
 
 ## _Inside `fly.toml`_
 
 The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly-side application slot of the same name, "hellofly". If we look at the `fly.toml` file we can see the name in there:
 
 ```toml
-app = "hellofly"
+app = 'hellofly'
+primary_region = 'iad'
 
 [build]
-  builder = "paketobuildpacks/builder:base"
-  buildpacks = ["gcr.io/paketo-buildpacks/go"]
+  [build.args]
+    GO_VERSION = '1.21.5'
+
+[env]
+  PORT = '8080'
 
-[[services]]
+[http_service]
   internal_port = 8080
-  protocol = "tcp"
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+[[vm]]
+  cpu_kind = 'shared'
+  cpus = 1
+  memory_mb = 1024
+```
 
-  [services.concurrency]
-    hard_limit = 25
-    soft_limit = 20
+The `flyctl` command will always refer to this file in the current directory if it exists, specifically for the `app` name value at the start. That name will be used to identify the application to the Fly service. The rest of the file contains settings to be applied to the application when it deploys.
 
-  [[services.ports]]
-    handlers = ["http"]
-    port = "80"
+You can see in the `[build]` section the builder image and the version of Go that was detected in your `go.mod` file. You can change or add build arguments to configure the build process using the `[build.args]` section.
 
-  [[services.ports]]
-    handlers = ["tls", "http"]
-    port = "443"
+## _Inside `Dockerfile`_
 
-  [[services.tcp_checks]]
-    interval = 10000
-    timeout = 2000
-```
+[We use a Debian base image](https://github.com/superfly/flyctl/blob/master/scanner/templates/go/Dockerfile) which has `CGO` enabled by default. A minimal alternative without CGO is Alpine:
 
-The `flyctl` command will always refer to this file in the current directory if it exists, specifically for the `app` name value at the start. That name will be used to identify the application to the Fly service. The rest of the file contains settings to be applied to the application when it deploys.
+```diff
+# ...
 
-You can see in the `[build]` section the builder image and the list of buildpacks that will be used to build the app for deployment. You can also add build arguments to configure the build process using the `[build.args]` section.
+- FROM golang:${GO_VERSION}-bookworm as builder
++ FROM golang:${GO_VERSION}-alpine as builder
 
-For example, the following will instruct the Go buildpack to include files in the `resources` directory in the final image:
+# ...
 
-```toml
-[build.args]
-  BP_KEEP_FILES = "assets/*:resources/*"
+- FROM debian:bookworm
++ FROM alpine:latest
 ```
 
-See the [Paketo Go Buildpack documentation](https://paketo.io/docs/buildpacks/language-family-buildpacks/go/) for more options.
+If you want to use Alpine with `CGO` enabled, [read here](https://megamorf.gitlab.io/2019/09/08/alpine-go-builds-with-cgo-enabled/).
 
-## _Deploying to Fly_
+## _Deploying to Fly.io_
 
 To deploy your app, just run:
 
@@ -161,7 +176,7 @@ flyctl deploy
 
 This will lookup our `fly.toml` file, and get the app name `hellofly` from there. Then `flyctl` will start the process of deploying our application to the Fly platform. Flyctl will return you to the command line when it's done.
 
-## _Viewing the Deployed App_
+## _Viewing the deployed app_
 
 Now the application has been deployed, let's find out more about its deployment. The command `flyctl status` will give you all the essential details.
 
@@ -172,19 +187,19 @@ flyctl status
 App
   Name     = hellofly
   Owner    = demo
-  Version  = 0
-  Status   = running
   Hostname = hellofly.fly.dev
+  Image    = hellofly:deployment-abcdefghxyz
 
-Allocations
-ID       VERSION REGION DESIRED STATUS  HEALTH CHECKS      RESTARTS CREATED
-0ac9ed79 0       fra    run     running 1 total, 1 passing 0        44s ago
+Machines
+PROCESS	 ID         VERSION	 REGION	 STATE  	ROLE  CHECKS	LAST UPDATED
+app      0ac9ed79   1        iad     running                2024-02-13T12:52:38Z
+app      1bd10fe8   1        iad     stopped                2024-02-13T12:52:38Z
 $
 ```
 
-As you can see, the application has been deployed with a DNS hostname of hellofly.fly.dev, and an instance is running in Frankfurt. Your deployment's name will, of course, be different.
+As you can see, the application has been deployed with a DNS hostname of hellofly.fly.dev, and an instance is running in Virginia. Your deployment's name will, of course, be different.
 
-## _Connecting to the App_
+## _Connecting to the app_
 
 The quickest way to browse your newly deployed application is with the `flyctl apps open` command.
 
@@ -197,7 +212,99 @@ opening https://golang-example.fly.dev ...
 
 Your browser will be sent to the displayed URL.
 
-## _Bonus Points_
+## _Add Tigris Global Storage (optional)_
+
+Tigris provides CDN-like accessibility for your stored objects. Tigris has S3-API compatibility, automatically manages data replication and caching for you, and offers AuthN and AuthZ authentication mechanisms. Learn more about [Tigris Object Storage](https://www.tigrisdata.com/docs/overview/+external).
+
+1. <b>Create a Tigris bucket</b>: run the create command inside your Go Fly App's directory. Afterwards, make sure to take note of the credentials received:
+
+	```cmd
+	fly storage create
+	```
+
+2. <b>Retrieve AWS SDK modules</b>: Tigris has an S3 compatible API service, thus, we can easily use [AWS SDK Go](https://aws.github.io/aws-sdk-go-v2/docs/getting-started/#install-the-aws-sdk-for-go-v2) modules to connect with the Tigris Bucket we've just created.
+	
+	```cmd
+	go get github.com/aws/aws-sdk-go-v2
+	go get github.com/aws/aws-sdk-go-v2/config
+	go get github.com/aws/aws-sdk-go-v2/service/s3
+	```
+
+3. <b>Create a [Client function](https://github.com/fly-apps/go-example-tigris/blob/main/tigris/tigris.go#L12)</b> that will return an instance ready to connect with a Tigris bucket:
+
+	```go
+	func Client(ctx context.Context) (*s3.Client, error) {
+		// 1. Create an aws.Config instance
+		cfg, err := config.LoadDefaultConfig(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load Tigris config: %w", err)
+		}
+	
+		// 2. Create an Amazon S3 client using the AWS Config instance created, "cfg"
+		return s3.NewFromConfig(cfg, func(o *s3.Options){
+			o.BaseEndpoint = aws.String("https://fly.storage.tigris.dev/")
+			o.Region = "auto"
+		}), nil
+	}
+	```
+	The `LoadDefaultConfig()` function will create an [aws.Config instance](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/aws#Config) that can load [credentials from environment variables](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials).
+	Passing this instance to the `NewFromConfig()` [function](https://aws.github.io/aws-sdk-go-v2/docs/making-requests/#newfromconfig) creates an S3 service client we've configured to connect with the Tigris endpoint.
+
+
+4. <b>Set up Tigris Credentials</b>. 
+	To successfully connect with our Tigris Bucket, we can set our Tigris credentials as AWS SDK environment variables. 
+	
+	<b>In a local setup</b>, this should look something like:
+	```cmd
+	export AWS_ACCESS_KEY_ID=TIGRIS_ACCESS_KEY_ID
+	export AWS_SECRET_ACCESS_KEY=TIGRIS_SECRET_ACCESS_KEY
+	```
+	<b>For our Go Fly App</b>, these environment variables should have already been set as [secrets](https://fly.io/docs/flyctl/secrets/) during the running of `fly storage create`:
+	
+	```output
+	Setting the following secrets on ...:
+	AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_VALUE>
+	AWS_ENDPOINT_URL_S3: https://fly.storage.tigris.dev
+	AWS_REGION: auto
+	AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY>
+	BUCKET_NAME: <BUCKET_NAME>
+	```
+	
+	Of course, this would only automatically happen if the create command was run in a directory containing a `fly.toml` for our Go Fly app. 
+	But if that wasn't the case, we can still manually set necessary [secrets](https://fly.io/docs/flyctl/secrets/) like so:
+	```cmd
+	fly secrets set AWS_ACCESS_KEY_ID="<TIGRIS_ACCESS_KEY_ID>"
+	fly secrets set AWS_SECRET_ACCESS_KEY="<TIGRIS_SECRET_ACCESS_KEY>"
+	```
+
+5. <b>[Upload a file](https://github.com/fly-apps/go-example-tigris/blob/main/tigris/tigris.go#L26):</b> Aside from connecting with a Bucket, we can use other [AWS SDK functions](https://docs.aws.amazon.com/code-library/latest/ug/go_2_s3_code_examples.html). Let's use the `PutObject` function to  upload a text file on the go like so:
+
+```go
+  func Client( ctx context.Context ) (*s3.Client, error){}
+
+  func UploadText( ctx context.Context ) (string, error){
+      // 1. Create connection via client
+      conn, err := Client( ctx )
+
+      // 2. Upload sample file
+      if err==nil{
+        _, err = conn.PutObject(ctx, &s3.PutObjectInput{
+            Bucket: aws.String("<TIGRIS_BUCKET_NAME>"),
+            Key:    aws.String("sample.txt"),
+            Body:    strings.NewReader("testing content"),
+        })
+      }
+
+      if err!=nil{
+        return err.Error(), err
+      }else{
+        return "success",nil
+      }
+  }
+```
+For further reference, please see official Tigris [documentation for AWS SDK GO](https://www.tigrisdata.com/docs/sdks/s3/aws-go-sdk/), as well as [this compact package](https://github.com/Xe/x/blob/master/tigris/tigris.go) containing helpers for interacting with Tigris.
+
+## _Bonus points_
 
 If you want to know what IP addresses the app is using, try `flyctl ips list`:
 
@@ -210,6 +317,6 @@ v4   50.31.246.73                         23m42s ago
 v6   2a09:8280:1:3949:7ac8:fe55:d8ad:6b6f 23m42s ago
 ```
 
-## _Arrived at Destination_
+## _Arrived at destination_
 
 You have successfully built, deployed, and connected to your first Go application on Fly.
diff --git a/languages-and-frameworks/index.html.erb b/languages-and-frameworks/index.html.erb
index 4dbad67222..b785f5b6e5 100644
--- a/languages-and-frameworks/index.html.erb
+++ b/languages-and-frameworks/index.html.erb
@@ -5,7 +5,7 @@ toc: false
 ---
 
 <figure>
-  <img src="http://github.com/static/images/docs-guide.webp" srcset="http://github.com/service/http://github.com/static/images/docs-guide@2x.webp%202x " alt="">
+  <img src="http://github.com/static/images/frameworks.png" alt="Illustration by Annie Ruygt of different programming frameworks mascots floating together" class="w-full max-w-lg mx-auto">
 </figure>
 
 <p>Fly.io can run pretty much any type of application. If you don't see it listed here, it's a matter of finding and configuring a Dockerfile that runs it.</p>
@@ -14,7 +14,7 @@ toc: false
   Comprehensive Guides
 </h2>
 
-<p>Fly supports all languages and frameworks, but you'll notice some have much more extensive documentation and support. That's because we have people at Fly.io who work full time on documenting and nurturing these frameworks.</p>
+<p>Fly.io supports all languages and frameworks, but you'll notice some have much more extensive documentation and support. That's because we have people at Fly.io who work full time on documenting and nurturing these frameworks.</p>
 
 <ul>
   <li><%=link_to_page find_page("/docs/elixir") %></li>
@@ -22,6 +22,8 @@ toc: false
   <li><%=link_to_page find_page("/docs/laravel") %></li>
   <li><%=link_to_page find_page("/docs/django") %></li>
   <li><%=link_to_page find_page("/docs/js") %></li>
+  <li><%=link_to_page find_page("/docs/rust") %></li>
+  <li><%=link_to_page find_page("/docs/python") %></li>
 </ul>
 
 <h2 id="supported" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
@@ -30,7 +32,7 @@ toc: false
 
 <p>The following frameworks & languages are fully supported by Fly.io.</p>
 
-Each one of the language guides will take you through creating and deploying a simple application.
+<p>Each one of the language guides will take you through creating and deploying a simple application.</p>
 
 <ul>
   <% current_page.children.each do |page| %>
diff --git a/languages-and-frameworks/partials/_flyctl.html.erb b/languages-and-frameworks/partials/_flyctl.html.erb
index 7d52ef9885..4eb9bdd58d 100644
--- a/languages-and-frameworks/partials/_flyctl.html.erb
+++ b/languages-and-frameworks/partials/_flyctl.html.erb
@@ -1 +1 @@
-First, [install flyctl](/docs/hands-on/install-flyctl/), your Fly.io app command center, and [sign up to Fly.io](/docs/getting-started/log-in-to-fly/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
+First, [install flyctl](/docs/flyctl/install/), the Fly.io CLI, and [sign up to Fly.io](/docs/getting-started/sign-up-sign-in/#first-time-or-no-fly-account-sign-up-for-fly) if you haven't already.
diff --git a/languages-and-frameworks/partials/_install_flyctl_login.html.erb b/languages-and-frameworks/partials/_install_flyctl_login.html.erb
index 27b5363c40..00f83446db 100644
--- a/languages-and-frameworks/partials/_install_flyctl_login.html.erb
+++ b/languages-and-frameworks/partials/_install_flyctl_login.html.erb
@@ -1,3 +1,3 @@
 ## _Install Flyctl and Login_
 
-It's time to install `flyctl`, the CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/log-in-to-fly/).
+It's time to install `flyctl`, the CLI app for managing apps on Fly.io. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly.io](/docs/getting-started/sign-up-sign-in/).
diff --git a/languages-and-frameworks/partials/_intro.html.erb b/languages-and-frameworks/partials/_intro.html.erb
index 0a223eb812..c5ac5ea48e 100644
--- a/languages-and-frameworks/partials/_intro.html.erb
+++ b/languages-and-frameworks/partials/_intro.html.erb
@@ -1,5 +1,5 @@
 Getting an application running on Fly.io is essentially working out how to package it as a deployable image<%- if defined?(database) %> and attach it to a database<%- end %>.
-Once packaged it can be deployed to the Fly.io global application platform.
+Once packaged, it can be deployed to the Fly.io platform.
 
 In this guide we'll learn how to deploy <%= "#{runtime.downcase.match(/^[aeiou]/) ? "an" : "a"} #{defined?(link) ? "[#{runtime}](#{link})" : "#{runtime}"}" %>
 <%= locals.key?(:type) ? type : "application" %>
diff --git a/languages-and-frameworks/partials/_launch_with_postgres.html.erb b/languages-and-frameworks/partials/_launch_with_postgres.html.erb
index 255e485831..0a71cc6530 100644
--- a/languages-and-frameworks/partials/_launch_with_postgres.html.erb
+++ b/languages-and-frameworks/partials/_launch_with_postgres.html.erb
@@ -1,65 +1,131 @@
-When we run `fly launch` from the newly-created project directory, the launcher will:
-
-* Ask you to select a deployment region
-* Set secrets required by <%= detected %> (`SECRET_KEY_BASE`, for example)
-* Run the <%= detected %> deployment setup task
-* Optionally setup a Postgres instance in your selected region
-* Deploy the application in your selected region
+When you run `fly launch` from the newly-created project directory, the launcher provides some defaults for your new app, and gives you the option to tweak the settings.
 
+Run:
 ```
 cd <%= app_name %>
 fly launch
 ```
+
+You'll get a summary of the defaults chosen for your app:
+
+```output
+Organization: MyOrgName              (fly launch defaults to the personal org)
+Name:         <%= app_name %>            (derived from your directory name)
+Region:       Secaucus, NJ (US)      (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? Yes
+Opening https://fly.io/cli/launch/bea626e2d179a083a3ba622a367e24ec ...
+```
+
+Type `y` at the prompt to open the Fly Launch page, and make the following changes to your app config:
+
+* Change the default app name and region, if needed.
+* For Databases, select Fly Postgres, give the Postgres database app a name (for example, your app name with `-db` appended) and choose a configuration.
+
+Once you confirm your settings, you can return to the terminal, where the launcher will:
+
+* Run the <%= detected %> deployment setup task
+* Build the image
+* Set secrets required by <%= detected %> (`SECRET_KEY_BASE`, for example)
+* Deploy the application in your selected region
+
 ```output
-Creating app in /Users/me/<%= app_name %>
-Scanning source code
-Detected a <%= detected %> app
-? App Name (leave blank to use an auto-generated name): <%= app_name %>
-? Select organization: flyio (flyio)
-? Select region: mad (Madrid, Spain)
-Created app <%= app_name %> in organization soupedup
+Waiting for launch data... Done
+Created app '<%= app_name %>' in organization 'personal'
+Admin URL: https://fly.io/apps/<%= app_name %>
+Hostname: <%= app_name %>.fly.dev
 Set secrets on <%= app_name %>: SECRET_KEY_BASE
-Installing dependencies
-Running Docker release generator
-Wrote config file fly.toml
-? Would you like to setup a Postgres database now? Yes
+Creating postgres cluster in organization personal
+Creating app...
+Setting secrets on app <%= app_name %>-db...
+Provisioning 1 of 1 machines with image flyio/postgres-flex:15.3@sha256:44b698752cf113110f2fa72443d7fe452b48228aafbb0d93045ef1e3282360a6
+Waiting for machine to start...
+Machine 2865550c7e96d8 is created
+==> Monitoring health checks
+  Waiting for 2865550c7e96d8 to become healthy (started, 3/3)
+
 Postgres cluster <%= app_name %>-db created
   Username:    postgres
-  Password:    <password>
+  Password:    EChe3BrhCjsPQEI
   Hostname:    <%= app_name %>-db.internal
-  Proxy Port:  5432
-  PG Port: 5433
-Save your credentials in a secure place, you will not be able to see them again!
+  Flycast:     fdaa:2:45b:0:1::1d
+  Proxy port:  5432
+  Postgres port:  5433
+  Connection string: postgres://postgres:EChe3BrhCjsPQEI@<%= app_name %>-db.flycast:5432
 
-Monitoring Deployment
-
-1 desired, 1 placed, 1 healthy, 0 unhealthy [health checks: 2 total, 2 passing]
---> v0 deployed successfully
+Save your credentials in a secure place -- you won't be able to see them again!
 
 Connect to postgres
-Any app within the flyio organization can connect to postgres using the above credentials and the hostname "<%= app_name %>-db.internal."
-For example: postgres://postgres:password@<%= app_name %>-db.internal:5432
+Any app within the MyOrgName organization can connect to this Postgres using the above connection string
 
-See the postgres docs for more information on next steps, managing postgres, connecting from outside fly:  https://fly.io/docs/reference/postgres/
-Postgres cluster <%= app_name %>-db is now attached to <%= app_name %>
+Now that you've set up Postgres, here's what you need to understand: https://fly.io/docs/postgres/getting-started/what-you-should-know/
+Checking for existing attachments
+Registering attachment
+Creating database
+Creating user
 
-Would you like to deploy now? Yes
-Deploying <%= app_name %>
+Postgres cluster <%= app_name %>-db is now attached to <%= app_name %>
+The following secret was added to <%= app_name %>:
+  DATABASE_URL=postgres://aa_hello_elixir2:Er6pLzUBuhKcbBl@<%= app_name %>-db.flycast:5432/aa_hello_elixir2?sslmode=disable
+Postgres cluster <%= app_name %>-db is now attached to <%= app_name %>
+Generating rel/env.sh.eex for distributed Elixir support
+Preparing system for Elixir builds
+Installing application dependencies
+Running Docker release generator
+Wrote config file fly.toml
+Validating /Users/anderson/test-elixir-gs/hello_elixir2/fly.toml
+✓ Configuration is valid
+==> Building image
+Remote builder fly-builder-black-pine-7645 ready
+Remote builder fly-builder-black-pine-7645 ready
+==> Building image with Docker
+--> docker host: 20.10.12 linux x86_64
 
-==> Validating app configuration
---> Validating app configuration done
-Services
-TCP 80/443 ⇢ 8080
-Remote builder fly-builder-little-glitter-8329 ready
 ...
 
+--> Pushing image done
+image: registry.fly.io/<%= app_name %>:deployment-01HPMGHTG8XSYH3ZCV82SF5CEZ
+image size: 126 MB
+
+Watch your deployment at https://fly.io/apps/<%= app_name %>/monitoring
+
+Provisioning ips for <%= app_name %>
+  Dedicated ipv6: 2a09:8280:1::2a:bc0b:0
+  Shared ipv4: 66.241.124.79
+  Add a dedicated ipv4 with: fly ips allocate-v4
+
+Running <%= app_name %> release_command: /app/bin/migrate
+
+-------
+ ✔ release_command 784eee4c294298 completed successfully
+-------
+This deployment will:
+ * create 2 "app" machines
+
+No machines in group app, launching a new machine
+Creating a second machine to increase service availability
+Finished launching new machines
+-------
+NOTE: The machines for [app] have services with 'auto_stop_machines = true' that will be stopped when idling
+
+-------
+Checking DNS configuration for <%= app_name %>.fly.dev
+
+Visit your newly deployed app at https://<%= app_name %>.fly.dev/
 ```
 
+<div class="important icon">
+Make sure to note your Postgres credentials from the output.
+</div>
+
 That's it! Run `fly apps open` to see your deployed app in action.
 
 Try a few other commands:
 
 * `fly logs` - Tail your application logs
 * `fly status` - App deployment details
-* `fly status -a <%= app_name %>-db` - Database deployment details
+* `fly status -a postgres-database-app-name` - Database deployment details
 * `fly deploy` - Deploy the application after making changes
diff --git a/languages-and-frameworks/partials/_scanner_guides.html.erb b/languages-and-frameworks/partials/_scanner_guides.html.erb
index 570bffbcda..a0fb2d0206 100644
--- a/languages-and-frameworks/partials/_scanner_guides.html.erb
+++ b/languages-and-frameworks/partials/_scanner_guides.html.erb
@@ -1,6 +1,6 @@
 <ul style="display: grid; gap: 1px; grid-template-columns: repeat(auto-fit, 20em);">
   <li>
-    <a href="http://github.com/docs/languages-and-frameworks/crystal/">Crystal</a>
+    <a href="http://github.com/docs/js/frameworks/astro/">Astro</a>
   </li>
   <li>
     <a href="http://github.com/docs/js/frameworks/deno/">Deno</a>
@@ -11,6 +11,12 @@
   <li>
     <a href="http://github.com/docs/elixir/getting-started">Elixir</a>
   </li>
+  <li>
+    <a href="http://github.com/docs/python/frameworks/fastapi/">FastAPI</a>
+  </li>
+  <li>
+    <a href="http://github.com/docs/python/frameworks/flask/">Flask</a>
+  </li>
   <li>
     <a href="http://github.com/docs/languages-and-frameworks/golang/">Go</a>
   </li>
@@ -20,7 +26,10 @@
   <li>
     <a href="http://github.com/docs/laravel/">Laravel</a>
   </li>
-    <li>
+  <li>
+    <a href="http://github.com/docs/js/frameworks/meteor/">Meteor</a>
+  </li>
+  <li>
     <a href="http://github.com/docs/languages-and-frameworks/dotnet/">.NET</a>
   </li>
   <li>
@@ -30,7 +39,7 @@
     <a href="http://github.com/docs/js/frameworks/nuxtjs/">Nuxt</a>
   </li>
   <li>
-    <a href="http://github.com/docs/languages-and-frameworks/python/">Python</a>
+    <a href="http://github.com/docs/python/">Python</a>
   </li>
   <li>
     <a href="http://github.com/docs/rails/getting-started/">Rails</a>
@@ -44,8 +53,17 @@
   <li>
     <a href="http://github.com/docs/languages-and-frameworks/ruby/">Ruby</a>
   </li>
+  <li>
+    <a href="http://github.com/docs/rust/">Rust</a>
+  </li>
   <li>
     <a href="http://github.com/docs/languages-and-frameworks/static/">Static Website</a>
   </li>
+  <li>
+    <a href="http://github.com/docs/python/frameworks/streamlit/">Streamlit</a>
+  </li>
+  <li>
+    <a href="http://github.com/docs/js/frameworks/svelte/">SvelteKit</a>
+  </li>
 </ul>
 
diff --git a/languages-and-frameworks/python.html.markerb b/languages-and-frameworks/python.html.markerb
deleted file mode 100644
index f3d24c8c67..0000000000
--- a/languages-and-frameworks/python.html.markerb
+++ /dev/null
@@ -1,338 +0,0 @@
----
-title: "Run a Python App"
-layout: language-and-framework-docs
-sitemap: false
-redirect_from: /docs/getting-started/python/
----
-
-<%= partial "partials/intro", locals: { runtime: "Python" } %>
-
-- [Run a Flask App](#run-a-flask-app)
-
-## Initial Local Setup
-
-Make sure that [Python](https://www.python.org/) is already installed on your computer along with a way to create virtual environments.
-
-This allows you to run your project locally, and test that it works, before deploying it to Fly.io.
-
-<section class="callout">
-We recommend the latest [supported versions](https://devguide.python.org/versions/#supported-versions) of Python.
-</section>
-
-### Virtual Environment
-
-For this guide, we use [venv](https://docs.python.org/3/library/venv.html#module-venv) but any of the other popular choices such as [Poetry](https://python-poetry.org/), [Pipenv](https://github.com/pypa/pipenv), or [pyenv](https://github.com/pyenv/pyenv) work too.
-
-```shell
-# Unix/macOS
-$ mkdir hello-flask
-$ cd hello-flask
-$ python3 -m venv .venv
-$ source .venv/bin/activate
-(.venv) $
-```
-```shell
-# Windows
-> mkdir hello-flask
-> cd hello-flask
-> python -m venv .venv
-> .venv\Scripts\activate
-(.venv) $
-```
-
-<section class="callout">From this point on, the commands won't be displayed with (.venv) $ but we assume you have your Python virtual environment activated.</section>
-
-## Run a Flask App
-
-In this guide we recreate and deploy this [minimal Flask application](https://github.com/fly-apps/hello-flask) to demonstrate how quickly Flask apps can be deployed to Fly.io!
-
-<section class="callout">
-You can follow the guide to recreate the app or just `git clone https://github.com/fly-apps/hello-flask` to get a local copy.
-</section>
-
-We assume you already have [Python installed](#initial-local-setup) and your [virtual environment is activated](#virtual-environment).
-
-### Install Flask
-
-With your virtual environment **activated**, install the [latest](https://flask.palletsprojects.com/en/latest/) version of Flask using [pip](https://pip.pypa.io/en/stable/):
-
-```cmd
-python -m pip install Flask
-```
-
-This will load Flask and all its dependency packages. You can check all of the packages with `pip freeze` command:
-
-```cmd
-pip freeze
-```
-```output
-blinker==1.6.2
-click==8.1.3
-Flask==2.3.2
-itsdangerous==2.1.2
-Jinja2==3.1.2
-MarkupSafe==2.1.2
-Werkzeug==2.3.3
-```
-
-<section class="callout">
-If you have a local copy of `hello-flask`, you can install all the dependencies using `python -m pip install -r requirements.txt`
-</section>
-
-### Create the Flask App
-
-The [`hello-flask`](https://github.com/fly-apps/hello-flask) application is, as you'd expect for an example, very minimal.
-
-Inside the `hello-flask` folder, create an `app.py` file and add the code:
-
-```python
-# app.py
-from flask import Flask, render_template
-
-app = Flask(__name__)
-
-
-@app.route('/')
-@app.route('/<name>')
-def hello(name=None):
-    return render_template('hello.html', name=name)
-```
-
-### Create the Template
-
-Flask is set up to route request to a `hello` function which in turn passes a `name` variable  (taken from the requests path) to a function to render the `hello.html` template. Create a directory named `templates/` and inside, create the `hello.html`:
-
-```html
-<!-- templates/hello.html -->
-<!DOCTYPE html>
-<html>
-<title>Hello from Fly.io</title>
-<link rel="stylesheet" href="http://github.com/%7B%7B%20url_for('static', filename='main.css') }}">
-<body>
-    {% if name %}
-        <h1>Hello, {{ name | capitalize }}!</h1>
-    {% else %}
-        <h1>Hello, World!</h1>
-    {% endif %}
-</body>
-</html>
-```
-
-We're using a template as it makes it easier to show what you should do with assets that aren't the actual application.
-
-### Start the Development Server
-
-Flask apps are run with the `flask run` command:
-
-```cmd
-flask run
-```
-```out
- * Debug mode: off
-WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
- * Running on http://127.0.0.1:5000
-Press CTRL+C to quit
-```
-
-or
-
-```cmd
-flask --app app run
-```
-```out
- * Serving Flask app 'app'
- * Debug mode: off
-WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
- * Running on http://127.0.0.1:5000
-Press CTRL+C to quit
-```
-
-Note that `flask run` command works since our file is named `app.py`. It also works if your file is named `wsgi.py`, so you don't have to use [`--app`](https://flask.palletsprojects.com/en/latest/cli/) to tell Flask where your app is. More details [here](https://flask.palletsprojects.com/en/latest/quickstart/#a-minimal-application).
-
-If your file is saved as `hello.py` instead of `app.py`, you would need to use the `--app` option to point to Flask where your app is: 
-
-```cmd
-flask --app hello run
-```
-```out
- * Serving Flask app 'hello'
- * Debug mode: off
-WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
- * Running on http://127.0.0.1:5000
-Press CTRL+C to quit
-```
-
-If you open http://127.0.0.1:5000/ in your web browser and it displays `Hello, World!`.
-
-If you open, for example, http://127.0.0.1:5000/fly , it displays `Hello, Fly!`.
-
-### Before Deployment
-
-A few more steps are necessary before deploying the app.
-
-For production, the web application will be served by [`gunicorn`](https://gunicorn.org/). To install it, run:
-
-```cmd
-python -m pip install gunicorn
-```
-
-And now, save all the dependencies to a `requirements.txt` file using:
-
-```cmd
-pip freeze > requirements.txt
-```
-
-Now, let's move on to deploying this app to Fly.io.
-
-### Launch your Fly App
-
-Fly.io has its own command-line utility for managing apps, [flyctl](/docs/hands-on/install-flyctl/). 
-
-If not already installed, follow the instructions on the [installation guide](/docs/hands-on/install-flyctl/) and [log in to Fly.io](/docs/getting-started/log-in-to-fly/).
-
-<section class="callout">
-Both `flyctl` and `fly` commands will work the same way.
-</section>
-
-To configure and launch the app, run `fly launch` and follow the wizard as follow:
-
-```cmd
-fly launch
-```
-```output
-Creating app in ../flyio/hello-flask
-Scanning source code
-Detected a Python app
-Using the following build configuration:
-        Builder: paketobuildpacks/builder:base
-? Choose an app name (leave blank to generate one): hello-fly-flask
-? Select Organization: Fly.io (fly-io)
-Some regions require a paid plan (bom, fra, maa).
-See https://fly.io/plans to set up a plan.
-
-? Choose a region for deployment: Amsterdam, Netherlands (ams)
-App will use 'ams' region as primary
-
-Created app 'hello-fly-flask' in organization 'fly-io'
-Admin URL: https://fly.io/apps/hello-fly-flask
-Hostname: hello-fly-flask.fly.dev
-? Would you like to set up a Postgresql database now? No
-? Would you like to set up an Upstash Redis database now? No
-Wrote config file fly.toml
-Validating ../flyio/hello-flask/fly.toml
-Platform: machines
-✓ Configuration is valid
-We have generated a simple Procfile for you. Modify it to fit your needs and run "fly deploy" to deploy your application.
-```
-
-You can set a unique name for the app and choose your primary region. You can also choose to launch and attach a [PostgreSQL database](/docs/postgres/) and/or an [Upstash Redis database](/docs/reference/redis/) though we are not using either in this example.
-
-Organizations are a way of sharing applications between Fly users. When you are asked to select an organization, there should be one with your account name, this is your personal organization. Select that.
-
-One thing to know about the built-in Python builder (`paketobuildpacks/builder:base`) is that it will automatically copy over the contents of the directory to the deployable image. This is how you can move static assets such as templates and other files to your application.
-
-The other thing to know is that it uses a `Procfile` to run the application. `Procfile`s are used on other platforms to deploy Python applications so we keep it simple. The Procfile contains instructions for starting the application. The minimal generated `Procfile` starts the Gunicorn server with our WSGI application:
-
-```Procfile
-# Modify this Procfile to fit your needs
-web: gunicorn app:app
-```
-
-`gunicorn` says that the web component of the application is served by `gunicorn`.
-
-`{module_import}:{app_variable}` as in `app:app` is equivalent to 'from app import app':
-- first `app` is the Python module (our `app.py` file)
-- second `app` is the Flask object created inside of `app.py` (our `app = Flask(__name__)`)
-
-**Important**: If your Flask object is created, for example, in `hello.py` instead of `app.py`, you should update your `Procfile` like this:
-
-```Procfile
-web: gunicorn hello:app
-```
-
-### Inside `fly.toml`
-
-The `fly.toml` file now contains a default configuration for deploying your app. In the process of creating that file, `flyctl` has also created a Fly-side application slot by the name, `hello-fly-flask`. If we check the `fly.toml` file we can verify the name in there:
-
-```toml
-# fly.toml app configuration file generated for hello-fly-flask on 2023-06-12T17:22:20+02:00
-#
-# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
-#
-
-app = "hello-fly-flask"
-primary_region = "ams"
-
-[build]
-  builder = "paketobuildpacks/builder:base"
-
-[env]
-  PORT = "8080"
-
-[http_service]
-  internal_port = 8080
-  force_https = true
-  auto_stop_machines = true
-  auto_start_machines = true
-  min_machines_running = 0
-```
-
-The `fly` command will always refer to this file in the current directory if it exists, specifically for the `app` name/value at the start. That name will be used to identify the application to the Fly service. The rest of the file contains settings to be applied to the application when it deploys:
-
-- `primary_region`: it configures where the primary region is, used to create new Machines;
-- `internal_port`: it configures which port the application will use to communicate with clients;
-- `force_https = true`: it enforces HTTP to HTTPS redirects;
-- `auto_start_machines = true`: it enables starting Machines automatically based on requests and capacity;
-- `auto_stop_machines = true`: it enables stopping Machines automatically when the app is idle for several minutes;
-- `min_machines_running = 0`: it sets the number of Machines to keep running, in the primary region only, when `auto_stop_machines = true`.
-
-### Deploy to Fly.io
-
-We are now ready to deploy our app to Fly.io. At the command line, run:
-
-```cmd
-fly deploy
-```
-
-This will lookup our `fly.toml` file, and get the app name `hello-fly-flask` from there. Then `flyctl` will start the process of deploying our application to Fly.io. `flyctl` will return you to the command line when it's done.
-
-Once complete, visit your app with the following command:
-
-```cmd
-fly apps open
-```
-
-### View the Deployed App
-
-Now the application has been deployed, let's find out more about its deployment. The command `fly status` will give you all the essential details.
-
-```cmd
-fly status
-```
-```output
-App
-  Name     = hello-fly-flask
-  Owner    = fly-io
-  Hostname = hello-fly-flask.fly.dev
-  Image    = hello-fly-flask:deployment-01H2R4E4ABT72E5FVVMP0C0588
-  Platform = machines
-
-Machines
-PROCESS ID              VERSION REGION  STATE   CHECKS  LAST UPDATED
-app     1781903a919e98  1       ams     started         2023-08-31T03:50:27Z
-app     e28673dfd42186  1       ams     started         2023-08-29T14:14:34Z
-```
-
-The application has been assigned with a DNS hostname of `hello-fly-flask.fly.dev`, and two instances are running in Amsterdam. Your deployment's name will, of course, be different.
-
-### Connecting to the App
-
-The quickest way to connect to your deployed app is with the `fly apps open` command. This will open a browser on the HTTP version of the site. That will automatically be upgraded to an HTTPS secured connection (for the fly.dev domain).
-
-To specify a path, add `/name` to `fly apps open` and it'll be appended to the URL as the path and you'll get an extra greeting from the `hello-fly-flask` app:
-
-```cmd
-fly apps open /fly
-```
-
-Congrats! You have successfully built, deployed, and connected to your first Flask application on Fly.io.
\ No newline at end of file
diff --git a/languages-and-frameworks/ruby.html.markerb b/languages-and-frameworks/ruby.html.markerb
index bd5231afc9..d0387c6e56 100644
--- a/languages-and-frameworks/ruby.html.markerb
+++ b/languages-and-frameworks/ruby.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: "Run a Ruby App"
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/ruby/
 ---
 
@@ -73,7 +72,7 @@ And connect to localhost:9292 to confirm that you have a working Ruby applicatio
 
 ## _Install Flyctl and Login_
 
-We are ready to start working with Fly and that means we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+We are ready to start working with Fly and that means we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 
 ## _Launch the app on Fly_
@@ -132,7 +131,7 @@ Most Dockerfiles expect some configuration settings through `ENV`. The generated
 
 Add whatever values your Dockerfile or container requires.
 
-Sometimes you have secrets that shouldn't be checked in to `git` or shared publicly. For those settings, you can set them using [`fly secrets`](https://fly.io/docs/reference/secrets/#setting-secrets).
+Sometimes you have secrets that shouldn't be checked in to `git` or shared publicly. For those settings, you can set them using [`fly secrets`](https://fly.io/docs/apps/secrets/#set-secrets).
 
 ```cmd
 fly secrets set MY_SECRET=romance
@@ -155,7 +154,7 @@ The values aren't displayed since they are secret!
 
 ## _Deploying to Fly_
 
-To deploy changes to your app, just run just run:
+To deploy changes to your app, just run:
 
 ```cmd
 fly deploy
diff --git a/languages-and-frameworks/static.html.markerb b/languages-and-frameworks/static.html.markerb
index 10a72dda4f..ed8ce47ec1 100644
--- a/languages-and-frameworks/static.html.markerb
+++ b/languages-and-frameworks/static.html.markerb
@@ -1,15 +1,16 @@
 ---
 title: "Run a Static Website"
 layout: language-and-framework-docs
-sitemap: false
 redirect_from: /docs/getting-started/static/
 ---
 
-<%= partial "partials/intro", locals: { runtime: "static", type: "site" } %>
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/static.png" alt="Illustration by Annie Ruygt of a flag depicting a Hello World app" class="w-full max-w-lg mx-auto">
+</figure>
 
-To be fair, a static site isn't an app. So we're really talking about **deploying an app to serve some static content.**
+<%= partial "partials/intro", locals: { runtime: "static", type: "site" } %>
 
-In this demonstration, we'll use [goStatic](https://github.com/PierreZ/goStatic), a tiny web server written in Go that lets us serve static files with very little configuration. We'll provide a Dockerfile and our content for Fly to transmogrify into a web server running in a VM.
+In this demonstration, we'll use [nginx](https://nginx.org), the world's most popular web server to serve a few static files with very little configuration. We'll provide a Dockerfile and our content for Fly to transmogrify into a web server running in a VM.
 
 You can clone all the files needed for this example from [the hello-static GitHub repository](https://github.com/fly-apps/hello-static) to a local directory:
 
@@ -21,7 +22,7 @@ Alternatively, you can create all the files manually as you work through this gu
 
 ## _Install flyctl and login_
 
-To configure our application and deploy it on Fly.io, we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+To configure our application and deploy it on Fly.io, we need `flyctl`, our CLI app for managing apps on Fly. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 ## _Putting the app together_
 
@@ -37,9 +38,9 @@ cd hello-static
 
 ### _The Site_
 
-Our example will be a simple static site. That can be as trivial as a single `index.html` file. Let's make it only slightly more complicated by writing two html files and having them link to each other.
+Our example will be a simple static site. That can be as trivial as a single `index.html` file. Let's make it only slightly more complicated by writing two HTML files and having them link to each other.
 
-Put these html files into a subdirectory of their own, called `public`. Files in this directory are the ones our goStatic server will serve. Create the `hello-static/public` directory if needed.
+Put these HTML files into a subdirectory of their own, called `public`. Files in this directory are the ones our nginx server will serve. Create the `hello-static/public` directory if needed.
 
 Here's `index.html`, which is the landing page:
 
@@ -68,22 +69,23 @@ Here's `goodbye.html`.
   </head>
   <body>
     <h1>You say goodbye</h1>
-      <p>But I say <a href="http://github.com/index.html">hello.</a></p>
+      <p>But I say <a href="http://github.com/">hello.</a></p>
   </body>
 </html>
 ```
 
 ### _The Dockerfile_
 
-goStatic is designed to run in a container, and the [image](https://hub.docker.com/r/pierrezemb/gostatic) is available at Docker Hub. This is super convenient for us, because Fly apps need container images too!
+nginx can be run in a container, and the official nginx image is available on [Docker Hub](https://hub.docker.com/_/nginx/). This is super convenient for us, because Fly apps use container images!
 
-We can use the goStatic image as a base image. We just have to copy our site's files to `/srv/http/` in the image.
+We can use the nginx image as a base image. We just have to copy our site's files to `/usr/share/nginx/html` in the image.
 
 Here's our Dockerfile to do that:
 
 ```docker
-FROM pierrezemb/gostatic
-COPY ./public/ /srv/http/
+FROM nginx:alpine
+
+COPY public /usr/share/nginx/html
 ```
 
 The Dockerfile should be placed in the working directory (here, `hello-static`).
@@ -99,30 +101,99 @@ The `hello-static` repository contains a `fly.toml` that will be detected by `fl
 flyctl launch
 ```
 ```output
-Creating app in /Users/chris/trystatic/hello-static
 Scanning source code
 Detected a Dockerfile app
-? App Name (leave blank to use an auto-generated name): gostatic-example
-Automatically selected personal organization: Chris Nicoll
-? Select region: ewr (Secaucus, NJ (US))
-Created app gostatic-example in organization personal
+Creating app in /Users/jphenow/workspace/hello-static
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+Organization: Jon Phenow                         (fly launch defaults to the personal org)
+Name:         hello-static                       (generated)
+Region:       Denver, Colorado (US)              (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM             (most apps need about 1GB of RAM)
+Postgres:     <none>                             (not requested)
+Redis:        <none>                             (not requested)
+Tigris:       <none>                             (not requested)
+
+? Do you want to tweak these settings before proceeding? No
+Created app 'hello-static' in organization 'personal'
+Admin URL: https://fly.io/apps/hello-static
+Hostname: hello-static.fly.dev
 Wrote config file fly.toml
-? Would you like to setup a Postgresql database now? No
-? Would you like to deploy now? No
-Your app is ready. Deploy with `flyctl deploy`
+Validating /Users/jphenow/workspace/hello-static/fly.toml
+✓ Configuration is valid
+==> Building image
+Remote builder fly-builder-little-haze-7293 ready
+Remote builder fly-builder-little-haze-7293 ready
+==> Building image with Docker
+--> docker host: 24.0.7 linux x86_64
+[+] Building 0.4s (7/7) FINISHED
+ => [internal] load .dockerignore                                                                                                                                                                                                                                                                                                                                                0.2s
+ => => transferring context: 100B                                                                                                                                                                                                                                                                                                                                                0.2s
+ => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                                                                                                             0.2s
+ => => transferring dockerfile: 90B                                                                                                                                                                                                                                                                                                                                              0.2s
+ => [internal] load metadata for docker.io/library/nginx:alpine                                                                                                                                                                                                                                                                                                                  0.1s
+ => [internal] load build context                                                                                                                                                                                                                                                                                                                                                0.1s
+ => => transferring context: 151B                                                                                                                                                                                                                                                                                                                                                0.1s
+ => [1/2] FROM docker.io/library/nginx:alpine@sha256:a5127daff3d6f4606be3100a252419bfa84fd6ee5cd74d0feaca1a5068f97dcf                                                                                                                                                                                                                                                            0.0s
+ => CACHED [2/2] COPY public /usr/share/nginx/html                                                                                                                                                                                                                                                                                                                               0.0s
+ => exporting to image                                                                                                                                                                                                                                                                                                                                                           0.0s
+ => => exporting layers                                                                                                                                                                                                                                                                                                                                                          0.0s
+ => => writing image sha256:1e96a09c0ae89bb9b8dc5dcdcfde700fb1ee2677c20dc9d5f324a5b768328dda                                                                                                                                                                                                                                                                                     0.0s
+ => => naming to registry.fly.io/hello-static:deployment-01J8071W7G3S6R2MC5JJX915CC                                                                                                                                                                                                                                                                                              0.0s
+--> Building image done
+==> Pushing image to fly
+The push refers to repository [registry.fly.io/hello-static]
+deployment-01J8071W7G3S6R2MC5JJX915CC: digest: sha256:2ba357ed3fcf6eeb3a5e4c7a6e2300040cf6f414db69ce2e3b7d6030507deb5e size: 2196
+--> Pushing image done
+image: registry.fly.io/hello-static:deployment-01J8071W7G3S6R2MC5JJX915CC
+image size: 43 MB
+
+Watch your deployment at https://fly.io/apps/hello-static/monitoring
+
+Provisioning ips for hello-static
+  Dedicated ipv6: 2a09:8280:1::46:a909:0
+  Shared ipv4: 66.241.124.149
+  Add a dedicated ipv4 with: fly ips allocate-v4
+
+This deployment will:
+ * create 2 "app" machines
+
+No machines in group app, launching a new machine
+
+WARNING The app is not listening on the expected address and will not be reachable by fly-proxy.
+You can fix this by configuring your app to listen on the following addresses:
+  - 0.0.0.0:8080
+Found these processes inside the machine with open listening sockets:
+  PROCESS                                    | ADDRESSES
+---------------------------------------------*----------------------------------------
+  nginx: master process nginx -g daemon off; | 0.0.0.0:80, [::]:80
+  /.fly/hallpass                             | [fdaa:0:7300:a7b:d827:5e53:ee2d:2]:22
+  nginx: worker process                      | 0.0.0.0:80, [::]:80
+
+Creating a second machine to increase service availability
+Finished launching new machines
+-------
+NOTE: The machines for [app] have services with 'auto_stop_machines = "stop"' that will be stopped when idling
+
+-------
+Checking DNS configuration for hello-static.fly.dev
+
+Visit your newly deployed app at https://hello-static.fly.dev/
+
 ```
 
-This has configured the app with some default parameters, and generated a `fly.toml` configuration file for us.
+This has configured the app with some default parameters, generated a `fly.toml`, attached a shared IPv4, created a dedicated IPv6, and deployed our image file for us.
 
-Before deploying, we need to do one more thing. goStatic listens on port 8043 by default, but the default `fly.toml` assumes port 8080. Edit `internal_port` in the [`services`](/docs/reference/configuration/#the-services-sections) section to reflect this:
+Before the app will work though, we need to do one more thing. nginx listens on port 80 by default, but the default `fly.toml` assumes port 8080. Edit `internal_port` in the [`services`](/docs/reference/configuration/#the-http_service-section) section to reflect this:
 
 ```toml
-[[services]]
-  http_checks = []
-  internal_port = 8043
-  processes = ["app"]
-  protocol = "tcp"
-  script_checks = []
+[http_service]
+  internal_port = 80
+  force_https = true
+  auto_stop_machines = 'stop'
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
   ```
 
 Now we're ready to deploy:
@@ -134,10 +205,59 @@ flyctl deploy
 The output should end something like this, if everything has gone well:
 
 ```
-==> Monitoring deployment
+==> Verifying app config
+Validating /Users/jphenow/workspace/hello-static/fly.toml
+✓ Configuration is valid
+--> Verified app config
+==> Building image
+Remote builder fly-builder-little-haze-7293 ready
+Remote builder fly-builder-little-haze-7293 ready
+==> Building image with Docker
+--> docker host: 24.0.7 linux x86_64
+[+] Building 0.4s (7/7) FINISHED
+ => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                                                                                                             0.2s
+ => => transferring dockerfile: 90B                                                                                                                                                                                                                                                                                                                                              0.2s
+ => [internal] load .dockerignore                                                                                                                                                                                                                                                                                                                                                0.2s
+ => => transferring context: 100B                                                                                                                                                                                                                                                                                                                                                0.1s
+ => [internal] load metadata for docker.io/library/nginx:alpine                                                                                                                                                                                                                                                                                                                  0.1s
+ => [internal] load build context                                                                                                                                                                                                                                                                                                                                                0.1s
+ => => transferring context: 151B                                                                                                                                                                                                                                                                                                                                                0.1s
+ => [1/2] FROM docker.io/library/nginx:alpine@sha256:a5127daff3d6f4606be3100a252419bfa84fd6ee5cd74d0feaca1a5068f97dcf                                                                                                                                                                                                                                                            0.0s
+ => CACHED [2/2] COPY public /usr/share/nginx/html                                                                                                                                                                                                                                                                                                                               0.0s
+ => exporting to image                                                                                                                                                                                                                                                                                                                                                           0.0s
+ => => exporting layers                                                                                                                                                                                                                                                                                                                                                          0.0s
+ => => writing image sha256:1e96a09c0ae89bb9b8dc5dcdcfde700fb1ee2677c20dc9d5f324a5b768328dda                                                                                                                                                                                                                                                                                     0.0s
+ => => naming to registry.fly.io/hello-static:deployment-01J807A99M034C3P47SBXFZZVZ                                                                                                                                                                                                                                                                                              0.0s
+--> Building image done
+==> Pushing image to fly
+The push refers to repository [registry.fly.io/hello-static]
+052eb83bbfc7: Layer already exists
+b0f60355fd52: Layer already exists
+027907faf592: Layer already exists
+11134cc97d7f: Layer already exists
+f7a5847cdca9: Layer already exists
+aec1e8cf14f5: Layer already exists
+717b3a077b07: Layer already exists
+2ff96b2e5450: Layer already exists
+63ca1fbb43ae: Layer already exists
+deployment-01J807A99M034C3P47SBXFZZVZ: digest: sha256:2ba357ed3fcf6eeb3a5e4c7a6e2300040cf6f414db69ce2e3b7d6030507deb5e size: 2196
+--> Pushing image done
+image: registry.fly.io/hello-static:deployment-01J807A99M034C3P47SBXFZZVZ
+image size: 43 MB
+
+Watch your deployment at https://fly.io/apps/hello-static/monitoring
+
+-------
+Updating existing machines in 'hello-static' with rolling strategy
+
+-------
+ ✔ [1/2] Cleared lease for 3287eedf034558
+ ✔ [2/2] Cleared lease for 4d89447f4117d8
+-------
+Checking DNS configuration for hello-static.fly.dev
+
+Visit your newly deployed app at https://hello-static.fly.dev/
 
- 1 desired, 1 placed, 1 healthy, 0 unhealthy [health checks: 1 total, 1 passing]
---> v0 deployed successfully
 ```
 
 ## _Viewing your static site_
@@ -148,9 +268,7 @@ The quickest way to browse your newly deployed application is with the `flyctl a
 flyctl apps open
 ```
 ```output
-opening https://gostatic-example.fly.dev ...
+opening https://hello-static.fly.dev ...
 ```
 
 Your browser will be sent to the displayed URL.
-
-
diff --git a/languages-and-frameworks/wordpress.html.markerb b/languages-and-frameworks/wordpress.html.markerb
new file mode 100644
index 0000000000..006a05ed8c
--- /dev/null
+++ b/languages-and-frameworks/wordpress.html.markerb
@@ -0,0 +1,147 @@
+---
+title: Run a WordPress App
+layout: language-and-framework-docs
+---
+
+Setting up a WordPress application on Fly.io is quite simple. In this guide, we'll learn just how simple it is!
+
+There's one thing you need before setting up a WordPress application: a MySQL database. You can find out how to get one set up on Fly.io in [this handy guide](https://fly.io/docs/app-guides/mysql-on-fly/#main-content-start).
+Make sure you remember the hostname (this will be `<your-mysql-app-name>.internal`), the database name and the database credentials.
+
+Ready? Let's get started!
+
+## Launch a new WordPress application
+
+To launch a new WordPress application, we can use the [official WordPress docker image](https://hub.docker.com/_/wordpress). To do so, run the following command:
+```cmd
+flyctl launch -i wordpress --no-deploy
+```
+```output
+Using image wordpress
+Creating app in /Users/name/test/my-app-name
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+Organization: MyOrg                  (fly launch defaults to the personal org)
+Name:         my-app-name            (derived from your directory name)
+Region:       Secaucus, NJ (US)      (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? Yes
+```
+
+Type `n` if you're happy with the defaults listed, otherwise type `y` to open the Fly Launch web page and edit your settings, including:
+
+* Name: Keep the default app name or enter your own. This name will be part of the URL for your app, unless you use a custom domain.
+
+* Region: Keep the fastest [region](/docs/reference/regions/) (the value of `primary_region` in the `fly.toml` file) as chosen by Fly Launch, or select a different region to deploy to.
+
+After you click **Confirm Settings**, Fly Launch creates your App and generates a `fly.toml` file for your project with the settings.
+
+The reason we added the `--no-deploy` flag is so that the App doesn't get deployed right away. This way, we can set up things like secrets and environment variables before the first deployment.
+
+## Configure & deploy the WordPress application
+
+Before deploying, we'll need to configure a couple of things. In your newly created fly.toml file, change the `internal_port` under `[http_service]` from 8080 to **80**. This setting lets Fly know on what port your App will respond, which is 80 in our case.
+
+After that, set up these environment variables by adding this to the end of your `fly.toml`:
+
+```toml
+[env]
+  WORDPRESS_DB_NAME= "wordpress_db"
+  WORDPRESS_DB_HOST= "<name-of-your-mysql-app>.internal"
+  WORDPRESS_CONFIG_EXTRA = "define( 'WP_HOME', 'https://<name-of-your-wordpress-app>.fly.dev' );define( 'WP_SITEURL', 'https://<name-of-your-wordpress-app>.fly.dev');"
+```
+
+The `WORDPRESS_DB_NAME` and `WORDPRESS_DB_HOST` are needed for the WordPress application to connect to the database. The `WORDPRESS_CONFIG_EXTRA` makes sure that the application serves everything from the `https://...` address.
+
+Here's how the total fly.toml should look now:
+```toml
+app = 'fly-wordpress'
+primary_region = 'fra'
+
+[build]
+  image = 'wordpress'
+
+[http_service]
+  internal_port = 80 # changed from 8080 to 80
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+[[vm]]
+  memory = '1gb'
+  cpu_kind = 'shared'
+  cpus = 1
+
+# Add these environment variables
+[env]
+WORDPRESS_DB_NAME= "wordpress_db"
+WORDPRESS_DB_HOST= "db-wordpress.internal"
+WORDPRESS_CONFIG_EXTRA = "define( 'WP_HOME', 'https://fly-wordpress.fly.dev/' );define( 'WP_SITEURL', 'https://fly-wordpress.fly.dev/');"
+```
+
+Next, we need to set up the `WORDPRESS_DB_USER` and `WORDPRESS_DB_PASSWORD` variables. Since these are sensitive, let's use the [`fly secrets`](/docs/reference/secrets/#set-secrets) command:
+
+```cmd
+flyctl secrets set WORDPRESS_DB_USER=wordpress_user WORDPRESS_DB_PASSWORD=wordpress_password
+```
+```output
+Secrets are staged for the first deployment
+```
+
+You can list the secrets you've already set using `fly secrets list`. For example:
+
+```cmd
+fly secrets list
+```
+```
+NAME                    DIGEST                  CREATED AT
+WORDPRESS_DB_PASSWORD   92d2791e3f7ebd71        1m20s ago
+WORDPRESS_DB_USER       a2b707ef6e858717        1m20s ago
+```
+
+The values aren't displayed, since they're secret!
+
+### Deploy your app
+
+The last step is to deploy the App with the deploy command:
+
+```cmd
+flyctl deploy
+```
+```output
+==> Verifying app config
+Validating /Users/name/test/my-app-name/fly.toml
+✓ Configuration is valid
+--> Verified app config
+==> Building image
+Searching for image 'wordpress' remotely...
+image found: img_rlw04nnx6zzj4z2y
+
+
+Watch your deployment at https://fly.io/apps/my-app-name/monitoring
+
+-------
+Updating existing machines in 'my-app-name' with rolling strategy
+
+-------
+ ✔ [1/2] Machine 918543b477de83 [app] update succeeded
+ ✔ [2/2] Machine e28697ce6d3986 [app] update succeeded
+-------
+
+Visit your newly deployed app at https://my-app-name.fly.dev/
+```
+
+### Set up a custom domain
+
+You probably want to set up a custom domain for your WordPress application. You can find all you need to know (and more!) in [this handy guide](https://fly.io/docs/networking/custom-domain/).
+
+### Open your app
+
+Run `fly apps open`, or just go to the URL specified in the output of the deploy command, to open your deployed App in a browser.
+
+If you have any questions, need help, or want to talk about what you're building, visit our [community forum](https://community.fly.io).
diff --git a/laravel/advanced-guides/github-actions.html.md b/laravel/advanced-guides/github-actions.html.md
index 8c37f4b0f7..43f3ca9190 100644
--- a/laravel/advanced-guides/github-actions.html.md
+++ b/laravel/advanced-guides/github-actions.html.md
@@ -1,7 +1,7 @@
 ---
 title: "Laravel GitHub Actions: CICD"
 layout: framework_docs
-objective: Configure continuous integration and development on your Laravel Fly App through GitHub. 
+objective: Configure continuous integration and development on your Laravel Fly App through GitHub.
 order: 3
 ---
 
@@ -20,7 +20,7 @@ In this section, you'll create a new Laravel application, configure and deploy i
 composer create-project laravel/laravel fly-laravel
 cd fly-laravel
 
-# Auto generate your `fly.toml` configuration file: 
+# Auto generate your `fly.toml` configuration file:
 # Add in the ams region with --region
 # Auto deploy using --now while your at it!
 flyctl launch --region ams --now
@@ -43,11 +43,11 @@ git remote add origin git@github.com:<username>/<repository-name>.git
 
 ## GitHub CI Action: Auto Deploy to Fly.io
 
-Once you have your Laravel application set up with a github repository, you can configure some GitHub Actions to auto deploy your changes. 
+Once you have your Laravel application set up with a github repository, you can configure some GitHub Actions to auto deploy your changes.
 
 In this guide, you'll be using `Fly.io`'s very own [GitHub action template here](https://github.com/superfly/flyctl-actions) to help deploy your application.
 
-1) Generate a `Fly token` with `fly auth token`
+1) Generate a `Fly token` with `fly tokens deploy`
 
 2) Then save your newly generated `FLY_API_TOKEN` in your github repository either through the GitHub Console or GitHub CLI:
 
@@ -110,4 +110,4 @@ git commit -m "Configure auto-deploy through GitHub Actions"
 git push
 ```
 
-5) Visit the Actions tab of your repository and see how your deployment fares!
\ No newline at end of file
+5) Visit the Actions tab of your repository and see how your deployment fares!
diff --git a/laravel/advanced-guides/using-inertia-ssr.html.md b/laravel/advanced-guides/using-inertia-ssr.html.md
index 15aff61b44..3c4f8f884b 100644
--- a/laravel/advanced-guides/using-inertia-ssr.html.md
+++ b/laravel/advanced-guides/using-inertia-ssr.html.md
@@ -45,7 +45,7 @@ RUN if [ -f "vite.config.js" ]; then \
         yarn install --frozen-lockfile; \
         yarn $ASSET_CMD; \
     elif [ -f "pnpm-lock.yaml" ]; then \
-        corepack enable && corepack prepare pnpm@latest-7 --activate; \
+        corepack enable && corepack prepare pnpm@latest-8 --activate; \
         pnpm install --frozen-lockfile; \
         pnpm run $ASSET_CMD; \
     elif [ -f "package-lock.json" ]; then \
@@ -108,7 +108,7 @@ Now that you have more than one process group for your Fly.io app, you'll have t
 
 
 ### Web and SSR Communication
-The SSR server will be created as a separate VM from your web app. You'll have to configure your Laravel web VM to [talk with it](https://community.fly.io/t/process-group-aware-internal-dns-route-between-processes-with-ease/13063/4). To do so, first revise the `fly.toml` file to include an `SSR_URL` that will contain the ssr process' [.internal address](https://fly.io/docs/reference/private-networking/#fly-internal-addresses) routed to SSR's applicable port ( in the case below, 13714):
+The SSR server will be created as a separate VM from your web app. You'll have to configure your Laravel web VM to [talk with it](https://community.fly.io/t/process-group-aware-internal-dns-route-between-processes-with-ease/13063/4). To do so, first revise the `fly.toml` file to include an `SSR_URL` that will contain the ssr process' [.internal address](https://fly.io/docs/networking/private-networking/#fly-io-internal-addresses) routed to SSR's applicable port ( in the case below, 13714):
 ```.env
 [env]
   SSR_URL="ssr.process.<yourAppNameHerePlease>.internal:13714"
diff --git a/laravel/database-guides/laravel-mysql.html.markerb b/laravel/database-guides/laravel-mysql.html.markerb
index 2a35d25d22..fa48873224 100644
--- a/laravel/database-guides/laravel-mysql.html.markerb
+++ b/laravel/database-guides/laravel-mysql.html.markerb
@@ -15,7 +15,7 @@ To run MySQL as a [Fly App](/docs/app-guides/mysql-on-fly/), follow our guide [h
 
 ### _Connect from a Laravel Fly App_
 
-1.  Revise the `[env]` configuration in your Laravel application's `fly.toml` file to connect with your MySQL Fly App's [Fly .internal address](/docs/reference/private-networking/#fly-internal-addresses):
+1.  Revise the `[env]` configuration in your Laravel application's `fly.toml` file to connect with your MySQL Fly App's [Fly .internal address](/docs/networking/private-networking/#fly-io-internal-addresses):
 
     ```toml
     [env]
@@ -41,7 +41,7 @@ To run MySQL as a [Fly App](/docs/app-guides/mysql-on-fly/), follow our guide [h
 
 ### _Connect from a local environment_
 
-The MySQL instance you spun up in Fly.io "[is closed to the public internet](/docs/reference/machines/#notes-on-networking)", and can only be accessed by another application found in your Fly.io organization's private network. You'll need a way to tunnel into the network and finally connect to your MySQL instance.
+The MySQL instance you spun up in Fly.io "[is closed to the public internet](/docs/machines/api-machines-resource/#notes-on-networking)", and can only be accessed by another application found in your Fly.io organization's private network. You'll need a way to tunnel into the network and finally connect to your MySQL instance.
 
 <b>In this guide you'll tunnel to your MySQL instance through the use of `fly proxy`</b>
 
diff --git a/laravel/database-guides/laravel-pgsql.html.markerb b/laravel/database-guides/laravel-pgsql.html.markerb
index 0094db21ad..051acd9c8c 100644
--- a/laravel/database-guides/laravel-pgsql.html.markerb
+++ b/laravel/database-guides/laravel-pgsql.html.markerb
@@ -20,15 +20,22 @@ To run PostgreSQL as a [Fly App](/docs/app-guides/mysql-on-fly/), follow our gui
     - This will create an env variable `DATABASE_URL` containing a connection string in your Laravel fly app
     <br><br>
 
-2.  Make sure the `fly.toml` of your Laravel Fly App uses postgres:
+2.  Please make sure the `fly.toml` of your Laravel Fly App uses the postgres driver by specifying it as the value of `DB_CONNECTION`:
 
     ```toml
     [env]
     APP_ENV = "production"
     DB_CONNECTION = "pgsql"
     ```
-    
-    Thanks to the attach command, Postgres connection will now be available to your Laravel Fly App using the auto-generated `DATABASE_URL` from the attachment process.
+
+        Thanks to the attach command, Postgres connection will now be available to your Laravel Fly App using the auto-generated `DATABASE_URL` from the attachment process.
+
+
+3. If you are using Laravel version 11, it no longer uses the `DATABASE_URL` env variable name, instead it uses [DB_URL](https://laravel.com/docs/11.x/database#:~:text=(or%20corresponding-,DB_URL,-environment%20variable)%20configuration). So, please set an additional Fly secret, `DB_URL` with the value of the `DATABASE_URL`.
+
+    ```cmd
+    fly secrets set DB_URL="<DATABASE_URL_VALUE>"
+    ```
 
 ### _Connect From a Laravel Fly App Manually_
 
@@ -88,9 +95,9 @@ Now that you have a database in your Postgres Fly App, it's time to connect it w
 
 
 #### _Manually connect to Laravel Fly App_ 
-Once you have your running and <i>[database configured](/docs/laravel/the-basics/databases/#manually-set-up-a-database-in-your-postgres-fly-app)</i> Postgres Fly App, it's time to connect with your Laravel Fly App:
+Once you have your running and <i>[database configured](/docs/laravel/database-guides/laravel-pgsql/#manually-set-up-a-database-in-your-postgres-fly-app)</i> Postgres Fly App, it's time to connect with your Laravel Fly App:
 
-1.  Revise your Laravel Fly App's `fly.toml` file to connect with the `Hostname`( your Postgres Fly App's .internal Address ) from the configuration output, and the `DB_Name` configured [above](/docs/laravel/the-basics/databases/#interacting-with-your-postgres-fly-app):
+1.  Revise your Laravel Fly App's `fly.toml` file to connect with the `Hostname`( your Postgres Fly App's .internal Address ) from the configuration output, and the `DB_NAME` configured above:
 
     ```toml
     [env]
diff --git a/laravel/database-guides/laravel-redis.html.markerb b/laravel/database-guides/laravel-redis.html.markerb
index 4289dc148e..6260836b4f 100644
--- a/laravel/database-guides/laravel-redis.html.markerb
+++ b/laravel/database-guides/laravel-redis.html.markerb
@@ -26,7 +26,7 @@ You can set up your own Redis Fly App either through Fly.io's Redis Docker Image
     - You can specify your region code through the `--region` attribute
     - You can opt not to immediately deploy by adding `--no-deploy` argument
     <br><br>
-2.  Afterwards, add a [volume](/docs/reference/volumes/) that will persist your Redis data
+2.  Afterwards, add a [volume](/docs/volumes/) that will persist your Redis data
 
     ```cmd
     fly volumes create redis_server --size 1
@@ -91,7 +91,7 @@ If you would like to use [Redis' official docker image](https://hub.docker.com/_
 
 Now that you have your Redis Fly App running, the next step is to connect it with your Laravel Fly App! Follow the steps below:
 
-1. First, retrieve your Redis Fly App's [Fly .internal Address](/docs/laravel/the-basics/databases/#fly-internal-address). 
+1. First, retrieve your Redis Fly App's [Fly .internal Address](/docs/networking/private-networking/#fly-io-internal-addresses). 
 
 2.  Next, make sure you move to your Laravel Fly App's directory for better navigation:
 
@@ -153,7 +153,7 @@ The simplest way to connect your local Laravel application to a Redis Fly App is
 
 ## _Laravel with Upstash Managed Redis Fly App_
 
-Want a fully-managed Redis Fly App? Try [Upstash Redis](https://upstash.com/)! To set up, you can follow our-in-depth guide [here](/docs/reference/redis/) 
+Want a fully-managed Redis Fly App? Try [Upstash Redis](https://upstash.com/)! To set up, you can follow our-in-depth guide [here](/docs/upstash/redis/) 
 
 Once you've configured the necessary details through the flyctl prompts, and the app deployment completes, you should get a summary of the Redis cluster you've just deployed, like so:
 ```output
diff --git a/laravel/index.html.markerb b/laravel/index.html.markerb
index f78100873e..a8fc36c40e 100644
--- a/laravel/index.html.markerb
+++ b/laravel/index.html.markerb
@@ -38,17 +38,52 @@ You should be able to visit `http://localhost:8000` and see the home page.
 
 ### Launch
 
-Next, we'll use the `launch` command to automagically configure your app for Fly.
-
-The `launch` command adds a few files to your code base. Don't worry, it will ask before overwriting anything.
+Next, we'll use the `launch` command to automagically configure your app for Fly and deploy it to the Fly cloud. This will add a few files to your code base--but, don't worry, it will ask before overwriting anything.
 
 **If you haven't already, go ahead and run `fly launch`!**
 
 ```cmd
 fly launch
 ```
+This would detect that your project is built with Laravel. Afterwhich it would provide a summary of the default configuration that would be given to your app.
+
+```
+We're about to launch your Laravel app on Fly.io. Here's what you're getting:
+
+Organization: Personal                                                   (fly launch defaults to the personal org)
+Name:         fly-lara-app                                               (derived from your directory name)
+Region:       Paris, France                                              (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM                                     (most apps need about 1GB of RAM)
+Postgres:     <none>                                                     (not requested)
+Redis:        Pay-as-you-go Plan: 10 GB Max Data Size, eviction disabled (determined from app source)
+Tigris:       <none>                                                     (not requested)
+
+? Do you want to tweak these settings before proceeding? (y/N) 
+```
+
+Extensions like [Postgres](/docs/mpg/overview/) ( database ), [Redis](/docs/upstash/redis/) ( cache ), and [Tigris](/docs/tigris/#main-content-start) ( storage ) can also be added by default based on whether there's an existing, similar connection found for your Laravel project. 
 
-When asked if you want to deploy now, say **No**.
+<div class="warning icon">
+**Please note** that these extension apps will also incur their own **usage costs**! You can select "y" in order to adjust the default settings and remove any extension you don't need.
+</div>
+
+#### Launch Configuration
+Once you accept the configuration, this would proceed with **adding [default secrets](https://github.com/superfly/flyctl/blob/master/scanner/laravel.go#L41-L50)**, **deploying the accepted extensions**, and **generating files** on your project:
+1. `.github/workflows/fly-deploy.yml`, `fly.toml` - Configurations specific to hosting on Fly
+2. [.fly directory](https://github.com/fly-apps/dockerfile-laravel/tree/main/resources/views/fly) - A directory containing configuration files for running Nginx/PHP in a container
+3. [Dockerfile](https://github.com/fly-apps/dockerfile-laravel/blob/main/resources/views/dockerfile.blade.php) -  Used to build a container image that is run in fly
+4. [.dockerignore](https://github.com/fly-apps/dockerfile-laravel/blob/main/resources/views/fly/dockerignore.blade.php) - Used to ensure certain files don’t make its way into your image
+
+
+With the configuration files and extenstion apps in place, an image is built for your app using your project and the Dockerfile generated for it. This image is then finally used to deploy your app.
+
+#### Success!
+You should be able to visit `https://your-app-name.fly.dev` and see the Laravel demo home page.
+
+<%= partial "docs/languages-and-frameworks/partials/launched" %>
+
+
+## Customizing your app 
 
 If you have other environment variables to set, you can edit the `fly.toml` file and add them.
 
@@ -67,29 +102,15 @@ For sensitive data, you can set **secrets** with the [`fly secrets set`](https:/
 fly secrets set SOME_SECRET_KEY=<the-value-from-your-env-file>
 ```
 
-<div class="callout">
-The `fly launch` command will generate a secret with a valid, random value for `APP_KEY`.
-</div>
 
-### Deploy
 
-Finally, run `fly deploy` to build and deploy your application!
+### Deploy
 
-You should be able to visit `https://your-app-name.fly.dev` and see the Laravel demo home page.
+Once you've made changes for your app locally, you can run `fly deploy` to deploy your changes.
 
-<%= partial "docs/languages-and-frameworks/partials/launched" %>
 
 ### Some Notes
 
-The `fly launch` adds some files to your code base.
-
-**Here is what gets added:**
-
-1. `Dockerfile` - Used to build a container image that is run in fly
-2. `.dockerignore` - Used to ensure certain files don't make its way into your repository
-3. `fly.toml` - Configuration specific to hosting on Fly
-4. `.fly` (formerly `docker`) - A directory containing configuration files for running Nginx/PHP in a container
-
 Running `fly launch` (and later `fly deploy`) uses the `Dockerfile` to build a container image, copying your application files into the resulting image.
 
 Fly doesn't care about the state of your git repository - it copies whatever files are present (except for files ignored by `.dockerignore`).
diff --git a/laravel/the-basics/laravel-tigris-file-storage.html.markerb b/laravel/the-basics/laravel-tigris-file-storage.html.markerb
new file mode 100644
index 0000000000..e550c57f37
--- /dev/null
+++ b/laravel/the-basics/laravel-tigris-file-storage.html.markerb
@@ -0,0 +1,103 @@
+---
+title: "Tigris for CDN File Storage"
+layout: framework_docs
+objective: Integrate Tigris Bucket using Laravel S3 driver
+order: 8
+---
+[Tigris is an S3-compatible](https://www.tigrisdata.com/docs/overview/) storage service built on Fly.io infrastructure. It provides an intelligent cache-managing, data replication service that offers CDN-like behavior for your object storage with almost-zero configuration needed. 
+
+The Laravel Flysystem integration provides a driver for working with Amazon S3-compatible services. Since Tigris supports the S3 API, Laravel's existing S3 driver can be used to connect with it. 
+
+It's really easy to get started with Tigris. Just create a bucket, plug in its credentials to your Laravel app, upload your files, and users from around the globe should be able to access your files closer and faster thanks to Tigris' automatic data distribution feature. Try it out!
+
+## The Tigris Bucket
+1. Create a Tigris Bucket
+    
+    You can create a Tigris bucket through the `flyctl` cli. Pro tip: run this command inside a Fly.io initialized project, doing so will allow `flyctl` to automatically set secrets on your Laravel Fly app using the credentials of your Tigris Bucket:
+
+    ```cli
+    // Open your project directory
+    cd my-laravel-fly-initialized-app
+
+    // Run the create command
+    fly storage create
+    ```
+    You'll be asked for a custom name for your bucket, but you can choose to create one with a random name. 
+    Once your bucket completes initialization, you'll receive its credentials in your console.
+
+    If you did run the create command inside your Laravel Fly app's project directory, these secrets will automatically get set for your Laravel Fly app:
+    ```cli
+    Setting the following secrets on <fly-app-name>:
+    AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_VALUE>
+    AWS_ENDPOINT_URL_S3: https://fly.storage.tigris.dev
+    AWS_REGION: auto
+    AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY>
+    BUCKET_NAME: <BUCKET_NAME>
+    ```
+
+2. Visit your Bucket
+
+    Once you've taken note of the secrets set above, you can visit this newly created bucket by getting your console link using the `BUCKET_NAME` attribute received from above:
+
+    ```
+    fly storage dashboard <BUCKET_NAME>
+    ```
+    Running the command above should give you a link to your bucket's console dashboard:
+    ```
+    Opening https://console.tigris.dev/flyio/signin?org_id=6y84k....
+    ```
+    The link provided will lead straight to your Tigris console, where you should see the name of the bucket you've recently created. Of course, you'll have to be logged in via Fly.io to access this dashboard. 
+
+## Integrating Laravel with Tigris
+
+Now that we have our Tigris Bucket, let's connect it with our Laravel app.
+
+1. Configure Laravel with S3 driver using Tigris credentials:
+
+    Make sure you have the [Flysystem S3 package installed](https://laravel.com/docs/11.x/filesystem#s3-driver-configuration) for your Laravel project:
+    ```
+    composer require league/flysystem-aws-s3-v3 "^3.0" --with-all-dependencies
+    ```
+ 
+    Let's use the credentials of our Tigris bucket as values for our S3 driver:
+
+    | Tigris Credential | Laravel S3 Environment Variable |
+    |------|-------------|
+        AWS\_ACCESS\_KEY\_ID   | AWS\_ACCESS\_KEY\_ID
+        AWS\_SECRET\_ACCESS\_KEY   | AWS\_SECRET\_ACCESS\_KEY
+        AWS\_REGION | AWS\_DEFAULT\_REGION 
+        BUCKET\_NAME | AWS\_BUCKET
+        AWS\_ENDPOINT\_URL\_S3 | AWS\_ENDPOINT 
+
+    In a local setup, all we have to do is update our .env file with the values above:
+    ```
+    AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>"
+    AWS_ENDPOINT="https://fly.storage.tigris.dev/"
+    AWS_REGION="auto"
+    AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>"
+    AWS_BUCKET="<BUCKET_NAME>"
+    ```
+
+    For a Laravel Fly app, the first two environment variables have already been set as secrets during the creation of the Tigris Bucket. What remains is to set the additional env variables that don't match:
+    
+    ```
+    // Please change the values enclosed in <> with the appropriate value received during the creation of the Tigris Bucket
+    fly secrets set AWS_DEFAULT_REGION="<AWS_REGION_VALUE>"
+    fly secrets set AWS_BUCKET="<AWS_BUCKET_VALUE>"
+    fly secrets set AWS_ENDPOINT="<AWS_ENDPOINT_URL_S3>"
+    ```
+
+
+2. Upload a file from the Controller:
+
+    To test out our connection to the Tigris bucket, we can create a sample function that uploads a text file to the bucket:
+
+    ```
+    use Illuminate\Support\Facades\Storage;
+
+    public function uploadTestFile()
+    {
+        Storage::disk('s3')->put('example.txt', 'Contents');
+    }
+    ```
+    Calling the function above should upload a new file in your bucket. 
\ No newline at end of file
diff --git a/laravel/the-basics/laravel-volume-storage.html.markerb b/laravel/the-basics/laravel-volume-storage.html.markerb
index b960c8807c..5b75053e96 100644
--- a/laravel/the-basics/laravel-volume-storage.html.markerb
+++ b/laravel/the-basics/laravel-volume-storage.html.markerb
@@ -9,6 +9,17 @@ The [storage folder](https://laravel.com/docs/9.x/filesystem#the-local-driver) b
 
 It's the default burrow for session, cache, and file data amongst others. If you'd opt to persist data on this folder, you'll have to mount a [volume](/docs/volumes/) to it.
 
+<div class="warning icon">
+Fly Volumes do not automatically sync their data with each other. Please remember to create the appropriate data-replication logic if your Fly App will be using more than one volume instance, and if your app requires data available across its Volumes.
+</div>
+
+<div class="important icon">
+For file storage, you can utilize the S3-compatible [Tigris service](https://www.tigrisdata.com/docs/overview/)! 
+
+Aside from offering S3-compatible storage buckets, it handles data distribution and cache management for you, providing CDN-like behavior for your application's file storage with almost zero-configuration needed. 
+
+Check out its integration with Laravel [here](/docs/laravel/the-basics/laravel-tigris-file-storage/).
+</div> 
 
 ## The Steps
 
@@ -34,7 +45,7 @@ It's the default burrow for session, cache, and file data amongst others. If you
     ```
 
     
-3.  To mount a volume named `"storage_vol"` to this Fly App, you'll have to create two `"storage_vol"` volumes in the AMS region, [one for each machine](https://fly.io/docs/reference/volumes/#volume-considerations):
+3.  To mount a volume named `"storage_vol"` to this Fly App, you'll have to create two `"storage_vol"` volumes in the AMS region, [one for each machine](https://fly.io/docs/volumes/overview/#volume-considerations):
     ```cmd
     fly volumes create storage_vol --region ams --count 2 
     ```
@@ -94,9 +105,7 @@ It's the default burrow for session, cache, and file data amongst others. If you
     fly deploy
     ```
 
-<div class="callout">
-Fly Volumes do not automatically sync their data with each other. Please remember to create the appropriate data-replication logic if your Fly App will be using more than one volume instance, and if your app requires data available across its Volumes.
-</div> 
+
 
 #### **_Possible Errors_**
 
@@ -111,5 +120,4 @@ Take note however, that a Volume can only be used by one at any given time.
 
 One way to fix this issue is to separate each process into [different Fly.io apps](/docs/app-guides/multiple-processes/#maybe-you-want-multiple-apps-though). Of course, separate application per process might require inter-communication between the applications. 
 
-Fly.io applications can easily communicate with each other over a [private network](/docs/reference/private-networking/). Not only that, but Fly.io also offers the `fly-replay` [response header](/docs/reference/dynamic-request-routing/#the-fly-replay-response-header) which can be used to "redirect" request from one application to another, and return response from the correct application.
- 
\ No newline at end of file
+Fly.io applications can easily communicate with each other over a [private network](/docs/networking/private-networking/). Not only that, but Fly.io also offers the `fly-replay` [response header](/docs/networking/dynamic-request-routing/#the-fly-replay-response-header) which can be used to "redirect" request from one application to another, and return response from the correct application.
diff --git a/launch/autoscale-by-metric.html.markerb b/launch/autoscale-by-metric.html.markerb
new file mode 100644
index 0000000000..b7e7bf145d
--- /dev/null
+++ b/launch/autoscale-by-metric.html.markerb
@@ -0,0 +1,210 @@
+---
+title: Autoscale based on metrics
+layout: docs
+nav: apps
+redirect_from: /docs/apps/autoscale-by-metric/
+---
+
+The metrics-based autoscaler scales an app's Machines based on any metric, such as pending work items or queue depth. Scaling on metrics other than requests or connections is useful for apps, like background workers, that aren't running web services. Apps with services that need to scale based on HTTP requests can use the built-in Fly Proxy [autostop/autostart feature](/docs/launch/autostop-autostart/) for Machines.
+
+The autoscaler works by collecting metrics from different sources, such as Prometheus or Temporal, and computing the number of required Machines based on those metrics. This reconciliation process happens on a loop every 15 seconds by default. The autoscaler uses the [Expr language](https://expr-lang.org/+external) for defining target Machine counts, which gives a rich set of built-in arithmetic functions.
+
+You run the autoscaler as an app based on the [`fly-autoscaler`](https://github.com/superfly/fly-autoscaler+external) image. The app runs within your organization so you have full control over it. You can customize the autoscaler to work with your specific scaling needs.
+
+## Quickstart
+
+To get up and running, you'll set up the app, configure secrets, set the configuration, and deploy the autoscaler.
+
+As a prerequisite, you need an existing target application that you want to scale and a user-defined metric to scale on. In this example, you'll scale on a Prometheus metric called `queue_depth` but you can replace that with your own. You can also [scale based on Temporal workflows](#scale-based-on-pending-temporal-work).
+
+### Create the autoscaler application
+
+First, create a new Fly.io app that will run the autoscaler. Replace the `my-autoscaler` name with a unique name for your autoscaler application:
+
+```
+fly apps create my-autoscaler
+```
+
+### Create a deploy token
+
+The first auth token you'll need is one that has permissions to deploy your target app:
+
+```cmd
+fly tokens create deploy -a my-target-app
+```
+
+Copy the resulting token and set it as a secret on your autoscaler app:
+
+```cmd
+fly secrets set -a my-autoscaler --stage FAS_API_TOKEN="FlyV1 ..."
+```
+
+### Create a token to read from Prometheus
+
+The next auth token you'll need is one that has permissions to read from your organization's Prometheus data on Fly:
+
+```cmd
+fly tokens create readonly my-org
+```
+
+Copy the token and use it as a secret on your autoscaler app:
+
+```cmd
+fly secrets set -a my-autoscaler --stage FAS_PROMETHEUS_TOKEN="FlyV1 ..."
+```
+
+### Configure your autoscaler `fly.toml`
+
+Next, set up a `fly.toml` configuration file for your autoscaler to set environment variables. Replace the `my-autoscaler`, `my-target-app`, and `my-org` with values for your situation.
+
+```toml
+app = "my-autoscaler"
+
+[build]
+image = "flyio/fly-autoscaler:0.3"
+
+[env]
+FAS_PROMETHEUS_ADDRESS = "https://api.fly.io/prometheus/my-org"
+FAS_PROMETHEUS_METRIC_NAME = "qdepth"
+FAS_PROMETHEUS_QUERY = "sum(queue_depth{app='$APP_NAME'})"
+
+FAS_APP_NAME = "my-target-app"
+FAS_CREATED_MACHINE_COUNT = "min(50, qdepth / 2)"
+
+[metrics]
+port = 9090
+path = "/metrics"
+```
+
+Environment variables are the primary way to define your configuration.
+
+Metrics collection settings:
+
+- `FAS_PROMETHEUS_ADDRESS` defines the Prometheus URL endpoint to query.
+- `FAS_PROMETHEUS_METRIC_NAME` defines the local variable name that the metric result will be stored as. This example stores the query result value as `qdepth`.
+- `FAS_PROMETHEUS_QUERY` defines the Prometheus query to run. This example computes the sum of a user-defined `queue_depth` metric.
+
+Autoscaling settings:
+
+- `FAS_APP_NAME` is the name of the target application to scale.
+- `FAS_CREATED_MACHINE_COUNT` defines an [Expr](https://expr-lang.org/) expression to calculate the required number of Machines. The autoscaler creates or destroys Machines to reach the required number.
+
+This example expression assumes that each Machine could handle two items in the queue and uses the `min()` function to prevent the autoscaler from scaling more than `50` Machines.
+
+### Deploy the autoscaler
+
+The autoscaler only works on a single Machine, so you'll use the `--ha` option to turn off the high availability feature that creates two Machines:
+
+```cmd
+fly deploy --ha=false
+```
+
+After the autoscaler deploys, you should see the number of Machines in your target application increase as your user-defined `queue_depth` gauge increases.
+
+<div class="note icon">
+**Note:** The autoscaler creates new Machines in an application by cloning existing Machines. It will not scale to zero and will always keep at least one Machine running.
+</div>
+
+You can find a full working example of the autoscaler at our [fly-autoscaler-example](https://github.com/fly-apps/fly-autoscaler-example) repo.
+
+## More use cases
+
+### Start and stop instead of create and destroy Machines
+
+If you already have a pool of created Machines that you want to autoscale, you can use the `FAS_STARTED_MACHINE_COUNT` expression to stop and start Machines instead of creating and destroying them with `FAS_CREATED_MACHINE_COUNT`.
+
+When you use `FAS_STARTED_MACHINE_COUNT`, the autoscaler sends a termination signal to the Machines instead of destroying them when scaling. It will also automatically cap the number of Machines that can be started to the number of pre-created Machines.
+
+When you scale by starting and stopping existing Machines, your Machines will start up quickly. You'll pay for the Machine's CPU and RAM when they're running and for the rootfs when they're stopped.
+
+When you scale by creating and destroying Machines, your Machines will be slightly slower to reach a `started` state since it takes longer to create a Machine than to start one. You won't need to create a "pool" of Machines. You'll only pay for the Machine's CPU and RAM when they're running and won't need to pay for rootfs since the Machines are destroyed when not needed.
+
+### Scale multiple applications
+
+You can scale multiple independent applications with the same autoscaler by using a wildcard expression for your application name. Your applications must all share a common prefix and they must all be in the same organization.
+
+To enable multi-app scaling, you will need to use an organization-wide auth token rather than an app-specific deploy token:
+
+```cmd
+fly tokens create org my-org
+```
+
+and then set the resulting token on your autoscaler application:
+
+```cmd
+fly secrets set -a my-autoscaler --stage FAS_API_TOKEN="FlyV1 ..."
+```
+
+Next, set the organization name and application wildcard in your `fly.toml` config:
+
+```toml
+[env]
+FAS_ORG="my-org"
+FAS_APP_NAME="my-app-*"
+```
+
+Then use `$APP_NAME` or `${APP_NAME}` in your Prometheus query to identify the current application being scaled:
+
+```toml
+[env]
+FAS_PROMETHEUS_QUERY = "sum(queue_depth{app='$APP_NAME'})"
+```
+
+You can find a working example of multi-application scaling in the [fly-autoscaler-multiapp-example](https://github.com/fly-apps/fly-autoscaler-multiapp-example) repository.
+
+### Scale based on pending Temporal work
+
+The Temporal metrics collector periodically checks for the total number of workflows in a “running” state. By default, it will check every 15 seconds.
+
+You can connect to your Temporal namespace using the `FAS_TEMPORAL_` environment variables. For example:
+
+```toml
+[env]
+FAS_TEMPORAL_ADDRESS = 'mynamespace.lyeth.tmprl.cloud:7233'
+FAS_TEMPORAL_NAMESPACE = 'mynamespace.lyeth'
+FAS_TEMPORAL_METRIC_NAME = 'queue_depth'
+
+FAS_APP_NAME = "my-target-app"
+FAS_CREATED_MACHINE_COUNT="workflow_count / 10"
+```
+
+In the example above the autoscaler is set up to create or destroy Machines for an app that can handle up to 10 workflows at a time (based on the current workflow count) with: `FAS_CREATED_MACHINE_COUNT="workflow_count / 10`. If you want to ensure you don’t exceed a specific number of Machines, then you can use a `min()` expression to cap it: `FAS_CREATED_MACHINE_COUNT="min(50, workflow_count / 10)`. This ensures that no more than 50 Machines get created, regardless of how many workflows are executing.
+
+You'll also need to load the certificate and key data as secrets from your `ca.pem` and `ca.key` files:
+
+```cmd
+fly secrets set --stage FAS_TEMPORAL_CERT_DATA="$(<ca.pem)"
+```
+
+```cmd
+fly secrets set --stage FAS_TEMPORAL_KEY_DATA="$(<ca.key)"
+```
+
+You can find a full working example of Temporal autoscaling in our [fly-autoscaler-temporal-example](https://github.com/fly-apps/fly-autoscaler-temporal-example) repository.
+
+## Configuration reference
+
+The quickstart describes how to configure the autoscaler with environment variables. You can also configure the autoscaler with a YAML config file if you don't want to use environment variables or if you want to configure more than one metric collector.
+
+See the reference [fly-autoscaler.yml](https://github.com/superfly/fly-autoscaler/blob/main/etc/fly-autoscaler.yml) file for an example and more details.
+
+### Autoscaler config
+
+- `FAS_APP_NAME`: The name of the target app to scale.
+- `FAS_CREATED_MACHINE_COUNT`: An [Expr](https://expr-lang.org/) expression to calculate the required number of Machines. The autoscaler creates or destroys Machines to reach the required number.
+- `FAS_STARTED_MACHINE_COUNT`: An [Expr](https://expr-lang.org/) expression to calculate the required number of Machines. The autoscaler starts or stops Machines to reach the required number.
+
+### Prometheus collector
+
+- `FAS_PROMETHEUS_ADDRESS`: The URL of the Prometheus endpoint to query.
+- `FAS_PROMETHEUS_METRIC_NAME`: The local variable name that the metric result will be stored as.
+- `FAS_PROMETHEUS_QUERY`: The Prometheus query to run.
+
+
+### Temporal collector
+
+- `FAS_TEMPORAL_ADDRESS`: The URL of the Temporal endpoint to query.
+- `FAS_TEMPORAL_METRIC_NAME`: The local variable name that the metric result will be stored as.
+- `FAS_TEMPORAL_NAMESPACE`: The Temporal namespace name.
+- `FAS_TEMPORAL_CERT_DATA`: The namespace CA certificate data (`ca.pem`).
+- `FAS_TEMPORAL_KEY_DATA`: The namespace CA key data (`ca.key`).
diff --git a/launch/autostop-autostart.html.markerb b/launch/autostop-autostart.html.markerb
new file mode 100644
index 0000000000..a6d75eb0de
--- /dev/null
+++ b/launch/autostop-autostart.html.markerb
@@ -0,0 +1,116 @@
+---
+title: Autostop/autostart Machines
+layout: docs
+nav: apps
+redirect_from: 
+  - /docs/apps/autostart-stop/
+  - /docs/launch/autostart-stop/
+--- 
+Your app can meet peak demand without keeping extra Machines running. Use autostop/autostart to automatically start and stop or suspend existing Machines based on incoming requests. Fly Machines are fast to start and stop, and you [don't pay for their CPU and RAM](/docs/about/pricing/#stopped-fly-machines) when they're in a `stopped` or `suspended` state.
+
+Get all the details of [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/).
+
+## When to use autostop/autostart
+
+Autostop/autostart works well for apps with highly variable workloads, for smaller apps with low or sporadic traffic, and for most apps that aren't receiving requests continuously. You can reduce resource usage and costs by using autostop/autostart to manage your Fly Machines as demand decreases and increases. You'll never have to run excess Machines to handle peak load; you'll only run, and get charged for, the number of Machines that you need. You can choose to keep one or more Machines running in your primary region.
+
+## Configure autostop/autostart
+
+The autostop/autostart settings are part of each service in an app's `fly.toml` file. See the [[[services]]](/docs/reference/configuration/#the-services-sections) or [[http_service]](/docs/reference/configuration/#the-http_service-section) docs for details about service configuration. You can also add services to [private apps](#private-apps).
+
+Autostop/autostart settings:
+
+- **`auto_stop_machines`:** The action, if any, that Fly Proxy should take when the app is idle for several minutes. 
+  - The options are `"off"` (equivalent to `false`), `"stop"` (equivalent to `true`), or `"suspend"`.
+  - If `"off"`, Fly Proxy will never stop Machines. If `"stop"`, Fly Proxy stops Machines when the app has excess capacity. If `"suspend"`, Fly Proxy suspends Machines (if possible) when the app has excess capacity. Starting a Machine from a `suspended` state is faster than starting a Machine from a `stopped` state, but there are [some caveats](https://community.fly.io/t/autosuspend-is-here-machine-suspension-is-enabled-everywhere/20942) that you should know about.
+- **`auto_start_machines`:** Whether Fly Proxy should automatically start Machines based on requests and capacity.
+- **`min_machines_running`:** The minimum number of Machines to keep running in the primary region when `auto_stop_machines` is set to `"stop"` or `"suspend"`.
+
+Example configuration:
+
+```toml
+...
+[[services]]
+  internal_port = 8080
+  protocol = "tcp"
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 1
+...
+```
+
+In the preceding example, Fly Proxy will automatically stop Machines when the app has excess capacity and start them again when needed based on traffic to the app. The app will eventually scale down to one running Machine in the primary region if there's no traffic.
+
+Concurrency limits configured for services in the `fly.toml` file also affect [how autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/): Fly Proxy uses the concurrency [`soft_limit` setting](/docs/reference/configuration/#http_service-concurrency) for each Machine to determine if there's excess capacity per region. 
+
+## Autostop/autostart configuration recommendations
+
+In general, unless your app shuts itself down when idle, we recommend setting `auto_stop_machines` and `auto_start_machines` so that they are both enabled or both disabled, to avoid having Machines that either never start or never stop. For example, if `auto_start_machines = false` and `auto_stop_machines = "stop"`, then Fly Proxy automatically stops your Machines when there's low traffic but doesn't start them again. When all or most of your Machines stop, requests to your app could start failing.
+
+### Minimum number of Machines running
+
+To keep one or more Machines running all the time in your primary region, set `min_machines_running` to `1` or higher. If `min_machines_running = 1` and there's no traffic to your app, then Fly Proxy will stop Machines until eventually there is only one Machine running in your primary region. `min_machines_running` has no effect unless you set `auto_stop_machines` to `"stop"` or `"suspend"`.
+
+<div class="important">
+**`min_machines_running`:** This setting only maintains the specified minimum number of running Machines in your app's primary region. It has no effect on other regions where your app is deployed. If you need to maintain minimum running Machines in multiple regions, you'll need to manage those separately through other means like [`fly scale count`](https://fly.io/docs/flyctl/scale-count/#main-content-start).
+</div>
+
+### Maximum number of Machines running
+
+There's no "maximum machines running" setting, because the maximum number of Machines is the total number of Machines in your app.
+
+Fly Proxy autostop/autostart never creates or destroys Machines for you. The maximum number of running Machines is the number of Machines created for your app on launch, or using `fly scale count` or `fly machine clone`. For example, if you want to have a maximum of 10 Machines available to service requests, then you need to create 10 Machines for your app. Learn more about [scaling the number of Machines](/docs/apps/scale-count/).
+
+### Keep all Machines running continuously
+
+If you need all your app's Machines to run continuously, then you can set `auto_stop_machines` to `"off"` and `auto_start_machines` to `false` to turn off autostop/autostart completely.
+
+If you only need a certain number of your app's Machines to run continuously, then you can set `auto_stop_machines` to `"suspend"` or `"stop"` and `min_machines_running` to `1` or higher. Note that `min_machines_running` only applies to your app's primary region.
+
+### Private apps
+
+Requests to apps without services configured on your private network don't get routed through Fly Proxy and so Machines can't be automatically stopped or started by Fly Proxy. To use Fly Proxy autostart/autostart for private apps, set up services and use a Flycast private IPv6 address. See [Flycast - Private Fly Proxy Services](/docs/networking/flycast/) and [Autostop/autostart private apps](/docs/blueprints/autostart-internal-apps/).
+
+### Apps that shut down when idle
+
+Setting your app to automatically stop or suspend Machines when there's excess capacity using `auto_stop_machines` can be a substitute for when your app doesn't shut itself down automatically after a period of inactivity. If your app already shuts down when idle, then you can set `auto_start_machines = true` and `auto_stop_machines = "off"` to have Fly Proxy automatically restart the Machines stopped by your app.
+
+If you want a custom shutdown process for your app, then you can code your app to exit when idle.
+
+Here are some examples:
+
+* [Shutting Down a Phoenix App When Idle](https://fly.io/phoenix-files/shut-down-idle-phoenix-app/): a post by Chris McCord on adding a task to an Elixir app's supervision tree that shuts down the Erlang runtime when there are no active connections.
+* For Rails apps, the `dockerfile-rails` generator provides a [--max-idle](https://github.com/rubys/dockerfile-rails#addremove-a-feature+external) option that exits after _n_ seconds of inactivity.
+* [A Tired Proxy in Go](https://github.com/superfly/tired-proxy+external) used in [Building an In-Browser IDE the Hard Way](https://fly.io/blog/remote-ide-machines/). [There's a community fork with more recent updates](https://community.fly.io/t/improved-tired-proxy-for-use-with-fly-machines/10584).
+* A minimal demo app in TypeScript/Remix: [code](https://github.com/fly-apps/autoscale-to-zero-demo+external) & [demo](https://autoscale-to-zero-demo.fly.dev/+external).
+
+Fly Postgres also [supports scaling to zero](https://community.fly.io/t/scale-to-zero-postgres-for-hobby-projects/12212).
+
+## Default settings
+
+The defaults differ for new apps created with `fly launch` and for apps with no settings configured for autostop/autostart.
+
+### Apps created with `fly launch`
+
+When you create a new app using the `fly launch` command, the default settings in `fly.toml` are:
+
+```toml
+...
+[http_service]
+  internal_port = 8080
+  force_https = true
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 0
+...
+```
+
+### Apps with no autostop/autostart settings
+
+For apps that don't explicitly specify any autostop/autostart settings in `fly.toml`, Fly Proxy will automatically start stopped Machines when needed, but won't automatically stop or suspend them.
+
+## Related topics
+
+- [How Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/)
+- [Autostop/autostart private apps](/docs/blueprints/autostart-internal-apps/)
+- [Autoscale based on metrics](/docs/launch/autoscale-by-metric/)
diff --git a/launch/continuous-deployment-with-github-actions.html.md b/launch/continuous-deployment-with-github-actions.html.md
new file mode 100644
index 0000000000..c00c3177f2
--- /dev/null
+++ b/launch/continuous-deployment-with-github-actions.html.md
@@ -0,0 +1,158 @@
+---
+title: "Continuous Deployment with Fly.io and GitHub Actions"
+layout: docs
+nav: apps
+redirect_from: /docs/app-guides/continuous-deployment-with-github-actions/
+categories:
+  - ci
+  - github
+  - guide
+---
+
+<img src="http://github.com/static/images/continuous-deployment.webp" alt="A man writing code on a vintage desktop computer" class="rounded-xl">
+
+This guide works through setting up your app for continuous deployment to Fly.io from the app's GitHub repository. You might also like our blueprint on [deploying review apps with GitHub Actions](/docs/blueprints/review-apps-guide/).
+
+You'll start with an example application called [go-example](https://github.com/fly-apps/go-example+external). It's a simple, lightweight app that displays the Fly.io region that served the request.
+
+The first section is a speed-run through the steps to make the go-example app automatically deploy to Fly.io from GitHub. The next section loops back for a [longer look at each step](#a-longer-look-at-the-deployment-process).
+
+## Speed-run your way to continuous deployment
+
+1. Fork the [go-example](https://github.com/fly-apps/go-example+external) repository to your GitHub account.
+2. Clone the new repository to your local machine.
+3. Run `fly launch --no-deploy` from within the project source directory to create a new app and a `fly.toml` configuration file. 
+4. Type `y` to when prompted to tweak settings and enter a name for the app. Adjust other settings, such as region, as needed. Then click **Confirm Settings**.
+5. Still in the project source directory, get a Fly API deploy token by running `fly tokens create deploy -x 999999h`. Copy the output, including the `FlyV1` and space at the beginning.
+6. Go to your newly-created repository on GitHub and select **Settings**.
+7. Under **Secrets and variables**, select **Actions**, and then create a new repository secret called `FLY_API_TOKEN` with the value of the token from step 5.
+8. Back in your project source directory, create `.github/workflows/fly.yml` with these contents:
+    
+    ```yaml
+    name: Fly Deploy
+    on:
+      push:
+        branches:
+          - master    # change to main if needed
+    jobs:
+      deploy:
+        name: Deploy app
+        runs-on: ubuntu-latest
+        concurrency: deploy-group    # optional: ensure only one action runs at a time
+        steps:
+          - uses: actions/checkout@v4
+          - uses: superfly/flyctl-actions/setup-flyctl@master
+          - run: flyctl deploy --remote-only
+            env:
+              FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+    ```
+
+      <div class="note icon">
+      **Note:** The `go-example`’s default branch is `master`. If you’re using a different app, yours might be `main`. Change the `branches` value in the `fly.yml` file accordingly.
+      </div>
+
+9. Commit your changes and push them up to GitHub. You should be pushing two new files: `fly.toml`, the [Fly Launch](/docs/launch/) configuration file, and `fly.yml`, the GitHub action file.
+  
+Then the magic happens - The push triggers a deploy, and from now on whenever you push a change, the app will automatically be redeployed.
+
+If you want to watch the process take place, head to the repository and select the **Actions** tab, where you can view live logs of the commands running.
+
+## A longer look at the deployment process
+
+### `fly.toml` and the repository
+
+**Step 1** is a simple GitHub Fork; there's not a lot to say about that except that you need to do it, because you want control of the repository that you're deploying from.
+
+**Step 2** is just cloning the repository to your local system so that you can edit and push changes to it.
+
+**Steps 3 and 4** create a new app on Fly.io and a `fly.toml` configuration file to go into the repository.
+
+<div class="callout">
+A note about `fly.toml` in repositories: Usually, when Fly.io ships examples, we avoid putting the `fly.toml` file in the repository by including `fly.toml` in the `.gitignore` file. And users should be creating their own `fly.toml` with the `fly launch` command. When using GitHub Actions though, you want your `fly.toml` in the repository so that the action can use it in the deployment process.
+</div>
+
+### API tokens
+
+**Step 5** is about getting an API token. You can generate a deploy token to use to authorize a specific application. That's what `flyctl tokens create deploy -x 999999h` gives you. Remember to copy the whole token from the output, including the `FlyV1` and space at the beginning.
+For a more powerful token that can manage multiple applications, run `flyctl auth token`.
+
+**Steps 6 and 7** make your new token available to GitHub Actions that run against your repository. You'll add the token as a secret in the repository's settings. Under the **Settings** tab, go to **Secrets and variables** and select **Actions**. Click on the green "New repository secret" button, enter the name as `FLY_API_TOKEN`, and copy the token as the secret.
+
+If you'd prefer an environment secret instead, then you need to list the environment you selected in your deploy step.  For example:
+
+```yaml
+deploy:
+    name: Deploy app
+    runs-on: ubuntu-latest
+    environment: production
+```
+
+### Building the workflow and deployment
+
+**Step 8** is the heart of the process, where you put in place a workflow. Now, GitHub has a UI which allows you to select and edit workflows, but you can also modify them as part of the repository. So you create `.github/workflows/fly.yml` - you'll likely want to `mkdir -p .github/workflows` to quickly create the directories - and load up the file with a GitHub Action recipe.
+
+GitHub Action recipe, line by line:
+
+```yaml
+name: Fly Deploy
+```
+
+This sets the displayed name for the action.
+
+```yaml
+on:
+  push:
+    branches:
+      - master
+```
+
+When should this action be run. There's lots of options but in this case, in response to any `push` to the repository's `master` branch. If your repository uses a default branch other than `master`, such as `main`, then you should change that here.
+
+```yaml
+jobs:
+  deploy:
+      name: Deploy app
+      runs-on: ubuntu-latest
+      concurrency: deploy-group
+```
+
+An action is made up of named jobs, in this case one job to deploy the application. The jobs run on a virtual machine. This section gives the "deploy" job the name "Deploy app" and tells GitHub Actions to run it on a virtual machine with the latest version of Ubuntu on it. Optionally, use the `concurrency` key with a custom group name to ensure that only one action runs at a time for that group. 
+
+The next part is to set up the steps needed to complete this job.
+
+```yaml
+      steps:
+        - uses: actions/checkout@v4
+```
+
+The first step is one of the built in Actions steps. The step `uses` the [`checkout@v4` action](https://github.com/marketplace/actions/checkout+external) which checks out the repository into a directory on the virtual machine. You're now ready to deploy.
+
+```yaml
+        - uses: superfly/flyctl-actions/setup-flyctl@master
+        - run: flyctl deploy --remote-only
+```
+
+This step `uses` the [superfly/flyctl-actions action](https://github.com/marketplace/actions/github-action-for-flyctl+external). This is a GitHub action created by Fly.io which wraps around the `flyctl` command. The wrapper is invoked with the `deploy` argument which will take over the process of building and moving the application to the Fly.io infrastructure. It uses the settings from the `fly.toml` file to guide it and uses the `FLY_API_TOKEN` to authorize its access to the Fly.io GraphQL API.
+
+```yaml
+          env:
+            FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+```
+
+This pulls the API token from GitHub's secrets engine and puts it into the environmental variables passed to the action.
+
+**Step 9** pushes your two new files to the repository: `fly.toml`, the app configuration file, and `fly.yml`, the GitHub action file. The push triggers your first automatic deploy. The GitHub action now triggers a redeploy each time you push changes to your repo.
+
+## Conclusion and further reading
+
+And that's the deployment process. You can, of course, leverage the GitHub Actions environment to manage more intricate deployments, interact with other applications&mdash;say to send Slack messages on completion&mdash;or whatever else you can dream up.
+
+**Read:**
+
+* [Blueprint: Deploy review apps with GitHub Actions](/docs/blueprints/review-apps-guide/)
+* [Deploy Tokens](/docs/reference/deploy-tokens/)
+* [GitHub Actions Documentation](https://docs.github.com/en/actions+external)
+
+**See:**
+
+* [GitHub Actions for flyctl](https://github.com/superfly/flyctl-actions+external)
diff --git a/launch/create.html.markerb b/launch/create.html.markerb
new file mode 100644
index 0000000000..561c4a11f5
--- /dev/null
+++ b/launch/create.html.markerb
@@ -0,0 +1,105 @@
+---
+title: Create an app with Fly Launch
+layout: docs
+nav: apps
+redirect_from: /docs/apps/launch/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/launch-create.png" alt="Illustration by Annie Ruygt of a figure running and carrying a balloon" class="w-full max-w-lg mx-auto">
+</figure>
+
+This guide goes into some detail about using Fly Launch to create and configure an app. See [Getting Started](/docs/getting-started) for ways to get going even faster.
+
+Fly Launch is a collection of opinionated Fly.io platform features that help you configure and orchestrate your app as a unit. 
+
+## Create an app with Fly Launch
+
+To create a brand new app on Fly.io, run this command from the source directory of your project:
+
+```cmd
+fly launch
+``` 
+
+If you're in a hurry, you can also try our super-simple [demo app](https://fly.io/docs/getting-started/launch-demo/). Or get started with your favorite [language or framework](/docs/getting-started/get-started-by-framework/).
+
+## Ingredients for a successful `fly launch`
+
+The components of a successful launch, ready for the first deployment:
+
+* A way to get a Docker image that we can use to get your app running on a Machine.
+* A `fly.toml` file, created by `fly launch` or provided by you, for your app's Fly.io-specific [configuration](/docs/reference/configuration/).
+* Optional resources such as [public IP addresses](/docs/networking/services/), [app secrets](/docs/apps/secrets/), and [databases and storage](/docs/database-storage-guides/) from Fly.io or extenstion partners.
+
+## Framework launch scanners
+
+Depending on your project, `fly launch` may be able to look at your app's source code and get through that [ingredient list](#ingredients-for-a-successful-fly-launch), straight to a ready-to-deploy Fly App. This is most likely to work for frameworks on which Fly.io has people specializing full time. Right now that's [Elixir/Phoenix](/docs/elixir/), [Laravel](/docs/laravel/), [Rails](/docs/rails/), and [Django](/docs/django/), but we also have launch guides for other [languages and frameworks](/docs/languages-and-frameworks/).
+
+Our best scanners furnish a Dockerfile from which your app's image will be built. Some of our terrible older scanners may invoke [buildpacks](/docs/reference/builders/#buildpacks), which tend to be slow and brittle.
+
+Running `fly launch` in a directory containing a working Django app (it happens to be the one from [our Django getting-started example](/docs/django/getting-started/)):
+
+```cmd
+fly launch
+```
+```out
+Scanning source code
+Detected a Django app
+Creating app in /flyio/hello-django
+We're about to launch your Django app on Fly.io. Here's what you're getting:
+
+Organization: MyName                 (fly launch defaults to the personal org)
+Name:         hello-django           (derived from your directory name)
+Region:       Amsterdam, Netherlands (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? Yes
+...
+```
+
+The flyctl Django scanner has taken ownership of the launch. You can tweak the basic settings on the Fly Launch web page and then run `fly deploy` to deploy the new app. Visit our [Django guide](/docs/django/getting-started/) to see how that story will end. (Spoiler: it has a happy ending.)
+
+## Custom launch
+
+You can nudge `fly launch` to better suit your project. 
+
+### Point to an image or use a Dockerfile to build
+
+Tell `fly launch` how you want to get the Docker image for your app, using either the `--image` or `--dockerfile` option, or by catching the Dockerfile launch scanner's attention with the presence of a [Dockerfile](/docs/languages-and-frameworks/dockerfile/) in your project source directory. The Dockerfile scanner doesn't do a lot of configuration, but it prevents other scanners from taking over.
+
+The actual Docker image build (or image pull) for a Fly App takes place during deployment. `fly launch` sets the stage by recording how to build, or get, the image, and both the first and all later deploys use that information.
+
+### Customize the configuration file
+
+You can provide your own `fly.toml` and `fly launch` will offer to copy that configuration to a new app. `fly.toml` sets a starting point for the app configuration, and in some cases a framework launch scanner might overwrite parts of it.
+
+The `fly launch` command has plenty of [options](/docs/flyctl/launch/) you can use to control how your app gets created and provisioned.
+
+If `fly launch` doesn't have a scanner that can set up your app automatically, it will still initialize a new Fly App in your Fly.io organization and provide you with a default app configuration that's a reasonable starting point for a simple web app.
+
+You'll need to ensure that your Fly App's name is unique across all of Fly.io. By default, Fly Launch will derive an app name from the current directory name. If this is something common like "hello-world", then there's a good chance your launch will fail. You can use the `--name` flag to specify a unique name up front.
+
+You can also perform an entirely manual "launch", skipping all the launch scanners and full-service resource provisioning, using `fly apps create`, a hand-crafted (or copied) `fly.toml`, and step-by-step resource provisioning, followed by `fly deploy`.
+
+## After `fly launch`
+
+If you've run `fly launch` but haven't deployed yet (hint: you can do this with `fly launch --no-deploy`), or you deployed but want to make changes, then you can:
+
+* change your configuration
+* update your app source
+* change or provision platform resources such as [public IP addresses](/docs/networking/services/), [app secrets](/docs/apps/secrets/), and [databases and storage](/docs/database-storage-guides/).
+
+And then deploy (or redeploy) with [`fly deploy`](/docs/launch/deploy/).
+
+## Grow and scale
+
+Check out some of the ways you can increase availability, capacity, and performance with Fly.io:
+
+* Follow the blueprint for [extra Machines for more resilient apps](/docs/blueprints/resilient-apps-multiple-machines/)
+* Read up on [App availability and resiliency](/docs/reference/app-availability/)
+* [Autoscale Machines based on load or custom metrics](/docs/reference/autoscaling/)
+* [Scale Machine CPU and RAM](/docs/apps/scale-machine/) 
+* [Scale Machine count](/docs/apps/scale-count/)
+* Try out [Fly GPUs](/docs/gpus/)
diff --git a/launch/deploy.html.markerb b/launch/deploy.html.markerb
new file mode 100644
index 0000000000..b6865d66f4
--- /dev/null
+++ b/launch/deploy.html.markerb
@@ -0,0 +1,113 @@
+---
+title: Deploy an app
+layout: docs
+nav: apps
+redirect_from: /docs/apps/deploy/
+---
+
+<figure>
+  <img src="http://github.com/static/images/docs-apps.webp" alt="">
+</figure>
+
+A feature of Fly Launch, the `fly deploy` flyctl command builds your app and spins it up on one or more Fly Machines, applying the configuration specified in a local `fly.toml` file.
+
+Whether you've run [`fly launch`](/docs/launch/create/) with the `--no-deploy` option, or want to apply changes to your deployed app's source or configuration, you can make a new release by running 
+
+```cmd
+fly deploy
+``` 
+
+from the source directory of your project, where any app source code, project config, `fly.toml`, and Dockerfile are located.
+
+If you haven't deployed the app before, `fly deploy` creates one or two Machines for every [process group](/docs/apps/processes/) defined in the app's `fly.toml` file, depending on whether there are services and volumes configured. If you haven't explicitly defined any process groups, the first deployment gives you two Machines for redundancy. For more information about when Fly Launch creates one Machine or two Machines, refer to [Redundancy by default on first deploy](/docs/reference/app-availability/#redundancy-by-default-on-first-deploy).
+
+Subsequent deployments update the app's Machines as a group, with the latest local changes to the app's source and configuration. It's possible for a Fly App to have standalone Machines that aren't managed by `fly deploy`.
+
+
+## Configuration
+
+flyctl will look for a `fly.toml` file to find the name of the app to operate on, and for an app configuration to apply during deployment. Use `fly deploy -a <app-name>` to override the app name given in `fly.toml` and deploy the project in the current working directory to a different existing Fly App.
+
+There are [a number of other options](/docs/flyctl/deploy/) you can use with the `fly deploy` command.
+
+## The build
+
+`fly deploy` builds, or gets, the Docker image for the app, and refreshes Machines with the latest changes.
+
+Here's how `fly deploy` determines how to get the app's Docker image:
+
+1. If an image is specified, either with the `--image` option or in the `[build]` section of `fly.toml`, use that image, regardless of the presence of a Dockerfile in the working directory or the use of the `--dockerfile` option.
+2. Otherwise, check the [`[build]` section of `fly.toml`](/docs/reference/configuration/#the-build-section) and use the method specified there, whether it's a Dockerfile or a buildpack (but don't use buildpacks if you don't have to; they're brittle, bloated, and prone to change).
+3. Otherwise, if the `--dockerfile` flag supplies a path to a Dockerfile, use that Dockerfile to build the image. You read that right. The `--dockerfile` flag is looked at _after_ the `[build]` section of the config file.
+4. Otherwise, if there's a `Dockerfile` (named exactly `Dockerfile` or `dockerfile`) in the local working directory, use that Dockerfile for the build.
+
+## IP addresses
+
+If the app to be deployed is configured with an eligible HTTP `[[services]]` section, and it does not yet have [public IP addresses](/docs/networking/services/), `fly deploy` provisions a public IPv6 and a shared public IPv4 Anycast address. 
+
+## Machines not managed by Fly Launch
+
+Machines created using `fly deploy` (or as part of a deployment during `fly launch`), or by `fly clone`ing such a Machine, carry a piece of metadata marking them as belonging to Fly Launch (`"fly_platform_version": "v2"`). These Machines are updated as a group on all subsequent `fly deploy` commands.
+
+New Machines created using `fly machine run`, also known as unmanaged Machines, don't have the `fly_platform_version` metadata, and are not automatically managed by Fly Launch. These unmanaged Machines can have their own configuration different from that of the App, and can even be based on a different Docker image.
+
+## Volume mounts and `fly deploy`
+
+If a Machine has a mounted [volume](/docs/volumes/), `fly deploy` can't be used to mount a different one. You can change the mount point at which the volume's data is available in the Machine's file system, though. This is configured in the [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) of `fly.toml`.
+
+Learn more about [using Fly Volumes](/docs/volumes/).
+
+## `fly deploy` configuration in `fly.toml`
+
+Configure the following deployment behavior in the [`[deploy]` section](/docs/reference/configuration/#the-deploy-section) of `fly.toml`.
+
+### Release commands
+You can run a one-off [release command](/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment) in a temporary VM&mdash;using the successfully built release&mdash;before that release is deployed. This is good for, e.g., running database migrations. Keep in mind that these temporary VMs do not have access to any volumes you may have mounted in your apps.
+
+### Deployment strategy
+
+You can specify one of the following deployment strategies:
+
+* `rolling` (default): wait for each Machine to be successfully deployed before starting the update of the next one
+* `immediate`: bring all Machines down for update at once
+* `canary`: boot a single new Machine, verify its health, and then proceed with a rolling restart strategy
+* `bluegreen`: boot a new Machine alongside each running Machine in the same region, and migrate traffic to the new Machines only once all the new Machines pass health checks
+
+Learn more about [setting a deployment strategy](/docs/reference/configuration/#picking-a-deployment-strategy).
+
+```cmd
+fly deploy --strategy canary
+```
+```out
+...
+==> Building image
+Searching for image 'flyio/hellofly:latest' remotely...
+image found: img_z1nr0lpjz9v5q98w
+
+Watch your app at https://fly.io/apps/aged-water-8803/monitoring
+
+Creating canary machine for group app
+  Machine 328745da023e85 [app] update finished: success
+Canary machines successfully created and healthy, destroying before continuing
+machine 328745da023e85 was found and is currently in created state, attempting to destroy...
+Updating existing machines in 'example-app-8803' with canary strategy
+  [1/2] Machine 3287457df77785 [app] update finished: success
+  [2/2] Machine 91857266c41638 [app] update finished: success
+  Finished deploying
+...
+```
+
+## Not all changes require a new App release
+
+You can [add an IP address](/docs/networking/services/#ip-addresses) to an App, for example, without redeploying.
+
+Adding a [secret](/docs/apps/secrets/) to the App does require a restart, so `fly secrets set` triggers a new deployment.
+
+## Smoke checks
+
+Smoke checks monitor Machines during deployment, for about 10 seconds after a Machine enters the started state, to make sure the Machine stays running. If a Machine is constantly restarting with a non-zero exit code during this time, then the smoke check fails and the deployment is stopped. If possible, the smoke check failure output includes an excerpt of the logs to help you diagnose the issue with your app. 
+
+## Related topics
+
+- [Create a new app with Fly Launch](/docs/launch/create/)
+- [Troubleshooting your deployment](/docs/getting-started/troubleshooting/)
diff --git a/launch/index.html.markerb b/launch/index.html.markerb
new file mode 100644
index 0000000000..ad6ab18f84
--- /dev/null
+++ b/launch/index.html.markerb
@@ -0,0 +1,43 @@
+---
+title: Fly Launch
+layout: docs
+nav: apps
+redirect_from: 
+  - /launch/
+---
+
+Fly Launch helps you configure and orchestrate your app. If you followed one of our [Getting started](/docs/getting-started/) guides, then you're already using Fly Launch.
+
+<figure>
+  <img src="http://github.com/static/images/docs-island.webp" alt="">
+</figure>
+
+Fly Launch includes:
+
+- the `fly launch` command to get started with a new app
+- the `fly.toml` file for app configuration
+- the `fly deploy` command to deploy or redeploy your app
+- the `fly scale` command for quick horizontal and vertical scaling
+
+Learn how to work with Fly Launch:
+
+**Create and configure**
+
+- [Create an app with Fly Launch](/docs/launch/create/)
+- [Deploy an app](/docs/launch/deploy/)
+- [App configuration reference (fly.toml)](/docs/reference/configuration/)
+- [Add Volume storage](/docs/launch/volume-storage/)
+- [Use process groups for multiple processes in one app](/docs/launch/processes/)
+
+**Scale and control**
+
+- [Scale Machine CPU and RAM](/docs/launch/scale-machine/)
+- [Scale the number of Machines in an app](/docs/launch/scale-count/)
+- [Autostop/autostart Machines](/docs/launch/autostop-autostart/)
+- [Autoscale Machines based on metrics](/docs/launch/autoscale-by-metric/)
+
+**Custom deployments**
+
+- [Deploy an app with GitHub Actions](/docs/app-guides/continuous-deployment-with-github-actions/)
+- [Deploy review apps with GitHub Actions (Blueprint)](/docs/blueprints/review-apps-guide/)
+- [Deploy monorepo and multi-environment apps](/docs/launch/monorepo/)
diff --git a/launch/monorepo.html.md b/launch/monorepo.html.md
new file mode 100644
index 0000000000..d7a2884e00
--- /dev/null
+++ b/launch/monorepo.html.md
@@ -0,0 +1,74 @@
+---
+title: Monorepo and multi-environment deployments
+layout: docs
+nav: apps
+redirect_from: /docs/reference/monorepo/
+---
+
+By default, `fly deploy` builds and deploys a `fly.toml` file, a `Dockerfile`, and source code from the current working directory. This is sufficient for deploying a single app, but you can also configure flyctl to build and deploy multiple apps from a monorepo or deploy an app to multiple targets.
+
+## Paths
+
+### Working directory
+
+The first argument to `fly deploy` is the path to the working directory for your app's source code. For Dockerfile and Buildpack builds, this is the [build context](https://docs.docker.com/engine/reference/commandline/build/#usage) sent to the Docker daemon. It defaults to the current working directory. 
+
+You can override this by providing a path:
+
+```cmd
+fly deploy ./path/to/app
+```
+
+### `fly.toml` path   
+
+By default, `fly deploy` will look for a `fly.toml` in the working directory. You can override this using the `--config` option. 
+
+```cmd
+fly deploy --config ./path/to/fly.toml
+```
+
+### `Dockerfile` path
+
+By default, `fly deploy` will look for a `Dockerfile` in the working directory. You can override this using the `--dockerfile` option. 
+
+```cmd
+fly deploy --dockerfile ./path/to/Dockerfile
+```
+
+## Multi-stage Build Target
+
+By default, the final stage of a [multi-stage dockerfile](https://docs.docker.com/develop/develop-images/multistage-build) is exported as the deployed image. You can stop at a specific stage by using the `--build-target` option:
+
+```
+fly deploy --build-target web
+fly deploy --build-target api
+fly deploy --build-target worker
+```
+
+## Examples
+
+**Use a different fly.toml file per environment**
+
+```
+fly deploy --config ./fly.production.toml
+fly deploy --config ./fly.staging.toml
+```
+
+**Use a different Dockerfile per environment**
+
+```
+fly deploy --dockerfile ./Dockerfile.production
+fly deploy --dockerfile ./Dockerfile.staging
+```
+
+**Deploy a subdirectory**
+
+```cmd
+fly deploy ./apps/api
+```
+
+**Share a multi-stage Dockerfile with several Fly Apps**
+
+```cmd
+fly deploy --config fly.api.toml --build-target api
+```
diff --git a/apps/processes.html.markerb b/launch/processes.html.markerb
similarity index 87%
rename from apps/processes.html.markerb
rename to launch/processes.html.markerb
index ce563e4f39..23f8f5b9f5 100644
--- a/apps/processes.html.markerb
+++ b/launch/processes.html.markerb
@@ -1,20 +1,19 @@
 ---
-title: Run Multiple Process Groups in an App
-objective: 
+title: Run multiple process groups in an app
 layout: docs
-nav: firecracker
-order: 90
+nav: apps
+redirect_from: /docs/apps/processes/
 ---
 
 Process groups are a way to configure a single Fly App to run multiple different programs.
 
-You define processes in your `fly.toml`, giving each process group a name and a command to run at boot. Every defined process runs in its own Fly Machine(s) within the app, which means they don't compete with each other for VM resources, and they can be scaled individually.
+You define processes in your `fly.toml`, giving each process group a name and a command to run at boot. Every defined process runs in its own Fly Machine(s) within the app, which means they don't compete for resources, and they can be scaled by process group.
 
 ## The default process group
 
 If you don't explicitly define any processes, then the Machines in a Fly App belong to the default `app` process group, and on boot they run whatever entrypoint process the app's Docker image has. (Apps are shipped to Fly.io in Docker images, even though [we run VMs, not containers](https://fly.io/blog/docker-without-docker/).)
 
-When the `fly launch` command creates a `fly.toml` file for your app, the default service defined in the `http_service` section applies to the `app` process group.
+When the `fly launch` command creates a `fly.toml` file for your app, the default service defined in the `http_service` section belongs to the `app` process group.
 
 ## Run multiple processes
 
@@ -45,9 +44,11 @@ Chances are, you only want user requests to hit one of your processes; in the ab
   ...
 ```
 
-You can define distinct services for each process that needs to accept connections via Fly Proxy (whether [publicly](/docs/reference/services/) or via [Flycast](/docs/reference/private-networking/#flycast-private-load-balancing)), by creating multiple `[[services]]` sections in `fly.toml`. 
+You can define distinct services for each process that needs to accept connections from Fly Proxy (whether [publicly](/docs/networking/services/) or via [Flycast](/docs/networking/flycast)), by creating multiple `[[services]]` sections in `fly.toml`. 
 
-**Note:** Make sure processes handle connections on different [external ports](/docs/reference/configuration/#services-ports). Fly Proxy doesn't know about process groups; it load-balances requests among all Machines with a service configured on the requested port.
+<div class="important icon">
+**Important:** Make sure processes handle connections on different [external ports](/docs/reference/configuration/#services-ports). Fly Proxy doesn't know about process groups; it load-balances requests among all Machines with a service configured on the requested port.
+</div>
 
 ## Deployment
 
@@ -93,11 +94,10 @@ The following example clones a Machine into the `gru` (São Paulo) region:
 fly machine clone --region gru e2865641be9786
 ```
 
-Run the following commands to destroy a Machine:
+Run the following command to force stop and destroy a Machine:
 
 ```
-fly machine stop e2865641be9786
-fly machine destroy e2865641be9786
+fly machine destroy e2865641be9786 --force
 ```
 
 ## Scale a process group vertically
diff --git a/apps/scale-count.html.markerb b/launch/scale-count.html.markerb
similarity index 89%
rename from apps/scale-count.html.markerb
rename to launch/scale-count.html.markerb
index ff0d0a6ade..113d66b5f0 100644
--- a/apps/scale-count.html.markerb
+++ b/launch/scale-count.html.markerb
@@ -1,11 +1,16 @@
 ---
 title: Scale the Number of Machines
-objective: 
 layout: docs
-nav: firecracker
-order: 60
+nav: apps
+redirect_from: 
+  - /docs/reference/scaling/
+  - /docs/apps/scale-count/
 ---
 
+<figure>
+  <img src="http://github.com/static/images/docs-drones.webp" alt="">
+</figure>
+
 The maximum capacity of an app is determined by the number of Fly Machines belonging to it.  You scale an app horizontally by creating or destroying Machines.
 
 <div class="important icon">
@@ -14,12 +19,13 @@ Starting and stopping existing Machines is much faster than creating and destroy
 For bursty workloads, we recommend creating enough Machines to handle your peak load, and adjusting the active capacity of the app by stopping and starting Machines as needed. 
 
 For more information, see:
-* [Automatically Stop and Start App Machines](/docs/apps/autostart-stop/), for adjusting active capacity based on traffic.
+* [Automatically Stop and Start App Machines](/docs/launch/autostop-autostart/), for adjusting active capacity based on traffic.
+* [Autoscale based on metrics](/docs/launch/autoscale-by-metric/), to use the autoscaler app to scale Machines based on any metric.
 * [`fly machine` commands](/docs/flyctl/machine/), including [`start`](/docs/flyctl/machine-start/) and [`stop`](/docs/flyctl/machine-start/) subcommands to target individual Machines with flyctl.
-* Machines API [stop](/docs/machines/working-with-machines/#stop-a-machine) and [start](/docs/machines/working-with-machines/#start-a-machine) endpoints.
+* Machines API [stop](/docs/machines/api-machines-resource/#stop-a-machine) and [start](/docs/machines/api-machines-resource/#start-a-machine) endpoints.
 </div>
 
-There are two ways to change the number of Machines managed by [Fly Launch](/docs/apps/) after deploying an app for the first time:
+There are two ways to change the number of Machines managed by [Fly Launch](/docs/launch/) after deploying an app for the first time:
 
 1. with the `fly scale count` subcommand
 2. by explicitly [cloning](#scale-up-with-fly-machine-clone) or [destroying](#scale-down-with-fly-machine-destroy) existing Machines on the app
@@ -302,7 +308,7 @@ We're back in business and can scale as desired!
 
 ## Scale up with `fly machine clone`
 
-You can add Machines to an app by cloning Machines. The new Machine will be, as you would expect, a copy of the specified Machine, and will belong to the same process group. If the original Machine has a [Fly Volume](/docs/reference/volumes/) attached, an empty volume will be provisioned for the new Machine. It's up to you to decide what to put on the new volume; `fly machine clone` will not automatically copy the contents of the original Machine&#39;s volume.
+You can add Machines to an app by cloning Machines. The new Machine will be, as you would expect, a copy of the specified Machine, and will belong to the same process group. If the original Machine has a [Fly Volume](/docs/volumes/) attached, an empty volume will be provisioned for the new Machine. It's up to you to decide what to put on the new volume; `fly machine clone` will not automatically copy the contents of the original Machine&#39;s volume.
 
 The following commands create three new Machines by cloning an existing Machine: 
 
@@ -328,3 +334,10 @@ fly machine destroy --force 0e286039f42e86
 ```
 
 <div class="important"> If you destroy a Machine with a volume attached, the volume remains intact until you either explicitly destroy the volume or destroy the app it belongs to.</div>
+
+## Related reading
+
+- [Scale Machine CPU and RAM](/docs/launch/scale-machine/) How to use vertical scaling.
+- [Autoscale based on metrics](/docs/launch/autoscale-by-metric/) Learn about automatic scaling using metrics.
+- [flyctl scale — CLI reference](/docs/flyctl/scale/) Read a full breakdown of the scale subcommands. 
+- [Machine Placement and Regional Capacity](/docs/machines/guides-examples/machine-placement/) Find out how region choice and resource availability affect scaling success. 
diff --git a/launch/scale-machine.html.markerb b/launch/scale-machine.html.markerb
new file mode 100644
index 0000000000..715e47304d
--- /dev/null
+++ b/launch/scale-machine.html.markerb
@@ -0,0 +1,245 @@
+---
+title: Scale Machine CPU and RAM
+layout: docs
+nav: apps
+redirect_from: /docs/apps/scale-machine/
+---
+
+You can scale Machine memory and CPU settings for entire process groups in apps that are managed by Fly Launch (`fly deploy` + `fly.toml`). If you haven't defined any process groups, then commands and settings are applied to all the Machines in your app (in the default `app` process group).
+
+<div class="note icon">
+You can scale an app even if it has crashed. Its Machines are restarted with the new specification, however, if you redeploy the app, then any VM settings in `fly.toml` take precedence.
+</div>
+
+## Machine size configuration precedence
+
+1. **The `[[vm]]` section in `fly.toml`**: The `fly deploy` and `fly scale count` commands respect the VM size configurations in your app's `fly.toml` file.
+2. **Existing Machine sizes in the app:** If no VM size is set in `fly.toml`, then `fly deploy` won't change existing Machines, and `fly scale` will use existing Machines to infer new Machine sizes.
+3. **Default Machine size of `shared-cpu-1x`:** If no VM size is set in `fly.toml`, and there are no existing Machines to infer size from, then the default Machine size is used.
+
+## Check the VM resources on an app
+
+Here's a simple web app with three Machines running in different regions: two in Toronto and one in Tokyo. All the app's Machines belong to the default process group, `app`, since no other [processes](/docs/apps/processes/) exist. 
+
+```cmd
+fly status
+```
+```out    
+App
+  Name     = testrun                                        
+  Owner    = personal                                   
+  Hostname = testrun.fly.dev                                
+  Image    = testrun:deployment-01GWZY7ZVJ2HNED4B0KZBPS3AQ  
+
+Machines
+PROCESS	ID            	VERSION	REGION	STATE  	ROLE	CHECKS	                  LAST UPDATED
+app    	17811943f031d8	3     	yyz   	stopped	    	1 total, 1 passing      	2024-02-07T15:34:57Z
+app    	328749d3c53958	3     	yyz   	stopped	    	1 total, 1 passing      	2024-01-23T19:39:50Z
+app   	908057ef21e487	3     	nrt   	started	    	1 total, 1 passing      	2024-01-23T19:39:51Z
+```
+
+`fly scale show` shows the CPU and RAM settings for all the Machines deployed using `fly deploy` under this app.
+
+```cmd
+fly scale show
+```
+```out
+VM Resources for app: testrun
+
+Groups
+NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
+app     3       shared  1       256 MB  nrt,yyz(2)
+```
+
+These Machines are running at the `shared-cpu-1x` preset scale, with a single shared vCPU and 256MB RAM.
+
+## Add Machine size configuration to `fly.toml`
+
+With the `[[vm]]` section in `fly.toml`, you can set default Machine VM memory and CPU configurations, which [take precedence](#machine-size-configuration-precedence) when you run commands like `fly deploy` or `fly scale count`.
+
+This example shows a very simple config that specifies the `shared-cpu-2x` preset with 2GB of RAM:
+
+```toml
+[[vm]]
+  size = "shared-cpu-2x"
+  memory = "2gb"
+```
+
+If you don't include a process group in the `[[vm]]` section, then the settings apply to all process groups in your app. Add another `[[vm]]` section if you want different CPU or memory settings for specific process groups. 
+
+For details and more settings, see [The `vm` section](/docs/reference/configuration/#the-vm-section) in the `fly.toml` reference.
+
+## Scale VM memory and CPU with flyctl
+
+Use [`fly scale`](/docs/flyctl/scale) subcommands to apply VM memory and CPU settings to all Machines: `fly scale vm` applies a preset CPU/RAM combination; `fly scale memory` sets RAM separately, for cases when the preset's RAM is not enough.
+
+<div class="important icon">
+**Important:** If you make changes using `fly scale vm` or `fly scale memory`, the VM settings in `fly.toml` take precedence when you redeploy the app.
+</div>
+
+### Select a preset CPU/RAM combination
+
+There are a number of VM size presets available. See the list of valid named presets with `fly platform vm-sizes`.
+
+Scale to a different preset using `fly scale vm`. In general, you should choose a named VM "size" based on your desired CPU type and scale; RAM can be increased separately.
+
+```cmd
+fly scale vm shared-cpu-2x
+```
+```out
+Updating machine 148ed599c14189
+  Waiting for 148ed599c14189 to become healthy (started, 1/1)
+Machine 148ed599c14189 updated successfully!
+Updating machine 32874400f35285
+  Waiting for 32874400f35285 to become healthy (started, 1/1)
+Machine 32874400f35285 updated successfully!
+Updating machine 9080e6e1f94987
+  Waiting for 9080e6e1f94987 to become healthy (started, 1/1)
+Machine 9080e6e1f94987 updated successfully!
+Scaled VM Type to 'shared-cpu-2x'
+      CPU Cores: 2
+         Memory: 512 MB
+```
+
+Check that the `app` process group has had this scale applied:
+
+```cmd
+fly scale show   
+```
+```out         
+VM Resources for app: testrun
+
+Groups
+NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
+app     3       shared  2       512 MB  nrt,yyz(2)
+```
+
+You can also confirm that an individual Machine's config matches this, using `fly machine status <machine ID>`:
+
+```cmd
+fly machine status 148ed599c14189
+```
+```out
+Machine ID: 148ed599c14189
+Instance ID: 01GX6Q2WE04M85XTHGPYGJK4X6
+State: started
+
+VM
+  ...                                       
+  Process Group = app                                        
+  CPU Kind      = shared                                     
+  vCPUs         = 2                                          
+  Memory        = 512                                        
+  ...
+```
+
+Looks good!
+
+### Add RAM
+
+If you are happy with the provisioned CPU resources, but want more memory, then use `fly scale memory` to top up the RAM.
+
+If your app crashes with an out-of-memory error, then scale up its RAM. Flyctl restarts the Machines to use the new setting. Scaling memory this way lets you test your app with more or less RAM, before optionally [setting memory more permanently in `fly.toml`](#add-machine-size-configuration-to-flytoml).
+
+```cmd
+fly scale memory 4096
+```
+```out
+Updating machine 32874400f35285
+  Waiting for 32874400f35285 to become healthy (started, 1/1)
+Machine 32874400f35285 updated successfully!
+Updating machine 148ed599c14189
+  Waiting for 148ed599c14189 to become healthy (started, 1/1)
+Machine 148ed599c14189 updated successfully!
+Updating machine 9080e6e1f94987
+  Waiting for 9080e6e1f94987 to become healthy (started, 1/1)
+Machine 9080e6e1f94987 updated successfully!
+Scaled VM Type to 'shared-cpu-2x'
+      CPU Cores: 2
+         Memory: 4096 MB
+```
+
+```cmd
+fly scale show
+```
+```out
+VM Resources for app: testrun
+
+Groups
+NAME    COUNT   KIND    CPUS    MEMORY  REGIONS    
+app     3       shared  2       4096 MB nrt,yyz(2)
+```
+
+
+If you try to set an incompatible CPU/RAM combination through `fly scale memory`, flyctl will let you know. There's a list of allowed CPU/RAM combinations and their prices on [our Pricing page](/docs/about/pricing/). 
+
+### Scale by process group
+
+Use the `--process-group` option to specify the process group to scale, with either `fly scale vm` or `fly scale memory`.
+
+<div class="note icon">
+**Note**: The `--process-group` option is aliased to `-g` for faster command entry.
+</div>
+
+Here's an app with two process groups defined:
+
+```cmd
+fly scale show
+```
+```out
+VM Resources for app: mr18-2
+
+Groups
+NAME    COUNT   KIND    CPUS    MEMORY  REGIONS 
+worker  2       shared  1       512 MB  ams,yyz
+web     1       shared  1       512 MB  yyz   
+```
+
+Say the workers are constantly crunching data and need to be bigger. You can scale a single process group using the `--process-group` option:
+
+```cmd
+fly scale vm performance-2x --process-group worker
+```
+```out
+Updating machine 0e286561f35586
+No health checks found
+Machine 0e286561f35586 updated successfully!
+Updating machine 32873d9b012048
+No health checks found
+Machine 32873d9b012048 updated successfully!
+Scaled VM Type for 'worker' to 'performance-2x'
+      CPU Cores: 2
+         Memory: 4096 MB
+```
+
+Check the result: 
+
+```cmd
+fly scale show
+```
+```out
+VM Resources for app: mr18-2
+
+Groups
+NAME    COUNT   KIND            CPUS    MEMORY  REGIONS 
+worker  2       performance     2       4096 MB ams,yyz
+web     1       shared          1       512 MB  yyz 
+```
+
+## Machines not belonging to Fly Launch
+
+If an app has Machines that don't belong to Fly Launch (in other words, if you created Machines using `fly machine run` or the Machines API), then `fly status` will warn you of their existence:
+
+```text
+Found machines that aren't part of Fly Launch, run fly machines list to see them.
+```
+
+The app-wide `fly scale` commands and any VM settings in `fly.toml` don't apply to these Machines, but you can scale any Machine individually with `fly machine update`:
+
+```
+fly machine update --vm-size shared-cpu-2x 21781973f03e89
+fly machine update --vm-memory 1024 21781973f03e89
+fly machine update --vm-cpus 2 21781973f03e89
+```
+
+If you try to set an incompatible CPU/RAM combination through `fly machine update --vm-memory` or `fly machine update --vm-cpus`, flyctl will let you know. Learn more about [individual Machine sizing with flyctl and the Machines API](/docs/machines/guides-examples/machine-sizing/).
diff --git a/launch/volume-storage.html.markerb b/launch/volume-storage.html.markerb
new file mode 100644
index 0000000000..e18703ede6
--- /dev/null
+++ b/launch/volume-storage.html.markerb
@@ -0,0 +1,172 @@
+---
+title: Add volume storage to a Fly Launch app
+layout: docs
+nav: apps
+redirect_from: /docs/apps/volume-storage/
+---
+
+Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). 
+
+Learn more: 
+- [How Fly Volumes work](/docs/volumes/overview/)
+- [How to manage volumes with flyctl commands](/docs/volumes/volume-manage/)
+- [How to manage volume snapshots (backups)](/docs/volumes/snapshots)
+
+## Launch a new app with a Fly Volume
+
+Use [Fly Launch](/docs/launch/) to create a new app with one Machine and an attached volume, and then clone the Machine to scale out.
+
+1. Launch a new app from your project source directory with the `--no-deploy` option so it doesn't deploy automatically. Include any required options for deploying your app, like `--image` or `--dockerfile`.
+
+    ```cmd
+    fly launch --no-deploy
+    ```
+    `fly launch` creates a `fly.toml` app configuration file in your project source directory.
+
+1. After the app is created, add a [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) in the `fly.toml`, where `source` is the volume name and `destination` is the directory where the volume should be mounted on the Machine file system. For example:
+
+    ```toml
+    [mounts]
+      source = "myapp_data"
+      destination = "/data"
+    ```
+
+        <div class="note icon">
+        <b>Note:</b> You can't mount a volume with `destination="/"` since `/` is used for the root file system.
+        </div>
+
+1. Deploy the app:
+
+    ```cmd
+    fly deploy 
+    ```
+
+1. [Confirm that the volume is attached to a Machine](#confirm-the-volume-is-attached-to-a-machine).
+
+1. (Recommended only if your app handles replication) Clone the first Machine to scale out to two Machines with volumes:
+
+    ```cmd
+    fly machine clone <machine id>
+    ```
+
+    List volumes to check the result:
+
+    ```cmd
+    fly volumes list
+    ```
+
+    Example output showing two volumes with attached Machines:
+    ```out
+    ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT     
+    vol_ez1nvxkwl3jrmxl7    created data    1GB     lhr     4de2    true            91851edb6ee983  39 seconds ago
+    vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  7 minutes ago
+    ```
+
+<div class="warning icon">
+<b>Warning:</b> `fly machine clone` doesn't write data into the new volume.
+</div>
+
+## Add volumes to an existing app
+
+Add a volume to an app created with [Fly Launch](/docs/launch/).
+
+1. Add a [`[mounts]` section](/docs/reference/configuration/#the-mounts-section) in the app's `fly.toml`, where `source` is the volume name and `destination` is the directory where the volume should be mounted on the Machine file system. For example:
+
+    ```toml
+    [mounts]
+      source = "myapp_data"
+      destination = "/data"
+    ```
+
+2. Run `fly status` to check the [regions](/docs/reference/regions/) of the Machines and then create the volume in the same regions as your app's Machines. For example:
+
+    ```cmd
+    fly volumes create <volume name> -r <region code>
+    ```
+
+3. Repeat step 2 for each Machine in the process group. If you create an app using the `fly launch` command, then the app will usually have two Machines in the `app` process by default.
+
+        <div class="note icon">
+        **Note:** If you have multiple Machines, then you need to create an equal number of volumes with the same name. For example, your app's `[mounts]` config specifies `source="myapp_data"` and you have three Machines in `bos` (Boston), then you need to create three volumes named `myapp_data` in `bos`. Every volume has a unique ID to allow for multiple volumes with the same name.
+        </div>
+
+4. Deploy the app:
+
+    ```cmd
+    fly deploy 
+    ```
+
+5. [Confirm that the volume is attached to a Machine](#confirm-the-volume-is-attached-to-a-machine).
+
+## Confirm the volume is attached to a Machine
+
+Use flyctl to check the status of volumes and Machines.
+
+### List the Machines
+
+List Machines to check attached volumes:
+
+```cmd
+fly machine list
+```
+
+Example output:
+
+```out
+1 machines have been retrieved from app my-app-name.
+View them in the UI here
+
+my-app-name
+ID            	NAME        STATE   REGION	 IMAGE                	IP ADDRESS                    	VOLUME              	CREATED             	LAST UPDATED        	APP PLATFORM	PROCESS GROUP	SIZE
+328773d3c47d85	my-app-name	stopped	yul   	flyio/myimageex:latest	fdaa:2:45b:a7b:19c:bbd4:95bb:2	vol_6vjywx86ym8mq3xv	2023-08-20T23:09:24Z	2023-08-20T23:16:15Z	v2          	app          	shared-cpu-1x:256MB
+```
+
+### List the volumes
+
+List volumes to check attached Machines:
+
+```cmd
+fly volumes list
+```
+
+Example output:
+
+```out
+ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT    
+vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  3 minutes ago
+```
+
+### SSH into the Machine
+
+View the volume in the Machine file system:
+
+```cmd
+fly ssh console -s -C df
+```
+
+Example output showing a 1GB volume mounted at `/data`:
+
+```out
+? Select VM: lhr: 5683606c41098e fdaa:0:3b99:a7b:7e:3155:9844:2 nameless-feather-6339
+Connecting to fdaa:0:3b99:a7b:7e:3155:9844:2... complete
+Filesystem     1K-blocks   Used Available Use% Mounted on
+devtmpfs          103068      0    103068   0% /dev
+/dev/vda         8191416 172748   7582856   3% /
+shm               113224      0    113224   0% /dev/shm
+tmpfs             113224      0    113224   0% /sys/fs/cgroup
+/dev/vdb         1011672   2564    940500   1% /data
+```
+
+The volume is mounted in the directory specified by the `destination` field in the `[mounts]` section of the `fly.toml` file, or the `attach-volume` option for cloned Machines.
+
+## Access a volume
+
+<%= partial "/docs/partials/docs/volumes_access" %>
+
+## Related topics
+
+- [Fly Volumes overview](/docs/volumes/overview/)
+- [`mounts` section](/docs/reference/configuration/#the-mounts-section) in the `fly.toml` app configuration file
+- [Create and manage volumes](/docs/volumes/volume-manage/)
+- [Manage volume snapshots](/docs/volumes/snapshots/)
+- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/litefs/backup.html.markerb b/litefs/backup.html.markerb
index d536dfb124..fe00467e92 100644
--- a/litefs/backup.html.markerb
+++ b/litefs/backup.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Backing up your LiteFS cluster
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
@@ -11,12 +10,6 @@ currently have a disaster recovery system in place in the event you lose your
 entire cluster. These are some strategies you can use to reduce your risk of
 data loss in the event of a bug or disk corruption.
 
-If you'd rather let someone else handle your backups, check out the
-[Using LiteFS Cloud for Backups][] docs. You can use LiteFS Cloud for backups
-even if your LiteFS cluster is not running on Fly.io!
-
-[Using LiteFS Cloud for Backups]: /docs/litefs/cloud-backups
-
 ## Periodic backup via export
 
 The simplest approach is to export your database via the [litefs
@@ -54,4 +47,89 @@ aws s3 cp /path/to/backup.gz s3://mybucket/backup-`date +%d%H`.gz
 This backup can be run on any of your nodes as even the replicas should have
 minimal lag behind the primary. If you run this on multiple nodes (such as all
 your candidates), make sure they are backing up to different storage locations
-so they do not overwrite one another.
\ No newline at end of file
+so they do not overwrite one another.
+
+
+## Continuous backup via Litestream
+
+[Litestream](https://litestream.io/) is a tool for continuously streaming
+incremental backups to S3-compatible object storage. You can use it on top of
+LiteFS to provide point-in-time recovery in case your cluster fails for any reason.
+
+<div class="warning">
+This approach only works if you are running a static lease on your cluster.
+</div>
+
+
+### Initialize your bucket
+
+First, you'll need to create a bucket on S3-compatible storage. In this example,
+we'll use [Tigris](https://www.tigrisdata.com/) since it integrates nicely with
+Fly.io.
+
+```sh
+fly storage create
+```
+
+This command will return several configuration variables. Set the AWS access key
+ID and secret access key as secrets in your application:
+
+```sh
+fly secrets set AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=...
+```
+
+
+### Set up your configuration file
+
+Once your bucket is created, you'll need to create a
+[Litestream configuration file](https://litestream.io/reference/config/). In
+this example, change `my.db` and `mybucket` to your respective database file and
+bucket names:
+
+```yml
+dbs:
+  - path: /litefs/my.db
+    meta-path: /var/lib/litefs/my.db-litestream
+    replicas:
+      - type: s3
+        bucket: "mybucket"
+        path: "my.db"
+        endpoint: "fly.storage.tigris.dev"
+        force-path-style: true
+```
+
+If you save this file to `/etc/litestream.yml` then Litestream will pick it up
+automatically for any Litestream commands you use.
+
+The `meta-path` should be a path on a persistent volume. In this example, we're
+assuming that `/var/lib/litefs` has been mounted from a volume.
+
+### Running Litestream
+
+Litestream should be run after LiteFS has been initialized so we can specify it
+in the LiteFS `exec`. Litestream can run its own `exec` so you should specify 
+your application there.
+
+```yml
+# litefs.yml
+
+exec: "litestream replicate -exec myapp"
+```
+
+Litestream should only be run on the primary node. It requires write access to
+the database so it will not run on read-only replicas.
+
+### Verifying your setup
+
+Once you have your application running, you should be able to run Litestream's
+[restore](https://litestream.io/reference/restore/) command to fetch the current
+version of the database:
+
+```sh
+litestream restore -o ~/myrestored.db /litefs/my.db
+```
+
+If you need to recover from a loss of the database, you'll need to restore your
+SQLite database to a file and then use [litefs import](/docs/litefs/import) to 
+import it into your cluster. Litestream cannot restore directly into your LiteFS
+mount.
diff --git a/litefs/cloud-backups.html.markerb b/litefs/cloud-backups.html.markerb
index 28e62b10d6..f209ae73d6 100644
--- a/litefs/cloud-backups.html.markerb
+++ b/litefs/cloud-backups.html.markerb
@@ -1,11 +1,12 @@
 ---
 title: Using LiteFS Cloud for Backups
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
 
+<%= partial "/docs/partials/docs/litefs_sunset" %>
+
 The simplest way to implement disaster recovery for your LiteFS cluster is
 to use Fly.io's LiteFS Cloud for backups. LiteFS Cloud provides reliable backup
 and restore functionality, which reduces the risk of data loss in the event
@@ -15,29 +16,24 @@ your state.
 
 In this doc, we'll show you how to add LiteFS Cloud to an existing LiteFS
 cluster. If you're not using LiteFS yet, take a look at the
-[getting started guide][], which walks you through setting LiteFS up for your
-app, including LiteFS Cloud.
+[getting started guide](/docs/litefs/getting-started-fly), which walks you
+through setting LiteFS up for your app, including LiteFS Cloud.
 
 If you'd rather implement your own backups, take a look at the
-[Backing up your LiteFS cluster][] docs.
-
-[getting started guide]: /docs/litefs/getting-started-fly
-[Backing up your LiteFS cluster]: /docs/litefs/backup
+[Backing up your LiteFS cluster](/docs/litefs/backup) docs.
 
 ## Creating a LiteFS Cloud cluster
 
 If you want to back up your database using LiteFS Cloud, you'll need to create
 a LiteFS Cloud cluster. You can do this in the Fly.io dashboard. First,
-[sign up for an account][Sign up] if you haven't already. After you're signed in,
+[sign up for an account](/docs/hands-on/sign-up-sign-in/) if you haven't already. After you're signed in,
 navigate to the LiteFS Cloud section on the left navbar, and then use the Create
 button to create a new cluster.
-[Here's a handy link to the LiteFS Cloud dashboard][LiteFS Cloud Dashboard] if you prefer!
+[Here's a handy link to the LiteFS Cloud dashboard](https://fly.io/dashboard/personal/litefs) if you prefer!
 
 When you create your LiteFS Cloud cluster, you'll be asked to save an auth token.
 Keep this handy - you'll use it below.
 
-[Sign up]: /docs/hands-on/sign-up
-[LiteFS Cloud Dashboard]: https://fly.io/dashboard/personal/litefs
 
 ## Configuring LiteFS to use LiteFS Cloud
 
@@ -45,15 +41,14 @@ Keep this handy - you'll use it below.
 
 Before configuring LiteFS Cloud, you must update your LiteFS to a version that supports
 LiteFS Cloud. Update to `v0.5.0` or greater. You can do this by
-[installing the latest version][LiteFS Installation].
+[installing the latest version](/docs/litefs/getting-started-fly/#installing-litefs).
 
-[LiteFS Installation]: /docs/litefs/getting-started-fly/#installing-litefs
 
 ### LiteFS Cloud Configuration
 
 When you created your LiteFS Cloud cluster, you got a LiteFS Cloud API authentication
 token. (If you lost it, you can create a new one in
-[the LiteFS Cloud dashboard][LiteFS Cloud Dashboard].)
+[the LiteFS Cloud dashboard](https://fly.io/dashboard/personal/litefs).)
 
 This token should be made available to LiteFS via the `LITEFS_CLOUD_TOKEN` environment
 variable. If you're running on Fly.io, you can add a secret for it with:
@@ -81,4 +76,3 @@ systemctl restart litefs
 
 Remember that this needs to be run for every LiteFS node.
 
-[LiteFS Cloud Dashboard]: https://fly.io/dashboard/personal/litefs
diff --git a/litefs/cloud-restore.html.markerb b/litefs/cloud-restore.html.markerb
index 8340dd6513..d8b6ec26ae 100644
--- a/litefs/cloud-restore.html.markerb
+++ b/litefs/cloud-restore.html.markerb
@@ -1,10 +1,10 @@
 ---
 title: Restoring from a LiteFS Cloud Backup
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
+<%= partial "/docs/partials/docs/litefs_sunset" %>
 
 ## Overview
 
@@ -23,7 +23,7 @@ did the first (erroneous) restore!
 ## Restoring your LiteFS database
 
 To restore your LiteFS database to a snapshot, navigate to
-the [Fly.io LiteFS dashboard][LiteFS Dashboard], find
+the [Fly.io LiteFS dashboard](https://fly.io/dashboard/personal/litefs), find
 the LiteFS Cloud cluster and database you would like to restore,
 and click the "view backups" link. Then you can select a date and time
 to restore from. Since restore is a destructive function (you are likely
@@ -37,14 +37,13 @@ after you make a write to your database. For production applications (where
 writes are frequent), this is unlikely to be noticeable, but if you're
 testing it out, you may need to manually make a write to see changes!
 
-[LiteFS Dashboard]: https://fly.io/dashboard/personal/litefs
 
 ## Limitations
 
 ### Snapshot age
 
 LiteFS Cloud stores "snapshots" as a series of
-[LTX files][]. For cost and performance reasons,
+[LTX files](https://github.com/superfly/litefs/blob/main/docs/ARCHITECTURE.md#lite-transaction-files-ltx). For cost and performance reasons,
 LiteFS Cloud compacts these files into files containing transactions
 from five minute intervals. This means that when you select a
 timestamp for restoring, LiteFS Cloud takes the most recent file
@@ -52,7 +51,6 @@ available from before that timestamp, which means that you may miss
 some transactions that happened within the five minute period before
 the timestamp you selected.
 
-[LTX files]: https://github.com/superfly/litefs/blob/main/docs/ARCHITECTURE.md#lite-transaction-files-ltx
 
 ### Snapshot restore requires database write
 
diff --git a/litefs/config.html.markerb b/litefs/config.html.markerb
index 07103364a5..14bbcef088 100644
--- a/litefs/config.html.markerb
+++ b/litefs/config.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Config Reference
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/disaster-recovery.html.markerb b/litefs/disaster-recovery.html.markerb
index 7ba450c877..fc2c8070e2 100644
--- a/litefs/disaster-recovery.html.markerb
+++ b/litefs/disaster-recovery.html.markerb
@@ -1,17 +1,17 @@
 ---
 title: Disaster Recovery from LiteFS Cloud
 layout: docs
-sitemap: false
 nav: litefs
 ---
+<%= partial "/docs/partials/docs/litefs_sunset" %>
 
 The biggest advantage of using LiteFS Cloud is that you have backups
 to restore from in case of an unfortunate situation where you lose
 all the nodes in your cluster. In this doc, we'll show you how to restore
 your cluster from LiteFS Cloud if you've lost all the nodes.
 
-<section class="warning icon">
-You should only follow the steps in this document if you've lost all
+<section class="important icon">
+**Important:** You should only follow the steps in this document if you've lost all
 nodes of your LiteFS cluster. Otherwise, you can
 [restore from a LiteFS Cloud backup](/docs/litefs/cloud-restore).
 </section>
diff --git a/litefs/events.html.markerb b/litefs/events.html.markerb
index 1d1444eb8f..5c72bdfa01 100644
--- a/litefs/events.html.markerb
+++ b/litefs/events.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Reading the LiteFS event stream
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/export.html.markerb b/litefs/export.html.markerb
index f731a0bd0b..2905e6ae1f 100644
--- a/litefs/export.html.markerb
+++ b/litefs/export.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Export Command
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/faq.html.markerb b/litefs/faq.html.markerb
index e2c97691f5..4925e0ba9d 100644
--- a/litefs/faq.html.markerb
+++ b/litefs/faq.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS FAQ
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/getting-started-docker.html.markerb b/litefs/getting-started-docker.html.markerb
index 4c1d601e40..a321f9f256 100644
--- a/litefs/getting-started-docker.html.markerb
+++ b/litefs/getting-started-docker.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Getting Started with LiteFS in Docker
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
@@ -196,43 +195,6 @@ Refer to the [`litefs import`](/docs/litefs/import) documentation for more detai
   Do not use `cp` to copy a database into place.
 </div>
 
-
-## LiteFS Cloud configuration (optional)
-
-### Creating a LiteFS Cloud Cluster
-
-You can choose to create a LiteFS Cloud cluster, which will provide automatic
-backups managed by Fly.io. With LiteFS Cloud, you'll have the ability to restore
-your LiteFS database to any point in time near instantaneously. You can use LiteFS Cloud
-to back up and restore your database running anywhere (whether you plan to run your
-application on the Fly Platform, or somewhere else).
-
-You can create your LiteFS Cloud cluster in the Fly.io dashboard. First,
-[sign up for an account](/docs/hands-on/sign-up) if you haven't already. After you're signed in,
-navigate to the LiteFS Cloud section on the left navbar, and then use the Create button
-to create a new cluster.
-[Here's a handy link to the LiteFS Cloud dashboard](https://fly.io/dashboard/personal/litefs) if you prefer!
-
-When you create your LiteFS Cloud cluster, you'll be asked to save an auth token.
-Keep this handy - you'll use it later.
-
-Just a note: if you decide not to create a LiteFS Cloud cluster right now,
-you can always change your mind and add it later. Check out the
-[LiteFS Cloud backup](/docs/litefs/cloud-backups) docs for more details.
-
-
-### Configuring LiteFS to use LiteFS Cloud
-
-If you're using LiteFS Cloud for backups, you'll need to provide a LiteFS Cloud
-API authentication token, which you got when you created the cluster (or you can
-create a new one from [the LiteFS Cloud section](https://fly.io/dashboard/personal/litefs) in Fly.io
-dashboard).
-
-This token should be made available to LiteFS via the `LITEFS_CLOUD_TOKEN` environment
-variable. This is a secret value, so configure it however you configure secrets
-for your application! This will depend on your platform.
-
-
 ## Configuring writes to primary node
 
 LiteFS has a few differences from regular SQLite since it is a distributed
@@ -250,3 +212,6 @@ You can take a look at this [sample nginx config](https://github.com/superfly/li
 the primary node, and load balances between primary and replica node
 for other requests.
 
+## Next steps
+
+[Back up your LiteFS cluster](/docs/litefs/backup/).
diff --git a/litefs/getting-started-fly.html.markerb b/litefs/getting-started-fly.html.markerb
index 5f230f8b7a..cb13f7e192 100644
--- a/litefs/getting-started-fly.html.markerb
+++ b/litefs/getting-started-fly.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Getting Started with LiteFS on Fly.io
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 redirect_from:
@@ -17,33 +16,6 @@ running on Fly.io. For a full, working example of a LiteFS application, please s
 
 [litefs-example]: https://github.com/superfly/litefs-example
 
-
-## Creating a LiteFS Cloud Cluster (optional)
-
-You can choose to create a LiteFS Cloud cluster, which will provide automatic
-backups managed by Fly.io. With LiteFS Cloud, you'll have the ability to restore
-your LiteFS database to any point in time near instantaneously. You can use LiteFS Cloud
-to back up and restore your database running anywhere (whether you plan to run your
-application on the Fly Platform, or somewhere else).
-
-You can create your LiteFS Cloud cluster in the Fly.io dashboard. First,
-[sign up for an account][Sign up] if you haven't already. After you're signed in,
-navigate to the LiteFS Cloud section on the left navbar, and then use the Create button
-to create a new cluster.
-[Here's a handy link to the LiteFS Cloud dashboard][LiteFS Cloud Dashboard] if you prefer!
-
-When you create your LiteFS Cloud cluster, you'll be asked to save an auth token.
-Keep this handy - you'll use it later.
-
-Just a note: if you decide not to create a LiteFS Cloud cluster right now,
-you can always change your mind and add it later. Check out the
-[LiteFS Cloud backup][] docs for more details.
-
-[Sign up]: /docs/hands-on/sign-up
-[LiteFS Cloud backup]: /docs/litefs/cloud-backups
-[LiteFS Cloud Dashboard]: https://fly.io/dashboard/personal/litefs
-
-
 ## Installing LiteFS
 
 ### Dependencies
@@ -180,22 +152,6 @@ guide.
 [fly.io]: https://fly.io
 [lease management]: /docs/litefs/config#lease-management
 
-
-### LiteFS Cloud Configuration
-
-If you're using LiteFS Cloud for backups, you'll need to provide a LiteFS Cloud
-API authentication token, which you got when you created the cluster (or you can
-create a new one from [the LiteFS Cloud section][LiteFS Cloud Dashboard] in Fly.io
-dashboard).
-
-You should add this as a secret for your application named `LITEFS_CLOUD_TOKEN` with:
-
-```cmd
-fly secrets set LITEFS_CLOUD_TOKEN=$(litefs cloud auth token)
-```
-
-[LiteFS Cloud Dashboard]: https://fly.io/dashboard/personal/litefs
-
 ### Configuring the proxy
 
 LiteFS requires that all writes occur on the primary node, which means
@@ -294,3 +250,6 @@ Refer to the [`litefs import`](/docs/litefs/import) documentation for more detai
   Do not use `cp` to copy a database into place.
 </div>
 
+## Next steps
+
+[Back up your LiteFS cluster](/docs/litefs/backup/).
diff --git a/litefs/how-it-works.html.markerb b/litefs/how-it-works.html.markerb
index cadee4fc42..8142e723ad 100644
--- a/litefs/how-it-works.html.markerb
+++ b/litefs/how-it-works.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: How LiteFS Works
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/import.html.markerb b/litefs/import.html.markerb
index f3bef9f1ba..78ab340c45 100644
--- a/litefs/import.html.markerb
+++ b/litefs/import.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Import Command
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/index.html.markerb b/litefs/index.html.markerb
index f33299fe2c..8be12899aa 100644
--- a/litefs/index.html.markerb
+++ b/litefs/index.html.markerb
@@ -1,34 +1,23 @@
 ---
 title: LiteFS - Distributed SQLite
 layout: docs
-sitemap: false
 nav: litefs
 ---
 
+<div class="important icon">**Important:** We are not able to provide support or guidance for this product. Use with caution. Do not combine LiteFS with autostop/autostart on Fly Machines. The Fly Proxy’s autoscaler can shut down or restart Machines without any awareness of LiteFS lease ownership or data freshness, which can result in a stale machine winning the lease and LiteFS discarding newer changes and LTX file data—risking rollback and data loss.</div>
+
 LiteFS is a distributed file system that transparently replicates SQLite
 databases. You can run your application like it's running against a local
 on-disk SQLite database but behind the scenes the database is replicated to all
 the nodes in your cluster. With LiteFS, you can run your database right next to your
 application on the edge. You can run LiteFS anywhere!
 
-## LiteFS Cloud
-
-LiteFS Cloud is a Fly.io product which provides backups and recovery for your
-LiteFS SQLite database. With LiteFS Cloud, you'll have the ability to restore
-your LiteFS database to any point in time from the last 30 days, near instantaneously.
-You can use LiteFS Cloud to back up your LiteFS database running anywhere (whether your
-application is running on Fly.io or somewhere else).
-
 ## Project status
 
 LiteFS is stable and running in production environments. The project is still
 pre-1.0 so APIs may change and features could be removed. Please remember that
-all software has bugs so we recommend you set up regular off-site
-backups in case of malfunction or disk corruption. You can back up
-using [LiteFS Cloud][], or [configure your own backups][backup].
-
-[LiteFS Cloud]: /docs/litefs/cloud-backups/
-[backup]: /docs/litefs/backup/
+all software has bugs so we recommend you set up [regular off-site backups](/docs/litefs/backup/) 
+in case of malfunction or disk corruption.
 
 
 ## Exploring our guides
@@ -37,16 +26,9 @@ You can get up and running quickly with one of our guides:
 
 - [Speedrun: Adding LiteFS to your app](/docs/litefs/speedrun) the fastest way to get started with LiteFS on Fly.io.
 
-- [Getting Started on Fly.io][] helps you add LiteFS to an existing application and deploy to Fly.io. This guide
+- [Getting Started on Fly.io](/docs/litefs/getting-started-fly) helps you add LiteFS to an existing application and deploy to Fly.io. This guide
 provides more details and explanation than the Speedrun.
 
-- [Getting Started with Docker][] helps you add LiteFS to an existing application that you want to run outside of Fly.io.
-
-- [Using LiteFS Cloud for Backups][] shows you how to easily back up and restore your data.
-
-- [How LiteFS Works][] explains the concepts behind LiteFS.
+- [Getting Started with Docker](/docs/litefs/getting-started-docker) helps you add LiteFS to an existing application that you want to run outside of Fly.io.
 
-[Getting Started on Fly.io]: /docs/litefs/getting-started-fly
-[Getting Started with Docker]: /docs/litefs/getting-started-docker
-[Using LiteFS Cloud for Backups]: /docs/litefs/cloud-backups
-[How LiteFS Works]: /docs/litefs/how-it-works
\ No newline at end of file
+- [How LiteFS Works](/docs/litefs/how-it-works) explains the concepts behind LiteFS.
diff --git a/litefs/migrations.html.markerb b/litefs/migrations.html.markerb
index 7396d0c89b..81f3931c6a 100644
--- a/litefs/migrations.html.markerb
+++ b/litefs/migrations.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Running database migrations
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/mount.html.markerb b/litefs/mount.html.markerb
index 734de3d4d1..5d9e87eefb 100644
--- a/litefs/mount.html.markerb
+++ b/litefs/mount.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Mount Command
-layout: docs
-sitemap: false
+layout: docs 
 nav: litefs
 toc: true
 ---
diff --git a/litefs/position.html.markerb b/litefs/position.html.markerb
index 87c78cf5b7..6402c4e6c2 100644
--- a/litefs/position.html.markerb
+++ b/litefs/position.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Tracking LiteFS replication position
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
@@ -23,7 +22,7 @@ The TXID is represented a 16-character hex-encoded `uint64`. The checksum is
 encoded as a 16-character hex-encoded `uint64`. These are concatenated using
 a slash and a newline is appended at the end.
 
-You can also use the [LiteFS event stream](events) to receive replication
+You can also use the [LiteFS event stream](../events) to receive replication
 position updates in real time.
 
 
diff --git a/litefs/primary.html.markerb b/litefs/primary.html.markerb
index 8659f5e38d..c18f47f4c0 100644
--- a/litefs/primary.html.markerb
+++ b/litefs/primary.html.markerb
@@ -1,9 +1,9 @@
 ---
 title: Determining the LiteFS primary
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
+redirect_from: /docs/litefs/proxy/primary
 ---
 
 The LiteFS directory (typically `/litefs`) provides a `.primary` file that
diff --git a/litefs/proxy.html.markerb b/litefs/proxy.html.markerb
index 0274f10fbe..d233a7f5dc 100644
--- a/litefs/proxy.html.markerb
+++ b/litefs/proxy.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Built-in HTTP Proxy
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
@@ -45,7 +44,7 @@ replication position.
 
 The proxy handles requests a bit differently on replicas since they cannot write
 data and they may lag slightly behind the primary. First, write requests
-(`POST`, `PUT`, etc) are forwarded to primary node using [`fly-replay` header](/docs/reference/dynamic-request-routing/).
+(`POST`, `PUT`, etc) are forwarded to primary node using [`fly-replay` header](/docs/networking/dynamic-request-routing/).
 This ensures that all writes occur on the primary.
 
 For read requests (`GET`), the replica will wait for the replication position on
@@ -81,3 +80,9 @@ is configured to the proxy's bind port in your `fly.toml`:
   protocol = "tcp"
 ```
 
+
+## Websockets
+
+At this time, the proxy does not work with WebSockets. You can still use LiteFS
+with WebSocket applications but you will need to internally proxy the write
+requests to the [current primary in the cluster](primary).
\ No newline at end of file
diff --git a/litefs/releases.html.markerb b/litefs/releases.html.markerb
index 9f7b258be2..6e8e41f5fb 100644
--- a/litefs/releases.html.markerb
+++ b/litefs/releases.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Releases
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/run.html.markerb b/litefs/run.html.markerb
index 09472e6002..91a9de2544 100644
--- a/litefs/run.html.markerb
+++ b/litefs/run.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: LiteFS Run Command
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
diff --git a/litefs/speedrun.html.markerb b/litefs/speedrun.html.markerb
index 645fb72549..9d793d95a8 100644
--- a/litefs/speedrun.html.markerb
+++ b/litefs/speedrun.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: "Speedrun: Add LiteFS to your app"
 layout: docs
-sitemap: false
 nav: litefs
 toc: true
 ---
@@ -24,15 +23,7 @@ back here!
 
 ## Let's do this!
 
-### 1. Create a LiteFS Cloud cluster
-
-Create a LiteFS Cloud cluster in [the LiteFS section](https://fly.io/dashboard/personal/litefs) of the fly.io dashboard.
-Take note of your auth token (you'll need it later).
-
-LiteFS Cloud is optional, but highly recommended if your data is important to you!
-
-
-### 2. Configure litefs.yml
+### 1. Configure litefs.yml
 
 Copy [the sample `litefs.yml` file](https://github.com/superfly/litefs-example/blob/main/fly-io-config/etc/litefs.yml)
 from the `litefs-example` repo, and make the following updates:
@@ -40,7 +31,7 @@ from the `litefs-example` repo, and make the following updates:
 * Update from `8081` in `proxy.target` to whatever port your app listens on
 * Update `exec[0].cmd` to the command that runs your app
 
-### 3. Update your Dockerfile
+### 2. Update your Dockerfile
 
 Install LiteFS dependencies:
 
@@ -63,7 +54,7 @@ Update the `ENTRYPOINT` (or `CMD`):
 ENTRYPOINT litefs mount
 ```
 
-### 4. Set up & deploy to the Fly Platform
+### 3. Set up & deploy to the Fly Platform
 
 Create a volume:
 
@@ -83,12 +74,6 @@ Configure consul (this sets the `FLY_CONSUL_URL` secret for your app, which is r
 fly consul attach
 ```
 
-Add the LiteFS Cloud secret (replace `yoursecrettoken` with the actual token value):
-
-```sh
-fly secrets set LITEFS_CLOUD_TOKEN=yoursecrettoken
-```
-
 Update your `fly.toml` file to mount your volume:
 
 ```yml
@@ -106,7 +91,7 @@ fly deploy
 TADA! You (hopefully) now have an app running with LiteFS! If you're having trouble, you can
 ask for help in [the Fly community](https://community.fly.io).
 
-### 5. Add some replicas in other regions
+### 4. Add some replicas in other regions
 
 LiteFS isn't *super* useful if you're running only one node. So, add some
 more nodes in more regions!
@@ -117,3 +102,7 @@ fly m clone --select --region lhr
 # Add a clone in Sydney
 fly m clone --select --region syd
 ```
+
+## Next steps
+
+[Back up your LiteFS cluster](/docs/litefs/backup/).
diff --git a/machines/api/apps-resource.html.markerb b/machines/api/apps-resource.html.markerb
new file mode 100644
index 0000000000..e37edd6a5f
--- /dev/null
+++ b/machines/api/apps-resource.html.markerb
@@ -0,0 +1,282 @@
+---
+title: Apps
+layout: docs
+nav: machines_toc
+toc: false
+redirect_from: /docs/machines/api-apps-resource/
+---
+
+You can use the Apps resource to create and manage Fly Apps. A Fly App is an abstraction for a group of Machines running your code, along with the configuration, provisioned resources, and data we need to keep track of to run and route to your Machines. Learn more about [Fly Apps](/docs/apps/overview).
+
+<div class="right-column">
+  <div class="endpoints api-card">
+    <div class="api-card-header">
+      Endpoints
+    </div>
+    <div class="highlight">
+      <a class="endpoint" href="#create-a-fly-app">
+        <span class="post-badge">post</span>
+        <span>/v1/apps</span>
+      </a>
+      <a class="endpoint" href="#get-app-details">
+        <span class="get-badge">get</span>
+        <span>/v1/apps/{app\_name}</span>
+      </a>
+      <a class="endpoint" href="#delete-a-fly-app">
+        <span class="delete-badge">delete</span>
+        <span>/v1/apps/{app\_name}</span>
+      </a>
+      <a class="endpoint" href="#list-apps-in-an-organization">
+        <span class="get-badge">get</span>
+        <span>/v1/apps?org_slug=</span>
+      </a>
+    </div>
+  </div>
+</div>
+
+## Create a Fly App
+
+`POST /apps`
+
+Machines must be associated with a Fly App. App names must be unique.
+
+<div class="api-section" data-exclude-render>
+  <div>
+     <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '201',
+      description: 'created'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps" \\
+  -d '{
+      "app_name": "my-app-name",
+      "org_slug": "personal",
+      "network": "my-optional-network"
+    }'
+      <% end %>
+      <% component.with_json do %>
+        {
+          "app_name": "",
+          "enable_subdomains": false,
+          "network": "",
+          "org_slug": ""
+        }
+      <% end %>
+      <% component.with_json_table do %>
+        | Property   | Type    | Required | Description                |
+        |-------------|---------|----------|----------------------------|
+        | `app_name`  | string  | yes      | Name of the app to create  |
+        | `enable_subdomains`  | boolean  | no      | Used for Fly Kubernetes. |
+        | `org_slug`  | string  | yes      | Slug of the org in which to create the app |
+        | `network`   | string  | no       | Name for an IPv6 private network to segment the app onto. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 201 created - Example response', language: 'json')) do %>
+      {
+  "id":"z4k69dxd8r31p5mx",
+  "created_at":1708631799000
+}
+    <% end %>
+  </div>
+</div>
+
+To segment the app into its own network, you can pass a `network` argument in the JSON body, for example: `"network": "some-arbitrary-name"`. Any Machine started in such an app will not be able to access other apps within their organization over the private network. However, Machines within such an app can communicate to each other, and the [`fly-replay`](/docs/reference/dynamic-request-routing/) header can still be used to route requests to Machines within a segmented app.
+
+## Allocate an IP address for global request routing
+
+If you intend for Machines to be accessible to the internet, you'll need to allocate an IP address to the app. Currently
+this is done using `flyctl` or the [Fly.io GraphQL API](https://api.fly.io/graphql). This offers your app automatic, global routing via [Anycast](https://fly.io/docs/reference/services/#about-anycast). Read more about this in [the Networking section](https://fly.io/docs/reference/services/#notes-on-networking).
+
+Example:
+
+```cmd
+fly ips allocate-v4 -a my-app-name
+```
+```out
+TYPE ADDRESS    REGION CREATED AT
+v4   37.16.9.52 global 7s ago
+```
+
+The app will answer on this IP address, and after a small delay, at `my-app-name.fly.dev`.
+
+## Get app details
+
+`GET /apps/{app_name}`
+
+Get details about an app, like its organization slug and name. Also, to check if the app exists!
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to get the details of.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: "Responses", 
+      name: "200", 
+      description: "OK"
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/\{app_name\}')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name" 
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK - Example response', language: 'json')) do %>
+{
+  "id": "jlyv9r5d56v18xrg",
+  "name": "my-app-name",
+  "status": "pending",
+  "organization": {
+    "name": "My Org",
+    "slug": "personal"
+  }
+}
+    <% end %>
+  </div>
+</div>
+
+## Set app secrets
+
+For sensitive environment variables, such as credentials, you can set [secrets](/docs/apps/secrets/) on the app:
+
+```cmd
+fly secrets set DATABASE_URL=postgres://example.com/mydb <my-app-name>
+```
+
+Machines inherit secrets from the app. Existing Machines must be [updated](/docs/machines/api-machines-resource/#update-a-machine) to pick up secrets set after the Machine was created.
+
+For non-sensitive information, you can configure environment variables per Machine when you create or update the Machine.
+
+## Delete a Fly App
+
+`DELETE /apps/{app_name}`
+
+Machines should be stopped before attempting deletion. Append `?force=true` to the URI to stop and delete immediately.
+
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to delete.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Query parameters',
+      name: "force", 
+      type: "Boolean", 
+      required: false, 
+      description: "Stop all Machines and delete the app immediately."
+    ) %>
+    <%= render(api_info) %>
+    <%= render(ApiInfoComponent.new(
+      heading: "Responses", 
+      name: "202", 
+      description: "accepted"
+    )) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'DELETE', title: '/v1/apps/\{app_name\}')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X DELETE \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name" 
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 202 accepted', language: 'json')) do %>
+    no body
+    <% end %>
+  </div>
+</div>
+
+
+## List apps in an organization
+
+`GET /apps?org_slug=`
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Query parameters',
+      name: "org_slug", 
+      type: "string", 
+      required: true, 
+      description: "The organization to list apps for."
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: "Responses", 
+      name: "200", 
+      description: "OK"
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps?org_slug\=')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps?org_slug=personal"
+      <% end %>
+      <% component.with_json do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+      <% component.with_json_table do %>
+no body
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK - Example response', language: 'json')) do %>
+{
+  "total_apps": 4,
+  "apps": [
+    {
+      "id": "682kqp6pdno9d543",
+      "name": "my-app-1",
+      "machine_count": 3,
+      "volume_count": 2,
+      "network": "default"
+    },
+    ...
+  ]
+}
+    <% end %>
+  </div>
+</div>
+
+
+
+## Related topics
+
+- [Working with the Machines API](/docs/machines/api/working-with-machines-api/)
+- [Machines resource](/docs/machines/api/machines-resource/) reference
+- [Tokens resource](/docs/machines/api/tokens-resource) reference
+- [Volumes resource](/docs/machines/api/volumes-resource/) reference
diff --git a/machines/api/index.html.md b/machines/api/index.html.md
new file mode 100644
index 0000000000..8e378486e5
--- /dev/null
+++ b/machines/api/index.html.md
@@ -0,0 +1,26 @@
+---
+title: "Machines API"
+layout: docs
+nav: machines
+redirect_from: /docs/machines/working-with-machines/
+toc: false
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/machine-api.png" alt="Illustration by Annie Ruygt of a group of hovering servers with eyes" class="max-w-lg">
+</figure>
+
+The Fly Machines REST API provides resources to provision and manage Fly Apps, Fly Machines, and Fly Volumes.
+
+
+* **[Working with the Machines API](/docs/machines/api/working-with-machines-api):** Get set up quickly to use the Machines API.
+
+* **[Machines resource](/docs/machines/api/machines-resource):** The core of the Machines API. Use the Machines resource to fully control Machines at speed.
+
+* **[Apps resource](/docs/machines/api/apps-resource):** Create and manage Fly Apps to group and administer your Machines.
+
+* **[Tokens resource](/docs/machines/api/tokens-resource):** Request an OpenID Connect token from a 3rd-party.
+
+* **[Volumes resource](/docs/machines/api/volumes-resource):** Create and manage persistent storage volumes for your Machines.
+
+* **[OpenAPI spec](https://docs.machines.dev/+external):** OpenAPI 3.0 specification for the Machines API.
diff --git a/machines/api/machines-resource.html.markerb b/machines/api/machines-resource.html.markerb
new file mode 100644
index 0000000000..563939f101
--- /dev/null
+++ b/machines/api/machines-resource.html.markerb
@@ -0,0 +1,1306 @@
+---
+title: Machines
+layout: docs
+nav: machines_toc
+toc: false
+redirect_from: /docs/machines/api-machines-resource/
+---
+
+You can use the Machines resource to create, stop, start, update, and delete Fly Machines. Fly Machines are fast-launching VMs on Fly.io. The Machine resource is the configuration and state for a Machine.
+   
+<div class="endpoints api-card">
+  <div class="api-card-header">
+    Endpoints
+  </div>
+  <div class="highlight">
+    <a class="endpoint" href="#list-machines">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/machines</span>
+    </a>
+    <a class="endpoint" href="#create-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines</span>
+    </a>
+    <a class="endpoint" href="#wait-for-a-machine-to-reach-a-specified-state">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/wait</span>
+    </a>
+    <a class="endpoint" href="#get-a-machine">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}</span>
+    </a>
+    <a class="endpoint" href="#update-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}</span>
+    </a>
+    <a class="endpoint" href="#stop-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/stop</span>
+    </a>
+    <a class="endpoint" href="#suspend-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/suspend</span>
+    </a>
+    <a class="endpoint" href="#start-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/start</span>
+    </a>
+    <a class="endpoint" href="#delete-a-machine-permanently">
+      <span class="delete-badge">delete</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}</span>
+    </a>
+    <a class="endpoint" href="#create-a-machine-lease">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/lease</span>
+    </a>
+    <a class="endpoint" href="#get-a-machine-lease">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/lease</span>
+    </a>
+    <a class="endpoint" href="#release-a-machine-lease">
+      <span class="delete-badge">delete</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/lease</span>
+    </a>
+    <a class="endpoint" href="#route-requests-away-from-or-back-to-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/cordon</span>
+    </a>
+    <a class="endpoint" href="#route-requests-away-from-or-back-to-a-machine">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/uncordon</span>
+    </a>
+    <a class="endpoint" href="#get-a-machines-metadata">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/metadata</span>
+    </a>
+    <a class="endpoint" href="#add-or-update-machine-metadata">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/metadata/{key}</span>
+    </a>
+    <a class="endpoint" href="#delete-machine-metadata">
+      <span class="delete-badge">delete</span>
+      <span>/v1/apps/{app\_name}/machines/{machine\_id}/metadata/{key}</span>
+    </a>
+  </div>
+</div>
+
+## Machine properties
+
+| Property | Description |
+| --------- | ----------- |
+| `id` | A stable identifier for the Machine. |
+| `name` | Unique name for the Machine. If omitted, one is generated for you. |
+| `state` | The [state](/docs/machines/machine-states/) of the Machine.
+| `region` | The region where the Machine resides, or the target region for the Machine on create. If omitted, the Machine is placed in the same region as your WireGuard peer connection (somewhere near you). |
+| `instance_id` | An identifier for the current running/ready version of the Machine. Every Update request potentially changes the `instance_id`. |
+| `private_ip` | The [6PN IPv6 address](/docs/reference/private-networking/) of the Machine, which is where it's reachable to other Machines in the same organization and `network_id`. |
+| `config` | See the <u>[`config` object properties](#machine-config-object-properties)</u> section. Object that defines the Machine configuration. |
+| `checks` | Object that provides the status of any configured health checks. |
+| `image_ref` | Object that defines the image details. |
+| `created_at` | Date and time the Machine was created. |
+| `updated_at` | Date and time the Machine was last updated. |
+| `events` | Array of objects that provide log of what's happened with this Machine. |
+| `nonce` | The Machines lease nonce, if this Machine is currently leased. Also returned on Machine create if `lease_ttl` is provided. |
+
+## List Machines
+
+List all the Machines for an app.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to list Machines for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Query parameters',
+      name: 'include_deleted',
+      type: 'Boolean',
+      description: 'If true, include deleted Machines in the response.'
+    ) %>
+    <% api_info.add_info(
+      name: 'region',
+      type: 'String',
+      description: 'Filter by region. For example, to return only Machines in the `yyz` region: `GET /v1/apps/my-app-name/machines?region=yyz`'
+    ) %>
+    <% api_info.add_info(
+      name: 'metadata.{key}',
+      type: 'String',
+      description: 'Filter by metadata key-value pair. For example, to return only Machines with metadata item `"foo": "bar"` : `GET /v1/apps/my-app-name/machines?metadata.foo=bar`'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/machines')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_list_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_list_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Create a Machine
+
+Given the name of a Fly App, create a Fly Machine, given the URI of a container image, in some region (or, by default, the region closest to you) on Fly.io’s platform. If successful, that Machine will boot up by default. Create a Machine without booting it by setting `skip_launch`.
+
+You can configure the Machine characteristics, like its CPU and memory. You can also allow connections from the internet through the Fly Proxy by [creating a Machine with services](#create-a-machine-with-services). Learn more about this behavior in the [networking section](#notes-on-networking).
+
+<div class="important icon">
+**Important:** This request can fail, and you're responsible for handling that failure. If you ask for a large Machine, or a Machine in a region we happen to be at capacity for, you might need to retry the request, or to fall back to another region. If you're working directly with the Machines API, you're taking some responsibility for your own orchestration!
+</div>
+
+The only required parameter in the body is `image` in the `config` object.
+
+<div class="api-section" data-exclude-render>
+  <div data-exclude-render>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a Machine for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div data-exclude-render>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_create_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "config": {
+          "image": ""
+        },
+        "lease_ttl": 1,
+        "lsvd": false,
+        "name": "",
+        "region": "",
+        "skip_launch": false,
+        "skip_service_registration": false
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | `name` | string | no | Unique name for this Machine. If omitted, one is generated for you. String. |
+      | `region` | string | no | The target region. Omitting this param launches in the same region as your WireGuard peer connection (somewhere near you). String. |
+      | `lease_ttl` | integer | no | Acquire a lease on the newly created Machine, waiting this many seconds before failing the request; use to create a Machine that can’t be updated by any other external process while waiting for it to come up and pass health checks. |
+      | `skip_launch` | boolean | no | Create a Fly Machine, but don’t boot it up, leaving it in a state where it can be quickly started in response to events. Think of this as “warming the caches” on our hardware. (default: false) |
+      | `lsvd` | boolean | no | Enable Log Structured Virtual Disks for this Machine. (default: false) |
+      | `skip_service_registration` | boolean | no | Leave this Machine disconnected from Fly.io’s request routing. This is like a combined Create and Cordon operation; register the Machine later with an Uncordon request. Useful for bluegreen deploys: bring a Machine up, test it healthy, and only then let user requests hit it. (default: false) |
+      | `config` | object | yes | Required for `image`. An object defining the Machine configuration. See the [`config` object properties](#machine-config-object-properties) section. |
+      | `config.image` | string | yes | The container registry path to the image that defines this Machine (for example, ”registry-1.docker.io/library/ubuntu:latest”).
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_create_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Create a Machine with services
+
+Create a Machine with services defined on app. Learn more about [services and networking](#notes-on-networking).
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a Machine for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_create_serv_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "config": {
+          "image": ""
+        },
+        "lease_ttl": 1,
+        "lsvd": false,
+        "name": "",
+        "region": "",
+        "skip_launch": false,
+        "skip_service_registration": false
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | `name` | string | no | Unique name for this Machine. If omitted, one is generated for you. String. |
+      | `region` | string | no | The target region. Omitting this param launches in the same region as your WireGuard peer connection (somewhere near you). String. |
+      | `lease_ttl` | integer | no | Acquire a lease on the newly created Machine, waiting this many seconds before failing the request; use to create a Machine that can’t be updated by any other external process while waiting for it to come up and pass health checks. |
+      | `skip_launch` | boolean | no | Create a Fly Machine, but don’t boot it up, leaving it in a state where it can be quickly started in response to events. Think of this as “warming the caches” on our hardware. (default: false) |
+      | `lsvd` | boolean | no | Enable Log Structured Virtual Disks for this Machine. (default: false) |
+      | `skip_service_registration` | boolean | no | Leave this Machine disconnected from Fly.io’s request routing. This is like a combined Create and Cordon operation; register the Machine later with an Uncordon request. Useful for bluegreen deploys: bring a Machine up, test it healthy, and only then let user requests hit it. (default: false) |
+      | `config` | object | yes | Required for `image`. An object defining the Machine configuration. See the [`config` object properties](#machine-config-object-properties) section. |
+      | `config.image` | string | yes | The container registry path to the image that defines this Machine (for example, ”registry-1.docker.io/library/ubuntu:latest”).
+      | `config.services` | array | no | Defines how Fly Proxy connects requests to an app’s public Anycast or private Flycast address to services running within Machines, and configures other Fly Proxy behavior for a service.
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_create_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Wait for a Machine to reach a specified state
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to wait for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Query parameters',
+      name: 'instance_id',
+      type: 'string',
+      description: 'Filter for a specific Machine `instance_id` (version). Required when waiting for Machine to be in `stopped` state.'
+    ) %>
+    <% api_info.add_info(
+      name: 'timeout',
+      type: 'integer',
+      description: 'The time, in seconds, to wait for the Machine to enter the specified state. Default is 60.'
+    ) %>
+    <% api_info.add_info(
+      name: 'state',
+      type: 'string enum',
+      description: 'The Machine state to wait for. Values are: `started`, `stopped`, `suspended`, or `destroyed`. Default is `started`.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <% api_info.add_info(
+      name: '400',
+      description: 'Bad Request'
+    ) %>
+    <% api_info.add_info(
+      name: '408',
+      description: 'Request Timeout'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/machines/{machine_id}/wait')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_wait_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_ok_true_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Get a Machine
+
+Given the name of a Fly App and a Fly Machine ID, retrieve the details of that Machine.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to get.'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/machines/{machine_id}')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_get_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_get_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Update a Machine
+
+Given the name of a Fly App and a Fly Machine ID, update the configuration of the Machine. If the Machine is running and the request is successful, it will reboot; if the Machine isn't running, and you don't want it to start up, set `skip_launch`.
+
+This is, in particular, how you would update the running image of a Machine (when you need to deploy new code), or roll back to a previous Machine release. It's also how you'd vertically scale an application.
+
+<div class="important icon">
+**Important:** This request can fail, and you're responsible for handling that failure. If you ask for a large Machine, or a Machine in a region we happen to be at capacity for, you might need to retry the request, or to fall back to another region. If you're working directly with the Machines API, you're taking some responsibility for your own orchestration!
+</div>
+
+`region` and `name` are immutable and cannot be updated. 
+
+<div class="note icon">
+**Note:** You need to specify the entire Machine config to update a Machine; we don't support partial updates. You can get the Machine you want to update, copy and modify the `config` and include it in the body of the update request. Refer to the [Machine `config` object properties](#machine-config-object-properties) section for property descriptions.
+</div>
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <%= render(ApiInfoComponent.new(
+      heading: "Request headers", 
+      name: "fly-machine-lease-nonce", 
+      type: "string", 
+      description: "The Machine lease nonce, a random value we provide that indicates that you currently hold the lease on this Machine. If the Machine is leased, and you don't provide this header, the request to update the Machine will fail."
+    )) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to update.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <% api_info.add_info(
+      name: '400',
+      description: 'Bad Request'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_update_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "config": { /* All of Fly Machine Config */  },
+        "current_version":"",
+        "lease_ttl": 1,
+        "lsvd": false,
+        "name": "",
+        "region": "",
+        "skip_launch": false,
+        "skip_service_registration": false
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | `config` | object | yes | An object defining the Machine configuration. See the [`config` object properties](#machine-config-object-properties) section. |
+      | `current_version` | string | no | The latest `instance_id` value of the Machine. |
+      | `name` | string | no | Unique name for this Machine. If omitted, one is generated for you. String. |
+      | `region` | string | no | The target region. Omitting this param launches in the same region as your WireGuard peer connection (somewhere near you). String. |
+      | `lease_ttl` | integer | no | Acquire a lease on the newly created Machine, waiting this many seconds before failing the request; use to create a Machine that can’t be updated by any other external process while waiting for it to come up and pass health checks. |
+      | `skip_launch` | boolean | no | Create a Fly Machine, but don’t boot it up, leaving it in a state where it can be quickly started in response to events. Think of this as “warming the caches” on our hardware. (default: false) |
+      | `lsvd` | boolean | no | Enable Log Structured Virtual Disks for this Machine. (default: false) |
+      | `skip_service_registration` | boolean | no | Leave this Machine disconnected from Fly.io’s request routing. This is like a combined Create and Cordon operation; register the Machine later with an Uncordon request. Useful for bluegreen deploys: bring a Machine up, test it healthy, and only then let user requests hit it. (default: false) |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_update_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Stop a Machine
+
+Stopping a started Machine will shut down the Machine, but not destroy it. The Machine can be started again with `machines/<machine_id>/start`.
+
+Stopping a suspended Machine will invalidate its snapshot, forcing it to perform a cold boot the next time it is started.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to stop.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/stop')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_stop_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "signal": "",
+        "timeout": ""
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | `signal` | object | no | Signal to stop the Machine with. (default: SIGINT) |
+      | `timeout` | string | no | Seconds to wait before sending SIGKILL to the Machine |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_ok_true_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Suspend a Machine
+
+Suspending a Machine pauses the Machine and takes a snapshot of its state, including its memory. The next start operation will attempt (but is not guaranteed) to resume the Machine from the snapshot, rather than performing a cold boot.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to suspend.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/suspend')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_suspend_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_ok_true_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Start a Machine
+
+Start a Machine.
+
+Stopped Machines that are restarted are completely reset to their original state so that they start clean on the next run.
+
+Suspended Machines that are started attempt to resume from the snapshot taken when they were suspended. If this is not possible, then they will perform a cold boot, as though starting from the stopped state; however, their root file systems will not be reset.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to start.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/start')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_start_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_start_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Delete a Machine permanently
+
+Delete a Machine. This action cannot be undone.
+
+Given the name of a Fly App and the Machine ID of a Fly Machine, delete the Machine.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to delete.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Query parameters',
+      name: 'force',
+      type: 'boolean',
+      description: 'Force stop the Machine if running.'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'DELETE', title: '/v1/apps/{app_name}/machines/{machine_id}/')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_delete_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_ok_true_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Create a Machine lease
+
+Create a lease for a specific Machine within an app using the details provided in the request body. Machine leases can be used to obtain an exclusive lock on modifying a Machine.
+
+The Machine lease nonce is a random value we provide that indicates that you currently hold the lease on a Machine. To use the provided nonce from the create or get lease response, add the `fly-machine-lease-nonce` header to all subsequent API calls to the Machine for the duration of the lease. See [Release a Machine lease](#release-a-machine-lease).
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to create a lease for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '201',
+      description: 'Created'
+    ) %>
+    <% api_info.add_info(
+      name: '409',
+      description: 'Conflict'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/lease')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_lease_create_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "description": "",
+        "ttl": 1
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | description | string | no | A description of the lease for convenience. |
+      | ttl | integer | no | The time in seconds that the lease should be held for.
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 201 Created – Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_lease_create_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Get a Machine lease
+
+Retrieve the current lease of a specific Machine within an app. Machine leases can be used to obtain an exclusive lock on modifying a Machine.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to retrieve a lease for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <% api_info.add_info(
+      name: '404',
+      description: 'Not Found'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/machines/{machine_id}/lease')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_lease_get_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK - Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_lease_get_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Release a Machine lease
+
+Release the lease of a specific Machine within an app. Machine leases can be used to obtain an exclusive lock on modifying a Machine.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <%= render(ApiInfoComponent.new(
+      heading: "Request headers", 
+      name: "fly-machine-lease-nonce", 
+      type: "string",
+      description: "Required to release a lease. The Machine lease nonce, a random value provided in the response when you get or create a lease."
+    )) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to release a lease for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <% api_info.add_info(
+      name: '400',
+      description: 'Bad Request'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'DELETE', title: '/v1/apps/{app_name}/machines/{machine_id}/lease')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_lease_release_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_lease_release_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Route requests away from or back to a Machine
+
+Given the name of a Fly App and the Machine ID of a Fly Machine, instruct the Fly Proxy not to send requests to a Machine or to start sending requests again to a previously cordoned Machine.
+
+You can also do this with a fresh Machine, all in one shot, using the `skip_service_registration` request field of a Machine Create request.
+
+This is useful for bluegreen deployments: boot up a new, "green", cordoned Machine running the new release (using `skip_service_registration`), make sure it's healthy, then uncordon it and tear down the old, "blue" Machine.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to cordon or uncordon.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/cordon')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_cordon_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/uncordon')) do |component| %>
+      <% component.with_curl do %>
+        <%= partial "/docs/reference/machines/machines_uncordon_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_ok_true_resp" %>
+    <% end %>
+  </div>
+</div>
+
+
+## Get a Machine's metadata
+
+Get the metadata defined in a specific Machine's config.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to get the metadata for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/machines/{machine_id}/metadata')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_metadata_get_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK - Example response', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_metadata_get_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Add or update Machine metadata
+
+Add or update a metadata key-value pair on a specific Machine's config.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to update the metadata for.'
+    ) %>
+    <% api_info.add_info(
+      name: 'key',
+      type: 'string',
+      required: true,
+      description: 'A key for the metadata key-value pair to add or replace. Provide the value in the request body.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '204',
+      description: 'No content'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/machines/{machine_id}/metadata/{key}')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_metadata_update_req" %>
+      <% end %>
+      <% component.with_json do %>
+      {
+        "value":""
+      }
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | `value` | string | yes | The value to assign to the metadata `key` that was passed as a path parameter. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 204 No content', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_metadata_update_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Delete Machine metadata
+
+Delete a metadata key-value pair on a specific Machine's config.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the Machine belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'machine_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the Machine to delete some metadata for.'
+    ) %>
+    <% api_info.add_info(
+      name: 'key',
+      type: 'string',
+      required: true,
+      description: 'The key of the metadata to delete.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '204',
+      description: 'No content'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'DELETE', title: '/v1/apps/{app_name}/machines/{machine_id}/metadata/{key}')) do |component| %>
+      <% component.with_curl do %>
+      <%= partial "/docs/reference/machines/machines_metadata_delete_req" %>
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 204 No content', language: 'json')) do %>
+      <%= partial "/docs/reference/machines/machines_metadata_delete_resp" %>
+    <% end %>
+  </div>
+</div>
+
+## Notes on networking
+
+Machines are closed to the public internet by default. To make them accessible via the associated application, you need to:
+
+* Allocate an IP address to the Fly App
+* Add one or more `services` to the Machine config with ports and handlers, as shown in [Create a Machine with services](#create-a-machine-with-services).
+
+For an application with a single Machine, all requests will be routed to that Machine. A Machine in the `stopped` state will be started up
+automatically when a request arrives.
+
+For an application with multiple Machines *with the same configuration*, requests will be distributed across them. Warm-start behavior in this situation is not well-defined now, so should not be relied upon for apps with multiple Machines.
+
+Requests to Machines with *mixed* configurations will be distributed across Machines whose configurations match the request.
+For example, if 3 out of 6 Machines have service configurations set to listen on port 80, requests to port 80 will be distributed amongst those 3.
+
+### Reaching Machines
+
+Machines can be reached within the private network by hostname, in the format `<id>.vm.<app-name>.internal`. 
+
+For example, to reach a Machine with ID `3d8d413b29d089` on an app called `my-app-name`, use hostname `3d8d413b29d089.vm.my-app-name.internal`.
+
+## Machine `config` object properties
+
+Properties of the `config` object for Machine configuration. See [Machine properties](#machine-properties).
+
+**`image`:** string - Required. The container registry path to the image that defines this Machine (for example, ”registry-1.docker.io/library/ubuntu:latest”).
+
+---
+
+**`auto_destroy`:** bool (false) - If true, the Machine destroys itself once it's complete.
+
+---
+
+**`checks`:** An optional object that defines one or more named checks. The key for each check is the check name. The value for each check supports:
+
++ `type`: string (nil) - `tcp` or `http`.
++ `port`: int (nil) - The TCP port to connect to, likely should be the same as `internal_port`.
++ `interval`: int (nil) - The interval, in nanoseconds, between connectivity checks
++ `timeout`: int (nil) - The maximum time, in nanoseconds, a connection can take before being reported as failing its health check.
++ `grace_period`: int (nil) - How long to wait, in nanoseconds, before we start running health checks.
++ `method`: string (nil) - For `http` checks, the HTTP method to use to when making the request.
++ `path`: string (nil) - For `http` checks, the path to send the request to.
++ `protocol`: string (nil) - For `http` checks, whether to use `http` or `https`
+* `tls_server_name`: string (nil) - If the protocol is `https`, the hostname to use for TLS certificate validation
++ `tls_skip_verify`: bool (false) - For `http` checks with https protocol, whether or not to verify the TLS certificate
++ `headers`: {string: [string, string]} ({}) - For `http` checks, an array of objects with string field `name` and array of strings field `values`.
+
+    An example of two checks:
+
+    ```json
+            "checks": {
+                "tcp-alive": {
+                    "type": "tcp",
+                    "port": 8080,
+                    "interval": "15s",
+                    "timeout": "10s"
+                },
+                "http-get": {
+                    "type": "http",
+                    "port": 8080,
+                    "protocol": "http"
+                    "method": "GET",
+                    "path": "/",
+                    "interval": "15s",
+                    "timeout": "10s"
+                }
+            }
+    ```
+
+---
+
+**`dns`:**
+
+  - `nameservers`: Used for Fly Kubernetes.
+  - `searches`: Used for Fly Kubernetes.
+  - `options`: Used for Fly Kubernetes.
+  - `dns_forward_rules`: Used for dedicated hosts. 
+  - `skip_registration`: boolean - If true, do not register the Machine's 6PN IP with the internal DNS system.
+  - 
+
+---
+
+**`env`:** {string:string} ({}) - An object filled with key/value pairs to be set as environment variables.
+
+---
+
+**`files`:** An optional array of objects defining files to be written within a Machine, one of `raw_value` or `secret_name` must be provided.
+  - `guest_path`: string - The path in the Machine where the file will be written. Must be an absolute path.
+  - `raw_value`: string - Contains the base64 encoded string of the file contents.
+  - `secret_name`: string - The name of the secret containing the base64 encoded file contents.
+
+    An example of two files:
+
+    ```json
+            "files": [
+                {
+                    "guest_path": "/path/to/hello.txt",
+                    "raw_value": "aGVsbG8gd29ybGQK"
+                },
+                {
+                    "guest_path": "/path/to/secret.txt",
+                    "secret_name": "SUPER_SECRET"
+                }
+            ]
+    ```
+
+---
+
+**`guest`:** Configure the resources allocated for this Machine. An object with the following options:
+  - `cpu_kind`: string (nil) - The type of CPU reservation to make (”shared”, ”performance", and so on).
+  - `gpu_kind`: string (nil) - The type of GPU reservation to make.
+  - `host_dedication_id`: The ID of the host dedication (group of dedicated hosts) on which to create this Machine. (beta)
+  - `cpus`: int (nil) - The number of CPU cores this Machine should occupy when it runs. (default `1`)
+  - `gpus`: int (nil) - The number of GPU cores this Machine should occupy when it runs. (default `1`)
+  - `memory_mb`: int (nil) - Memory in megabytes as multiples of 256 (default `256`)
+  - `kernel_args`: Optional array of strings. Arguments passed to the kernel.
+  - `persist_rootfs`: string (nil) - The root filesystem will be persisted across restarts and updates. Possible values are `never` (default), `restart`, and `always`. See [here](/docs/reference/configuration/#persist_rootfs) for details.
+
+---
+
+**`init`:** Arguments for `init`, which is Fly.io's footprint inside your Machine, and controls how your own code gets run.
+  - `exec`: [string, string] ([]) - The command line for the program to run once the Machine boots up. This overrides any other startup command line, either in our API or in your Docker container definition.
+  - `entrypoint`: [string, string] ([]) - A command line to override the ENTRYPOINT of your Docker container; another way to define the program that is going to start up when your Machine boots up.
+  - `cmd`: [string, string] ([]) - A command line to override the CMD of your Docker container; still another way to define the program that is going to start up when your Machine boots up.
+  - `kernel_args`: Optional array of strings. Arguments passed to the kernel.
+  - `tty`: bool (false) - Allocate a TTY for the process we start up.
+  - `swap_size_mb`: int (nil) -Swap space to reserve for the Fly Machine in, you guessed it, megabytes.
+
+---
+
+**`metadata`:** {string:string} ({}) - An object filled with key/value pairs for the Machine metadata. We use metadata internally for routing, process groups, and clusters.
+
+---
+
+**`metrics`:** An optional object defining a metrics endpoint that [Prometheus on Fly.io](/docs/reference/metrics/#prometheus-on-fly-io) will scrape.
+  - `port`: int - Required. The port that Prometheus will connect to.
+  - `path`: string - Required. The path that Prometheus will scrape (e.g. `/metrics`).
+
+---
+
+**`mounts`:** An array of objects that reference previously created [persistent volumes](/docs/volumes/). Currently, you may only mount one volume per Machine.
+  - `volume`: string - Required. The volume ID, visible in `fly volumes list`. For example `vol_2n0l3vl60qpv635d`.  
+  - `path`: string - Required. Absolute path on the Machine where the volume should be mounted. For example, `/data`.
+  - `name`: string - The name of the Volume to attach.
+  - `extend_threshold_percent`: int - The threshold of storage used on a volume, by percentage, that triggers extending the volume’s size by the value of `add_size_gb`.
+  - `add_size_gb`: int - The increment, in GB, by which to extend the volume after reaching the `extend_threshold_percent`. Required with `extend_threshold_percent`.
+  - `size_gb_limit`: int - The total amount, in GB, to extend a volume. Optional with `extend_threshold_percent`.
+  - `encrypted`: boolean - Volume is encrypted. Default true.
+
+<div class="callout">
+Volumes are tied to specific physical hosts. A Machine can only mount to a volume that exists on the same host. If you create a Machine first and then create a volume, even in the same region, there's a good chance they'll end up on different hosts. In that case, the volume attachment will fail.
+
+You cannot change which volume a Machine is attached to by updating the Machine's config. If you want to use a different volume, you'll need to destroy the Machine and create a new one that mounts to the desired volume.
+</div>
+
+---
+
+**`processes`:** An optional array of objects defining multiple processes to run within a Machine. The Machine will stop if any process exits without error.
+  - `entrypoint`: An array of strings. The process that will run.
+  - `cmd`: An array of strings. The arguments passed to the entrypoint.
+  - `env`: An object filled with key/value pairs to be set as environment variables.
+  - `env_from` : An array of objects that define environment variables from Machine fields. Used for Fly Kubernetes.
+  - `exec`: An array of strings. The command to run for Machines in this process group on startup.
+  - `user`: string (nil) - An optional user that the process runs under.
+  - `ignore_app_secrets`: boolean - If true, only use the secrets provided at the process level. Default false.
+  - `secrets`: An array of strings. Set the secrets in the environment of the Machine. `env_var` is required and is the name of the environment variable that will be set from the secret. It must be a valid environment variable name. `name` is optional and when provided is used to reference a secret name where the `env_var` is different from what was set as the secret name.
+
+---
+
+**`restart`:** Defines whether and how flyd restarts a Machine after its main process exits. Learn more about [Machine restart policies](/docs/machines/guides-examples/machine-restart-policy/). This object has the following options:
+  - `policy`: string - Required. One of "no", "on-failure", or "always".
+  - `max_retries`: int (nil) - The maximum number of retries when the policy is "on-failure".
+
+---
+
+**`schedule`:** string (nil) - Optionally one of `hourly`, `daily`, `weekly`, `monthly`. Runs Machine at the given interval. Interval starts at time of Machine creation.
+
+---
+
+**`services`**: An array of objects that define a single network service. Check the [Machines networking section](#notes-on-networking) for more information.
+
+  - `protocol`: string - Required. `tcp` or `udp`. [Learn more about running raw TCP/UDP services](/docs/networking/udp-and-tcp/).
+  - `internal_port`: int - Required. Port the Machine listens on.
+  - `concurrency`: Control Fly Proxy’s load balancing for this service.
+      + `type`: string - `connections` (TCP) or `requests` (HTTP). Default is `connections`. Determines which kind of event we count for load balancing.
+      + `soft_limit`: int (nil) - Ideal service concurrency. We will attempt to spread load to keep services at or below this limit. We’ll deprioritize a Machine to give other Machines a chance to absorb traffic. Defaults to 20 when unset.
+      + `hard_limit`: int (nil) - Maximum allowed concurrency. The limit of events at which we’ll stop routing to a Machine altogether, and, if configured to do so, potentially start up existing Machines to handle the load. Defaults to unlimited when unset.
+  - `ports`: MachinePort - An array of objects defining the service's ports and associated handlers. Options:
+      + `port`: int (nil) - The internet-exposed port to receive traffic on; if you want HTTP traffic routed to 8080/tcp on your Machine, this would be 80.
+      + `start_port`, `end-port`: int (nil) - Like `port``, but allocate a range of ports to route internally, for applications that want to occupy whole port ranges.
+      + `handlers`: Array of protocol [handlers](/docs/networking/services/#connection-handlers) for this port. How should the Fly Proxy handle and terminate this connection. Options include `http`, `tcp`, `tls`.
+      + `force_https`: bool (false) - If true, force HTTP to HTTPS redirects.
+      + `http_options`: Fiddly HTTP options (if you don’t know you need them, you don’t), including:
+        - `compress`: bool (false) - If true, enable HTTP compression.
+        - `h2_backend`: bool (false) - If true, inform Fly Proxy that your app supports HTTP/2 (h2c with prior knowledge), which enables HTTP/2 only workloads to work with the `http` handler.
+        - `response`: Options for controlling HTTP response headers.
+          - `headers`: ({"headers": {string:string}} (nil)) HTTP headers to set on responses.
+          - `pristine`: bool (false) - If true, do not add any Fly.io headers to HTTP responses. The following response headers won’t be added and won’t be modified if returned by the app: `Server`, `Via`, `Fly-Request-Id`, `Fly-Cache-Status`.
+      + `tls_options`:  Fiddly TLS options (if you don’t know you need to mess with these, you don’t need to), including:
+        - `alpn`: [string, string] ([]) : ALPN protocols to present TLS clients (for instance, [“h2”, “http/1.1”]).
+        - `default_self_signed`: bool (false) - If true, serve a self-signed certificate if no certificate exists.
+        - `versions`: [string, string] ([]) : TLS versions to allow (for instance, [“TLSv1.2”, “TLSv1.3”]).
+      + `proxy_proto_options`: Configure the version of the PROXY protocol that your app accepts. Version 1 is the default.
+        - `version`: A string to indicate that the TCP connection uses PROXY protocol version 2. The default when not set is version 1.
+  - `autostart`: bool (false) - If true, Fly Proxy starts Machines when requests for this service arrive.
+  - `autostop`: string or bool (`off`) - One of `off` (or false), `stop` (or true), `suspend`. If `stop`, Fly Proxy stops Machines when this service goes idle. If `suspend`, Fly Proxy instead suspends Machines if possible and stops them if not.
+  - `min_machines_running`: int (nil) - When `autostart` is true, the minimum number of Machines to keep running at all times in the primary region.
+
+---
+
+**`size`:** A [named size](/docs/about/pricing/#running-fly-machines) for the VM, e.g. `performance-2x` or `shared-cpu-2x`. Note: `guest` and `size` are mutually exclusive.
+
+---
+
+**`standbys`:** Standbys enable a Machine to be a standby for another. In the event of a hardware failure, the standby Machine will be started. Only for Machines without `services`. Array of strings representing the Machine IDs of Machines watch (act as standby for).
+
+---
+
+**`statics`:** Optionally serve static files.
+  - `guest_path`: string - Required. The path inside the Machines or object storage bucket where the files to serve are located.
+  - `url_prefix`: string - Required. The URL prefix under which to serve the static files.
+  - `tigris_bucket`: string - The Tigris bucket where the files to serve are located.
+  - `index_document`: string - The name of the index document, served when a request is made to the root or any of its subfolders. Only works for statics hosted on Tigris
+  
+---
+
+**`stop_config`:** MachineStopConfig (nil) - Configure graceful shutdown of the Machine.
+  - `signal`: string (nil) - The name of the signal to send to the entrypoint process on the Machine to initiate shutdown.
+  - `timeout`: int (nil) - How long in nanoseconds to wait, after signaling the entrypoint process, before hard-shutdown of the Machine.
+
+## Related topics
+
+- [Working with the Machines API](/docs/machines/api/working-with-machines-api/)
+- [Apps resource](/docs/machines/api/apps-resource/) reference
+- [Tokens resource](/docs/machines/api/tokens-resource) reference
+- [Volumes resource](/docs/machines/api/volumes-resource/) reference
diff --git a/machines/api/tokens-resource.html.markerb b/machines/api/tokens-resource.html.markerb
new file mode 100644
index 0000000000..d61df1064d
--- /dev/null
+++ b/machines/api/tokens-resource.html.markerb
@@ -0,0 +1,68 @@
+---
+title: Tokens
+layout: docs
+nav: machines_toc
+toc: false
+---
+
+You can use the Tokens resource to request an OpenID Connect (OIDC) token from a 3rd-party service. Learn more about [using OpenID Connect](/docs/reference/openid-connect/) on Fly.io.
+   
+<div class="endpoints api-card">
+  <div class="api-card-header">
+    Endpoints
+  </div>
+  <div class="highlight">
+    <a class="endpoint">
+      <span class="post-badge">post</span>
+      <span>/v1/tokens/oidc</span>
+    </a>
+  </div>
+</div>
+
+## Request an OIDC token
+
+Request an Open ID Connect token for your Machine. Customize the audience claim with the `aud` parameter. This returns a JWT token.
+
+<div class="api-section" data-exclude-render>
+  <div>
+     <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OIDC token'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/tokens/oidc')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/tokens/oidc" \\
+  -d '{
+      "aud": "https://fly.io/my-org-slug",
+    }'
+      <% end %>
+      <% component.with_json do %>
+        {
+          "aud": ""
+        }
+      <% end %>
+      <% component.with_json_table do %>
+        | Property   | Type    | Required | Description                |
+        |-------------|---------|----------|----------------------------|
+        | `aud`  | string  | no      | The audience claim for the token (the recipient of this access token). |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK - Example response', language: 'json')) do %>
+    <raw oidc token>
+    <% end %>
+  </div>
+</div>
+
+## Related topics
+
+- [Working with the Machines API](/docs/machines/api/working-with-machines-api/)
+- [Apps resource](/docs/machines/api/apps-resource/) reference
+- [Machines resource](/docs/machines/api/machines-resource/) reference
+- [Tokens resource](/docs/machines/api/tokens-resource) reference
+- [Volumes resource](/docs/machines/api/volumes-resource/) reference
diff --git a/machines/api/volumes-resource.html.markerb b/machines/api/volumes-resource.html.markerb
new file mode 100644
index 0000000000..4560457578
--- /dev/null
+++ b/machines/api/volumes-resource.html.markerb
@@ -0,0 +1,806 @@
+---
+title: Volumes
+layout: docs
+nav: machines_toc
+toc: false
+redirect_from: /docs/machines/api-volumes-resource/
+---
+
+You can use the Volumes resource to create and delete volumes. A Fly Volume is persistent storage for a Fly Machine. Learn more about [volumes](/docs/volumes/).
+
+<div class="endpoints api-card">
+  <div class="api-card-header">
+    Endpoints
+  </div>
+  <div class="highlight">
+    <a class="endpoint" href="#list-all-the-volumes-in-an-app">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/volumes</span>
+    </a>
+    <a class="endpoint" href="#create-a-volume">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/volumes</span>
+    </a>
+    <a class="endpoint" href="#get-a-specific-volume">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}</span>
+    </a>
+    <a class="endpoint" href="#update-a-volume">
+      <span class="put-badge">put</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}</span>
+    </a>
+    <a class="endpoint" href="#delete-a-volume-permanently">
+      <span class="delete-badge">delete</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}</span>
+    </a>
+    <a class="endpoint" href="#extend-a-volume">
+      <span class="put-badge">put</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}/extend</span>
+    </a>
+    <a class="endpoint" href="#get-a-list-of-snapshots-for-a-volume">
+      <span class="get-badge">get</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}/snapshots</span>
+    </a>
+    <a class="endpoint" href="#create-an-on-demand-volume-snapshot-beta">
+      <span class="post-badge">post</span>
+      <span>/v1/apps/{app\_name}/volumes/{volume\_id}/snapshots</span>
+    </a>
+  </div>
+</div>
+
+## Volume properties
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `auto_backup_enabled` | bool | Enable automatic daily snapshots. Default true. |
+| `attached_alloc_id` | string | n/a |
+| `attached_machine_id` | string | The ID of the Machine that’s attached to the volume. |
+| `block_size` | int | The size of each memory block in bytes. |
+| `blocks` | int | The total number of blocks in the volume. |
+| `blocks _avail` | int | The number of blocks available for data in the volume. |
+| `blocks_free` | int | The total number of blocks free for data and root user ops. |
+| `created_at` | string | The date and time the volume was created. |
+| `encrypted` | boolean | Whether the volume is encrypted. Default true. |
+| `fstype` | string | The file system type. |
+| `id` | string | The volume ID. |
+| `name` | string | The volume name. |
+| `region` | string | The region where the volume resides, or the target region for volume create. |
+| `size_gb` | int | The size of the volume in GB. |
+| `snapshot_retention` | int | The number of days to retain snapshots. Defaults to 5 when not set. Min 1, max 60. |
+| `state` | string | The state of the volume. |
+| `zone` | string | The hardware zone on which the volume resides. |
+
+## List all the volumes in an app
+
+Given the name of a Fly App, get a list of all the volumes that belong to it.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to list volumes for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/volumes')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes" 
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+[
+    {
+        "id": "vol_9vw681egy1jj5xm4",
+        "name": "disk",
+        "state": "created",
+        "size_gb": 3,
+        "region": "yul",
+        "zone": "09cd",
+        "encrypted": true,
+        "attached_machine_id": "908057ef21e487",
+        "attached_alloc_id": null,
+        "created_at": "2023-09-01T19:47:14.774Z",
+        "blocks": 768250,
+        "block_size": 4096,
+        "blocks_free": 768244,
+        "blocks_avail": 730163,
+        "fstype": "ext4",
+        "snapshot_retention": 5,
+        "auto_backup_enabled": true,
+        "host_dedication_key": ""
+    },
+    {
+        "id": "vol_q4qeekqzxze29dw4",
+        "name": "disk",
+        "state": "created",
+        "size_gb": 3,
+        "region": "iad",
+        "zone": "a4df",
+        "encrypted": true,
+        "attached_machine_id": null,
+        "attached_alloc_id": null,
+        "created_at": "2024-01-02T21:16:38.996Z",
+        "blocks": 751366,
+        "block_size": 4096,
+        "blocks_free": 751360,
+        "blocks_avail": 708148,
+        "fstype": "ext4",
+        "snapshot_retention": 5,
+        "auto_backup_enabled": true,
+        "host_dedication_key": ""
+    }
+]
+    <% end %>
+  </div>
+</div>
+
+## Create a volume
+
+Create a volume for a specific app according to the configuration provided in the request body.
+
+<div class="api-section" data-exclude-render>
+  <div data-exclude-render>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a volume for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div data-exclude-render>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/volumes')) do |component| %>
+      <% component.with_curl do %>
+      curl -i -X POST \\
+      -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+      "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes" \\
+      -d '{
+      "name": "my_app_vol",
+      "region": "ord",
+      "size_gb": 10
+    }'
+      <% end %>
+      <% component.with_json do %>
+        {
+        "compute": {
+            "cpu_kind": "string",
+            "cpus": 0,
+            "gpu_kind": "string",
+            "gpus": 0,
+            "host_dedication_id": "string",
+            "kernel_args": [
+            "string"
+            ],
+            "memory_mb": 0
+        },
+        "encrypted": true,
+        "fstype": "string",
+        "machines_only": true,
+        "name": "string",
+        "region": "string",
+        "require_unique_zone": true,
+        "size_gb": 0,
+        "snapshot_id": "string",
+        "snapshot_retention": 0,
+        "source_volume_id": "string"
+        }
+      <% end %>
+      <% component.with_json_table do %>
+        | Property | Type | Required | Description |
+        | --- | --- | --- | --- |
+        | `auto_backup_enabled` | bool | no | Enable automatic daily snapshots. Default true. |
+        | `compute` | object | no | An optional object defining the compute specifications for the expected Machine size and type that the volume will attach to. |
+        | `encrypted` | boolean | no | Whether to encrypt the volume. Default true. |
+        | `name` | string | yes | The name for the new volume. |
+        | `region` | string | no | The region where the volume will be created. Defaults to the Machine's region if attached. If not attached, defaults to the app's primary region. |
+        | `size_gb` | int | no | The size of the volume in GB. Default 3. |
+        | `snapshot_id` | string | no | The ID of the volume snapshot to use to create the new volume. |
+        | `source_volume_id` | string | no | The ID of the source volume for the volume fork. |
+        | `require_unique_zone` | boolean | no | If true, we will provision this volume on hardware that doesn't have another volume with the same name on it. The typical pattern is to create as many volumes as you need, all with the same name and `require_unique_zone: true`. This will keep your app available in case a host goes down. This flag can also cause volume creation to fail, in case we have used up all unique zones, in which case you probably want to set it to false. Default true. |
+        | `snapshot_retention` | int | no | The number of days to retain snapshots. Defaults to 5 when not set. Min 1, max 60. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "id": "vol_340088w293z35lp4",
+    "name": "new_1028_vol",
+    "state": "created",
+    "size_gb": 10,
+    "region": "ord",
+    "zone": "84d3",
+    "encrypted": true,
+    "attached_machine_id": null,
+    "attached_alloc_id": null,
+    "created_at": "2023-11-27T21:47:06.837Z",
+    "blocks": 0,
+    "block_size": 0,
+    "blocks_free": 0,
+    "blocks_avail": 0,
+    "fstype": "",
+    "snapshot_retention": 5,
+    "auto_backup_enabled": true,
+    "host_dedication_key": ""
+}
+    <% end %>
+  </div>
+</div>
+
+## Get a specific volume
+
+Retrieve details about a specific volume by its ID within an app.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the volume belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to get.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/volumes/{volume_id}')) do |component| %>
+      <% component.with_curl do %>
+        curl -i -X GET \\
+         -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+         "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r" 
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+    {
+    "id": "vvol_6r7ye90k98ynwk1r",
+    "name": "disk",
+    "state": "created",
+    "size_gb": 3,
+    "region": "yul",
+    "zone": "09cd",
+    "encrypted": true,
+    "attached_machine_id": "6e8297dc244287",
+    "attached_alloc_id": null,
+    "created_at": "2023-09-01T19:47:14.774Z",
+    "blocks": 768250,
+    "block_size": 4096,
+    "blocks_free": 768244,
+    "blocks_avail": 730163,
+    "fstype": "ext4",
+    "snapshot_retention": 5,
+    "auto_backup_enabled": true,
+    "host_dedication_key": ""
+}
+    <% end %>
+  </div>
+</div>
+
+## Update a volume
+
+Update paratemeters on the volume.
+
+<div class="api-section" data-exclude-render>
+  <div data-exclude-render>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a volume for.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to get.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div data-exclude-render>
+    <%= render(CodeToggleComponent.new(badge: 'PUT', title: '/v1/apps/{app_name}/volumes/{volume_id}')) do |component| %>
+      <% component.with_curl do %>
+      curl -i -X PUT \\
+      -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+      "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r" \\
+      -d '{
+      "snapshot_retention": 10
+    }'
+      <% end %>
+      <% component.with_json do %>
+        {
+        "compute": {
+            "cpu_kind": "string",
+            "cpus": 0,
+            "gpu_kind": "string",
+            "gpus": 0,
+            "host_dedication_id": "string",
+            "kernel_args": [
+            "string"
+            ],
+            "memory_mb": 0
+        },
+        "encrypted": true,
+        "fstype": "string",
+        "machines_only": true,
+        "name": "string",
+        "region": "string",
+        "require_unique_zone": true,
+        "size_gb": 0,
+        "snapshot_id": "string",
+        "snapshot_retention": 10,
+        "source_volume_id": "string"
+        }
+      <% end %>
+      <% component.with_json_table do %>
+        | Property | Type | Required | Description |
+        | --- | --- | --- | --- |
+        | `auto_backup_enabled` | bool | no | Enable automatic daily snapshots. Default true. |
+        | `snapshot_retention` | int | no | The number of days to retain snapshots. Defaults to 5 when not set. Min 1, max 60. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "id": "vol_340088w293z35lp4",
+    "name": "new_1028_vol",
+    "state": "created",
+    "size_gb": 10,
+    "region": "ord",
+    "zone": "84d3",
+    "encrypted": true,
+    "attached_machine_id": null,
+    "attached_alloc_id": null,
+    "created_at": "2023-11-27T21:47:06.837Z",
+    "blocks": 0,
+    "block_size": 0,
+    "blocks_free": 0,
+    "blocks_avail": 0,
+    "fstype": "",
+    "snapshot_retention": 10,
+    "auto_backup_enabled": true,
+    "host_dedication_key": ""
+}
+    <% end %>
+  </div>
+</div>
+
+## Delete a volume permanently
+
+Delete a volume. This action cannot be undone.
+
+Given the name of a Fly App and the volume ID of a Fly volume, delete the volume.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the volume belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to permanently delete.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'DELETE', title: '/v1/apps/{app_name}/volumes/{volume_id}')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X DELETE \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r" 
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "id": "vol_grnejj355dqdj9kr",
+    "name": "new_1028_vol",
+    "state": "destroyed",
+    "size_gb": 3,
+    "region": "yyz",
+    "zone": "aeee",
+    "encrypted": true,
+    "attached_machine_id": null,
+    "attached_alloc_id": null,
+    "created_at": "2023-12-07T21:35:57.42Z",
+    "blocks": 0,
+    "block_size": 0,
+    "blocks_free": 0,
+    "blocks_avail": 0,
+    "fstype": "",
+    "snapshot_retention": 0,
+    "auto_backup_enabled": true,
+    "host_dedication_key": ""
+}
+    <% end %>
+  </div>
+</div>
+
+## Extend a volume
+
+Given the name of a Fly App and a volume ID, you can make a volume bigger by extending it. You can extend (increase) a volume’s size, but you can’t make a volume smaller.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App the volume belongs to.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to extend.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div>
+    <%= render(CodeToggleComponent.new(badge: 'PUT', title: '/v1/apps/{app_name}/volumes/{volume_id}/extend')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X PUT \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r/extend" \\
+    -d '{
+    "size_gb": 10,
+}'
+      <% end %>
+      <% component.with_json do %>
+{
+  "size_gb": 0
+}
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | size_gb | integer | yes | The size in GB to make the volume. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "volume": {
+        "id": "vol_9vw681egy1jj5xm4",
+        "name": "disk",
+        "state": "created",
+        "size_gb": 10,
+        "region": "yul",
+        "zone": "09cd",
+        "encrypted": true,
+        "attached_machine_id": "6e8297dc244287",
+        "attached_alloc_id": null,
+        "created_at": "2023-09-01T19:47:14.774Z",
+        "blocks": 0,
+        "block_size": 0,
+        "blocks_free": 0,
+        "blocks_avail": 0,
+        "fstype": "",
+        "snapshot_retention": 5,
+        "auto_backup_enabled": true,
+        "host_dedication_key": ""
+    },
+    "needs_restart": false
+}
+    <% end %>
+  </div>
+</div>
+
+If `needs_restart`  is true, then your Machine needs to be restarted to make use of the added space.
+
+## Get a list of snapshots for a volume
+
+Given the name of a Fly app and a volume ID, list the available snapshots for that volume.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to list snapshots for.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to list snapshots for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'GET', title: '/v1/apps/{app_name}/volumes/{volume_id}/snapshots')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r/snapshots" \\
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+[
+    {
+        "id": "vs_4LNvXLLK0P6tk6KgqoexaBw",
+        "size": 36007729,
+        "digest": "76d64a69199766d1600d46f0fd48ad9c-1",
+        "created_at": "2023-12-02T20:59:35+00:00",
+        "retention_days": 5
+    },
+    {
+        "id": "vs_3NlZ9NNmpvoSPqG6DO8BkDy",
+        "size": 36007729,
+        "digest": "e06b15e5467de62c5d505fa57923db93-1",
+        "created_at": "2023-12-03T21:00:35+00:00",
+        "retention_days": 5
+    },
+    {
+        "id": "vs_Ql8xbllZOYDSDgo2D7NYGj",
+        "size": 36007729,
+        "digest": "c37d2a590a351fa561fdb1ffd2f53d62-1",
+        "created_at": "2023-12-04T21:01:35+00:00",
+        "retention_days": 5
+    },
+    {
+        "id": "vs_x4AxX44lmpbcpap7vwX5x8e",
+        "size": 36007729,
+        "digest": "91fac554e5261d8f4eb6f7b69e88c8f9-1",
+        "created_at": "2023-12-05T21:01:55+00:00",
+        "retention_days": 5
+    },
+    {
+        "id": "vs_DkV2wkk7av1c9Kmlv79PL4o",
+        "size": 36007729,
+        "digest": "d78b5ff73a87b2bdfecb4a87c89c312b-1",
+        "created_at": "2023-12-06T21:02:55+00:00",
+        "retention_days": 5
+    },
+    {
+        "id": "vs_K8z1w88ZBOys22zqKGZ36R",
+        "size": 36007729,
+        "digest": "95dfe85046c67834566ccff2a29b18ec-1",
+        "created_at": "2023-12-07T21:03:25+00:00",
+        "retention_days": 10
+    }
+]
+    <% end %>
+  </div>
+</div>
+
+## Create a volume from a snapshot
+
+Create a new volume from a snapshot backup.
+
+<div class="api-section" data-exclude-render>
+  <div data-exclude-render>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a volume for.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div data-exclude-render>
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/volumes')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes" \\
+  -d '{
+  "name": "my-app-vol",
+  "region": "yyz",
+  "size_gb": 3,
+  "snapshot_id": "vs_evl65mZQ937tQ16xGGDX8BN",
+}'
+      <% end %>
+      <% component.with_json do %>
+        {
+        "name": "string",
+        "region": "string",
+        "size_gb": 0,
+        "snapshot_id": "string",
+        }
+      <% end %>
+      <% component.with_json_table do %>
+        | Property | Type | Required | Description |
+        | --- | --- | --- | --- |
+        | `name` | string | yes | The name for the new volume. |
+        | `region` | string | yes | The target region. Must be in the same region as the Machine you want to attach it to. |
+        | `size_gb` | int | no | The size of the volume in GB. Default 3. |
+        | `snapshot_id` | string | no | The ID of the volume snapshot to use to create the new volume. |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "id": "vol_6vj0ggxl7zjkm2zr",
+    "name": "new_1028_vol",
+    "state": "restoring",
+    "size_gb": 3,
+    "region": "yyz",
+    "zone": "75ec",
+    "encrypted": true,
+    "attached_machine_id": null,
+    "attached_alloc_id": null,
+    "created_at": "2024-02-23T00:41:02.411Z",
+    "blocks": 0,
+    "block_size": 0,
+    "blocks_free": 0,
+    "blocks_avail": 0,
+    "fstype": "",
+    "snapshot_retention": 5,
+    "auto_backup_enabled": true,
+    "host_dedication_key": ""
+}
+    <% end %>
+  </div>
+</div>
+
+If you wait a moment and then get the new volume, the state should be `“created”`.
+
+## Create an on-demand volume snapshot (beta)
+
+Create an on-demand volume snapshot.
+
+<div class="api-section" data-exclude-render>
+  <div>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Path parameters',
+      name: 'app_name',
+      type: 'string',
+      required: true,
+      description: 'The name of the Fly App to create a snapshot for.'
+    ) %>
+    <% api_info.add_info(
+      name: 'volume_id',
+      type: 'string',
+      required: true,
+      description: 'The ID of the volume to create a snapshot of.'
+    ) %>
+    <%= render(api_info) %>
+    <% api_info = ApiInfoComponent.new(
+      heading: 'Responses',
+      name: '200',
+      description: 'OK'
+    ) %>
+    <%= render(api_info) %>
+  </div>
+  <div> 
+    <%= render(CodeToggleComponent.new(badge: 'POST', title: '/v1/apps/{app_name}/volumes/{volume_id}/snapshots')) do |component| %>
+      <% component.with_curl do %>
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/volumes/vol_6r7ye90k98ynwk1r/snapshots"
+      <% end %>
+      <% component.with_json do %>
+      no body
+      <% end %>
+      <% component.with_json_table do %>
+      | Property | Type | Required | Description |
+      | --- | --- | --- | --- |
+      | no body |  |  |  |
+      <% end %>
+    <% end %>
+    <%= render(CodeSampleComponent.new(title: 'Status: 200 OK – Example response', language: 'json')) do %>
+{
+    "Msg": {
+        "backup": {
+            "id": "85999",
+            "app_id": "1700318",
+            "volume_id": "9151365284627104",
+            "state": "prepare",
+            "type": "BACKUP_TYPE_ON_DEMAND",
+            "message": "",
+            "created_at": "2024-02-16T19:30:43.914350121Z",
+            "updated_at": "2024-02-16T19:30:43.914350121Z",
+            "finished_at": null,
+            "graph_id": "vs_gwMAXwwLjOVuo7jL96v2kGXU2"
+        }
+    }
+}
+    <% end %>
+  </div>
+</div>
+
+Wait a few moments for the snapshot to get created and then [get the list of snapshots](#get-a-list-of-snapshots-for-a-volume) to confirm.
+
+## Related topics
+
+- [Working with the Machines API](/docs/machines/api/working-with-machines-api/)
+- [Apps resource](/docs/machines/api/apps-resource/) reference
+- [Machines resource](/docs/machines/api/machines-resource/) reference
+- [Tokens resource](/docs/machines/api/tokens-resource) reference
diff --git a/machines/api/working-with-machines-api.html.markerb b/machines/api/working-with-machines-api.html.markerb
new file mode 100644
index 0000000000..3d5abcd12a
--- /dev/null
+++ b/machines/api/working-with-machines-api.html.markerb
@@ -0,0 +1,84 @@
+---
+title: Working with the Machines API
+objective: Get started with the Fly Machines API.
+layout: docs
+nav: machines
+order: 1
+---
+
+The Fly Machines API provides resources to create, destroy, and manage Fly Apps, Fly Machines, and Fly Volumes. Refer to the following reference docs for the usage of each:
+
+**[Apps resource](/docs/machines/api/apps-resource/)** - Every Fly Machine belongs to a [Fly App](/docs/apps/overview/).
+
+**[Machines resource](/docs/machines/api/machines-resource/)** - Fly Machines are our fast-launching VMs.
+
+**[Tokens resource](/docs/machines/api/tokens-resource)** - Support for OpenID Connect tokens.
+
+**[Volumes resource](/docs/machines/api/volumes-resource/)** - [Fly Volumes](/docs/volumes/) are persistent storage for Machines.
+
+## Connecting to the API
+
+### API addresses
+
+There are two base URLs available to connect to the Machines API service.
+
+**Internal base URL:** `http://_api.internal:4280`
+
+**Public base URL:** `https://api.machines.dev`
+
+From within your Fly.io [private WireGuard network](/docs/networking/private-networking/), you can connect to the API directly using the internal endpoint. From outside the Fly.io WireGuard mesh, use the public endpoint; this proxies your request to the API.
+
+### Authentication
+
+All requests must include an API token in the HTTP headers as follows:
+
+```
+Authorization: Bearer <fly_api_token>
+```
+
+Replace `<fly_api_token>` with a Fly.io authentication token.
+
+## Environment setup
+
+The examples in the Machines API reference docs assume that you have two environment variables set: `FLY_API_TOKEN`, the authorization token to use with the API call; and `FLY_API_HOSTNAME`, the API base URL.
+
+For local development, you might set them as follows, assuming you have flyctl installed and have authenticated to Fly.io:
+
+```bash
+$ export FLY_API_HOSTNAME="https://api.machines.dev/" # set to http://_api.internal:4280 when using WireGuard
+$ export FLY_API_TOKEN=$(fly tokens deploy)
+```
+
+The `fly tokens deploy` command creates a token capable of managing the application in your current directory. See `fly tokens create --help` for information on other types of tokens you can generate.
+
+To set an access token as an environment variable on Fly Machines, use a [secret](/docs/apps/secrets/); for example:
+
+```cmd
+fly secrets set FLY_API_TOKEN="$(fly tokens deploy)"
+```
+
+## Response Codes
+
+The Machines API uses conventional HTTP status codes to provide more information about the response.
+
+Typically, 2xx HTTP status codes denote successful operations, 4xx codes imply failures related to the user, and 5xx codes suggest problems with the infrastructure.
+
+| Status | Description |
+| --- | --- |
+| 200 | Successful request. |
+| 201 | Created successfully. |
+| 202 | Accepted (success). |
+| 204 | Successful request. No content. |
+| 400 | Bad request. Check that the parameters were correct. |
+| 401 | The API key used was missing or invalid. |
+| 404 | The resource was not found. |
+| 408 | Request timed out. |
+| 5xx | Indicates an error with Fly.io API servers. |
+
+## Rate Limits
+
+Machines API rate limits apply _per-action_, _per-machine_ and are scoped per identifier. That might be Machine ID or App ID, depending on the type of request. The limit is 1 request, per second, per action (i.e. Create Machine, Start Machine etc.) — with a short-term burst limit up to 3 req/s, per action.
+
+This applies to all actions except [Get Machine](/docs/machines/api/machines-resource/#get-a-machine) which is 5 req/s, with a short-term burst limit up to 10 req/s.
+
+Additionally, app deletions are limited to 100 per minute.
diff --git a/machines/cpu-performance.html.md b/machines/cpu-performance.html.md
new file mode 100644
index 0000000000..834e14c9e2
--- /dev/null
+++ b/machines/cpu-performance.html.md
@@ -0,0 +1,37 @@
+---
+title: CPU Performance
+layout: docs
+nav: machines
+---
+
+We offer two kinds of virtual CPUs for Machines: `shared` and `performance`. Both run on the same physical hardware, have the same clock speed, etc... The difference is how much time they are allowed to spend running your applications.
+
+
+| CPU Type      | Period<sup>1</sup> | Baseline Quota<sup>1</sup> | Initial Burst Balance<sup>1</sup> | Max Burst Balance<sup>1</sup> |
+|---------------|--------------------|----------------------------|-----------------------------------|-------------------------------|
+| `shared`      | 80ms               | 5ms (6.25%)                | 5s                                | 500s                          |
+| `performance` | 80ms               | 80ms (100%)                | -                                 | -                             |
+
+We enforce limits through the [Linux scheduler's CPU bandwidth control](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.rst) by adjusting the `cpu.cfs_quota_us` setting on each machine cgroup. For each 80ms period of time, we set a quota of 5ms for each `shared` vCPU, or the full 80ms period for each `performance` vCPU. If your machine cgroup's CPU usage reaches its quota, its tasks will be 'throttled' (not scheduled to run again) for the remainder of the 80ms period.
+
+Quotas are shared between a Machine's vCPUs. For example, a `shared-cpu-2x` Machine is allowed to run for 10ms per 80ms period, regardless of which vCPU is using that time.
+
+<sup>1</sup> We might change these specific numbers over time.
+
+## Bursting
+
+APIs and human-facing web applications are sensitive to latency and a 75ms pause in program execution is often unacceptable. These same types of applications often work hard in small bursts and remain idle much of the time. To improve the performance of `shared` vCPUs for these applications, we allow a balance of unused CPU time to be accrued. The application is then allowed to spend its balance in bursts. When bursting, the vCPU is allowed to run at up to 100%. When the balance is depleted, the vCPU is limited to running at its baseline quota.
+
+Because the burst balance is only used for utilization above the baseline quota, the amount of time a machine can _actually_ run at 100% will be longer than the accumulated balance. For example, a `shared` CPU with a burst balance of 500 seconds can burst for `500/(1-.0625)` = 533 seconds. This adjustment is already applied to the burst balance displayed in the dashboard panel.
+
+## Monitoring
+
+We publish a number of [Instance Load and CPU](/docs/monitoring/metrics/#instance-load-and-cpu) platform metrics you can use to monitor quota and throttling behavior of your Machines. The easiest way to visualize these metrics is on the [CPU Quota Balance and Throttling](https://fly-metrics.net/d/fly-instance/fly-instance?viewPanel=69) panel, on the [Fly Instance](https://fly-metrics.net/d/fly-instance/fly-instance) dashboard in [Managed Grafana](/docs/monitoring/metrics/#managed-grafana):
+
+![chart showing CPU utilization, steal, baseline, and throttling](/docs/images/cpu-quota.webp)
+
+On the dashboard, utilization (0-100%) is displayed as a per-vCPU average, divided by the total number of vCPUs in the instance. (There is also a Per-CPU Utilization panel for a detailed breakdown of utilization across each individual vCPU, but because quotas are shared between a Machine's vCPUs only the average matters to the enforced limits.)
+
+Here, we can see a Machine whose `utilization` was running well below its `baseline` quota of 65%, and had accumulated a 50-second burst `balance`. Then, during a burst of activity, CPU utilization exceeded the baseline quota, causing the balance to drain. When the balance reached 0, the Machine was briefly `throttle`d. When CPU utilization went down, throttling ended and the balance accumulated again.
+
+A related and somewhat misleading metric is CPU steal. You can see this under the `mode=steal` label in the `fly_instance_cpu` metric. Steal is the amount of time your vCPUs are waiting to run, but the scheduler isn't allowing them to. This can happen when your Machine exceeds its quota and is throttled, but it can also be a sign that other Machines on the same host are competing for resources. In our dashboard panels, we visualize `steal` separately from other CPU utilization since it doesn't consume any CPU quota. We publish a separate `fly_instance_cpu_throttle` metric that only includes time your vCPUs were throttled for exceeding quota.
diff --git a/machines/flyctl/fly-machine-run.html.md b/machines/flyctl/fly-machine-run.html.md
new file mode 100644
index 0000000000..4d9424dc8e
--- /dev/null
+++ b/machines/flyctl/fly-machine-run.html.md
@@ -0,0 +1,445 @@
+---
+title: Run a new Machine
+objective: Run a new Fly Machine with flyctl
+layout: docs
+nav: machines
+redirect_from: /docs/machines/run/
+---
+
+<figure>
+  <img src="http://github.com/static/images/moto-jump.png" alt="Illustration by Annie Ruygt of a phoenix jumping with a motor bike" class="max-w-lg">
+</figure>
+
+The [`fly machine run`](/docs/flyctl/machine-run/) command is a tool to configure, build, and start a new Machine in one line.
+
+Many, but not all, [Machine configuration](/docs/machines/api-machines-resource/#machine-config-object-properties) options are available to the `fly machine run` command through flags. The available flags are listed in the flyctl help and on the [`fly machine run` reference page](/docs/flyctl/machine-run/).
+
+Use `fly machine run` when you want use more than one Docker image in an app, or to run a one-off or temporary Machine.
+
+<div class="note">
+To create a Machine, but not start it, use [`fly machine create`](/docs/flyctl/machine-create/).
+
+To make changes to a Machine once it's created or run, use [`fly machine update`](/docs/flyctl/machine-update/).
+
+To create and run a new Machine with the same configuration as an existing Machine, use [`fly machine clone`](/docs/flyctl/machine-clone/).
+
+To add a new Machine to an app managed by `fly deploy`, see [the scaling doc for Fly Launch apps](/docs/apps/scale-count/). By default, `fly machine run` creates Machines that are ignored by Fly Launch features like `fly deploy`, `fly status`, and `fly scale`.
+</div>
+
+## What it does
+
+Here's what `fly machine run` does for you:
+* Checks with the platform for the org and app you've specified, if any, and if needed, guides you through naming a new app.
+* Creates a Fly App, if applicable.
+* Gets, or builds, a Docker image to make the Machine from, and pushes it to the Fly.io registry if applicable.
+* Creates the Machine with some default config, plus config you pass to it with flags.
+* Starts the Machine.
+* By default, waits for the Machine to start, and for any configured health checks to pass, before declaring success (or failure).
+
+## Usage
+
+Here's the usage of `fly machine run`:
+
+```cmd
+fly machine run <image> [command] [flags]
+```
+
+Here, `<image>` can point to a prebuilt image, or to the current directory (`.`) to build from a Dockerfile.
+
+
+## Administration: set the Machine's app and org
+
+The default behavior of `fly machine run` is to create a new Fly App for the new Machine to belong to, unless it's given the name of an existing app in one of two ways:
+
+1. Like many flyctl commands, `fly machine run` will pull an app name from a `fly.toml` file if one is present in the working directory. It disregards the rest of the configuration in the file.
+2. If you pass it an app name with `--app <app-name>`, flyctl prefers that name over any name it gets from a `fly.toml`.
+
+If the app name doesn't belong to an existing app in one of your orgs, flyctl asks if you want to create it.
+
+ It may be worth creating a `fly.toml` file with just the app name in it, to save using the `--app` option repeatedly. For example:
+
+```toml
+# a fly.toml just to provide an app name to commands
+# run from the same directory
+
+app = my-app-name
+```
+
+Use `--org <org-name>` to specify which organization a newly created app should belong to. The `--org` flag is ignored when creating the new Machine in an existing app.
+
+## Name the Machine
+
+Machines have a human-friendly `name` [property](/docs/machines/api-machines-resource/#machine-properties), like `ancient-glitter-2128`, that shows up alongside the `id` in the output of the `fly machine list` command and in the web dashboard.
+
+You can give the Machine a custom name with the `--name` flag:
+
+```cmd
+fly machine run . --name my-special-Machine
+```
+
+## Choose a geographical region
+
+Tell the Fly.io platform which [region](/docs/reference/regions/) to create the Machine in with the `--region` flag; if for some reason it can't start a new Machine in that region, you'll get an error. If the `--region` flag is omitted, the platform chooses the region that's fastest to reach from your location.
+
+This sets the `region` [property](/docs/machines/api-machines-resource/#machine-properties) of the Machine.
+
+## Get or build the Docker image
+
+All Fly Machines are made from Docker images.
+
+Once the Machine is created, you can see this image reflected in its [`image_ref`](/docs/machines/api-machines-resource/#machine-properties) and [`config.image`](/docs/machines/api-machines-resource/#machine-config-object-properties) properties.
+
+With `fly machine run`, there are two options: point to a prebuilt image, or point to a Dockerfile, which flyctl will use to build an image.
+
+### Build from a Dockerfile
+
+To build the image from a Dockerfile named `Dockerfile`, indicate the current working directory using the `<image>` argument.
+
+```cmd
+fly machine run .
+```
+
+Use the `--dockerfile` option to specify a Dockerfile with a different name. For example:
+
+```cmd
+fly machine run . --dockerfile Dockerfile-dev
+```
+
+Any source files the Dockerfile uses should be present in the working directory. Once built, the image is pushed to the Fly.io Docker registry where your organization's remote builders can access it.
+
+### Use an existing image
+
+For example:
+
+```cmd
+fly machine run ghcr.io/livebook-dev/livebook:0.11.4
+```
+
+## Get a shell on a temporary Machine
+
+The following command creates a temporary Machine using the Dockerfile in the working directory, and logs you into an interactive shell on it:
+
+```cmd
+fly machine run . --shell
+```
+
+If you don't specify an app, a temporary app is created for the Machine. When you log out of the shell, the Machine, and if applicable, the temporary app, is deleted.
+
+The default shell is Bash. The `--command` flag allows you to specify a different shell if Bash isn't present in the Machine's Docker image. Log in as a non-`root` user using the `--user` flag.
+
+If you just want a shell on a temporary Ubuntu Machine that's in your org's private network, omit the `<image>` argument:
+
+```cmd
+fly machine run --shell
+```
+
+## Run with a custom ENTRYPOINT or CMD
+
+You can have the Fly.io `init` override the ENTRYPOINT and CMD (if any) of the Machine's Docker image.
+
+### Custom CMD
+
+Override CMD by including the command to run at the end of the `fly machine run` invocation. This sets the [`config.init.cmd`](/docs/machines/api-machines-resource/#machine-config-object-properties) property on the Machine.
+
+This example simply spins up a Debian Linux Machine with a `sleep` task to keep it awake; you can shell into it or whatever:
+
+```cmd
+fly machine run debian sleep inf
+```
+
+### Custom ENTRYPOINT
+
+Override ENTRYPOINT with the `--entrypoint` option. This sets the [`config.init.entrypoint`](/docs/machines/api-machines-resource/#machine-config-object-properties) property on the Machine.
+
+In this example we use the [`--file-local` option](/docs/machines/flyctl/fly-machine-run#copy-a-local-file-into-the-machine-file-system) to send an entrypoint script to the Machine and `--entrypoint` to run the script before continuing to the custom CMD `sleep inf`:
+
+```cmd
+fly machine run debian --file-local /entrypoint.sh=./entrypoint.sh \
+                       --entrypoint "/entrypoint.sh" \
+                       sleep inf
+```
+
+Here's a trivial `entrypoint.sh` you can use to test the above example:
+
+```bash
+#! /bin/bash
+
+echo "Hello from my Fly Machine"
+
+exec "$@"
+```
+
+The line "Hello from my Fly Machine" should appear in the app's logs.
+
+## Set Machine resources
+
+Include one or more of the following options to use non-default specifications for the Machine to be run:
+
+```
+--vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
+--vm-cpus int                 Number of vCPUs
+--vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb)
+--vm-memory string            Memory (in megabytes) to attribute to the VM
+--vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
+```
+
+These flags set [`config.guest`](/docs/machines/api-machines-resource/#machine-config-object-properties) properties.
+
+## Set environment variables
+
+Specify environment variables to be available on the Machine with the `--env` flag, using NAME=VALUE pairs.
+
+This flag sets the [`config.env`](/docs/machines/api-machines-resource/#machine-config-object-properties) property on the Machine.
+
+Example:
+
+```cmd
+fly machine run . --env MY_VAR=MY_VALUE \
+                  --env MY_OTHER_VAR="my spacey value" \
+                  --app my-app-name
+```
+
+Use quotes around the value if it has spaces in it.
+
+For sensitive environment variables, [set secrets on the app](https://fly.io/docs/flyctl/secrets/) instead.
+
+## Define a Fly Proxy network service
+
+The `--port` option defines a network service to allow the Fly Proxy to reach a local service on the Machine. This option gives you access to basic service configuration; the [Machines API](/docs/machines/api-machines-resource/) and [Fly Launch](/docs/launch/) both offer more control over the Machine's [`config.services`](/docs/machines/api-machines-resource/#machine-config-object-properties) properties.
+
+Map any external ports, where the proxy accepts requests directed at the app, to the internal port where the service is listening on IPv4. For each port combination, specify the protocol and [connection handler(s)](/docs/networking/services/#connection-handlers), using this format:
+
+```plain
+port[:machinePort][/protocol[:handler[:handler...]]]
+```
+
+For example, if your Machine runs a server on port 80, and the Fly Proxy should handle HTTP connections on port 80 and HTTPS connections on port 443, the port configuration would look like this:
+
+```cmd
+fly machine run . --port 80/tcp:http \
+                  --port 443:80/tcp:http:tls \
+                  --app my-app-name
+```
+
+<div class="important icon">
+**Important:** If Machines within the same Fly App host different services, use different external ports so that they don't receive requests meant for another Machine.
+</div>
+
+
+## Set Fly Proxy autostop/autostart
+
+The `--autostart` and `--autostop` flags only work on Machines with Fly Proxy services configured. Learn more about [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/) and [how to configure it](/docs/launch/autostop-autostart/).
+
+In a Machine service's configuration, `autostop` and `autostart` settings are optional.
+
+If the `--autostop` flag is absent in a `fly machine run` command, the Machine's [`config.services.autostop`](/docs/machines/api-machines-resource/#machine-config-object-properties) value doesn't get set, and the Fly Proxy does not shut the Machine down, even when there is no traffic to it.
+
+If the `--autostart` flag is absent in a `fly machine run` command, the Machine's [`config.services.autostart`](/docs/machines/api-machines-resource/#machine-config-object-properties) value doesn't get set, and the Fly Proxy does not start it in response to requests.
+
+The `--autostart` and `--autostop` flags set the value of `autostart` or `autostop` to `true` by default; you can explicitly set the value to `false`. For example, the following runs a new Machine that may be stopped by the Fly Proxy, but will never be restarted by it:
+
+```cmd
+fly machine run nginx --port 80:80/tcp:http \
+                --port 443:80/tcp:http:tls \
+                --autostop \
+                --autostart=false
+```
+
+If you define more than one service on the Machine, and also use one or both of these flags, the setting applies to all the services.
+
+## Stop or restart the machine on process exit
+
+Set the Machine's [restart policy](/docs/machines/guides-examples/machine-restart-policy/) using the `--restart` option. Options are `no`, `always`, and `on-fail`, which correspond to `no`, `always`, and `on-failure` values for the Machine [`config.restart.policy`](/docs/machines/api-machines-resource/#machine-config-object-properties) property.
+
+
+The default restart policy for a Machine created using `fly machine run` is `always`, unless you use the [`--rm` option](#destroy-the-machine-when-it-exits), in which case the default is `no`.
+
+## Destroy the Machine when it exits
+
+By default, when a Machine is `stopped`, its file system is reset using its config and Docker image, and it sits ready to be `started` again. Use the `--rm` flag to cause the Machine to instead be destroyed when it stops.
+
+The default [restart policy](#set-a-restart-policy-on-process-exit) for a Machine created with `fly machine run --rm` is `no`, to ensure that flyd doesn't ignore the exit code and restart the Machine.
+
+## Mount a Fly Volume
+
+A Fly Volume is a slice of an NVMe drive attached to the hardware that runs the Machine. Create a volume before creating the Machine.
+
+```cmd
+fly volume create --size 10 data_volume --region arn
+```
+
+Create the new Machine in the same region, using the volume name: `--volume <vol_name>:<mount_point>`.
+
+```cmd
+fly machine run . --volume data_volume:data --region arn
+```
+
+Or by id: `--volume <vol_id>:<mount_point>`.
+
+```cmd
+fly machine run . --volume vol_d42652p88kdw9l7r:data --region arn
+```
+
+A Machine can only mount one volume, and each volume can only be mounted on one Machine. To release a volume that is attached to a Machine, destroy the Machine.
+
+The `--volume` flag on the `fly machine run` command sets a subset of the properties of the Machine's [`config.mounts`](/docs/machines/api-machines-resource/#machine-config-object-properties) object.
+
+## Add metadata to the Machine
+
+The Fly.io platform uses specific metadata, stored in a Machine's config, for its own purposes, such as assigning Machines to process groups. You can add custom metadata as well.
+
+The following starts a Machine that the `fly deploy` command will try to manage as part of the `app` process group, replacing its image and config with what, if anything, you have set up in the working directory for that app.
+
+```
+fly machine run . --metadata fly_platform_version=v2 \
+                  --metadata fly_process_group=app \
+                  --metadata my_metadata=mineallmine
+```
+
+You can see the [metadata in the Machine config](/docs/machines/api-machines-resource/#machine-config-object-properties):
+
+```cmd
+fly machine status -d -a my-app-name
+```
+```out
+...
+  "metadata": {
+    "fly_platform_version": "v2",
+    "fly_process_group": "app",
+    "mymeta": "mineallmine"
+  },
+...
+```
+
+## Place data into files on the Machine
+
+The [`files` property](/docs/machines/api-machines-resource/#machine-config-object-properties) of a Machine's configuration can be used to place data or secrets into files on the Machine file system.
+
+<div class="important icon">
+**Important:** This won't work for large files. There's a limit to how much data can be stored in an app secret or a Machine's configuration.
+</div>
+
+### Copy a local file into the Machine file system
+
+Use the `--file-local` flag to copy a local file onto the Machine at your specified path:
+
+```
+fly machine run . --file-local /path/inside/machine=local/path
+```
+
+flyctl Base64-encodes the file contents and stores the result in the `files.raw_value` property of the Machine's config; `/path/inside/machine` is stored in `files.guest_path`. When the Machine is created, the data is decoded and written to the file.
+
+
+### Pass data in on the command line
+
+Place data into a file at your specified path, via an argument of the `--file-literal` flag:
+
+```cmd
+fly machine run . --file-literal /path/inside/machine="Some text I want in a file"
+```
+
+In a shell session on the Machine:
+
+```cmd
+root@2865553aedd268:/# cat /path/inside/machine
+Some text I want in a file
+```
+
+If your data isn't a simple string like in the above example, you can Base64-encode it first, and have your app code decode the contents of the file into the original format:
+
+```cmd
+fly machine run . --file-literal /b64file=SGVsbG8hIEknbSBGcmFua2llIHRoZSBiYWxsb29uIQo=
+```
+
+In a shell session on the Machine:
+
+```cmd
+root@1857779a44d108:/# cat b64file | base64 --decode
+Hello! I'm Frankie the balloon!
+```
+
+flyctl Base64-encodes the data and stores the result in the `files.raw_value` property of the Machine's config; `/path/inside/machine` is stored in `files.guest_path`. When the Machine is created, the data is decoded and written to the file.
+
+
+### Make a secret available in a file
+
+[Fly Secrets](/docs/apps/secrets/) are stored in an encrypted vault, and by default they are available as environment variables on each of the app's Machines.
+
+You can make a secret available in a file, rather than an environment variable.
+
+Encode the data in Base64 format and put it into an app secret with `fly secrets set` or `fly secrets import`. Use the `--stage` flag to prevent flyctl from initiating a deployment once the secret is registered.
+
+<div class="important icon">**Important:** The secret must be Base64-encoded. If you try this with a secret that is not Base64-encoded, Machine creation fails.</div>
+
+
+Example with a simple secret:
+
+```cmd
+fly secrets set \
+  MY_BASE64_SECRET=SGVsbG8hIEknbSBGcmFua2llIHRoZSBiYWxsb29uIQo= \
+  --stage
+```
+
+Use the `--file-secret` flag when creating the Machine with `fly machine run`. In this example I'm putting the contents of the secret called `MY_BASE64_SECRET` into a file `/secret-file` on my new Machine:
+
+```cmd
+fly machine run . \
+  --file-secret /secret-file=MY_BASE64_SECRET
+```
+
+The secret is available in the specified file, and not in an environment variable, on that Machine. It's decoded from Base64 into plain text.
+
+```
+root@1857770b4e10e8:/# cat secret-file
+Hello! I'm Frankie the balloon!
+```
+
+It can be useful to store multiple key-value pairs in a single secret. The following command Base64-encodes the contents of the text file `local-secrets` and registers the Base64-encoded string as the value of the secret `MY_SECRETS` on the app:
+
+```cmd
+fly secrets set MY_SECRETS="$(base64 < local-secrets)" --stage
+```
+
+Run a new Machine with the `MY_SECRETS` secret available in a file (`/secret-file`):
+
+```cmd
+fly machine run ubuntu sleep inf --file-secret /secret-file=MY_SECRETS
+```
+
+Check it in a shell session:
+
+```cmd
+root@d891116b465018:/# cat secret-file
+USER="my_name"
+PASSWORD="1a2s3d4f"
+MACARON="macaroon in French"
+```
+
+If a particular process or user on the Machine should not have access to the secret, you can use an entrypoint script to change permissions on the secret file.
+
+<div class="warning icon">
+**Warning:** This is not a way to hide secret values from members of an app's organization who have deployment privileges. Access via `fly ssh` commands is root access. All secrets that are set on an app are available, as either env vars or a file, in any Machine that gets updated after the secret is set.
+</div>
+
+In the case of secrets, the data itself is not stored in the Machine config; instead, the name of the secret is stored in the `files.secret_name` config property and when the Machine is created, that secret is retrieved from the vault and its decoded value is written to the file.
+
+## Create a standby Machine
+
+For the sake of resilience, you can create a stopped [standby](/docs/reference/app-availability/#standby-machines-for-process-groups-without-services) for Machines that don't have Fly Proxy services and therefore can't be supplemented by Fly Proxy "autostart" in case of a host failure.
+
+```cmd
+fly machine run . --standby-for 287444ec026748,148ed726c54768
+```
+
+Standby Machines normally remain stopped unless the watched Machines are affected by a host failure. To allow a standby Machine to be started, you can clear its standby configuration [with `fly machine update`](/docs/machines/flyctl/fly-machine-update/#make-a-standby-machine-a-normal-machine).
+
+
+The `--standby-for` flag sets the [`config.standbys`](/docs/machines/api-machines-resource/#machine-config-object-properties) Machine property.
+
+## Start a Machine on a schedule
+
+Use the `--schedule` flag to set the Machine's [`config.schedule`](/docs/machines/api-machines-resource/#machine-config-object-properties) property, which starts the Machine on a fuzzy `hourly`, `daily`, `weekly`, or `monthly` cycle. This is useful for running Machines that do a finite job, then exit. The Machine is started the first time when you run `fly machine run`, and again once per (approximate) hour, day, week, or month. For machines created with `fly machine create --schedule`, the first run will need to be manually started, since the cycle begins on the first machine start. Scheduled machines cannot be started via flyctl or Machines API commands, they will only run according to the schedule. 
+
+<div class="important icon">
+**Important:** If the host on which a stopped Machine resides doesn't have the resources to start it when its scheduled time comes, you'll get an error back. It's up to you to build the appropriate level of redundancy into your apps.
+</div>
diff --git a/machines/flyctl/fly-machine-update.html.md b/machines/flyctl/fly-machine-update.html.md
new file mode 100644
index 0000000000..ed9ffdea76
--- /dev/null
+++ b/machines/flyctl/fly-machine-update.html.md
@@ -0,0 +1,126 @@
+---
+title: Update a Machine
+objective: Update the configuration or Docker image of a Fly Machine with flyctl
+layout: docs
+nav: machines
+---
+
+The [`fly machine update`](/docs/flyctl/machine-update/) command updates the configuration of an individual, existing Fly Machine.
+
+Many, but not all, [Machine configuration](/docs/machines/api-machines-resource/#machine-config-object-properties) options are available to the `fly machine update` command through flags. The available flags are listed in the flyctl help and on the [`fly machine update` reference page](/docs/flyctl/machine-update/).
+
+## What it does
+
+Here's what `fly machine update` does for you:
+* Optionally, builds a new image and pushes it to the Fly.io registry. 
+* Compares the Machine's existing configuration and confirms the changes you've asked for by passing it flags.
+* Composes a complete Machine configuration using the existing config plus your changes and passes this to the Machines update API endpoint.
+* Recreates the Machine with the new config, and, by default, starts it.
+* By default, waits for the Machine to start, and for any configured health checks to pass, before declaring success (or failure).
+
+## Usage
+
+Here's the usage of `fly machine update`:
+
+```cmd
+fly machine update [machine_id] [flags]
+```
+
+You can get the `machine_id` with [`fly machine list`](/docs/flyctl/machine-list/). You can omit the `machine_id` if an app name is available from a `fly.toml` file in the working directory, or if the `--app` flag is passed with the `fly machine update` command.
+
+## Select a Machine to update
+
+If you provide a `machine_id`, you don't have to provide an app name. If `fly machine update` finds an app name, either inside a `fly.toml` config file in the working directory or through the use of the `--app` flag, then you are presented with a selector in the CLI and can choose a Machine to act on.
+
+### Build from a Dockerfile
+
+Use the `--dockerfile` option to build the image for the Machine from a Dockerfile. For example:
+
+```cmd
+fly machine update --dockerfile Dockerfile
+```
+
+Any source files the Dockerfile uses should be present in the working directory. Once built, the image is pushed to the Fly.io Docker registry where your organization's remote builders can access it.
+
+### Use an existing image
+
+Use the `--image` flag to specify an existing container image. For example:
+
+```cmd
+fly machine update --image ghcr.io/livebook-dev/livebook:0.11.4     
+```
+
+## Set the timeout to wait for the Machine to successfully update
+
+The `--wait-timeout` flag tells the `fly machine update` command how many seconds to wait for individual machines to transition states and for any health checks to pass. The default is 300.
+
+## Use a custom ENTRYPOINT or CMD
+
+You can have the Fly.io `init` override the ENTRYPOINT and CMD (if any) of the Machine's Docker image.
+
+### Custom CMD
+
+Set the [`config.init.cmd`](/docs/machines/api-machines-resource/#machine-config-object-properties) property with the `--command` flag. This example replaces CMD with a `sleep` task:
+
+```cmd
+fly machine update --command sleep inf
+```
+
+### Custom ENTRYPOINT
+
+Set the [`config.init.entrypoint`](/docs/machines/api-machines-resource/#machine-config-object-properties) property with the `--entrypoint` option.
+
+See [Run a new Machine](/docs/machines/flyctl/fly-machine-run/#custom-entrypoint) for an example of usage.
+
+## Set Machine resources
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#set-machine-resources).
+
+## Set environment variables
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#set-environment-variables).
+
+
+## Define a Fly Proxy network service
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#define-a-fly-proxy-network-service). 
+
+## Set Fly Proxy auto start and auto stop
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#set-fly-proxy-auto-start-and-auto-stop).
+
+## Stop or restart the Machine on process exit
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#stop-or-restart-the-machine-on-process-exit). 
+
+## Destroy the Machine when it exits
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#destroy-the-machine-when-it-exits).
+
+## Add metadata to the Machine
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#add-metadata-to-the-machine).
+
+## Change the mount point of an attached volume
+
+You can't detach a volume from an existing Machine, nor attach a new one. You can change the mount point of an attached volume using the `--mount-point` flag.
+
+This sets the Machine's [`config.mounts.path`](/docs/machines/api-machines-resource/#machine-config-object-properties) property.
+
+## Place data into files on the Machine
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#place-data-into-files-on-the-machine).
+
+## Make the Machine a stopped standby
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#create-a-standby-machine).
+
+## Make a standby Machine a normal Machine
+
+If a Machine is configured as a standby, it doesn't start unless one of its watched Machines experiences host failure. To clear a Machine's standby configuration and allow it to be started under other conditions, use the `--standby-for` flag with an empty string:
+
+```cmd
+fly machine update <machine-id> --standby-for ""
+```
+
+## Start the Machine on a schedule
+
+As for [`fly machine run`](/docs/machines/flyctl/fly-machine-run/#start-a-machine-on-a-schedule).
diff --git a/machines/guides-examples/functions-with-machines.html.markerb b/machines/guides-examples/functions-with-machines.html.markerb
index 181ba71d15..1920daae8b 100644
--- a/machines/guides-examples/functions-with-machines.html.markerb
+++ b/machines/guides-examples/functions-with-machines.html.markerb
@@ -36,7 +36,7 @@ Pick a unique name and create the required application to group machines togethe
 
 <%= partial "/docs/reference/machines/create_app" %>
 
-Note the `network` field. This is necessary to isolate the app from other private networks on the organization.
+Note the `network` field. This is necessary to isolate the app from other private networks on the organization. Learn more about [custom private networks](/docs/networking/custom-private-networks/).
 
 Allocate an IP address to the app. This makes our app accessible at the IP, and via `my-app-name.fly.dev`.
 
@@ -46,7 +46,7 @@ fly ips allocate-v4 -a my-app-name
 
 ## Launch a new machine
 
-Launch a user machine by supplying a Docker image and a networking configuration. We can also [configure the machine's memory/CPU](https://fly.io/docs/reference/machines/#create-and-start-a-machine).
+Launch a user machine by supplying a Docker image and a networking configuration.
 
 <%= partial "/docs/reference/machines/launch_req" %>
 
@@ -103,7 +103,7 @@ ID            	NAME          	REGION	STATE    	CREATED
 10e286064b1867	machine-syd   	syd   	started	2022-05-20T17:07:36Z
 0e286e40cee686	quirky-machine	cdg   	stopped	2022-05-20T17:07:04Z
 ```
-Here we see that one of the machine exited itself.
+Here we see that one of the Machines has exited.
 
 The closest equivalent API call lists all Machines in an app:
 
@@ -120,7 +120,7 @@ When you're done, delete the machine:
 
 ## Additional notes
 
-The Machines is young and full of potential. We haven't worked everything out, so please [post on our forums](https://community.fly.io/) with questions! Here are a few things worth noting:
+The Machines API is young and full of potential. We haven't worked everything out, so please [post on our forums](https://community.fly.io/) with questions! Here are a few things worth noting:
 
 The _wake-on-request_ behavior described above will be unpredictable when running more than one machine per region.
 
diff --git a/machines/guides-examples/machine-placement.html.md b/machines/guides-examples/machine-placement.html.md
new file mode 100644
index 0000000000..3e929180ac
--- /dev/null
+++ b/machines/guides-examples/machine-placement.html.md
@@ -0,0 +1,92 @@
+---
+title: Machine Placement and Regional Capacity
+layout: docs
+nav: machines
+author: kcmartin
+date: 2025-06-20
+---
+
+<div class="callout">
+**When you scale an app on Fly.io, where your machines land depends on regional capacity. Here's how to keep that from surprising you.**
+</div>
+
+Let’s say you run `fly scale count` and tell it to drop 10 machines into `dfw` and 10 more into `iad`. If either of those regions is out of capacity, _the entire scale operation fails_. Nothing gets placed. It’s all or nothing.
+
+Most of the time this just works—`dfw` and `iad` are solid bets for region choices. But some regions, like `sjc`, `gru`, and `bom`, tend to be in high demand. If you hardcode your placement into one of those and cross your fingers, you might find yourself scaling to zero.
+
+### How to check available capacity
+
+Run `fly platform regions`. You’ll get a list of regions and their available CPU cores. These aren’t guarantees, but they’re a decent snapshot of where you’re most likely to succeed.
+
+### Let the scheduler help
+
+For individual machine operations like `fly machine clone` or creating a new machine, you can give the scheduler some leeway. Instead of pinning a single region, you hand it a prioritized list or a geographic group. It tries each in order until it finds one that works.
+
+For example:
+
+```
+fly machine clone -r "iad,dfw"
+```
+
+That says: try `iad`, then fall back to `dfw`.
+
+### Geographic groups and aliases
+
+You can use geographic aliases like `us`, `eu`, or `sa` to fan out across a broader area.
+
+| Alias | Area|
+|---------|------------------------|
+| `apac` | Asia-Pacific |
+| `eu` | Europe |
+| `na` | North America |
+| `sa` | South America |
+| `us`, `usa` | United States |
+
+
+### Examples:
+
+- Try London first, then fall back to anywhere in Europe:
+
+```
+lhr,eu
+```
+
+- Try any US region first, then Europe:
+
+```
+us,eu
+```
+
+- Try any North American region first, then any South American region:
+
+```
+na,sa
+```
+
+
+### Scale commands don't (yet) do this
+
+Right now, flexible placement doesn’t apply to `scale`, `deploy`, or `launch`. If you want to scale across regions with fallbacks, the supported way to do that is by cloning machines individually (or using `fly machine create`), with region preferences.
+
+(We know that’s a bit clunky. We’re working on it.)
+
+### Machines API support
+
+If you're driving placement from the Machines API (`api.machines.dev`), all of this flexibility is available there: prioritized region lists, meta-regions, and `any` placement.
+
+### A word on architecture
+
+This only helps if your app actually works when deployed across multiple regions. That means not assuming low-latency connections between machines, and avoiding coordination patterns that only work in single-region setups.
+
+<div class="callout">
+Want to see where your app might run? 
+Here's the [current list](/docs/reference/regions/): ams, arn, bom, cdg, dfw, ewr, fra, gru, iad, jnb, lax, lhr, nrt, ord, sin, sjc, syd, yyz.
+</div>
+
+
+### Related reading
+
+- [An Introduction to Fly Machines](/docs/machines/overview/)
+- [Regions Reference](/docs/reference/regions/)
+- [Fly Machines API](/docs/machines/api/)
+- [Get Regions](https://docs.machines.dev/#tag/platform/get/platform/regions)
diff --git a/machines/guides-examples/machine-restart-policy.html.markerb b/machines/guides-examples/machine-restart-policy.html.markerb
index 8abfa99ad8..9cc15836df 100644
--- a/machines/guides-examples/machine-restart-policy.html.markerb
+++ b/machines/guides-examples/machine-restart-policy.html.markerb
@@ -93,4 +93,15 @@ For example:
 ...
 ```
 
-Refer to the Machines API docs for more information about [updating a Machine](/docs/machines/working-with-machines/#update-a-machine).
+Refer to the Machines API docs for more information about [updating a Machine](/docs/machines/api-machines-resource/#update-a-machine).
+
+## Set a restart policy in your Fly.toml
+You can also set a default app-level restart policy in your Fly.toml file:
+```toml
+[[restart]]
+  policy = "<never | always | on-failure>"
+  retries = 10
+  processes = ["app"]
+```
+
+ A restart policy can be targeted to a specific process group. If a group is not specified, all machines in an app will have the same default restart policy. If needed, you can still apply different policies on individual machines using the Flyctl or Machines API methods above.
diff --git a/machines/guides-examples/machine-sizing.html.markerb b/machines/guides-examples/machine-sizing.html.markerb
index 09b62cfc00..5bfb87aff9 100644
--- a/machines/guides-examples/machine-sizing.html.markerb
+++ b/machines/guides-examples/machine-sizing.html.markerb
@@ -1,7 +1,6 @@
 ---
 title: Machine Sizing
 layout: docs
-sitemap: false
 author: fideloper
 order: 30
 categories:
@@ -10,11 +9,11 @@ nav: machines
 date: 2022-12-08
 ---
 
-Here are a few ways to set the size (CPU and memory) of your Machine VMs.
+Here are a few ways to set the size (CPU and memory) of your Machine VMs. This guide describes creating and sizing individual Machines with the Machines API and `fly machine` commands. For Fly Launch apps, the same general sizing rules apply, but you can also use `fly scale` commands to [update groups of Machines](/docs/apps/scale-machine/) or set a [default VM size](/docs/reference/configuration/#the-vm-section) in the `fly.toml` configuration file.
 
 ## General Rules
 
-We have some [preset sizes](/docs/about/pricing/#machines) for you to choose from. Each CPU selection defaults to a specific amount of memory.
+We have some [preset sizes](/docs/about/pricing/#running-fly-machines) for you to choose from. Each CPU selection defaults to a specific amount of memory.
 
 You can, however, scale your machine's CPU and memory separately. Memory limits are `2gb * shared CPU size` or `8gb * performance CPU size`. Minimum memory is `256m * shared CPU size` or `2048m * performance CPU size`.
 
@@ -53,6 +52,7 @@ fly machine run \
     some-savvy-image
 ```
 
+
 ## Custom Sizes
 
 When creating a machine, you can define the CPU and memory sizes yourself. Memory must be a multiple of 256 for shared sizes, and 2048 for performance sizes.
@@ -77,7 +77,7 @@ curl -i -X POST \
 }'
 ```
 
-The `cpu_kind` parameter can be one of `shared` or `performance`.
+The `cpu_kind` parameter can be one of `shared` or `performance`. Learn more about CPU types and performance [here](/docs/machines/cpu-performance/).
 
 If you're using `flyctl`, the equivalent command looks like this:
 
@@ -94,7 +94,7 @@ There is not yet a CLI flag for `shared` vs `performance`. It defaults to `share
 
 ## Adjusting Machine Size
 
-You can adjust CPU and memory by [updating a Machine](/docs/machines/working-with-machines/#update-a-machine). Updating a machine replaces the VM with a new one, but machine ID stays the same.
+You can adjust CPU and memory by [updating a Machine](/docs/machines/api-machines-resource/#update-a-machine). Updating a machine replaces the VM with a new one, but machine ID stays the same.
 
 If we create a machine with the same command as above (using 1024m memory), but later want to reduce that to 512m (the minimum allowed), we can make the following API call:
 
diff --git a/machines/guides-examples/machines-app-using-flyctl.html.markerb b/machines/guides-examples/machines-app-using-flyctl.html.markerb
index c0759ea168..866a3fefeb 100644
--- a/machines/guides-examples/machines-app-using-flyctl.html.markerb
+++ b/machines/guides-examples/machines-app-using-flyctl.html.markerb
@@ -15,7 +15,7 @@ date: 2022-12-20
 This document illustrates some ways to work with Fly Machines individually using flyctl, and was written before Fly Apps V2 made it possible to manage Machines as a group, using a `fly.toml` config file and `fly deploy`. For most web apps, the [Fly Apps docs](/docs/apps/) are a better place to start!
 </section>
 
-We talk up the Machines API for running user code, for ephemeral jobs, or both. Fly Machines are also the VM building blocks for V2 of the [Fly.io app-platform-as-a-service offering](/docs/apps/).
+We talk up the Machines API for running user code, for ephemeral jobs, or both. Fly Machines are also the VM building blocks for V2 of the [Fly.io app-platform-as-a-service offering](/docs/launch/).
 
 flyctl provides commands for managing individual Machines from the CLI, on a level more granular than `fly deploy`ing an app.
 
@@ -49,7 +49,7 @@ fly m run . -p 443:8080/tcp:tls:http -p 80:8080/tcp:http --region yyz -a testrun
 
 The last command configures and deploys the VM. See the `.` in there? That, in this case, is the path to the Dockerfile. Such a diminutive, easy-to-miss representation of _everything you want to supply for the VM to run_. Don't leave it out.
 
-Note the allocation of a [shared IPv4 address](/docs/reference/services/#shared-ipv4) above. For regular HTTP(S) web apps, shared IPv4 works fine, and helps conserve the world's dwindling IPv4 supply (and can [save you money](/docs/about/pricing/#anycast-ip-addresses)). If your app runs other services and you need a dedicated IPv4, you can provision one by leaving out the `--shared` flag.
+Note the allocation of a [shared IPv4 address](/docs/networking/services/#shared-ipv4) above. For regular HTTP(S) web apps, shared IPv4 works fine, and helps conserve the world's dwindling IPv4 supply (and can [save you money](/docs/about/pricing/#anycast-ip-addresses)). If your app runs other services and you need a dedicated IPv4, you can provision one by leaving out the `--shared` flag.
 
 If your app doesn't exist yet, `fly m run` will prompt you to create it, so you can actually do this instead:
 
diff --git a/machines/guides-examples/multi-container-machines.html.markerb b/machines/guides-examples/multi-container-machines.html.markerb
new file mode 100644
index 0000000000..9829332171
--- /dev/null
+++ b/machines/guides-examples/multi-container-machines.html.markerb
@@ -0,0 +1,360 @@
+---
+title: Multi-container Machines
+layout: docs
+order: 28
+nav: machines
+---
+
+Fly Machines support running multiple containers per virtual machine using the `containers` array. This feature is currently available through the Machines API and requires using Pilot as the init system. This capability is useful for co-locating services such as your application server, log shippers, metrics collectors, or sidecars.
+
+## Common Sidecar Use Cases
+
+Sidecars are a powerful way to co-locate supporting services alongside your application. This pattern is especially helpful for apps built with multi-tenant or per-user architectures, such as AI agents, dev environments, or SaaS dashboards. Some practical uses include:
+
+- **Metrics and Logs:** Run a Prometheus exporter or a log shipper like Vector to forward application logs or metrics without bundling that logic into your app.
+- **Secrets Agents:** Use a sidecar to fetch secrets from a provider like Vault or cloud metadata services. This keeps your app container lightweight and secure.
+- **Load Smoothing:** Use nginx or Envoy as a reverse proxy for rate limiting, retries, or graceful error handling. This is great for handling bursts in traffic or external API instability.
+- **Storage or Sync Layers:** Mount and manage local state using sidecars like LiteFS or file sync daemons. You can keep persistent logic separated from your app's logic.
+- **AI Agents or Workers:** For agent-based or queued workloads, you can spin up workers or schedulers in separate containers and coordinate them using `depends_on`.
+
+These patterns mirror what we've seen from customers building production systems on Fly Machines with Pilot and the `containers` array. Each container runs in its own isolated process tree, and Pilot ensures the startup order and health status are respected. While containers share the same kernel and VM, they are isolated at the process and filesystem level.
+
+## Defining Containers
+
+When creating a Machine via the API, you can specify a `containers` array, each containing a [`ContainerConfig`](https://docs.machines.dev/#model/flycontainerconfig). Each container can have its own image, environment variables, health checks, startup commands, attached files, and dependencies.
+
+`flyd` (our [in-house orchestrator](https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/)) handles pulling images and making them accessible to Pilot, the init system responsible for running the containers and managing their lifecycle. Pilot builds a dependency graph using container startup conditions and runs containers accordingly.
+
+## Example Configuration
+
+```json
+{
+  "containers": [
+    {
+      "name": "my-app",
+      "image": "registry.fly.io/my-app:latest",
+      "env": {
+        "PORT": "8080"
+      },
+      "healthchecks": [
+        {
+          "http": {
+            "port": 8080,
+            "method": "GET",
+            "path": "/health",
+            "scheme": "http"
+          },
+          "interval": 10,
+          "timeout": 5,
+          "grace_period": 5,
+          "success_threshold": 2,
+          "failure_threshold": 3
+        }
+      ]
+    },
+    {
+      "name": "log-shipper",
+      "image": "registry.fly.io/log-shipper:latest",
+      "env": {
+        "LOG_LEVEL": "info"
+      },
+      "depends_on": [
+        {
+          "name": "my-app",
+          "condition": "healthy"
+        }
+      ]
+    }
+  ]
+}
+```
+
+In this configuration, the `log-shipper` container depends on the `my-app` container being healthy before starting.
+
+## Container Dependencies
+
+You can define dependencies between containers using the `depends_on` field. Supported conditions include:
+
+```json
+"depends_on": [
+  {
+    "name": "sidecar1",
+    "condition": "healthy"
+  }
+]
+```
+
+Valid values for `condition`:
+
+- `healthy`: Container will wait until the dependency container passes its health checks.
+- `started`: Container will start as soon as the dependency container has started.
+- `exited_successfully`: Container will wait until the dependency container has exited with a success code.
+
+Internally, Pilot models these dependencies as a directed graph and walks it to orchestrate the correct container startup order.
+
+## Health Checks
+
+Each container specifies its own health checks. The system supports different types of health checks:
+
+**TCP health checks**: Checks if a port is accepting connections
+
+```json
+"tcp": {
+  "port": 6379
+}
+```
+
+**HTTP health checks**: Makes HTTP requests to an endpoint
+
+```json
+"http": {
+  "port": 80,
+  "method": "GET",
+  "path": "/",
+  "scheme": "http"
+}
+```
+
+**Exec health checks**: Runs a command inside the container
+
+```json
+"exec": {
+  "command": ["sh", "-c", "pg_isready -U postgres"]
+}
+```
+
+### Health Check Configuration Options
+
+- `name`: string - Unique identifier for the health check
+- `interval`: int - How often to run the check, in seconds
+- `grace_period`: int - Time in seconds to wait after container starts before checks begin
+- `timeout`: int - Maximum time in seconds to wait for a check to complete
+- `success_threshold`: int - Number of consecutive successful checks required to change status to healthy
+- `failure_threshold`: int - Number of consecutive failed checks before marking as unhealthy
+
+## Security Considerations
+
+Containers in a Machine share the same kernel and VM, but are isolated at the process and filesystem level. Failures in one container won't directly crash others, but they don't provide the same level of isolation as across VMs.
+
+## Deploying Multi-container Machines
+
+There are several ways to deploy multi-container machines on Fly.io. Choose the method that best fits your workflow:
+
+### Using the Machines API
+
+You can create multi-container Machines by sending a POST request to the Machines API. For example, using `curl`:
+
+```bash
+curl -X POST "https://api.machines.dev/v1/apps/%3Cyour-app-name%3E/machines" \
+  -H "Authorization: Bearer <your-api-token>" \
+  -H "Content-Type: application/json" \
+  -d @api-config.json
+```
+
+Here, the `api-config.json` file contains the request body for creating a Machine. Unlike the `flyctl` examples in the next sections, the API expects the JSON body to have a `config` wrapper with the `containers` array nested inside:
+
+```json
+{
+  "config": {
+    "containers": [...],
+    ...
+  }
+}
+```
+
+The `config` object can also include other Machine fields like `guest` and `services`.
+
+Refer to the [Machines API documentation](https://docs.machines.dev/#tag/machines) for complete configuration options.
+
+### Using `fly machine run`
+
+Create a multi-container Machine by passing a JSON configuration file (e.g., `cli-config.json`) to `fly machine run`:
+
+```bash
+fly machine run --machine-config cli-config.json
+```
+
+The file should define `containers` at the root level, alongside any additional Machine configuration:
+
+```json
+{
+  "containers": [...],
+  ...
+}
+```
+
+You can also pass Machine configuration options from the command line:
+
+```bash
+fly machine run --machine-config cli-config.json \
+  --autostart=true --autostop=suspend \
+  --port 80:8080/tcp:http --port 443:8080/tcp:http:tls \
+  --vm-cpu-kind shared --vm-cpus 1 --vm-memory 256
+```
+
+<div class="callout">
+Note: When using `--machine-config`, your JSON file must include a `containers` array with at least one container that specifies an `image`.
+</div>
+
+### Using `fly launch` & `fly deploy`
+
+Starting with `flyctl v0.3.147`, you can run multiple containers using `fly deploy`. This example demonstrates using a nginx container as a rate limiter and a custom app container.
+
+#### 1. Create `cli-config.json`
+
+```json
+{
+  "containers": [
+    {
+      "name": "nginx",
+      "image": "nginx:latest",
+      "files": [
+        {
+          "guest_path": "/etc/nginx/conf.d/default.conf",
+          "local_path": "nginx.conf"
+        }
+      ],
+      "depends_on": [
+        {
+          "name": "echo",
+          "condition": "healthy"
+        }
+      ]
+    },
+    {
+      "name": "echo",
+      "image": "ealen/echo-server",
+      "healthchecks": [
+        {
+          "exec": {
+            "command": ["wget", "-q", "--spider", "http://localhost/"]
+          }
+        }
+      ]
+    }
+  ]
+}
+```
+
+#### 2. Update fly.toml
+
+**Note:** `flyctl` [version 0.3.147](https://github.com/superfly/flyctl/releases/tag/v0.3.147) or later is required to use this config
+
+```
+[experimental]
+machine_config = 'cli-config.json'
+container = 'echo'
+
+[http_service]
+internal_port = 8080
+```
+
+The container value determines which container will be replaced by your app image built by `fly deploy`.
+
+#### 3. Run fly deploy
+
+```bash
+fly deploy
+```
+
+This builds and replaces the `echo` container, runs both containers on the same machine, and configures traffic through nginx.
+
+You can also inline the `machine_config` in your `fly.toml` using triple quotes. The first character inside the string must be `{`:
+
+```
+machine_config = '''{
+  "containers": [
+    …
+  ]
+}'''
+```
+
+## Example Configurations
+
+Here are some practical examples of multi-container setups you can use as a starting point:
+
+### Rate Limiter Sidecar
+
+To mitigate excessive traffic, you can run an nginx container as a sidecar to limit requests per second using the `ngx_http_limit_req_module`. Below is a simplified container configuration that enables rate limiting:
+
+```json
+{
+  "containers": [
+    {
+      "name": "nginx",
+      "image": "nginx:latest",
+      "files": [
+        {
+          "guest_path": "/etc/nginx/conf.d/default.conf",
+          "raw_value": "bGltaXRfcmVxX3pvbmUgJGJpbmFyeV9yZW1vdGVfYWRkciB6b25lPW15X3pvbmU6MTBtIHJhdGU9MXIvczsKCnNlcnZlciB7CiAgbGlzdGVuIDgwODA7CgogIGxvY2F0aW9uIC8gewogICAgbGltaXRfcmVxIHpvbmU9bXlfem9uZTsKICAgIHByb3h5X3Bhc3MgaHR0cDovL2xvY2FsaG9zdDo4MDsKICB9Cn0="
+        }
+      ]
+    },
+    {
+      "name": "echo",
+      "image": "ealen/echo-server"
+    }
+  ]
+}
+```
+
+When attaching files to containers, the `raw_value` field must contain base64-encoded content. The nginx configuration shown in the JSON above corresponds to this configuration:
+
+```
+limit_req_zone $binary_remote_addr zone=my_zone:10m rate=1r/s;
+
+server {
+  listen 8080;
+
+  location / {
+    limit_req zone=my_zone;
+    proxy_pass http://localhost:80;
+  }
+}
+```
+
+When the container starts, Fly will decode this value and write the original configuration to the specified `guest_path`.
+
+To complete this configuration, you should also include:
+
+- A `services` block that exposes internal port 8080 for Fly Proxy
+- A `guest` block specifying resources like CPU and memory
+- Optionally, `depends_on` fields or health checks if you want nginx to wait for the app
+
+### LiteFS Sidecar with Health Checks
+
+You can also run LiteFS as a sidecar with a health check configured to ensure it's operating correctly:
+
+```json
+{
+  "containers": [
+    {
+      "name": "litefs",
+      "image": "flyio/litefs:latest",
+      "env": {
+        "LITEFS_DIR": "/data",
+        "LITEFS_CONFIG": "/etc/litefs.yml"
+      },
+      "healthchecks": [
+        {
+          "http": {
+            "port": 8080,
+            "method": "GET",
+            "path": "/info",
+            "scheme": "http"
+          },
+          "grace_period": 500,
+          "interval": 1000,
+          "timeout": 1000,
+          "success_threshold": 1,
+          "failure_threshold": 5
+        }
+      ]
+    }
+  ]
+}
+```
+
+<div class="important icon">
+For more information about container configuration options, refer to the [Machines API documentation](https://docs.machines.dev/#model/flycontainerconfig).
+</div>
diff --git a/machines/guides-examples/network-policies.html.markerb b/machines/guides-examples/network-policies.html.markerb
new file mode 100644
index 0000000000..54e8871a97
--- /dev/null
+++ b/machines/guides-examples/network-policies.html.markerb
@@ -0,0 +1,142 @@
+---
+title: Network Policies
+layout: docs
+order: 25
+nav: machines
+---
+
+Network policies let you control traffic to and from your Machines. You can use policies to allow or restrict ingress and egress on specific ports and protocols. This is useful when you're running untrusted code or want to lock down what traffic is allowed.
+
+<div class="callout">
+Network policies only apply to traffic directly to and from Machines. They do not affect traffic routed through the Fly Proxy.
+
+</div>
+
+## How it works
+
+A network policy contains:
+
+* A `selector` to match which Machines the policy applies to.
+* A list of `rules` for ingress or egress, specifying allowed ports and protocols.
+
+Once you create a rule for a direction (ingress or egress), the default for that direction becomes "deny all." Only explicitly allowed traffic will be permitted.
+
+## Restricting egress traffic to HTTP/HTTPS
+
+For example, if you're running an app that should only make outbound HTTP and HTTPS requests, you can create a policy like this:
+
+```sh
+curl --location 'https://api.machines.dev/v1/apps/my-app-name/network_policies' \
+  --header 'Authorization: Bearer <FLY_API_TOKEN>' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "name": "specific-egress",
+    "selector": {
+      "all": true
+    },
+    "rules": [
+      {
+        "action": "allow",
+        "direction": "egress",
+        "ports": [
+          { "protocol": "tcp", "port": 80 },
+          { "protocol": "tcp", "port": 443 }
+        ]
+      }
+    ]
+  }'
+```
+
+Replace `<FLY_API_TOKEN>` and `my-app-name` with your actual values.
+
+## Selectors
+
+Selectors determine which Machines your network policy applies to. You can target Machines using one or more of the following methods:
+
+### All Machines in an app
+
+To apply a policy to every Machine in your app:
+
+```json
+{ "all": true }
+```
+
+### Specific Machine IDs
+
+To target individual Machines by their unique identifiers:
+
+```json
+{ "machines": [ { "id": "abc" }, { "id": "def" } ] }
+```
+
+### Metadata matching
+
+To select Machines based on their metadata attributes:
+
+```json
+{ "metadata": { "role": "web", "env": "production" } }
+```
+These selection methods can be combined to create more precise targeting rules that match Machines satisfying all specified criteria.
+
+## Rules
+
+Each rule has:
+
+* `action`: Only `allow` is supported.
+* `direction`: Either `ingress` or `egress`.
+* `ports`: A list of port and protocol objects.
+
+Example:
+
+```json
+{
+  "action": "allow",
+  "direction": "egress",
+  "ports": [
+    { "protocol": "tcp", "port": 443 }
+  ]
+}
+```
+
+Once a rule is defined, all other traffic in that direction is denied by default.
+
+## API summary
+
+### Create or update a policy
+
+```http
+POST /v1/apps/<app_name>/network_policies
+```
+
+Request body:
+
+```json
+{
+  "name": "policy-name",
+  "id": "optional-policy-id",  
+  "selector": { ... },
+  "rules": [ ... ]
+}
+```
+Include the `id` field to update an existing policy.
+
+### List policies
+
+```http
+GET /v1/apps/<app_name>/network_policies/
+```
+
+### Delete a policy
+
+```http
+DELETE /v1/apps/<app_name>/network_policies/<policy_id>
+```
+
+## Troubleshooting
+
+* After creating or updating a policy, restart or redeploy the Machines for changes to take effect.
+* Use direct IP addresses (not hostnames) to test blocked traffic to avoid DNS masking.
+* Make sure your `selector` is correct and matches the Machines you expect.
+* If traffic is still allowed unexpectedly, check if it's going through the Fly Proxy.
+
+
diff --git a/machines/guides-examples/one-app-per-user-why.html.markerb b/machines/guides-examples/one-app-per-user-why.html.markerb
new file mode 100644
index 0000000000..b6d7ca6989
--- /dev/null
+++ b/machines/guides-examples/one-app-per-user-why.html.markerb
@@ -0,0 +1,33 @@
+---
+title: One App Per Customer - Why?
+layout: docs
+order: 15
+nav: machines
+categories:
+  - machines
+---
+
+We recommend that you create one app, with one or more machines, **for each customer** you have. You'll gain a lot from this: 
+
+* you'll be able to leverage Fly.io proxy’s load balancing
+* the `fly.toml` config is app-level, so you can run Machines in different regions / different sizes in the same app
+* your secrets live at the app level: a compromised user app cannot see other user apps' secrets; whereas if all user projects are mashed together in a mega-app, they all have access to everyone else's secrets (plus the `env` would be ginormous and unwieldy)
+* auto start / auto stop runs at the app level
+* apps are easier to transfer between orgs if you ever need move things around
+* there's a cleaner separation of concerns in logs
+* apps get isolated networks (if you pass in a network name), and machines on the same app share a private network—more on this below!
+* each app can still scale independently—so if you've got a _very successful user_ who needs beefier machines, you can scale them up without affecting your other users
+
+A pattern where a single application has machines for all customers is _technically_ possible, but you'd lose the benefits of load balancing, and it would be challenging to make it resilient. Plus, our tooling is not really designed to list thousands of machines per app, so you'd get weird API behavior in some places.
+
+## Isolated networks
+
+Each Fly.io organization gets an isolated network that connects all machines in the organization using Wireguard. This is described in more detail [in our private networking docs](https://fly.io/docs/networking/private-networking/). This generally means that one can deploy, for example, one app for each service, and they will be able to connect to each other using the appropriate hostnames (`.internal` or `.flycast`) as explained in the document. 
+
+However, at application creation time, a `--network` parameter can be passed, to create a [custom private network](https://fly.io/docs/networking/custom-private-networks/) for that application. This subnet will not be connected to the organization’s, meaning this application will be isolated from others (although it can still provide a public internet-facing service as configured in `fly.toml`). 
+
+The [custom private networks](https://fly.io/docs/networking/custom-private-networks/#private-apps-with-flycast) document details a few ways an isolated app can talk to other applications in a controlled manner, including:
+
+* Application A (non-isolated) can have a `.flycast` IP address in application B’s (isolated) subnet, so they can talk to each other over that IP address. You can do this using `fly ips allocate-v6 --private -a APP_A --network APP_B_NETWORK`. App A can then contact “app-b.flycast” directly.
+* Using the [fly-replay header](https://fly.io/docs/networking/dynamic-request-routing/), an application can direct requests to machines in another application, even if that one resides on a private subnet.
+* If application B (isolated) exposes a public service, then other applications (isolated or not) can access it over the Internet using its public name.
diff --git a/machines/index.html.md b/machines/index.html.md
index f92a1586fc..972a2a68ae 100644
--- a/machines/index.html.md
+++ b/machines/index.html.md
@@ -2,156 +2,18 @@
 title: "Fly Machines"
 layout: docs
 nav: machines
-redirect_from: /docs/reference/machines/
 ---
 
-Fly Machines are:
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/fly-machines.png" alt="Illustration by Annie Ruygt of a server with legs and arms, walking with a red bird hand-in-hand" class="max-w-lg">
+</figure>
 
-* [The engine](https://fly.io/blog/fly-machines/) behind the Fly.io platform: super-fast lightweight VMs that,
-  once created, can be started and stopped at subsecond speeds. 
+Fly Machines are fast-launching VMs; they can be started and stopped at subsecond speeds. We give you control of your Machine count and each Machine's lifecycle, resources, and region placement with a simple REST API or flyctl commands.
 
-* [A REST API](/docs/machines/working-with-machines/) you can use for precise control over groups of Machines to deploy
-  and scale out applications. 
+- [**Introduction to Fly Machines**:](/docs/machines/overview/) Learn whether you need low-level Machine control. Find out more about the lifecycle of Fly Machines and about scaling and placement.
 
-<section class="warning icon">
-**This is a low-level interface**.
+- [**Machines API:**](/docs/machines/api/) A simple and fast REST API for full control over our fast-launching Machines.
 
-Use Fly Machines directly when you need to be picky about how, where, and when to start VMs on Fly.io. For most
-applications, most of the time, you don't need to be picky! You scale things up to more cores or more memory, and
-out to more regions and more VM counts. [Fly Launch](/docs/apps) does all that for you with simple syntax. 
+- **[Run a New Machine](/docs/machines/flyctl/fly-machine-run/) or [Update a Machine](/docs/machines/flyctl/fly-machine-update/) with flyctl:** Configure, build, and start new Machines with a single command or update some or all of a Machine's configuration.
 
-🌶️ **But some applications get spicy.**🌶️ This is our spicy interface! We use it to build the orchestration
-for `fly launch`, but you can use it however you'd like. 
-</section>
-
-## Concepts
-
-### Machines
-
-A Machine is the configuration and state for a single VM running on our platform. Every Machine will belong to a Fly App; Apps 
-can have more than one Machine. You can start a Machine right now, without configuring anything: 
-
-```cmd
-fly machine run --shell
-```
-
-```output
-? Select Organization: (personal)
-Searching for image 'ubuntu' remotely...
-Image size: 30 MB
-
-Success! A machine has been successfully launched in app flyctl-interactive-shells-g1b7jg6wpdbq0i8b8yrl4q9rlqu5pm-502673
- Machine ID: d8d9510a295118
-Connecting to fdaa:1:18:a7b:191:1aa9:a2a5:2... complete
-root@d8d9510a295118:/# uname -a
-Linux d8d9510a295118 5.15.98-fly #gf0950f1d7c SMP Sun Sep 17 02:33:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
-```
-
-Go ahead and try it! When you `run` a Machine with `--shell`, we'll make a small one, and we'll tear it down when you're done poking around.
-
-### Machine state
-
-The big Fly Machine trick is: starting up super fast; like, "in response to an HTTP request from a user" fast. Doing things like 
-that is why you'd use Fly Machines directly, rather than a [Fly App](https://fly.io/docs/apps/deploy/). 
-
-To get your head around that trick, start by understanding the lifecycle of a Fly Machine:
-
-1. You create a Fly Machine with a [Create Machine request](https://docs.machines.dev/swagger/index.html#/Machines/Machines_create), or 
-   with `fly machine create`. The Machine is in `created` state. This step can take some time: you're asking us to reserve space
-   for your Machine, and then fetch your container from our global registry, and build a root file system; low double digit seconds, maybe. 
-   
-2. Now that the Fly Machine exists, you can start it with a [Start Machine request](https://docs.machines.dev/swagger/index.html#/Machines/Machines_start), or 
-   with `fly machine start`. We boot a VM. The Machine is in `started` state. It's running. You can talk to it. This happens fast! Everything's
-   already assembled; we're just booting. Usually this takes _well under a second_.
-   
-3. You're done with the Fly Machine, so you stop it with a [Stop Machine request](https://docs.machines.dev/swagger/index.html#/Machines/Machines_stop), or
-  `fly machine stop`. The VM shuts down. The Machine is in `stopped` state. Its components are still assembled on our worker host, ready to start back up; if
-   you want to do that, `GOTO 2`. 
-   
-4. You're tired of the Fly Machine, and want it to go away. Send a [Delete Machine request](https://docs.machines.dev/swagger/index.html#/Machines/Machines_delete), or 
-   use `fly machine destroy`. We clear the resources we were holding for the Machine off our server. You can easily create and start
-   a new Machine from the same image, but it'll be slower than stopping and starting an existing Machine. 
-
-Here's [more detail on using flyctl to manage individual Machines](/docs/machines/guides-examples/machines-app-using-flyctl/).
-
-### Scaling Machines
-
-<div class="important icon">
-Remember, the ordinary way to scale an application on Fly.io is to use [Fly Launch](/docs/apps), which offers convenient
-commands to scale instances out or up. Here, we're going to scale Machines directly, in a fiddly way.
-
-Whether or not you use `fly launch` to boot up a Fly App, every Machine belongs to an "App" (an "App" is ultimately just a named 
-collection of resources, configuration, and routing rules). But you don't have to use the `fly apps` commands to manage Machines;
-you can do it directly.
-</div>
-
-Scale a workload out horizontally with `fly machine clone`:
-
-```cmd
-fly machine clone -a my-app --region ord 7811373c095228
-```
-
-```output
-Cloning machine 7811373c095228 into region ord
-Provisioning a new machine with image registry-1.docker.io/my-app/sleep:latest@sha256:597c3e
-  Machine 28749edf4047d8 has been created...
-  Waiting for machine 28749edf4047d8 to start...
-Machine has been successfully cloned!
-```
-   
-You can clone a specific Machine as many times as you like, into specific regions; you can manage each of those Machines
-individually with `fly machine stop` and `fly machine start`.
-
-Scale a Machine up vertically with `fly machine update`:
-
-```cmd
-fly machine update -a my-app --vm-memory 512M 7811373c095228
-```
-
-```output
-Configuration changes to be applied to machine: 7811373c095228 (twilight-field-6033)
-
-  	... // 12 identical lines
-  	    "cpu_kind": "shared",
-  	    "cpus": 1,
-- 	    "memory_mb": 256
-+ 	    "memory_mb": 512
-  	  },
-  	  "dns": {}
-  	}
-  	
-? Apply changes? Yes
-Updating machine 7811373c095228
-No health checks found
-Machine 7811373c095228 updated successfully!
-```
-
-Updating a Machine takes it down (like with `fly machine stop`), applies configuration changes, and brings it back up. If you're
-not changing the image, so we don't have to go fetch it from the global registry, this is fast, for the same reason `stop` and `start`
-are; we've already done the heavy lifting. 
-
-### Placement
-
-When you `create`, `run`, or `clone` a Machine, you can pick a Fly.io region to place it in. Our API will contact the Machines API
-server (we call it `flaps`, but you don't have to care), which will in turn reach out to all the worker servers we have in the region, 
-find out which ones have the requisite resources to host the Machine, and try to make a smart choice about which of those servers to 
-put the Machine in.
-
-You don't get to pick particular servers (there are ways to cheat and do it anyways, but you shouldn't want to), just the region. 
-
-If you pick a particular region, like `ord` or `yyz`, we will _only_ create the Machine in that region. 
-
-<section class="warning icon">
-**Placement can fail!** It shouldn't happen often, but we can run out of capacity in particular regions. Both flyctl and the Fly Machines 
-API are best-effort. If you're working with us at this level of control, it's on you to retry requests and ensure they go through. In exchange for
-that burden, we try to make sure the Fly Machines API is responsive, so you get quick answers.
-</section>
-
-## Recapping Fly Machine features
-
-* Manage with the Machines API or flyctl commands
-* Stop automatically when a program exits
-* Stop or start quickly, either manually or automatically based on traffic
-* Provide ephemeral storage, a blank slate on every startup 
-* Attach a volume for persistent storage
-* Place in any region
+On the other hand, try [Fly Launch](/docs/reference/fly-launch/) if you prefer easy app-wide configuration and containerized deployment for your app.
diff --git a/machines/machine-states.html.markerb b/machines/machine-states.html.markerb
new file mode 100644
index 0000000000..7338e367e3
--- /dev/null
+++ b/machines/machine-states.html.markerb
@@ -0,0 +1,109 @@
+---
+title: Machine states and lifecycle
+layout: docs
+nav: machines
+toc: true
+---
+
+Fly Machines go through a series of lifecycle states during creation, updates, shutdown, and deletion. If you're automating deployments, coordinating Machine pools, or writing tools against the Machines API, understanding these states can help you make better decisions.
+
+## Machine state vs. machine version state
+
+Each Machine has a single Machine ID, but every change (like updating the image or resources) creates a new Machine version. It's important to distinguish between:
+
+- Overall Machine state – represents the active version of the Machine.
+- Machine version state – represents the state of a specific version of a Machine.
+
+If you query a Machine without specifying a version, the API returns the current active version's state. If you query an older version, the API may return a terminal state like `replaced`.
+
+## Machine state types
+
+### Persistent states
+
+These states remain until you take action (or something fails).
+
+| State | Description |
+|-------|-------------|
+| `created` | Initial status. Machine has been created but not yet started |
+| `started` | Running and network-accessible |
+| `stopped` | Exited, either on its own or explicitly stopped |
+| `suspended` | Suspended to disk; will attempt to resume on next start |
+| `failed` | Machine encountered an error and could not start successfully |
+
+### Transient states
+
+These are short-lived. The Machine will move to a new state automatically.
+
+| State | Description |
+|-------|-------------|
+| `creating` | Machine is being initialized |
+| `starting` | Transitioning from stopped or suspended to started |
+| `stopping` | Transitioning from started to stopped |
+| `restarting` | Machine is restarting |
+| `suspending` | Transitioning from started to suspended |
+| `destroying` | User asked for the Machine to be completely removed |
+| `launch_failed` | Machine failed to launch; will transition to destroyed |
+| `updating` | Machine is being updated to a new version |
+| `replacing` | User-initiated configuration change (image, VM size, etc.) in progress |
+
+### Terminal states
+
+These are final states that a Machine or its version won't exit from.
+
+| State | Description |
+|-------|-------------|
+| `destroyed` | No longer exists |
+| `replaced` | Machine version was replaced by a newer one (applies to version-specific queries only). If you query an older version by ID, the API will always return replaced for that version, even if the Machine is currently running. |
+| `migrated` | Machine has been moved to a new host; previous version is no longer active |
+
+## Machine state lifecycle diagrams
+
+### Overall Machine state lifecycle
+
+![Machine state lifecycle diagram](/docs/images/mermaid-diagram-1.png)
+
+### Machine version state transitions
+
+![Machine version state transitions diagram](/docs/images/mermaid-diagram-2.png)
+
+## Update and versioning behavior
+
+When you update a Machine:
+
+1. A new Machine version is created with the updated configuration.
+2. The previous version is marked as `replaced`.
+3. The new version becomes the active version and:
+   - May stay in `created` if `skip_launch` is set to true.
+   - May transition to `started` by default.
+   - May transition to `stopped`, depending on how the update was triggered and the config used.
+
+Machines are launched automatically upon creation or after an update unless `skip_launch` is explicitly set. This flag allows you to create or update a Machine without starting it immediately.
+
+If you query an old version by version ID, you may see `replaced`. To always get the current state, query the Machine without specifying a version.
+
+## Diagnosing stuck Machines
+
+If a Machine stays in a transient state for an extended time, it might be stuck ("wedged"). The following thresholds can help you decide:
+
+- `starting`, `stopping`, `restarting`, or `destroying` > 5 minutes (this can depend on the configured `kill_timeout`)
+- `updating` > 10 minutes
+
+To troubleshoot:
+
+1. Check machine events via the Machines API.
+2. Try stopping and starting the Machine.
+3. If needed, contact Fly.io support with the Machine ID.
+
+## Important Machine state considerations
+
+- `replaced` applies only to old versions and is terminal for that version. If you query an older version by ID, the API will always return `replaced` for that version, even if the Machine is currently running.
+- `migrated` indicates the Machine was moved to a new host and is no longer active.
+- Machines in `suspended` preserve memory and disk state, and resume faster than `stopped`.
+- The `launch_failed` state is usually unrecoverable and transitions to `destroyed`.
+- Machines in `failed` may be recoverable. You can try restarting, stopping, or destroying them.
+
+## Related docs
+
+- [Machines API reference](/docs/machines/api/)
+- [Working with Machines](/docs/machines/)
+- [Fly machine update command](/docs/machines/flyctl/fly-machine-update/) 
\ No newline at end of file
diff --git a/machines/overview.html.markerb b/machines/overview.html.markerb
new file mode 100644
index 0000000000..17d3115cd1
--- /dev/null
+++ b/machines/overview.html.markerb
@@ -0,0 +1,174 @@
+---
+title: "An introduction to Fly Machines"
+layout: docs
+nav: machines
+redirect_from: /docs/reference/machines/
+---
+
+Fly Machines are fast-launching VMs with a simple [REST API](/docs/machines/api/). They're [the compute](https://fly.io/blog/fly-machines/) behind the Fly.io platform. If you've launched an app on Fly.io, you're already using Fly Machines.
+
+We use the [Machines API](/docs/machines/api/) to build the orchestration for [Fly Launch](/docs/apps). You can use it however you'd like.
+
+## Do I need to control Machines directly?
+
+We give you low-level control over Fly Machines for when you need to be picky about how, where, and when to start VMs on Fly.io.
+
+For most applications, most of the time, you don't need to be picky! You scale things up to more cores or more memory, and
+out to more regions and more Machine counts. [Fly Launch](/docs/apps) does all that for you with simple syntax and configuration.
+
+## Concepts
+
+You can create and destroy Machines directly, and you have control over every Machine's lifecycle, resources, and region placement.
+
+### Machines
+
+A Machine is the configuration and state for a single VM running on Fly.io. Every Machine will belong to a Fly App; Apps can have more than one Machine. 
+
+You can start a Machine right now, without configuring anything:
+
+```cmd
+fly machine run --shell
+```
+
+```output
+? Select Organization: (personal)
+Searching for image 'ubuntu' remotely...
+Image size: 30 MB
+
+Success! A machine has been successfully launched in app flyctl-interactive-shells-g1b7jg6wpdbq0i8b8yrl4q9rlqu5pm-502673
+ Machine ID: d8d9510a295118
+Connecting to fdaa:1:18:a7b:191:1aa9:a2a5:2... complete
+root@d8d9510a295118:/# uname -a
+Linux d8d9510a295118 5.15.98-fly #gf0950f1d7c SMP Sun Sep 17 02:33:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+```
+
+Go ahead and try it! When you `run` a Machine with `--shell`, we'll make a small one, and we'll tear it down when you're done poking around.
+
+### Machine state
+
+The big Fly Machine trick is: starting up super fast; like, "in response to an HTTP request from a user" fast. Doing things like 
+that is why you'd use Fly Machines directly, rather than [letting flyctl run your deployment](/docs/launch/deploy/). 
+
+To get your head around that trick, start by understanding the lifecycle of a Fly Machine:
+
+1. You create a Fly Machine with a [Create Machine request](/docs/machines/api/machines-resource/#create-a-machine), or 
+   with `fly machine run`. The Machine is in `created` state while we reserve space for your Machine, fetch your container from our global registry, and then build a root file system; this can take some time, maybe low double digit seconds.
+   
+2. Once the Fly Machine exists, we boot it up for you right away. The Machine is in `started` state. It's running. You can talk to it. This happens fast! Everything's already assembled; we're just booting. Usually this takes _well under a second_. The same goes for starting a stopped Machine with a [Start Machine request](/docs/machines/api/machines-resource/#start-a-machine), or with `fly machine start`.
+   
+3. You're done with the Fly Machine, so you stop it with a [Stop Machine request](/docs/machines/api/machines-resource/#stop-a-machine), or `fly machine stop`. The VM shuts down. The Machine is in `stopped` state. Its components are still assembled on our worker host, ready to start back up; if you want to do that, `GOTO 2`.
+   
+4. You're tired of the Fly Machine, and want it to go away permanently. Send a [Delete Machine request](/docs/machines/api/machines-resource/#delete-a-machine-permanently), or use `fly machine destroy`. We clear the resources we were holding for the Machine off our server. You can easily create and start a new Machine from the same image, but it'll be slower than stopping and starting an existing Machine.
+
+Learn more about [running a new Machine](/docs/machines/flyctl/fly-machine-run/) or [updating a Machine](/docs/machines/flyctl/fly-machine-update/) with flyctl commands.
+
+### Scaling Machines
+
+<div class="important icon">
+Remember, the ordinary way to scale an application on Fly.io is to use [Fly Launch](/docs/apps), which offers convenient
+commands to scale instances out or up. Here, we're going to scale Machines directly, in a fiddly way.
+
+Whether or not you use `fly launch` to boot up a Fly App, every Machine belongs to an "App" (an "App" is ultimately just a named 
+collection of resources, configuration, and routing rules).
+</div>
+
+Scale a workload out horizontally with `fly machine clone`:
+
+```cmd
+fly machine clone -a my-app --region ord 7811373c095228
+```
+
+```output
+Cloning machine 7811373c095228 into region ord
+Provisioning a new machine with image registry-1.docker.io/my-app/sleep:latest@sha256:597c3e
+  Machine 28749edf4047d8 has been created...
+  Waiting for machine 28749edf4047d8 to start...
+Machine has been successfully cloned!
+```
+   
+You can clone a specific Machine as many times as you like, into specific regions; you can manage each of those Machines
+individually with `fly machine stop` and `fly machine start`.
+
+Scale a Machine up vertically with `fly machine update`:
+
+```cmd
+fly machine update -a my-app --vm-memory 512M 7811373c095228
+```
+
+```output
+Configuration changes to be applied to machine: 7811373c095228 (twilight-field-6033)
+
+  	... // 12 identical lines
+  	    "cpu_kind": "shared",
+  	    "cpus": 1,
+- 	    "memory_mb": 256
++ 	    "memory_mb": 512
+  	  },
+  	  "dns": {}
+  	}
+  	
+? Apply changes? Yes
+Updating machine 7811373c095228
+No health checks found
+Machine 7811373c095228 updated successfully!
+```
+
+Updating a Machine takes it down (like with `fly machine stop`), applies configuration changes, and brings it back up. If you're
+not changing the image, so we don't have to go fetch it from the global registry, this is fast, for the same reason `stop` and `start`
+are; we've already done the heavy lifting.
+
+### Static Machine IPs
+
+Static egress IPs can be attached to a machine. These IPs survive a [machine migration](/docs/reference/machine-migration/) and are not shared between machines.
+
+Static egress IPs are useful when your machine needs to connect to a service that requires allowlisting a specific set of IPs.
+If supported, it is recommended to use [Wireguard](/docs/networking/private-networking/#private-network-vpn) to connect to external services.
+
+You can attach a static egress IP to your machine with `fly machine egress-ip allocate <machine_id>`
+
+```cmd
+fly machine egress-ip allocate e784e7d9a65208
+```
+
+```output
+? Looks like you're allocating a static egress (outgoing) IP. This is an advanced feature, and is not needed by most apps.
+Are you sure this is what you want? Yes
+Allocated egress IPs for machine e784e7d9a65208:
+IPv4: 209.71.93.224
+IPv6: 2a09:8280:e600::2e:951:0
+```
+
+### Placement
+
+When you `create`, `run`, or `clone` a Machine, you can pick a Fly.io region to place it in. Our API will contact the Machines API
+server (we call it `flaps`, but you don't have to care), which will in turn reach out to all the worker servers we have in the region, 
+find out which ones have the requisite resources to host the Machine, and try to make a smart choice about which of those servers to 
+put the Machine in.
+
+You don't get to pick particular servers (there are ways to cheat and do it anyways, but you shouldn't want to), just the region. 
+
+If you pick a particular region, like `ord` or `yyz`, we will _only_ create the Machine in that region.
+
+Read more about Machine placement and regional capacity in [this guide](/docs/machines/guides-examples/machine-placement/).
+
+<section class="warning icon">
+**Placement can fail!** It shouldn't happen often, but we can run out of capacity in particular regions. Both flyctl and the Fly Machines 
+API are best-effort. If you're working with us at this level of control, it's on you to retry requests and ensure they go through. In exchange for that burden, we try to make sure the Fly Machines API is responsive, so you get quick answers.
+</section>
+
+## Recapping Fly Machine features
+
+* Manage with the Machines API or flyctl commands
+* Stop automatically when a program exits
+* Stop or start quickly, either manually or automatically based on traffic
+* Provide ephemeral storage, a blank slate on every startup 
+* Attach a volume for persistent storage
+* Place in any region
+
+## Related reading
+
+- [Machine states and lifecycle](/docs/machines/machine-states/) Find out how Machines move through states (created → started → stopped etc), what it means, how to detect issues.
+- [Machine placement and regional capacity](/docs/machines/guides-examples/machine-placement/) Learn more about how region and host capacity affect where your Machines land and what to do if placement fails.
+- [`fly machine` CLI reference](/docs/flyctl/machine/) Use this command‑line reference for managing Machines via `flyctl` (create, update, stop, clone, etc).
+- [Working with the Machines API](/docs/machines/api/working-with-machines-api/) Read a practical guide to creating, updating, and managing Machines via API calls.
+- [OpenAPI specification](http://docs.machines.dev/#description/introduction) Use this low-level reference for the Machines API runtime, straight from the source.
diff --git a/machines/run.html.md b/machines/run.html.md
deleted file mode 100644
index f782ada6c7..0000000000
--- a/machines/run.html.md
+++ /dev/null
@@ -1,384 +0,0 @@
----
-title: Run a new Machine
-objective: Run a new Fly Machine with flyctl
-layout: docs
-nav: machines
-order: 5
----
-
-The [`fly machine run` command](/docs/flyctl/machine-run/) is a tool to configure, build, and run a new Machine in a single guided interaction.
-
-Use `fly machine run` to include Machines built from more than one single Docker image in a Fly App, or to run a one-off or temporary Machine.
-
-Fly Launch features like `fly deploy`, `fly status`, and `fly scale` don't apply to Machines created with `fly machine run`, unless you [add metadata to indicate otherwise](/docs/machines/run#add-metadata-to-the-machine).
-
-Here's what `fly machine run` does for you:
-* Checks with the platform for the org and app you've specified, if any, and if needed, guides you through naming a new app
-* Creates a Fly App, if applicable
-* Gets, or builds, a Docker image to make the Machine from
-* Creates the Machine with some default config, plus config you pass to it with flags
-* Starts the Machine
-* Waits for the Machine to start before declaring success (or failure)
-
-To create a Machine, but not start it, use [`fly machine create`](/docs/flyctl/machine-create/).
-
-To make changes to a Machine once it's created or run, use [`fly machine update`](/docs/flyctl/machine-update/).
-
-To create and run a new Machine with the same configuration as an existing Machine, use [`fly machine clone`](/docs/flyctl/machine-clone/).
-
-<div class="note icon">
-**Note:** Creating a new Machine is not the fastest way to scale an app's capacity; for quick changes in the number of running Machines, prefer [`fly machine start`](/docs/flyctl/machine-start/) and [`fly machine stop`](/docs/flyctl/machine-stop/).
-</div>
-
-
-## Usage
-
-Here's the usage of `fly machine run`:
-
-```cmd
-fly machine run <image> [command] [flags]
-```
- 
-Here, `<image>` can point to a prebuilt image, or to the current directory (`.`) to build from a Dockerfile.
-
-Many, but not all, Machine configuration options are available to the `fly machine run` command through flags. Flags are listed in the flyctl help and on the [`fly machine run` documentation page](/docs/flyctl/machine-run/).
-
-## Administration: set the Machine's app and org
-
-The default behavior of `fly machine run` is to create a new Fly App for the new Machine to belong to, unless it's given the name of an existing app in one of two ways:
-
-1. Like many other flyctl commands, `fly machine run` looks for a `fly.toml` app config file in the working directory, and if it finds one with an app name inside, it adds the new Machine to that app. It disregards the rest of the configuration in the file.
-2. If you pass it an app name with `--app <app-name>`, flyctl prefers that name over any name it gets from a `fly.toml`.
-
-If the app name doesn't belong to an existing app in one of your orgs, flyctl asks if you want to create it. 
-
-Even if you're not using `fly deploy` to configure and run any of your app's Machines, it may be worth creating a `fly.toml` file with just an app name in it, to save using the `--app` option repeatedly. For example:
-
-```toml
-# a fly.toml just to provide an app name to commands 
-# run from the same directory
-
-app = my-app-name
-```
- 
-Use `--org <org-name>` to specify which organization a newly created app should belong to. The `--org` flag is ignored when creating the new Machine in an existing app.
-
-
-## Get or build the Docker image
-
-All Fly Machines are made from Docker images. When you `fly launch` an app, this may be invisible; a Fly Launch scanner may generate one for you based on your source code.
-
-With `fly machine run`, there are two options: point to a prebuilt image, or point to a Dockerfile, which flyctl will use to build an image.
-
-### Build from a Dockerfile
-
-To build the image from a Dockerfile named `Dockerfile`, indicate the current working directory using the `<image>` argument.
-
-```cmd
-fly machine run .
-```
-
-Use the `--dockerfile` option to specify a Dockerfile with a different name. For example:
-
-```cmd
-fly machine run . --dockerfile Dockerfile-dev
-```
-
-Any source files the Dockerfile uses should be present in the working directory. Once built, the image is pushed to the Fly.io Docker registry where your organization's remote builders can access it.
-
-### Use an existing image
-
-For example:
-
-```cmd
-fly machine run ghcr.io/livebook-dev/livebook:0.11.4     
-```
-
-## Get a shell on a temporary Machine
-
-The following command creates a temporary Machine using the Dockerfile in the working directory, and logs you into an interactive shell on it: 
-
-```cmd
-fly machine run . --shell
-```
-
-If you don't specify an app, a temporary app is created for the Machine. When you log out of the shell, the Machine, and if applicable, the temporary app, is deleted.
-
-The default shell is Bash. The `--command` flag allows you to specify a different shell if Bash isn't present in the Machine's Docker image. Log in as a non-`root` user using the `--user` flag.
-
-If you just want a shell on a temporary Ubuntu Machine that's in your org's private network, omit the `<image>` argument:
-
-```cmd
-fly machine --shell
-```
-
-## Run with a custom ENTRYPOINT or CMD
-
-You can have the Fly Platform init override the ENTRYPOINT and CMD (if any) of the Machine's Docker image at startup.
-
-### Custom CMD
-
-Override CMD by including the command to run at the end of the `fly machine run` invocation. This example simply spins up a Debian Linux Machine with a `sleep` task to keep it awake; you can shell into it or whatever:
-
-```cmd
-fly machine run debian sleep inf
-```
-
-### Custom ENTRYPOINT
-
-Override ENTRYPOINT using `--entrypoint`. In this example we use the [`--file-local` option](/docs/machines/run#copy-a-local-file-into-the-machine-file-system) to send an entrypoint script to the Machine and the `--entrypoint` option to run the script:
-
-```cmd
-fly machine run debian --file-local /entrypoint.sh=./entrypoint.sh \
-                       --entrypoint "/entrypoint.sh" \
-                       sleep inf
-```
-
-Here's a trivial `entrypoint.sh` you can use with the above example:
-
-```bash
-#! /bin/bash
-
-echo "Hello from my Fly Machine"
-
-exec "$@"
-```
-
-## Choose the region
-
-Tell the Fly Platform which [region](/docs/reference/regions/) to create the Machine in with the `--region` flag; if for some reason it can't start a new Machine in that region, you'll get an error. If the `--region` flag is omitted, the platform chooses the nearest region to you.
-
-
-## Set Machine resources
-
-Include one or more of the following options to use non-default specifications for the Machine to be run:
-
-```
---vm-cpu-kind string          The kind of CPU to use ('shared' or 'performance')
---vm-cpus int                 Number of vCPUs
---vm-gpu-kind string          If set, the GPU model to attach (a100-pcie-40gb, a100-sxm4-80gb)
---vm-memory string            Memory (in megabytes) to attribute to the VM
---vm-size string              The VM size to set machines to. See "fly platform vm-sizes" for valid values
-```
-
-GPUs are only available on orgs for which they've been explicitly enabled.
-
-## Set environment variables
-
-Specify environment variables to be available on the Machine with the `--env` flag, using NAME=VALUE pairs.
-
-Example:
-
-```cmd
-fly machine run . --env MY_VAR=MY_VALUE \
-                  --env MY_OTHER_VAR="my spacey value" \
-                  --app my-app-name
-```
-
-Use quotes around the value if it has spaces in it.
-
-For sensitive environmment variables, [set secrets on the app](https://fly.io/docs/flyctl/secrets/) instead.
-
-## Define a network service
-
-Define a service when the Machine should be reachable by the Fly Proxy, either via an [Anycast](https://fly.io/docs/reference/services/#ip-addresses) or [Flycast](/docs/reference/private-networking/#flycast-private-load-balancing) IP address or through [`fly-replay` dynamic routing](/docs/reference/dynamic-request-routing/).
-
-
-To make an internal service on the Machine reachable via the Fly Proxy, use the `--port` option. Map any "external" ports, where the Fly Proxy accepts requests directed at the app, to the internal port where the service is listening on IPv6, and for each port, specify the protocol and [connection handler(s)](/docs/reference/services/#connection-handlers), using this format: `port[:machinePort][/protocol[:handler[:handler...]]]`.
-
-For example, if your Machine runs a server on port 80, and the Fly Proxy should handle HTTP connections on port 80 and HTTPS connections on port 443, the port configuration would look like this: 
-
-```cmd
-fly machine run . --port 80/tcp:http \
-                  --port 443:80/tcp:http:tls \
-                  --app my-app-name      
-```
-
-<div class="important icon">
-**Important:** Even with a service defined, a Machine is not publicly accessible unless it has an Anycast IP address.
-</div>
-
-<div class="important icon">
-**Important:** If Machines within the same Fly App host different services, use different external ports so that they don't receive requests meant for another Machine.
-</div>
-
-
-## Set autostart and autostop
-
-[Read more about Fly Proxy autostart and autostop](/docs/apps/autostart-stop/#how-it-works).
-
-In a Machine service's configuration, `autostop` and `autostart` settings are optional. 
-
-When the `autostop` setting is absent, the Fly Proxy never shuts down the Machine, even if there is no traffic to it.
-
-When the `autostart` setting is absent, if the Machine is stopped the proxy may start it according to its load-balancing rules. 
-
-
-The `--autostart` and `--autostop` flags set the value of `autostart` or `autostop` to `true` by default; to set the value to `false`, set the value explicitly. For example, the following runs a new Machine that may be stopped by the Fly Proxy, but will never be restarted by it.
-
-```cmd
-fly machine run nginx --port 80:80/tcp:http \
-                --port 443:80/tcp:http:tls \
-                --autostop \
-                --autostart=false
-```
-
-If you define more than one service on the Machine, and also use one or both of these flags, it applies to both the services in the Machine config.
-
-## Set a restart policy on process exit
-
-A Machine's [restart policy](/docs/machines/guides-examples/machine-restart-policy/]) defines whether and how flyd restarts a Machine after its main process exits, before allowing it to reach the `stopped` state. You may want a Machine to try to restart after a crash, for example.
-
-This policy does not apply when a Machine is stopped from outside, such as when you use the [fly machine stop](/docs/flyctl/machine-stop) command.
-
-Set it using the `--restart` option. Options are `no`, `always`, and `on-fail`. 
-
-The default restart policy for a Machine created using `fly machine run` is `always`, unless you use the [`--rm` option](#automatically-destroy-the-machine-when-it-exits), in which case the default is `no`.
-
-## Automatically destroy the Machine when it exits
-
-By default, when a Machine is `stopped`, its file system is reset using its config and Docker image, and it sits ready to be `started` again. Use the `--rm` flag to cause the Machine to instead be destroyed when it stops.
-
-The default [restart policy](#set-a-restart-policy-on-process-exit) for a Machine created with `fly machine run --rm` is `no`, to ensure that flyd doesn't ignore the exit code and restart the Machine.
-
-## Mount a Fly Volume
-
-A Fly Volume is a slice of an NVMe drive attached to the hardware that runs the Machine. Create a volume before creating the Machine.
-
-```cmd
-fly volume create --size 10 data_volume --region arn
-```
-
-Create the new Machine in the same region, using the volume name: `--volume <vol_name>:<mount_point>`.
-
-```cmd
-fly machine run . --volume data_volume:data --region arn
-```
-
-Or by id: `--volume <vol_id>:<mount_point>`.
-
-```cmd
-fly machine run . --volume vol_d42652p88kdw9l7r:data --region arn
-```
-
-A Machine can only mount one volume, and each volume can only be mounted on one Machine. To release a volume that is attached to a Machine, destroy the Machine.
-
-
-## Add metadata to the Machine
-
-The Fly Platform uses specific metadata, stored in a Machine's config, for its own purposes, such as assigning Machines to process groups. You can add custom metadata as well.
-
-The following starts a Machine that the `fly deploy` command will try to manage as part of the `app` process group, replacing its image and config with what, if anything, you have set up in the working directory for that app. 
-
-```
-fly machine run . --metadata fly_platform_version=v2 \
-                  --metadata fly_process_group=app \
-                  --metadata my_metadata=mineallmine
-```
-
-You can see the metadata in the Machine config: 
-
-```cmd
-fly machine status -d -a my-app-name
-```
-```out
-...
-  "metadata": {
-    "fly_platform_version": "v2",
-    "fly_process_group": "app",
-    "mymeta": "mineallmine"
-  },
-...
-```
-
-
-## Name the Machine
-
-The Fly Platform gives human-friendly names, like `ancient-glitter-2128`, that show up alongside their `id` in the output of commands like `fly machine list`.
-
-You may want to give the Machine a custom name, so you can easily recognize it. Use the `--name` flag:
-
-```cmd
-fly machine run . --name my-special-Machine
-```
-
-## Place data into files on the Machine
-
-Configuration can be used to place a limited quantity of data into files on a Machine's file system. The `fly machine run` command has three ways to make use of this. 
-
-<div class="important icon">
-**Important:** This won't work for large files, as there's a limit to how much data can be stored in an app secret or a Machine's configuration.
-</div>
-
-### Copy a local file into the Machine file system
-
-If it's not convenient to build a file into the Machine's Docker image, use the `--file-local` flag to store the contents of a local file in its configuration instead. 
-
-```
---file-local /path/inside/machine=local/path
-```
-
-The file's contents are stored as a Base64-encoded string as part of the Machine configuraton, and decoded to the original text on the Machine. There's a limit to how large a file you can create in this way.
-
-### Make a secret into a file instead of an env var
-
-[Fly Secrets](/docs/reference/secrets/) are stored in an encrypted vault, and become environment variables on each Machine started on the app.
-
-You can configure a Machine to store secret values in the form of a file, rather than an environment variable. Encode the data in Base64 format and put it into an app secret with `fly secrets set`. Use the `--stage` flag to prevent flyctl from initiating a deployment once the secret is registered.
-
-```cmd
-fly secrets set \
-  MY_BASE64_SECRET=SGVsbG8hIEknbSBGcmFua2llIHRoZSBiYWxsb29uIQo= \
-  --stage
-```
-
-Use the `--file-secret` flag on `fly machine run`. In this example I'm putting the contents of the secret called `MY_BASE64_SECRET` into a file `/secret-file` on my new Machine:
-
-```cmd
-fly machine run . \
-  --file-secret /secret-file=MY_BASE64_SECRET 
-```
-
-The secret will be available in the specified file, and not in an environment variable, on that Machine. It's decoded from Base64 into plain text.
-
-```
-root@1857770b4e10e8:/# cat secret-file
-Hello! I'm Frankie the balloon!
-```
-
-If a process or user on the Machine should not have access to the secret, you can use an entrypoint script to change permissions on the secret file.
-
-<div class="important icon">
-**Important:** This is not a way to hide secret values from members of an app's organization who have deployment privileges. Access via `fly ssh` commands is root access. In addition, all secrets that are set on an app are available as env vars in any Machine that gets updated after the secret is set, except for Machines configured with `--file-secret` to put the secret into a file instead.
-</div>
-
-### Make a file out of a Base64-encoded string
-
-You can place data directly into the Machine through its config as a Base64-encoded string:
-
-```cmd
-fly machine run . --file-literal /b64file=SGVsbG8hIEknbSBGcmFua2llIHRoZSBiYWxsb29uIQo=
-```
-
-The Base64 encoding is preserved in a file created using the `--file-literal` flag.
-
-```
-root@1857779a44d108:/# cat b64file | base64 --decode
-Hello! I'm Frankie the balloon!
-```
-
-## Create a standby Machine
-
-For the sake of resilience, you can create a stopped [standby](/docs/reference/app-availability/#standby-machines-for-process-groups-without-services) for Machines that don't have Fly Proxy services and therefore can't be supplemented by Fly Proxy "autostart" in case of a host failure.
-
-```
-fly machine run . --standby-for 287444ec026748,148ed726c54768
-```
-
-## Start a Machine on a schedule
-
-Use the `--schedule` flag to start the Machine on a fuzzy `hourly`, `daily`, `weekly`, or `monthly` cycle. This is useful for running Machines that do a finite job, then exit. The Machine is started the first time when you run `fly machine run`, and again once, each (approximate) hour, day, week, or month.
-
-<div class="important icon">
-**Important:** If the host on which a stopped Machine resides doesn't have the resources to start it when its scheduled time comes, you'll get an error back. It's up to you to build the appropriate level of redundancy into your apps.
-</div>
\ No newline at end of file
diff --git a/machines/runtime-environment.html.md b/machines/runtime-environment.html.md
new file mode 100644
index 0000000000..41503407a2
--- /dev/null
+++ b/machines/runtime-environment.html.md
@@ -0,0 +1,52 @@
+---
+title: The Machine Runtime Environment
+layout: docs
+nav: machines
+redirect_from: /docs/reference/runtime-environment/
+---
+
+Environment variables make several kinds of information available within a Machine's runtime environment. The values come from three sources:
+
+* [Secrets](/docs/reference/secrets)
+* [Environment variable settings](/docs/reference/configuration/#the-env-variables-section) from the Machine config
+* Fly.io infrastructure, as detailed below
+
+## _Environment variables_
+
+### `FLY_APP_NAME`
+**App name**: Each app running on Fly.io has a unique app name. This identifies the app for the user, and can also identify its Machines on their IPv6 private network, using internal DNS. For example, `syd.$FLY_APP_NAME.internal` can refer to the app's Machines running in the `syd` region. Read more about [6PN Naming](/docs/networking/private-networking/#fly-io-internal-addresses) in the [Private Networking](/docs/networking/private-networking/) docs.
+
+### `FLY_MACHINE_ID`
+**Machine ID**: The Machine's unique ID on the Fly.io platform. This is the ID you use to target the Machine using flyctl and the Machines API. You can also see it in the [log](/docs/flyctl/logs/) messages emitted by the Machine.
+
+### `FLY_ALLOC_ID`
+**Allocation ID**: Same as the `FLY_MACHINE_ID`.
+
+### `FLY_REGION`
+**Region name**: The three-letter name of the region the Machine is running in. Details of current regions are listed in the [Regions](/docs/regions/) page. As an example, "ams" is the region name for Amsterdam.
+
+Not to be confused with the [HTTP header](/docs/networking/request-headers/#fly-region) `Fly-Region`, which is where the connection was accepted from.
+
+### `FLY_PUBLIC_IP`
+**IPV6 public IP**: The full public outbound IPV6 address for this Machine. Read more in the [Network Services](/docs/networking/services/#outbound-ip-addresses) section.
+
+### `FLY_IMAGE_REF`
+**Docker image reference**: The name of the Docker image used to create the Machine. `registry.fly.io/my-app-name:deployment-01H9RK9EYO9PGNBYAKGXSHV0PH` is an example of the Docker Image Reference's format.
+
+Useful if your app needs to launch Machine instances of itself to scale background workers to zero and back, as in [Rails Background Jobs with Fly Machines](https://fly.io/ruby-dispatch/rails-background-jobs-with-fly-machines/).
+
+### `FLY_MACHINE_VERSION`
+**Machine configuration version**: A version identifier associated with a specific Machine configuration. When you update a Machine's configuration (including when you update its Docker image), it gets a new `FLY_MACHINE_VERSION`. Changing the Machine's metadata using the metadata endpoint of the Machines API doesn't trigger a new version. You can also find this value under the name `Instance ID` in the output of `fly machine status`.
+
+### `FLY_PRIVATE_IP`
+**Private IPv6 address**: The IPv6 address of the Machine on its [6PN private network](/docs/networking/private-networking/).
+
+### `FLY_PROCESS_GROUP`
+**Process group**: The Fly Launch [process group](/docs/apps/processes) associated with the Machine, if any. 
+
+### `FLY_VM_MEMORY_MB`
+**Machine memory**: The memory allocated to the Machine, in MB. It's the same value you'll find under https://fly.io/dashboard/personal/machines and VM Memory in the output of `fly machine status`. Learn more about [Machine sizing](/docs/machines/guides-examples/machine-sizing/).
+
+### `PRIMARY_REGION`
+**Primary region**: This is set in your `fly.toml` or with the `--region` flag during deploys. Learn more about [configuring the primary region](/docs/reference/configuration/#primary-region).
+ 
\ No newline at end of file
diff --git a/machines/working-with-machines.html.markerb b/machines/working-with-machines.html.markerb
deleted file mode 100644
index 54a171a514..0000000000
--- a/machines/working-with-machines.html.markerb
+++ /dev/null
@@ -1,600 +0,0 @@
----
-title: Working with the Machines API
-objective: Get familiar with the Fly Machines API.
-layout: docs
-nav: machines
-order: 1
----
-
-This document covers usage of the Machines REST API to start, stop, update and interact with Fly Machines. For the impatient, [flyctl also provides commands](https://fly.io/docs/flyctl/machine/) for experimenting with the API.
-
-See all possible Machine states [in the table below](#machine-states).
-
-## API spec
-
-We have a Swagger 2.0 specification available at [docs.machines.dev](https://docs.machines.dev) for the Machines API, so that you can autogenerate clients in your preferred language.
-
-## Connecting to the API
-
-This guide assumes that you have `flyctl` and `curl` installed, and have authenticated to Fly.io.
-
-### Using the public `api.machines.dev` endpoint
-
-The easiest (and recommended) way to connect to the Machines API is to use the public `api.machines.dev` endpoint, a simpler and more performant alternative to connecting over WireGuard.
-
-Simply skip down to [setting up the environment](#setting-up-the-environment), and make sure to set `$FLY_API_HOSTNAME` to `https://api.machines.dev`.
-
-### Using the private Machines API endpoint
-
-You can still access your Machines directly over a WireGuard VPN, and use the private Machines API endpoint: `http://_api.internal:4280`. This method requires more setup.
-
-Follow the [instructions](/docs/reference/private-networking/#private-network-vpn) to set up a permanent WireGuard connection to your Fly.io [IPv6 private network](/docs/reference/private-networking/). Once you're connected, Fly internal DNS should expose the Machines API endpoint at: `http://_api.internal:4280`
-
-### Connecting through flyctl 
-
-You can also proxy a local port to the internal API endpoint. This section is preserved mainly for the sake of interest, as the public Machines API endpoint is simpler and more performant.
-
-```cmd
-fly machines api-proxy
-```
-
-Pick any organization when asked.
-
-With the above command running, in a separate terminal, try this to confirm you can access the API:
-
-```cmd
-curl http://127.0.0.1:4280
-```
-
-If you successfully reach the API, it should respond with a `404 page not found` error. That's because this was not a defined endpoint.
-
-## Setting up the environment
-
-Set these environment variables to make the following commands easier to use.
-
-```bash
-$ export FLY_API_HOSTNAME="https://api.machines.dev/" # set to http://_api.internal:4280 when using WireGuard or `http://127.0.0.1:4280` when using 'flyctl proxy'
-$ export FLY_API_TOKEN=$(fly auth token)
-```
-
-For local development, you can see the token used by `flyctl` with `fly auth token`. You can also create a new auth token in the [personal access token section of the fly.io dashboard](https://fly.io/user/personal_access_tokens).
-
-In order to access this API on a Fly Machine, make the token available as a secret:
-
-```cmd
-fly secrets set FLY_API_TOKEN=$(fly auth token)
-```
-
-A convenient way to set the `FLY_API_HOSTNAME` is to add it to your `Dockerfile`:
-
-```dockerfile
-ENV FLY_API_HOSTNAME="https://api.machines.dev/"
-```
-
-<section class="warning">The cURL examples in this document are for an app named `my-app-name`. Replace `my-app-name` with the name of your app. Also replace any example Machine IDs with your app's Machine IDs.
-</section>
-
-## Authentication
-
-All requests must include the Fly API Token in the HTTP Headers as follows:
-
-```
-Authorization: Bearer <fly_api_token>
-```
-
-## Apps
-
-You can use the Apps resource to create and manage Fly Apps. A Fly App is an abstraction for a group of Machines running your code, along with the configuration, provisioned resources, and data we need to keep track of to run and route to your Machines.
-
-### Create a Fly App
-
-`POST /apps`
-
-Machines must be associated with a Fly App. App names must be unique.
-
-<%= partial "/docs/reference/machines/create_app_req" %>
-
-To segment the app into its own network, you can pass a `network` argument in the JSON body, e.g. `"network": "some-arbitrary-name"`. Any Machine started in such an app will not be able to access other apps within their organization over the private network. However, Machines within such an app can communicate to each other, and the [`fly-replay`](/docs/reference/dynamic-request-routing/) header can still be used to route requests to Machines within a segmented app.
-
-### Allocate an IP address for global request routing
-
-If you intend for Machines to be accessible to the internet, you'll need to allocate an IP address to the app. Currently
-this is done using `flyctl` or the [Fly.io GraphQL API](https://api.fly.io/graphql). This offers your app automatic, global routing via [Anycast](https://fly.io/docs/reference/services/#anycast). Read more about this in [the Networking section](https://fly.io/docs/reference/services/#notes-on-networking).
-
-Example:
-
-```cmd
-fly ips allocate-v4 -a my-app-name
-```
-```out
-TYPE ADDRESS    REGION CREATED AT
-v4   37.16.9.52 global 7s ago
-```
-
-The app will answer on this IP address, and after a small delay, at `my-app-name.fly.dev`.
-
-### Get application details
-
-`GET /apps/{app_name}`
-
-Get details about an application, like its organization slug and name. Also, to check if the app exists!
-<%= partial "/docs/reference/machines/get_app_req" %>
-<%= partial "/docs/reference/machines/get_app_resp" %>
-
-### Set application secrets
-
-For sensitive environment variables, such as credentials, you can set [secrets](https://fly.io/docs/reference/secrets/) as you would for standard Fly Apps using `flyctl`:
-
-<%= partial "/docs/partials/set_secrets", locals: { app_name: "my-app-name" } %>
-
-Machines inherit secrets from the app. Existing Machines must be [updated](#update-a-machine) to pick up secrets set after the Machine was created.
-
-For non-sensitive information, you _can_ set different environment variables per Machine at creation time.
-
-### Delete a Fly App
-
-`DELETE /apps/{app_name}`
-
-Machines should be stopped before attempting deletion. Append `?force=true` to the URI to stop and delete immediately.
-
-<%= partial "/docs/reference/machines/delete_app" %>
-
-## Machines
-
-A Fly Machine is the configuration and state for a single VM running on Fly.io. With the Machines resource, you can create, stop, start, update, and delete Machines.
-
-### Machine properties
-
-| Property | Description |
-| --------- | ----------- |
-| `id` | A stable identifier for the Machine. |
-| `name` | Unique name for the Machine. If omitted, one is generated for you. |
-| `state` | The current state of the Machine. See the [Machine states table](#machine-states). |
-| `region` | The region where the Machine resides, or the target region for the Machine on create. If omitted, the Machine is placed in the same region as your WireGuard peer connection (somewhere near you). |
-| `instance_id` | An identifier for the current running/ready version of the Machine. Every Update request potentially changes the `instance_id`. |
-| `private_ip` | The [6PN IPv6 address](/docs/reference/private-networking/) of the Machine, which is where it's reachable to other Machines in the same organization and `network_id`. |
-| `config` | Object that defines the Machine configuration. Refer to [The `config` object properties](#the-machine-config-object-properties) section for details.|
-| `checks` | Object that provides the status of any checks. |
-| `image_ref` | Object that defines the image details. |
-| `created_at` | Date and time the Machine was created. |
-| `updated_at` | Date and time the Machine was last updated. |
-| `events` | Array of objects that provide log of what's happened with this Machine. |
-| `nonce` | The Machines lease nonce, if this Machine is currently leased. Also returned on Machine create if `lease_ttl` is provided. |
-
-### List all Machines for an app
-
-`GET /apps/{app_name}/machines`
-
-#### Query parameters for list Machines
-
-Append parameters to filter the response.
-
-**`state`**: Filter by the state of the Machines in the app. For example, to return only Machines in the `started` state: `GET /apps/my-app-name/machines?started`
-
-**`include_deleted`**: If true, include deleted Machines in the response.
-
-**`region`**: Filter by region. For example, to return only Machines in the `yyz` region: `GET /v1/apps/my-app-name/machines?region=yyz`
-
-#### Example list Machines request
-
-<%= partial "/docs/reference/machines/list_req" %>
-
-#### Example list Machines response
-
-<%= partial "/docs/reference/machines/list_resp" %>
-
-### Create a Machine
-
-`POST /apps/{app_name}/machines`
-
-Given the name of a Fly App, create a Fly Machine, given the URI of a container image, in some region (or, by default, the region closest to you) on Fly.io’s platform. If successful, that Machine will boot up by default. Create a Machine without booting it by setting `skip_launch`.
-
-You can configure the Machine characteristics, like its CPU and memory. You can also allow connections from the internet through the Fly Proxy by [creating a Machine with services](#create-a-machine-with-services). Learn more about this behavior in the [networking section](#networking).
-
-<div class="important icon">
-**Important:** This request can fail, and you're responsible for handling that failure. If you ask for a large Machine, or a Machine in a region we happen to be at capacity for, you might need to retry the request, or to fall back to another region. If you're working directly with the Machines API, you're taking some responsibility for your own orchestration!
-</div>
-
-The only required parameter is `image` in the `config` object.
-
-#### Example create Machine request
-
-<%= partial "/docs/reference/machines/create_req" %>
-
-#### Example create Machine response
-
-<%= partial "/docs/reference/machines/create_resp" %>
-
-#### Create Machine request body parameters
-
-`name`: Unique name for this Machine. If omitted, one is generated for you. String.
-
-`region`: The target region. Omitting this param launches in the same region as your WireGuard peer connection (somewhere near you). String.
-
-`lease_ttl`: Acquire a lease on the newly created Machine, waiting this many seconds before failing the request; use to create a Machine that can’t be updated by any other external process while waiting for it to come up and pass health checks. Integer.
-
-`skip_launch`: Create a Fly Machine, but don’t boot it up, leaving it in a state where it can be quickly started in response to events. Think of this as “warming the caches” on our hardware. Boolean (default: false)
-
-`lsvd`: Enable Log Structured Virtual Disks for this Machine. Boolean (default: false)
-
-`skip_service_registration`: Leave this Machine disconnected from Fly.io’s request routing. This is like a combined Create and Cordon operation; register the Machine later with an Uncordon request. Useful for bluegreen deploys: bring a Machine up, test it healthy, and only then let user requests hit it. Boolean (default: false)
-
-`config`: An object defining the Machine configuration. See the [`config` object properties](#the-machine-config-object-properties) section.
-
-### Create a Machine with services
-
-`POST /apps/{app_name}/machines`
-
-Create a Machine with services defined on app `my-app-name`. Learn more about [services and networking](#notes-on-networking).
-
-#### Example create Machine with services request
-
-<%= partial "/docs/reference/machines/launch_req" %>
-
-#### Example create Machine with services response
-
-<%= partial "/docs/reference/machines/launch_resp" %>
-
-### Wait for a Machine to reach a specified state
-
-`GET /apps/{app_name}/machines/{machine_id}/wait`
-
-Wait for a Machine to reach a specific state. Specify the desired state with the `state` parameter.  See the [Machines states table](#machine-states) for a list of possible states.  The default for this parameter is `started`.
-
-This request will block for up to 60 seconds. Set a shorter timeout with the `timeout` parameter.
-
-#### Query parameters for wait for Machine
-
-Append parameters to filter the response.
-
-**`instance_id`**: Filter by Machine `instance_id`.
-
-**`timeout`**: Set the wait timeout. Default is 60 seconds.
-
-**`state`**: Filter by the state of the Machines in the app.
-
-<%= partial "/docs/reference/machines/wait_req" %>
-<%= partial "/docs/reference/machines/wait_resp" %>
-
-### Get a Machine
-
-`GET /apps/{app_name}/machines/{machine_id}`
-
-Given the name of a Fly App and a Fly Machine ID, retrieve the details of that Machine.
-
-#### Example get Machine request
-
-<%= partial "/docs/reference/machines/get_req" %>
-
-#### Example get Machine response
-
-<%= partial "/docs/reference/machines/get_resp" %>
-
-### Update a Machine
-
-`POST /apps/{app_name}/machines/{machine_id}`
-
-Given the name of a Fly App and a Fly Machine ID, update the configuration of the Machine. If the Machine is running and the request is successful, it will reboot; if the Machine isn't running, and you don't want it to start up, set `skip_launch`.
-
-This is, in particular, how you would update the running image of a Machine (when you need to deploy new code), or roll back to a previous Machine release. It's also how you'd vertically scale an application.
-
-<div class="important icon">
-**Important:** This request can fail, and you're responsible for handling that failure. If you ask for a large Machine, or a Machine in a region we happen to be at capacity for, you might need to retry the request, or to fall back to another region. If you're working directly with the Machines API, you're taking some responsibility for your own orchestration!
-</div>
-
-`region` and `name` are immutable and cannot be updated. 
-
-<div class="note icon">
-**Note:** You need to specify the entire Machine config to update a Machine; we don't support partial updates. Refer to the [Machine `config` object properties](#the-machine-config-object-properties) section for descriptions.
-</div>
-
-#### Machine update request headers
-
-`fly-machine-lease-nonce`: string (nil) - The Machine lease nonce, a random value we provide that indicates that you currently hold the lease on this Machine. If the Machine is leased, and you don't provide this header, the request to update the Machine will fail.
-
-#### Example Machine update request
-
-<%= partial "/docs/reference/machines/update_req" %>
-
-#### Example Machine update response
-
-<%= partial "/docs/reference/machines/update_resp" %>
-
-#### Machine update request body parameters
-
-`current_version`: The latest `instance_id` value of the Machine.
-
-For the rest of the parameters, see the [create Machine request body parameters](#create-machine-request-body-parameters).
-
-### Stop a Machine
-
-`POST /apps/{app_name}/machines/{machine_id}/stop`
-
-Stopping a Machine will shut down the Machine, but not destroy it. The Machine may be started again with `machines/<id>/start`.
-
-<%= partial "/docs/reference/machines/stop_req" %>
-<%= partial "/docs/reference/machines/stop_resp" %>
-
-### Start a Machine
-
-`POST /apps/{app_name}/machines/{machine_id}/start`
-
-Start a previously stopped Machine.  Machines that are restarted are completely
-reset to their original state so that they start clean on the next run.
-
-<%= partial "/docs/reference/machines/start_req" %>
-<%= partial "/docs/reference/machines/start_resp" %>
-
-### Delete a Machine permanently
-
-`DELETE /apps/{app_name}/machines/{machine_id}`
-
-Delete a Machine. This action cannot be undone.
-
-Given the name of a Fly App and the Machine ID of a Fly Machine, delete the Machine.
-
-#### Example Machine delete request
-
-Optionally append `?force=true` to the URI to stop a running Machine before deleting it.
-
-<%= partial "/docs/reference/machines/delete_req" %>
-
-#### Example Machine delete response
-
-<%= partial "/docs/reference/machines/delete_resp" %>
-
-### Lease a Machine
-
-`GET /apps/{app_name}/machines/{machine_id}/lease`
-
-`POST /apps/{app_name}/machines/{machine_id}/lease`
-
-`DELETE /apps/{app_name}/machines/{machine_id}/lease`
-
-Machine leases can be used to obtain an exclusive lock on modifying a Machine.
-
-#### Example lease Machine request
-
-<%= partial "/docs/reference/machines/lease_req" %>
-
-#### Example lease Machine response
-
-<%= partial "/docs/reference/machines/lease_resp" %>
-
-#### Lease Machine request body parameters
-
-`ttl`: int (nil) - How long the lease should be held for. Optional.
-
-<%= partial "/docs/reference/machines/lease" %>
-
-### Route requests away from a Machine
-
-`POST /apps/{app_name}/machines/{machine_id}/cordon`
-
-Given the name of a Fly App and the Machine ID of a Fly Machine, instruct the Fly Proxy not to send requests to the Machine.
-
-You can also do this with a fresh Machine, all in one shot, using the `skip_service_registration` request field of a Machine Create request.
-
-This is useful for bluegreen deployments: boot up a new, "green", cordoned Machine running the new release (using `skip_service_registration`), make sure it's healthy, then uncordon it and tear down the old, "blue" Machine.
-
-Returns **Status: 200 OK** on success.
-
-### Resume request routing to a Machine
-
-`POST /apps/{app_name}/machines/{machine_id}/uncordon`
-
-Given the name of a Fly App and the Machine ID of a Fly Machine, instruct the Fly Proxy to again send requests to the Machine.
-
-This is useful for bluegreen deployments: boot up a new, "green", cordoned Machine running the new release, make sure it's healthy, then uncordon it and tear down the old, "blue" Machine. This is also how you register services for a Fly Machine created with the `skip_service_registration` request field.
-
-Returns **Status: 200 OK** on success.
-
-### The Machine `config` object properties
-
-Properties of the `config` object for Machine configuration. Learn about all the [Machine properties](#machine-properties).
-
-`image`: string - Required. The container registry path to the image that defines this Machine (for example, ”registry-1.docker.io/library/ubuntu:latest”).
-
-`auto_destroy`: bool (false) - If true, the Machine destroys itself once it's complete.
-
-`checks`: An optional object that defines one or more named checks. The key for each check is the check name. The value for each check supports:
-
-+ `type`: string (nil) - `tcp` or `http`.
-+ `port`: int (nil) - The TCP port to connect to, likely should be the same as `internal_port`.
-+ `interval`: int (nil) - The interval, in nanoseconds, between connectivity checks
-+ `timeout`: int (nil) - The maximum time, in nanoseconds, a connection can take before being reported as failing its health check.
-+ `grace_period`: int (nil) - How long to wait, in nanoseconds, before we start running health checks.
-+ `method`: string (nil) - For `http` checks, the HTTP method to use to when making the request.
-+ `path`: string (nil) - For `http` checks, the path to send the request to.
-+ `protocol`: string (nil) - For `http` checks, whether to use `http` or `https`
-* `tls_server_name`: string (nil) - If the protocol is `https`, the hostname to use for TLS certificate validation
-+ `tls_skip_verify`: bool (false) - For `http` checks with https protocol, whether or not to verify the TLS certificate
-+ `headers`: {string: [string, string]} ({}) - For `http` checks, an array of objects with string field `name` and array of strings field `values`.
-
-An example of two checks:
-
-```json
-        "checks": {
-            "tcp-alive": {
-                "type": "tcp",
-                "port": 8080,
-                "interval": "15s",
-                "timeout": "10s"
-            },
-            "http-get": {
-                "type": "http",
-                "port": 8080,
-                "protocol": "http"
-                "method": "GET",
-                "path": "/",
-                "interval": "15s",
-                "timeout": "10s"
-            }
-        }
-```
-
-`dns`
-  - `skip_registration`: If true, do not register the Machine's 6PN IP with the internal DNS system.
-
-`env`: {string:string} ({}) - An object filled with key/value pairs to be set as environment variables.
-
-`files`: An optional array of objects defining files to be written within a Machine, one of `raw_value` or `secret_name` must be provided.
-  - `guest_path`: string - The path in the Machine where the file will be written. Must be an absolute path.
-  - `raw_value`: string - Contains the base64 encoded string of the file contents.
-  - `secret_name`: string - The name of the secret containing the base64 encoded file contents.
-
-An example of two files:
-
-```json
-        "files": [
-            {
-                "guest_path": "/path/to/hello.txt",
-                "raw_value": "aGVsbG8gd29ybGQK"
-            },
-            {
-                "guest_path": "/path/to/secret.txt",
-                "secret_name": "SUPER_SECRET"
-            }
-        ]
-```
-
-`guest`: Configure the resources allocated for this Machine. An object with the following options:
-  - `cpu_kind`: string (nil) - The type of CPU reservation to make (”shared”, ”performance", and so on).
-  - `gpu_kind`: string (nil) - The type of GPU reservation to make.
-  - `host_dedication_id`: The ID of the host dedication (group of dedicated hosts) on which to create this Machine. (beta)
-  - `cpus`: int (nil) - The number of CPU cores this Machine should occupy when it runs. (default `1`)
-  - `kernel_args`: Optional array of strings. Arguments passed to the kernel.
-  - `memory_mb`: int (nil) - Memory in megabytes as multiples of 256 (default `256`)
-
-`init`: Arguments for `init`, which is Fly.io's footprint inside your Machine, and controls how your own code gets run.
-  - `exec`: [string, string] ([]) - The command line for the program to run once the Machine boots up. This overrides any other startup command line, either in our API or in your Docker container definition.
-  - `entrypoint`: [string, string] ([]) - A command line to override the ENTRYPOINT of your Docker container; another way to define the program that is going to start up when your Machine boots up.
-  - `cmd`: [string, string] ([]) - A command line to override the CMD of your Docker container; still another way to define the program that is going to start up when your Machine boots up.
-  - `tty`: bool (false) - Allocate a TTY for the process we start up.
-  - `swap_size_mb`: int (nil) -Swap space to reserve for the Fly Machine in, you guessed it, megabytes.
-
-`metadata`: {string:string} ({}) - An object filled with key/value pairs for the Machine metadata. We use metadata internally for routing, process groups, and clusters.
-
-`metrics`: An optional object defining a metrics endpoint that [Prometheus on Fly.io](https://fly.io/docs/reference/metrics/#prometheus-on-fly-io) will scrape.
-  - `port`: int - Required. The port that Prometheus will connect to.
-  - `path`: string - Required. The path that Prometheus will scrape (e.g. `/metrics`).
-
-`mounts`: An array of objects that reference previously created [persistent volumes](https://fly.io/docs/reference/volumes/). Currently, you may only mount one volume per Machine.
-  - `name`: string - Required. The name of the Volume to attach.
-  - `path`: string - Required. Absolute path on the Machine where the volume should be mounted. For example,  `/data`.
-  - `extend_threshold_percent`: int - The threshold of storage used on a volume, by percentage, that triggers extending the volume’s size by the value of `add_size_gb`.
-  - `add_size_gb`: int - The increment, in GB, by which to extend the volume after reaching the auto_extend_size_threshold. Required with auto_extend_size_increment. Required with `extend_threshold_percent`.
-  - `size_gb_limit`: int - The total amount, in GB, to extend a volume. Optional with auto_extend_size_increment. Optional with `extend_threshold_percent`.
-  - `volume`: int (nil) - The volume ID, visible in `fly volumes list`, i.e. `vol_2n0l3vl60qpv635d`.
-
-`processes`: An optional array of objects defining multiple processes to run within a Machine. The Machine will stop if any process exits without error.
-  - `entrypoint`: An array of strings. The process that will run.
-  - `cmd`: An array of strings. The arguments passed to the entrypoint.
-  - `env`: An object filled with key/value pairs to be set as environment variables.
-  - `exec`: An array of strings. The command to run for Machines in this process group on startup.
-  - `user`: string (nil) - An optional user that the process runs under.
-
-`restart`: Defines whether and how flyd restarts a Machine after its main process exits. Learn more about [Machine restart policies](/docs/machines/guides-examples/machine-restart-policy/). This object has the following options:
-  - `policy`: string - Required. One of "no", "on-failure", or "always".
-  - `max_retries`: int (nil) - The maximum number of retries when the policy is "on-failure".
-
-`schedule`: string (nil) - Optionally one of `hourly`, `daily`, `weekly`, `monthly`. Runs Machine at the given interval. Interval starts at time of Machine creation
-
-`services`contains an array of objects that define a single network service. Check the [Machines networking section](#networking) for more information.
-
-  - `protocol`: string - Required. `tcp` or `udp`. [Learn more about running raw TCP/UDP services](https://fly.io/docs/app-guides/udp-and-tcp/).
-  - `internal_port`: int - Required. Port the Machine listens on.
-  - `concurrency`: Control Fly Proxy’s load balancing for this service.
-      + `type`: string - `connections` (TCP) or `requests` (HTTP). Default is `connections`. Determines which kind of event we count for load balancing.
-      + `soft_limit`: int (nil) - Ideal service concurrency. We will attempt to spread load to keep services at or below this limit. We’ll deprioritize a Machine to give other Machines a chance to absorb traffic.
-      + `hard_limit`: int (nil) - Maximum allowed concurrency. The limit of events at which we’ll stop routing to a Machine altogether, and, if configured to do so, potentially start up existing Machines to handle the load.
-  - `ports`: MachinePort - An array of objects defining the service's ports and associated handlers. Options:
-      + `port`: int (nil) - The internet-exposed port to receive traffic on; if you want HTTP traffic routed to 8080/tcp on your Machine, this would be 80.
-      + `start_port`, `end-port`: int (nil) - Like `port``, but allocate a range of ports to route internally, for applications that want to occupy whole port ranges.
-      + `handlers`: Array of protocol [handlers](https://fly.io/docs/reference/services/#connection-handlers) for this port. How should the Fly Proxy handle and terminate this connection. Options include `http`, `tcp`, `tls`.
-      + `force_https`: bool (false) - If true, force HTTP to HTTPS redirects.
-      + `http_options`: Fiddly HTTP options (if you don’t know you need them, you don’t), including:
-        - `compress`: bool (false) to enable HTTP compression
-        - `response`: ({"headers": {string:string}} (nil)) for HTTP headers to set on responses.
-      + `tls_options`:  Fiddly TLS options (if you don’t know you need to mess with these, you don’t need to), including:
-        - `alpn`: [string, string] ([]) : ALPN protocols to present TLS clients (for instance, [“h2”, “http/1.1”]).
-        - `versions`: [string, string] ([]) : TLS versions to allow (for instance, [“TLSv1.2”, “TLSv1.3”]).
-      + `proxy_proto_options`: Configure the version of the PROXY protocol that your app accepts. Version 1 is the default.
-        - `version`: A string to indicate that the TCP connection uses PROXY protocol version 2. The default when not set is version 1.
-  - `auto_start`: bool (false) - If true, Fly Proxy starts Machines when requests for this service arrive.
-  - `auto_stop`: bool (false) - If true, Fly Proxy stops Machines when this service goes idle.
-  - `min_machines_running`: int (nil) - When `auto_start` is true, the minimum number of Machines to keep running at all times in the primary region.
-
-`size`: A [named size](/docs/about/pricing/#machines) for the VM, e.g. `performance-2x` or `shared-cpu-2x`. Note: `guest` and `size` are mutually exclusive.
-
-`standbys`: Standbys enable a Machine to be a standby for another. In the event of a hardware failure, the standby Machine will be started. Only for Machines without `services`. Array of strings representing the Machine IDs of Machines watch (act as standby for).
-
-`statics`: Optionally serve static files.
-  - `guest_path`: string - Required. The path inside the Machines where the files to serve are located.
-  - `url_prefix`: string - Required. The URL prefix under which to serve the static files.
-
-`stop_config`: MachineStopConfig (nil) - Configure graceful shutdown of the Machine.
-  - `signal`: string (nil) - the name of the signal to send to the entrypoint process on the Machine to initiate shutdown.
-  - `timeout`: int (nil) - how long in nanoseconds to wait, after signaling the entrypoint process, before hard-shutdown of the Machine.
-
-## Notes on networking
-
-Machines are closed to the public internet by default. To make them accessible via the associated application, you need to:
-
-* Allocate an IP address to the Fly App
-* Add one or more `services` to the Machine config with ports and handlers, as shown in [Create a Machine with services](#create-a-machine-with-services).
-
-For an application with a single Machine, all requests will be routed to that Machine. A Machine in the `stopped` state will be started up
-automatically when a request arrives.
-
-For an application with multiple Machines *with the same configuration*, requests will be distributed across them. Warm-start behavior in this situation is not well-defined now, so should not be relied upon for apps with multiple Machines.
-
-Requests to Machines with *mixed* configurations will be distributed across Machines whose configurations match the request.
-For example, if 3 out of 6 Machines have service configurations set to listen on port 80, requests to port 80 will be distributed amongst those 3.
-
-### Reaching Machines
-
-Machines can be reached within the private network by hostname, in the format `<id>.vm.<app-name>.internal`. 
-
-For example, to reach a Machine with ID `3d8d413b29d089` on an app called `my-app-name`, use hostname `3d8d413b29d089.vm.my-app-name.internal`.
-
-## Machine states
-
-This table explains the possible Machine states. A Machine may only be in one state at a time.
-
-<table class="table-stripe table-stretch table-pad text-lg whitespace-nowrap m-0">
-  <tbody>
-    <tr>
-      <td class="font-bold">created</td>
-      <td>Initial status</td>
-    </tr>
-    <tr>
-      <td class="font-bold">starting</td>
-      <td>Transitioning from `stopped` to `started`</td>
-    </tr>
-    <tr>
-      <td class="font-bold">started</td>
-      <td>Running and network-accessible</td>
-    </tr>
-    <tr>
-      <td class="font-bold">stopping</td>
-      <td>Transitioning from `started` to `stopped`</td>
-    </tr>
-    <tr>
-      <td class="font-bold">stopped</td>
-      <td>Exited, either on its own or explicitly stopped</td>
-    </tr>
-    <tr>
-      <td class="font-bold">replacing</td>
-      <td>User-initiated configuration change (image, VM size, etc.) in progress</td>
-    </tr>
-    <tr>
-      <td class="font-bold">destroying</td>
-      <td>User asked for the Machine to be completely removed</td>
-    </tr>
-    <tr>
-      <td class="font-bold">destroyed</td>
-      <td>No longer exists</td>
-    </tr>
-    </tbody>
-  </table>
diff --git a/mcp/access-control.html.erb b/mcp/access-control.html.erb
new file mode 100644
index 0000000000..d6226cb33d
--- /dev/null
+++ b/mcp/access-control.html.erb
@@ -0,0 +1,15 @@
+---
+title: Access Control
+layout: framework_docs_overview
+toc: false
+order: 5
+---
+
+<p>
+Making an MCP server available on the internet is a security risk. Most MCP servers are stdio and therefore not designed to be exposed to the internet.
+We recommend that you start with HTTP Authorization and only explore other options if you have specific needs.
+</p>
+
+<p>
+Following are some of the ways to secure your MCP server:
+</p>
\ No newline at end of file
diff --git a/mcp/access-control/flycast.html.md b/mcp/access-control/flycast.html.md
new file mode 100644
index 0000000000..d4de775c4a
--- /dev/null
+++ b/mcp/access-control/flycast.html.md
@@ -0,0 +1,26 @@
+---
+title: Wireguard tunnels and Flycast
+layout: framework_docs
+objective: Shows how to use a wireguard tunnel and flycast to access a proxy
+status: beta
+order: 2
+---
+
+The best way not to let randos on the internet access to your MCP server is to not put the MCP server on the internet in the first place.
+
+Every Fly Organization has a [private network](https://fly.io/docs/networking/private-networking/). In most cases, you will want **only** a private v6 address on applications that are not available on the internet.
+
+When using:
+  * The Machine API, specify `private_v6`.
+  * `fly ips`, specify `allocate-v6 --private`
+  * `fly launch`, specify `--flycast`
+
+With this in place you can use [`fly proxy`](https://fly.io/docs/flyctl/proxy/) to create a tunnel, or you can follow our blueprint to [Jack into your private network with WireGuard](https://fly.io/docs/blueprints/connect-private-network-wireguard/).
+
+With `fly mcp proxy`, this support is built in. To use, simply specify a `--url` ending in `.internal` or `.flycast`.
+ * `.internal` addresses can be used to target individual machines or regions, but can only be used to access machines that are started. Just remember that the protocol to use is `http` not `https`, and the port you want to use it the _internal_ port. So an typical URL would look like `http://mcp.internal:8080/`.
+ *  `.flycast` addresses target an _external_ port for your application, and supports [fly routing headers](https://fly.io/docs/networking/dynamic-request-routing/#alternative-routing-headers). If your request is routed to a machine that is stopped or suspended, that machine will be started first. Again the protocol to use is `http` not `https`, so an typical URL would look like `http://mcp.flycast/`.
+
+ [Flycast - Private Fly Proxy services](https://fly.io/docs/networking/flycast/) provides more information on the use of Flycast.
+
+ `fly mcp wrap` has a `--private` flag which will cause the proxy to respond with a `403 Forbidden` response to all requests that do not come in via the private network. This may be useful when combined with containers and machines with multiple services, some of which are public but the MCP server is private.
\ No newline at end of file
diff --git a/mcp/access-control/http-authorization.html.md b/mcp/access-control/http-authorization.html.md
new file mode 100644
index 0000000000..d4b4e9c1da
--- /dev/null
+++ b/mcp/access-control/http-authorization.html.md
@@ -0,0 +1,75 @@
+---
+title: HTTP Authorization
+layout: framework_docs
+objective: Shows how to add HTTP authorization to an MCP proxy
+status: beta
+order: 1
+---
+
+The HTTP Streaming transport [specifies](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization) [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12) for authentication.  To work this needs to be implemented in both the MCP client and the MCP server. As of Spring 2025, this is not yet widely implemented.
+
+The SSE transport only [specified](https://modelcontextprotocol.io/docs/concepts/transports#server-sent-events-sse) _Implement proper authentication for all SSE connections_. As again this needs to be implemented in both the MCP client and MCP server to work, this guidance is not sufficient for interoperability. THe [MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector) lets you set a bearer token, and there are some who followed this lead. That being said, the SSE transport is now deprecated.
+
+For stdio transports, there is no authentication; that is left entirely up to [fly mcp proxy](https://fly.io/docs/flyctl/mcp-wrap/) and [fly mcp wrap](https://fly.io/docs/flyctl/mcp-wrap/). As these commands are designed to be used with an MCP server that was only intended to be used by a single user at a time, OAuth is substantial overkill for this purpose. Instead these commands support both [basic](https://datatracker.ietf.org/doc/html/rfc7617) and bearer [HTTP Authorization](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Authorization).
+
+To use basic authentication, set two secrets in your application.  For example:
+
+```sh
+fly secrets set FLY_MCP_USER=Admin FLY_MCP_PASSWORD=S3cr3t
+```
+
+To use bearer authentication, set one secret in your application.  For example:
+
+```sh
+fly secrets set FLY_MCP_BEARER_TOKEN=T0k3n
+```
+
+If you are using MacOs, Linux, or WSL2, the following command may be useful for generating a token:
+
+```sh
+openssl rand -base64 18
+```
+
+And then on the client side pass the same values to the proxy as flags:
+
+For basic:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/",
+         "--user",
+         "Admin",
+         "--password",
+         "S3cr3t"
+       ]
+    }
+  }
+}
+```
+
+For bearer:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/",
+         "--bearer-token",
+         "T0k3n"
+       ]
+    }
+  }
+}
+```
+
+From a security point of view, there is not a substantial difference between these two authentication methods. Pick the one you fine most convenient.
diff --git a/mcp/access-control/reverse-proxy.html.md b/mcp/access-control/reverse-proxy.html.md
new file mode 100644
index 0000000000..7686fbfd78
--- /dev/null
+++ b/mcp/access-control/reverse-proxy.html.md
@@ -0,0 +1,15 @@
+---
+title: Reverse Proxy
+layout: framework_docs
+objective: Shows how to use a reverse proxy to access your application
+status: beta
+order: 3
+---
+
+<div class="important">
+Coming soon!
+</div>
+
+Future content to be based on:
+* [Rate Limiter Demo](https://github.com/fly-apps/rate-limiter-demo?tab=readme-ov-file#container-demo)
+* [NGINX reverse proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
diff --git a/mcp/deploy-on.html.markerb b/mcp/deploy-on.html.markerb
new file mode 100644
index 0000000000..f52bda7946
--- /dev/null
+++ b/mcp/deploy-on.html.markerb
@@ -0,0 +1,14 @@
+---
+title: Deploy on
+layout: framework_docs_overview
+toc: false
+order: 4
+---
+
+MCP servers can run in a variety of locations.
+
+The [Docker MCP Catalog and Toolkit announcement](https://www.docker.com/blog/announcing-docker-mcp-catalog-and-toolkit-beta/) identifies a number of problems and potential solutions with running MCP servers on your laptop.
+
+Running an MCP server on a Fly Machine is easy and provides an additional level of security and isolation. It can also provide access to resources that are not on your laptop such as volumes, sqlite databases, and your application's internal state.
+
+We recommend that you start with deploying each MCP server on a separate machine and only explore other options if you have specific needs. 
\ No newline at end of file
diff --git a/mcp/deploy-on/container.html.md b/mcp/deploy-on/container.html.md
new file mode 100644
index 0000000000..dccbd53a19
--- /dev/null
+++ b/mcp/deploy-on/container.html.md
@@ -0,0 +1,17 @@
+---
+title: A container
+layout: framework_docs
+objective: Demonstrates running an MCP server in a container on a fly machine
+status: beta
+order: 2
+---
+
+<div class="important">
+Coming soon!
+</div>
+
+Future content to be based on:
+
+* [Rate Limiter Demo](https://github.com/fly-apps/rate-limiter-demo?tab=readme-ov-file#container-demo)
+* [Prisma React Router 7 Example](https://github.com/prisma/prisma-examples/tree/latest/orm/react-router-7#react-router-7-example)
+* [SQLite MCP Server](https://github.com/modelcontextprotocol/servers/tree/main/src/sqlite#sqlite-mcp-server)
diff --git a/mcp/deploy-on/fly-machine.html.md b/mcp/deploy-on/fly-machine.html.md
new file mode 100644
index 0000000000..d5af129064
--- /dev/null
+++ b/mcp/deploy-on/fly-machine.html.md
@@ -0,0 +1,69 @@
+---
+title: A Fly Machine
+layout: framework_docs
+objective: Demonstrates using flyctl launch to create a Fly.io machine that runs an MCP server remotely.
+status: beta
+order: 1
+---
+
+[Fly Machines](https://fly.io/docs/machines/) are fast-launching VMs; they can be started and stopped at subsecond speeds. We give you control of your Machine count and each Machine’s lifecycle, resources, and region placement with a simple REST API or flyctl commands.
+
+This guide presumes that you have [flyctl installed](https://fly.io/docs/flyctl/install/), and have successfully run either
+[`fly auth signup`](https://fly.io/docs/flyctl/auth-signup/) or [`fly auth login`](https://fly.io/docs/flyctl/auth-login/).
+
+The first step is intended to be run in an empty directory.
+
+## Create your app
+
+Create a Dockerfile with the following contents:
+
+```dockerfile
+FROM flyio/mcp
+VOLUME /data
+CMD [ "npx", "-f", "@modelcontextprotocol/server-filesystem", "/data/" ]
+```
+
+Now use the [fly launch](https://fly.io/docs/flyctl/launch/) command:
+
+```sh
+fly launch
+```
+
+Review and accept the defaults.
+
+The Dockerfile will be build, and the resulting image will be pushed and deployed.  In the process, a volume will be allocated and both a shared ipv4 and a dedicated ipv6 address will be allocated.
+
+## Accessing the MCP via an inspector
+
+<div class="important">
+  As the MCP inspector is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) first. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
+</div>
+
+You are test out your MCP server using the [MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector):
+
+```sh
+fly mcp proxy -i
+```
+
+Navigate to http://127.0.0.1:6274 ; click Connect; then List Tools; select any tool; fill out the form (if any) and click Run tool.
+
+## Configure your LLM
+
+Here’s an example `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/"
+       ]
+    }
+  }
+}
+```
+
+Adjust the flyctl path and the value of the --url, restart your LLM (in this case, Claude) and try out the tools.
diff --git a/mcp/deploy-on/your-app.html.md b/mcp/deploy-on/your-app.html.md
new file mode 100644
index 0000000000..9873a04222
--- /dev/null
+++ b/mcp/deploy-on/your-app.html.md
@@ -0,0 +1,42 @@
+---
+title: Your application
+layout: framework_docs
+objective: Demonstrates running an MCP server inside your application
+status: beta
+order: 3
+---
+
+[Tidewave](https://tidewave.ai/) is an example of a MCP server that runs inside your application. It currently is available for Phoenix and Rails.
+
+Phoenix installation:
+
+```elixir
+# mix.exs
+{:tidewave, "~> 0.1", only: :dev}
+
+# lib/my_app_web/endpoint.ex
+# just above the `if code_reloading? do` block
+if Code.ensure_loaded?(Tidewave) do
+  plug Tidewave
+end
+```
+
+Rails installation:
+```ruby
+gem "tidewave", group: :development
+```
+
+Example `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "tidewave": {
+      "url": "http://localhost:4000/tidewave/mcp"
+    }
+  }
+}
+```
+
+For Claude and others, they recommend an [mcp-proxy](https://github.com/sparfenyuk/mcp-proxy?tab=readme-ov-file#1-stdio-to-sse).
+
diff --git a/mcp/deploy-with.html.markerb b/mcp/deploy-with.html.markerb
new file mode 100644
index 0000000000..24b6d22806
--- /dev/null
+++ b/mcp/deploy-with.html.markerb
@@ -0,0 +1,17 @@
+---
+title: Deploy with
+layout: framework_docs_overview
+toc: false
+order: 3
+---
+
+<%= youtube "https://www.youtube.com/watch?v=7zmg5PEnwR0" %>
+
+These pages show you how to deploy a stdio MCP on Fly.io using your choice of the `fly launch`, `fly machine run`, and the machines API.
+The example we use in each is the same: the [FileSystem MCP Server](https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem) running the [flyio/mcp](https://hub.docker.com/r/flyio/mcp) image on DockerHub image on a Machine with a volume.
+
+If you are looking to deploy a MCP stdio server for yourself, `fly launch` is generally what you need.
+
+If you are looking to deploy MCP servers for your users, the Machines API gives you more knobs and control.
+
+`fly machines run` was originally intended more for experimentation and familiarizing yourself with the platform, but to our surprise it has become popular for use in scripts.
\ No newline at end of file
diff --git a/mcp/deploy-with/fly-launch.html.md b/mcp/deploy-with/fly-launch.html.md
new file mode 100644
index 0000000000..476921a090
--- /dev/null
+++ b/mcp/deploy-with/fly-launch.html.md
@@ -0,0 +1,75 @@
+---
+title: fly launch
+layout: framework_docs
+objective: This guide shows you how to use flyctl launch to create a Fly.io machine that runs an MCP server remotely.
+status: beta
+order: 1
+---
+
+[Fly launch](https://fly.io/docs/reference/fly-launch/) is a bundle of features that take a lot of the work out of deploying and managing your Fly App.
+
+This guide presumes that you have [flyctl installed](https://fly.io/docs/flyctl/install/), and have successfully run either
+[`fly auth signup`](https://fly.io/docs/flyctl/auth-signup/) or [`fly auth login`](https://fly.io/docs/flyctl/auth-login/).
+
+The first step is intended to be run in an empty directory.
+
+## Create your app
+
+Create a Dockerfile with the following contents:
+
+```dockerfile
+FROM flyio/mcp
+VOLUME /data
+CMD [ "npx", "-f", "@modelcontextprotocol/server-filesystem", "/data/" ]
+```
+
+Now use the [fly launch](https://fly.io/docs/flyctl/launch/) command:
+
+```sh
+fly launch
+```
+
+Optional parameters include `--name`, `--org`, and `--flycast`.
+
+Review and accept the defaults.
+
+The Dockerfile will be build, and the resulting image will be pushed and deployed.  In the process, a volume will be allocated and both a shared ipv4 and a dedicated ipv6 address will be allocated.
+
+Your configuration will be found in [`fly.toml`](https://fly.io/docs/reference/configuration/).
+
+If you make any change to your `Dockerfile` or `fly.toml`, run [`fly deploy`](https://fly.io/docs/flyctl/deploy/) to apply the changes.
+
+## Accessing the MCP via an inspector
+
+<div class="important">
+  As the MCP inspector is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) first. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
+</div>
+
+You are test out your MCP server using the [MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector):
+
+```sh
+fly mcp proxy -i
+```
+
+Navigate to http://127.0.0.1:6274 ; click Connect; then List Tools; select any tool; fill out the form (if any) and click Run tool.
+
+## Configure your LLM
+
+Here’s an example `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/"
+       ]
+    }
+  }
+}
+```
+
+Adjust the flyctl path and the value of the --url, restart your LLM (in this case, Claude) and try out the tools.
diff --git a/mcp/deploy-with/flyctl-machines.html.md b/mcp/deploy-with/flyctl-machines.html.md
new file mode 100644
index 0000000000..353507b190
--- /dev/null
+++ b/mcp/deploy-with/flyctl-machines.html.md
@@ -0,0 +1,116 @@
+---
+title: fly machines run
+layout: framework_docs
+objective: This guide shows you how to use flyctl commands to create a Fly.io machine that runs an MCP server remotely.
+status: beta
+order: 3
+---
+
+The [Fly.io command line interface](https://fly.io/docs/flyctl/help/) is a higher level interface that enables you to do much of what you can do via the Machines API. It is suitable for scripting and ad hoc exploration and updates.
+
+This guide presumes that you have [flyctl installed](https://fly.io/docs/flyctl/install/), and have successfully run either
+[`fly auth signup`](https://fly.io/docs/flyctl/auth-signup/) or [`fly auth login`](https://fly.io/docs/flyctl/auth-login/).
+
+The first step is intended to be run in an empty directory.
+
+## Create your app
+
+Now use the [fly apps create](https://fly.io/docs/flyctl/apps-create/) command:
+
+```sh
+fly apps create --generate-name --save
+```
+
+If you prefer, you can replace `--generate-name` with a name of your choice.
+
+You can also specify the organization by passing in a `--org` pparameter, or let it prompt you.
+
+## Create IP addresses for your application
+
+The following will create a shared IPv4 address and a dedicated IPv6 address:
+
+```sh
+fly ips allocate-v4 --shared
+fly ips allocate-v6
+```
+
+If your application is going to be public, but instead is only going to be accessed by other applications within your organization, run the following instead:
+
+```sh
+fly ips allocate-v6 --private
+```
+
+## Create a volume
+
+This demo uses a volume. If your application doesn't use a volume skip this step.
+
+```sh
+fly volumes create data --region iad --yes
+```
+
+Adjust the [region](https://fly.io/docs/reference/regions/#fly-io-regions) as necessary.
+
+## Create a machine
+
+This next part contains a lot of [flags](https://fly.io/docs/flyctl/machine-run/), so first an overview:
+
+* The first parameter specifies the image we will be running. Fly.io provides an image capable of running `npx` and `uvx`, which is sufficient to run many MCPs. If you have a custom MCP with unique requirements, you can provide your own image.
+* The next parameter specifies the command we will be running.
+* `--entrypoint` invokes `fly mcp wrap` passing the command we specified.
+* If you are using a volume, the `--region` selected must match a region in which you have an allocated but unattached volume.
+* `--volume` specifies the volume, and where it is to be mounted.
+* The `--vm-*` parameters specify the size of the machine desired.
+* `--auto*` and `--port` define what network services your application provides.
+
+```sh
+fly machine run flyio/mcp:latest \
+  "npx -f @modelcontextprotocol/server-filesystem /data/" \
+  --entrypoint "/usr/bin/flyctl mcp wrap --" \
+  --region iad --volume data:/data \
+  --vm-cpu-kind shared --vm-cpus 1 --vm-memory 1024 \
+  --autostart=true --autostop=stop \
+  --port 80:8080/tcp:http --port 443:8080/tcp:http:tls
+```
+
+Note that this creates and starts a machine. If you want to only create the machine, use [`fly machine create`](https://fly.io/docs/flyctl/machine-create/) instead.
+
+Once this command completes, you can update your `fly.toml` to include this new information using the following command:
+
+```sh
+fly config save --yes
+```
+
+## Accessing the MCP via an inspector
+
+<div class="important">
+  As the MCP inspector is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) first. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
+</div>
+
+You are test out your MCP server using the [MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector):
+
+```sh
+fly mcp proxy -i
+```
+
+Navigate to http://127.0.0.1:6274 ; click Connect; then List Tools; select any tool; fill out the form (if any) and click Run tool.
+
+## Configure your LLM
+
+Here’s an example `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/"
+       ]
+    }
+  }
+}
+```
+
+Adjust the flyctl path and the value of the --url, restart your LLM (in this case, Claude) and try out the tools.
diff --git a/mcp/deploy-with/machines-api.html.md b/mcp/deploy-with/machines-api.html.md
new file mode 100644
index 0000000000..15a9455ff9
--- /dev/null
+++ b/mcp/deploy-with/machines-api.html.md
@@ -0,0 +1,240 @@
+---
+title: Machines API
+layout: framework_docs
+objective: This guide shows you how to use the Machines API to create a Fly.io machine that runs an MCP server remotely.
+status: beta
+order: 2
+---
+
+The [Machines API](https://fly.io/docs/machines/api/) is a low level interface that provides access to the full range of platform services.
+It consists of a set of REST and a GraphQL interfaces. You can access these from any programming language
+capable of producing HTTP GET and POST requests and the ability to generate and parse JSON.
+
+An example of when you would want to use the Machines API is when you want to create a [Per-User Dev Environment](https://fly.io/docs/blueprints/per-user-dev-environments/)
+
+This guide presumes that you are running MacOS, Linux, or WSL2, and have [curl](https://curl.se/) installed.
+
+## Select an organization
+
+All Fly.io users have a personal organization and may be a member of other organizations. Set an environment variable with your choice.
+
+```sh
+export ORG="personal"
+```
+
+## Organization token
+
+To get started, you need an organization token, which you can obtain via the dashboard.
+
+Go to https://fly.io/dashboard, change the organization if necessary, select Tokens from the list on the left hand side of the page, optionally enter a token name or an expiration period and click on Create Organization token.  Once complete you should see something like the following:
+
+![Obtaining an organization token via the dashboard](/docs/images/orgtoken.png)
+
+Click on Copy to clipboard, and then run the following command with your token pasted inside the quotes:
+
+```sh
+export FLY_API_TOKEN="FlyV1 fm2_IJPECAAA..."
+```
+
+## Select an API hostname
+
+The host name you chose depends on whether your application is running [inside or outside your Fly.io private Wireguard network](https://fly.io/docs/machines/api/working-with-machines-api/#api-addresses). If you are not sure, use the public base URL:
+
+```sh
+export FLY_API_HOSTNAME=https://api.machines.dev
+```
+
+## Chose a hostname for your app
+
+You are free to chose any available hostname for your application.  The following will generate a name that is likely to be unique:
+
+```sh
+export APP_NAME=mcp-demo-$(uuidgen | cut -d '-' -f 5 | tr A-Z a-z)
+```
+
+## Create your app
+
+Now use the [Create a Fly App](https://fly.io/docs/machines/api/apps-resource/#create-a-fly-app) API:
+
+```json
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "${FLY_API_HOSTNAME}/v1/apps" \
+  -d "{ \
+      \"app_name\": \"${APP_NAME}\", \
+      \"org_slug\": \"${ORG}\" \
+    }"
+```
+
+Response should be a `200` Success, along with some JSON output.
+
+## Create IP addresses for your application
+
+<div class="important icon">
+  While the Fly.io GraphQL endpoint is public, our [usage of it](https://github.com/superfly/fly-go/blob/main/resource_ip_addresses.go) is [open source](https://github.com/superfly/fly-go/blob/main/LICENSE), can be directly observed by setting `LOG_LEVEL=debug` before running `flyctl` commands, and there are no current plans to change it, be aware that this interface is not guaranteed to be stable and can change without notice.  If this is a concern, consider using the [`fly ips`](https://fly.io/docs/flyctl/ips/) command instead.
+</div>
+
+The following will create a shared IPv4 address and a dedicated IPv6 address:
+
+```json
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "https://api.fly.io/graphql" \
+  -d @- <<EOF 
+    {
+      "query": "mutation(\$input: AllocateIPAddressInput!) { allocateIpAddress(input: \$input) { app { sharedIpAddress } } }",
+      "variables": {
+        "input": {
+          "appId": "${APP_NAME}",
+          "type": "shared_v4",
+          "region": ""
+        }
+      }
+    }
+EOF
+
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "https://api.fly.io/graphql" \
+  -d @- <<EOF 
+    {
+      "query": "mutation(\$input: AllocateIPAddressInput!) { allocateIpAddress(input: \$input) { ipAddress { id address type region createdAt } } }",
+      "variables": {
+        "input": {
+          "appId": "${APP_NAME}",
+          "type": "v6",
+          "region": ""
+        }
+      }
+    }
+EOF
+```
+
+Other options include `v4` and `private_v6`.
+
+## Create a volume
+
+This demo uses a volume. If your application doesn't use a volume skip this step.
+
+```json
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "${FLY_API_HOSTNAME}/v1/apps/${APP_NAME}/volumes" \
+  -d '{
+    "name": "data",
+    "region": "iad",
+    "size_gb": 1
+  }'
+  ```
+
+Adjust the [region](https://fly.io/docs/reference/regions/#fly-io-regions) as necessary.
+
+## Create a machine
+
+This next part contains a lot of [properties](https://fly.io/docs/machines/api/machines-resource/#machine-config-object-properties), so first an overview:
+
+* If you are using a volume, `region` selected must match a region in which you have an allocated but unattached volume.
+* `image` specifies the image we will be running. Fly.io provides an image capable of running `npx` and `uvx`, which is sufficient to run many MCPs. If you have a custom MCP with unique requirements, you can provide your own image. 
+* `init` specifies the command we will be running. 
+* `guest` specifies the size of the machine desired.
+* `mounts` specifies the volume, where it is to be mounted, and how it can grow.
+* `services` defined what network services your application provides.
+
+```json
+curl -i -X POST \
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
+  -H "Content-Type: application/json" \
+  "${FLY_API_HOSTNAME}/v1/apps/${APP_NAME}/machines" \
+  -d '{
+    "region": "iad",
+    "config": {
+      "image": "flyio/mcp:latest",
+      "init": {
+        "cmd": [
+          "npx",
+          "-f",
+          "@modelcontextprotocol/server-filesystem",
+          "/data/"
+        ]
+      },
+      "guest": {
+        "cpu_kind": "shared",
+        "cpus": 1,
+        "memory_mb": 1024
+      },
+      "mounts": [
+        {
+          "volume": "data",
+          "path": "/data",
+          "extend_threshold_percent": 80,
+          "add_size_gb": 1,
+          "size_gb_limit": 100
+        }
+      ],
+      "services": [
+        {
+          "protocol": "tcp",
+          "internal_port": 8080,
+          "autostop": "stop",
+          "autostart": true,
+          "ports": [
+            {
+              "port": 80,
+              "handlers": [
+                "http"
+              ],
+              "force_https": true
+            },
+            {
+              "port": 443,
+              "handlers": [
+                "http",
+                "tls"
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  }'
+```
+
+Note: at this time the machine is created but not yet started. It will start once it receives its first request and stop when there is a period when there are no requests.
+
+# Accessing the MCP
+
+Normally you would access the MCP using [`fly mcp proxy`](https://fly.io/docs/flyctl/mcp-proxy/) to create a STDIO MCP server for your MCP client, even if you are using the Machines API to deploy an existing MCP server on a Fly Machine.
+
+But for those interested in lower level details, [`fly mcp wrap`](https://fly.io/docs/flyctl/mcp-wrap/) supports the asynchronous nature of MCP servers by requiring all requests be done via HTTP POST and all replies are returned in response to a HTTP GET request.
+The following shell script will demonstrate that your MCP server is working:
+
+```sh
+curl -N https://${APP_NAME}.fly.dev/ &
+process_id=$!
+sleep 1
+curl -i -X POST -H "Content-Type: application/json" https://${APP_NAME}.fly.dev/ -d '
+{"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"claude-ai","version":"0.1.0"}},"jsonrpc":"2.0","id":0}
+{"jsonrpc":"2.0","method":"tools/list","id":1}
+{"jsonrpc":"2.0","method":"tools/call","params":{"name":"list_directory","arguments":{"path":"/data"}},"id":2}
+'
+sleep 1
+kill $process_id
+```
+
+Note that even with the `sleep` commands present, there is no retry logic in this script. What this means is that you may not see replies the first time you run the script, especially if your machine has not yet been started. Simply run the script again if this happens.
+
+## Performance Considerations
+
+While the Machines API is the most performant way to create machines, there still are some considerations you need to be aware of.
+
+* Differences in performance of otherwise similar operations:
+    * Starting a machine that is suspended is faster than starting a machine that is stopped.
+    * Starting a machine that is stopped is faster than updating a machine.
+    * Updating a machine is faster than creating a new machine.
+* There are [rate limits](https://fly.io/docs/machines/api/working-with-machines-api/#rate-limits) in place.
+
+Taken together, if you are anticipating running hundreds or even thousands of machines, it makes sense to create them over a period of time and then having them start when needed.
diff --git a/mcp/examples.html.md b/mcp/examples.html.md
new file mode 100644
index 0000000000..8f27efa4ff
--- /dev/null
+++ b/mcp/examples.html.md
@@ -0,0 +1,87 @@
+---
+title: Examples
+layout: framework_docs_overview
+toc: false
+order: 7
+---
+
+While MCPs and Fly.io have a lot of concepts, when launching MCPs on Fly.io you generally only have to worry about:
+  * Host tool (examples: Claude, Cursor, Neovim, VSCode, Windsurf, Zed)
+  * MCP server name.  If you are using, for example, Claude as your host and connect multiple MCP servers to it, you need to give each MCP server a name.
+  * Secrets. If you see places in the docs where they tell you to put secrets in environment variables, you will instead put them in secrets. Your MCP servers will be able to access these secrets, but your host tool will not.
+
+That's it.  You don't have to worry about streaming, authentication, `fly.toml`.
+
+Try some of the following commands.  After running them, restart Claude and ask it what tools it has access to.
+
+## flyctl server
+
+We provide a [flyctl MCP server](./flyctl-server.html.md) for issuing flyctl commands:
+
+```sh
+fly mcp server --claude --server flyctl
+```
+
+## Fetch
+
+Run [Fetch MCP server](https://github.com/modelcontextprotocol/servers/tree/main/src/fetch#fetch-mcp-server) where it doesn't have access to your local servers:
+
+```sh
+fly mcp launch "uvx mcp-server-fetch" --claude --server fetch
+```
+
+## Fly.io internal DNS
+
+[mcp-internal-dns](https://github.com/fly-apps/mcp-internal-dns?tab=readme-ov-file#overview) enables your MCP client to query [Fly.io `.internal` DNS](https://fly.io/docs/networking/private-networking/#fly-io-internal-dns):
+
+```sh
+fly mcp launch "npx -y @flydotio/mcp-internal-dns" --claude --server dns
+```
+
+## Slack
+
+Look at the Slack [setup](https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md#setup) instructions and obtain a _Bot User OAuth Token_ and _Team ID_, then run:
+
+```sh
+fly mcp launch \
+  "npx -y @modelcontextprotocol/server-slack" \
+  --claude --server slack \
+  --secret SLACK_BOT_TOKEN=xoxb-your-bot-token \
+  --secret SLACK_TEAM_ID=T01234567
+```
+
+### Filesystem / volume
+
+The [Filesystem MCP](https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem) can be paired with a Fly.io volume:
+
+```sh
+fly mcp launch "npx -y @modelcontextprotocol/server-filesystem /data/" \
+  --claude --server volume --volume data:/data:initial_size=1GB
+```
+
+You can do the same thing with the [go mcp-filesystem-server](https://github.com/mark3labs/mcp-filesystem-server?tab=readme-ov-file#mcp-filesystem-server):
+
+```sh
+fly mcp launch "go run github.com/mark3labs/mcp-filesystem-server@latest /data/" \
+  --claude --server volume --volume data:/data:initial_size=1GB
+```
+
+## GitHub
+
+If you have the [Github CLI](https://cli.github.com/) installed, you can launch the [GitHub MCP Server](https://github.com/github/github-mcp-server?tab=readme-ov-file#github-mcp-server):
+
+```sh
+flyctl mcp launch --image ghcr.io/github/github-mcp-server \
+  --secret GITHUB_PERSONAL_ACCESS_TOKEN=$(gh auth token) \
+  --claude --server github --name git
+```
+
+## Desktop Commander
+
+You can run [DesktopCommander](https://desktopcommander.app/) which requires a setup step:
+
+```sh
+fly mcp launch "npx @wonderwhy-er/desktop-commander@latest" \
+  --claude --server desktop-commander \
+  --setup "RUN npx -y @wonderwhy-er/desktop-commander@latest setup"
+```
\ No newline at end of file
diff --git a/mcp/flyctl-server.html.md b/mcp/flyctl-server.html.md
new file mode 100644
index 0000000000..db22acca70
--- /dev/null
+++ b/mcp/flyctl-server.html.md
@@ -0,0 +1,63 @@
+---
+title: flyctl mcp server
+layout: framework_docs_overview
+toc: false
+order: 6
+---
+
+<a href="https://fly.io/blog/mcp-provisioning/">
+![Scotty talking to a computer](/blog/mcp-provisioning/assets/Hello.webp)
+</s>
+
+## Adding fly mcp server to your LLM
+
+```
+fly mcp server --claude
+```
+
+You can also specify `--cursor`, `--neovim`, `--vscode`, `--windsurf`, or `--zed`. Or specify a configuration file path directly using `--config`.
+
+`flyctl` provides an MCP server that you can use to provision your application. At the present time, most of the following commands and their subcommands are supported:
+
+* [apps](https://fly.io/docs/flyctl/apps/) - Manage Fly applications. A Fly App is an abstraction for a group of Fly Machines running your code on Fly.io.
+* [certs](https://fly.io/docs/flyctl/certs/) - Manage the certificates associated with a deployed application.
+* [logs](https://fly.io/docs/flyctl/logs/) - View application logs as generated by the application running on the Fly platform.
+* [machine](https://fly.io/docs/flyctl/machine/) - Manage Fly Machines. Fly Machines are super-fast, lightweight VMs that can be created, and then quickly started and stopped as needed with flyctl commands or with the Machines REST fly.
+* [orgs](https://fly.io/docs/flyctl/orgs/) - Manage Fly organizations. Organization admins can also invite or remove users from organizations.
+* [platform](https://fly.io/docs/flyctl/platform/) - Information about the Fly platform
+* [secrets](https://fly.io/docs/flyctl/secrets/) - Manage secrets. Secrets are provided to applications at runtime as ENV variables.
+* [status](https://fly.io/docs/flyctl/status/) - Show the application’s current status including application details, tasks, most recent deployment details and in which regions it is currently allocated.
+* [volumes](https://fly.io/docs/flyctl/volumes/) - Manage Fly Volumes. Volumes are persistent storage for Fly Machines. 
+
+## Running with the MCP inspector
+
+You can explore the `flyctl mcp server` using the MCP inspector: 
+
+<div class="important">
+  As the MCP inspector is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) first. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
+</div>
+
+```sh
+fly mcp server -i
+```
+
+Navigate to http://127.0.0.1:6274 ; click Connect; then List Tools; then a tool like `fly-platform-status`, `fly-orgs-list`, `fly-apps-list`, or `fly-machines-list`; then fill out the form (if any) and click Run tool.
+
+## Running on a separate machine
+
+<div class="warning icon">
+<b>Running this server remotely can give others access to run commands on your behalf. Read the following carefully before proceeding.</b>
+</div>
+
+Both `--sse` and `-stream` options are supported.
+
+The default bind address is `127.0.0.1` which will only allow requests from the same machine. to override specify `--bind-addr`.
+
+Authentication tokens come from (in priority order):
+
+  * `bearer-token` from the `Authentication` header on the request
+  * `--access-token` flag on the `fly mcp server` command
+  * `FLY_ACCESS_TOKEN` environment variable
+
+See [Access Tokens](https://fly.io/docs/security/tokens/) for information on how to obtain a token.
+
diff --git a/mcp/index.html.markerb b/mcp/index.html.markerb
new file mode 100644
index 0000000000..5fe7eee8db
--- /dev/null
+++ b/mcp/index.html.markerb
@@ -0,0 +1,27 @@
+---
+title: Model Context Protocol
+layout: framework_docs
+toc: false
+---
+
+<%= youtube "https://www.youtube.com/watch?v=74c1ByGvFPE" %>
+
+<div class="important">
+Fly.io is a great place to run MCP servers. We also provide an [MCP server](./flyctl-server) that you can use to provision your application.
+</div>
+
+Anthropic [announced](https://www.anthropic.com/news/model-context-protocol) the [Model Context Protocol](https://modelcontextprotocol.io/introduction) on November 25, 2024, along with a number of [SDKs](https://modelcontextprotocol.io/sdk/java/mcp-overview) in a variety of languages.
+There also is a large list of [existing servers](https://github.com/modelcontextprotocol/servers?tab=readme-ov-file#model-context-protocol-servers) that you can use.
+
+Depoloying an `npx`, `uv`, `go run`, or docker image stdio MCP server into a Fly machine and configuring a MCP client to connect to it is made easy by [`fly mcp launch`](./launch). See [examples](./examples).
+
+Deploying other MCP servers involves making four choices: [MCP transport](./transports), the interface you use to [deploy it with](./deploy-with), where you want to [deploy it on](./deploy-on), and [access control](./access-control).  In each case we present your choices, starting with our recommendation.
+
+---
+
+General considerations that apply across these pages:
+
+  * Most guides presume that you have [flyctl installed](https://fly.io/docs/flyctl/install/), and have successfully run either
+[`fly auth signup`](https://fly.io/docs/flyctl/auth-signup/) or [`fly auth login`](https://fly.io/docs/flyctl/auth-login/).
+  * As the MCP protocol is both asynchronous and stateful, these examples will be run on a single machine (also known as a **non** highly available configuration). This enables MCP clients to fetch replies from the same server that they sent the request to.
+  * As the [MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector) is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) before you use it. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
diff --git a/mcp/launch.html.md b/mcp/launch.html.md
new file mode 100644
index 0000000000..b71ad13e3b
--- /dev/null
+++ b/mcp/launch.html.md
@@ -0,0 +1,48 @@
+---
+title: fly mcp launch
+layout: framework_docs_overview
+toc: false
+order: 1
+---
+
+Launching an `npx`, `uvx`, `go run` or docker image stdio MCP server into a Fly machine and configuring a MCP client to connect to it is a one-step process. The `fly mcp launch` command will create a new Fly machine, install the MCP server, and configure the MCP client to connect to it.
+
+```sh
+fly mcp launch "uvx mcp-server-time" --claude --server time
+```
+
+The above command specifies the command to run in the machine, selects the `claude` client to be the one to be configured using the server name `time`.
+
+Support for Claude, Cursor, Neovim, VS Code, Windsurf, and Zed are built in.  You can also provide the path to the configuration file. You can also provide multiple clients and configuration files at once.
+
+By default, bearer token authentication will be set up on both the server and client, though there are other options and this can be disabled.
+
+You can configure auto-stop, file contents, flycast, secrets, region, and vm sizes.
+
+See [Examples](../examples/) for a number of examples.
+
+See the [`fly mcp launch` documentation](https://fly.io/docs/flyctl/mcp-launch/) for more details on the command and its options.
+
+## Inspect
+
+You can use the [MCP Inspector](https://modelcontextprotocol.io/docs/tools/inspector) to test and debug your MCP server:
+
+<div class="important">
+  As the MCP inspector is a Node.js application, you need to [Download and install Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) first. MacOS users can use [`brew install node`](https://formulae.brew.sh/formula/node).
+</div>
+
+```sh
+fly mcp inspect --claude --server time
+```
+
+This command is simply a convenience, all it does is run the inspector set up to connect to the same machine, authentication, and arguments as the MCP client (in this case, Claude) would.
+
+## Destroy
+
+When you no longer need the MCP, you can destroy it:
+
+```sh
+fly mcp destroy --claude --server time
+```
+
+This will also remove the configuration entry from the MCP client.
\ No newline at end of file
diff --git a/mcp/transports.html.md b/mcp/transports.html.md
new file mode 100644
index 0000000000..3ac8b6b41d
--- /dev/null
+++ b/mcp/transports.html.md
@@ -0,0 +1,22 @@
+---
+title: MCP Transports
+layout: framework_docs_overview
+toc: false
+order: 2
+---
+
+The MCP standard define two types of base transports:
+[stdio](https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#stdio) and
+[Streaming HTTP](https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#streamable-http).
+Previously there was also a
+[Server Sent Events (SSE)](https://modelcontextprotocol.io/docs/concepts/transports#server-sent-events-sse) transport; this is now deprecated but still supported by a number of tools.
+
+At the present time, MCPs that implement the stdio transport are by far most common, most interoperable, and is the transport we recommend.
+
+Below are instructions on how to deploy each of these transport mechanisms on Fly.io using
+the [Everything MCP Server](https://github.com/modelcontextprotocol/servers/blob/main/src/everything/README.md) provided by Anthropic which
+_attempts to exercise all the features of the MCP protocol. It is not intended to be a useful server, but rather a test server for builders of MCP clients. It implements prompts, tools, resources, sampling, and more to showcase MCP capabilities._. It currently supports stdio, SSE, and Streaming HTTP.
+
+
+
+One thing worth trying independent of the transport method you chose is the `printEnv` tool.  From the inspector click on tools at the top, then List Tools, then printEnv, and finally Run Tool.
\ No newline at end of file
diff --git a/mcp/transports/sse.html.md b/mcp/transports/sse.html.md
new file mode 100644
index 0000000000..4994b52765
--- /dev/null
+++ b/mcp/transports/sse.html.md
@@ -0,0 +1,73 @@
+---
+title: SSE
+layout: framework_docs
+objective: SSE servers can be deployed as is.
+status: beta
+order: 2
+---
+
+SSE servers can be run as is, we just need to identify the port used and adjust the command, and disable the smoke checks as they will confuse the server.
+
+Start by cloning the MCP servers git repository and making a copy of the `Dockerfile`:
+
+```sh
+git clone https://github.com/modelcontextprotocol/servers.git
+cd servers
+cp src/everything/Dockerfile .
+```
+
+Make the following changes to the `Dockerfile`:
+
+```diff
+ RUN npm ci --ignore-scripts --omit-dev
++
++EXPOSE 3001
+
+-CMD ["node", "dist/index.js"]
++CMD ["node", "dist/sse.js"]
+```
+
+Now run:
+
+```sh
+fly launch --ha=false --smoke-checks=false
+```
+
+Access the MCP server via the MCP inspector:
+
+```sh
+npx @modelcontextprotocol/inspector
+```
+
+In the top left, change the transport type to **SSE**.
+
+Set the URL to match your application, where the URL will be of the form:
+
+```
+https://appname.fly.dev/sse
+```
+
+Replace the _appname_ with the name of your application, but keep the `https://` and `/sse`.
+
+Click Connect.
+
+An example Cursor configuration:
+
+```json
+{
+  "mcpServers": {
+    "everything": {
+      "url": "https://appname.fly.dev/sse",
+      "env": {}
+    }
+  }
+}
+```
+
+With SSE transports, [`fly mcp proxy`](https://fly.io/docs/flyctl/mcp-proxy/) may not be required, but could be useful if:
+* Your MCP client doesn't support SSE
+* You need to set up a [wireguard tunnel](https://fly.io/docs/flyctl/proxy/) to access your MCP serever via an [`.internal`](https://fly.io/docs/networking/private-networking/) or [`.proxy`](https://fly.io/docs/networking/flycast/) address.
+* You need to [route the request to a specific machine](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-force-instance-id-header).
+
+
+
diff --git a/mcp/transports/stdio.html.md b/mcp/transports/stdio.html.md
new file mode 100644
index 0000000000..6ba33cf842
--- /dev/null
+++ b/mcp/transports/stdio.html.md
@@ -0,0 +1,64 @@
+---
+title: stdio
+layout: framework_docs
+objective: This guide shows you how to wrap and proxy a stdio MCP server so that it can be deployed remotely.
+status: beta
+order: 1
+---
+
+stdio MCP servers are not intended to be run remotely, but [`fly mcp`](https://fly.io/docs/flyctl/mcp/) provides the ability to proxy and wrap them.
+
+The data flow is tthat the proxy is a stdio MCP that forwards requests to a wrapper MCP (basically a slimmed down and streamlined Streamable HTTP server), which in turn forwards requests to a stdio MCP running on a remote server:
+
+![MCP Proxy/Wrapper data flow](/docs/images/mcp-proxy-wrap-flog.png)
+
+Start by cloning the MCP servers git repository and making a copy of the `Dockerfile`:
+
+```sh
+git clone https://github.com/modelcontextprotocol/servers.git
+cd servers
+cp src/everything/Dockerfile .
+```
+ 
+Make the following changes to the `Dockerfile`:
+
+```diff
+ RUN npm ci --ignore-scripts --omit-dev
++
++COPY --from=flyio/flyctl /flyctl /usr/bin
++ENTRYPOINT [ "/usr/bin/flyctl", "mcp", "wrap", "--" ]
++EXPOSE 8080
+
+ CMD ["node", "dist/index.js"]
+```
+
+Now run:
+
+```sh
+fly launch --ha=false
+```
+
+Access the MCP server via the MCP inspector:
+
+```sh
+fly mcp proxy -i
+```
+
+An example `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "/Users/rubys/.fly/bin/flyctl",
+      "args": [
+         "mcp",
+         "proxy",
+         "--url=https://mcp.fly.dev/"
+       ]
+    }
+  }
+}
+```
+
+Adjust the `flyctl` path and the value of the `--url` to match your needs.
diff --git a/mcp/transports/streaming-http.html.md b/mcp/transports/streaming-http.html.md
new file mode 100644
index 0000000000..9249970a8f
--- /dev/null
+++ b/mcp/transports/streaming-http.html.md
@@ -0,0 +1,70 @@
+---
+title: Streaming HTTP
+layout: framework_docs
+objective: Streaming HTTP servers can be deployed as is.
+status: beta
+order: 3
+---
+
+Streaming HTTP servers can be run as is, we just need to identify the port used and adjust the command, and disable the smoke checks as they will confuse the server.
+
+Start by cloning the MCP servers git repository and making a copy of the `Dockerfile`:
+
+```sh
+git clone https://github.com/modelcontextprotocol/servers.git
+cd servers
+cp src/everything/Dockerfile .
+```
+
+Make the following changes to the `Dockerfile`:
+
+```diff
+ RUN npm ci --ignore-scripts --omit-dev
++
++EXPOSE 3001
+
+-CMD ["node", "dist/index.js"]
++CMD ["node", "dist/streamableHttp.js"]
+```
+
+Now run:
+
+```sh
+fly launch --ha=false --smoke-checks=false
+```
+
+Access the MCP server via the MCP inspector:
+
+```sh
+npx @modelcontextprotocol/inspector
+```
+
+In the top left, change the transport type to **Streamable HTTP**.
+
+Set the URL to match your application, where the URL will be of the form:
+
+```
+https://appname.fly.dev/mcp
+```
+
+Replace the _appname_ with the name of your application, but keep the `https://` and `/mcp`.
+
+Click Connect.
+
+An example Cursor configuration:
+
+```json
+{
+  "mcpServers": {
+    "everything": {
+      "url": "https://appname.fly.dev/mcp",
+      "env": {}
+    }
+  }
+}
+```
+
+With Streaming HTTP transports, [`fly mcp proxy`](https://fly.io/docs/flyctl/mcp-proxy/) may not be required, but could be useful if:
+* Your MCP client doesn't support Streaming HTTP
+* You need to set up a [wireguard tunnel](https://fly.io/docs/flyctl/proxy/) to access your MCP serever via an [`.internal`](https://fly.io/docs/networking/private-networking/) or [`.proxy`](https://fly.io/docs/networking/flycast/) address.
+* You need to [route the request to a specific machine](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-force-instance-id-header).
\ No newline at end of file
diff --git a/monitoring/error-codes.html.md b/monitoring/error-codes.html.md
new file mode 100644
index 0000000000..d850f8ea38
--- /dev/null
+++ b/monitoring/error-codes.html.md
@@ -0,0 +1,278 @@
+---
+title: Error codes and troubleshooting
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/error-codes/
+  - /docs/metrics-and-logs/error-codes/
+---
+
+The Fly.io platform logs errors to customer log streams. Each log line contains an error code and a field containing that code. This page gives more context about the errors and how to troubleshoot them.
+
+## Proxy errors
+
+The Fly proxy issues different categories of errors, identifiable by the second letter in each code, referring to: Upstream, Connection, TLS, Machine, App, Edge and Routing errors.
+
+### Internal Errors
+
+These errors are internal to the Fly proxy. They're not related to your application behavior.
+
+#### PP01: Failed to set TCP socket options
+
+The proxy wasn't able to set TCP socket options. This is an internal Fly.io error.
+
+### Upstream Proxy errors
+
+Upstream errors occur when the proxy fails to send or complete a request to one of your upstream application machines.
+
+#### PU01: Failed HTTP/2 handshake
+
+In the case that your app accepts h2c requests, `PU01` errors indicate that the HTTP/2 handshake to one of your machines failed. This error is not relevant to applications accepting only HTTP/1 connections.
+
+#### PU02: Failed to complete HTTP request to instance
+
+An HTTP request to a machine was started, but could not be completed.
+
+#### PU03: Unreachable worker host
+
+The underlying host where a machine lives became unreachable. This is an internal Fly.io error unrelated to your application.
+
+#### PU04: Could not build HTTP request
+
+It wasn't possible to create an HTTP request, for unknown reasons.
+
+
+#### PC01: Machine refused connection on port
+
+A request was sent to a specific port that isn't open on the target machine.
+
+Is your app listening on the correct port?
+
+Is your app listening on `0.0.0.0` or `::`? Make sure it's not listening on `127.0.0.1`. Check your app startup logs. Servers often print the address they're listening on.
+
+#### PC02: Connection refused
+
+A request was sent to an unspecified port that isn't open on the target machine.
+
+Is your app listening on `0.0.0.0` or `::`? Make sure it's not listening on `127.0.0.1`. Check your app startup logs. Servers often print the address they're listening on.
+
+#### PC03: Connection reset
+
+This indicates a problem with your application resetting a TCP connection prematurely. Check your application logs for possible causes.
+
+#### PC04: Connection aborted
+
+This indicates a problem with your application aborting a TCP connection prematurely. Check your application logs for possible causes.
+
+#### PC05: Connection timed out
+
+This indicates a problem with connections timing out to your application. Check the following to diagnose:
+
+* Application logs may indicate the cause of a timeout
+* Ensure your app isn't overloaded by properly set its [concurrency limits](https://fly.io/docs/reference/concurrency/#main-content-start)
+* Check [application metrics](/docs/monitoring/metrics/#managed-grafana) for signs of resource exhaustion (CPU, memory, disk I/O)
+
+#### PC06: Unidentified I/O error
+
+A connection to a machine experienced an unidentifiable I/O error.
+
+#### PC07: Connection retries exhausted
+
+The proxy failed to connect to a machine after too many retries.
+
+#### PC08: TCP timeout couldn't be set
+
+Failed to set the TCP timeout for an upstream connection. This is an internal Fly.io issue.
+
+### TLS errors
+
+TLS errors are related to the automatic TLS termination provided by Fly Proxy. These errors occur before a request is passed on to your application.
+
+#### PT01: Exceeded TLS handshake rate limit
+
+A specific IP range exceeded the rate limit for TLS handshake attempts.
+
+#### PT02: Exceeded rate limit for SNI
+
+TLS handshake requests to a specific SNI exceeded the rate limit.
+
+#### PT03: TLS handshake canceled
+
+A TLS handshake was canceled prematurely.
+
+#### PT04: TLS handshake failed
+
+A TLS handshake failed.
+
+#### PT05: No valid TLS certificate for SNI
+
+No TLS certificate was found for a specific server name, and the connection was aborted.
+
+#### PT06: No valid TLS certificate
+
+No TLS certificate was found for the connection, and the connection was aborted.
+
+#### PT07: TLS handshake I/O error
+
+A TLS handshake failed due to an unspecified I/O error.
+
+#### PT08: TLS handshake timed out
+
+A TLS handshake timed out.
+
+#### PT09: Internal TLS error
+
+An internal TLS error occurred.
+
+### Machine-related errors
+
+This class of errors relates to how the proxy behaves when starting and stopping machines on request.
+
+#### PM01: Machines API error
+
+The Machines API returned an error. If the underlying error is known, it's displayed.
+
+#### PM02: Machine wake internal error
+
+An internal Fly.io error prevented a machine transitioning from a `stopped` to `started` state.
+
+#### PM03: Machine wake timeout
+
+The API request to transition a machine from a `stopped` to `started` state timed out.
+
+#### PM04: Machine wake parsing error
+
+A request parsing error prevented a machine transitioning from a `stopped` to `started` state.
+
+#### PM05: Machine connection failed
+
+The proxy failed to connect to a machine. If the underlying error is known, it's displayed.
+
+#### PM06: Missing app name
+
+The Machines API requires an app name to operate on an individual machine. That app name wasn't specified.
+
+#### PM07: Machine state change failed
+
+The proxy wasn't able to stop or start a machine. If the underlying error is known, it's displayed.
+
+#### PM08: Non-startable machine state
+
+A machine could not be started since due to its current non-startable state, such as `stopping` or `destroyed`. The state is displayed along with this message.
+
+
+#### PM09: Unknown machine state
+
+The proxy doesn't recognize the machine's current state.
+
+#### PM10: Machine start canceled
+
+A machine start was canceled prematurely due to an internal Fly.io problem.
+
+#### PM11: Machine recently stopped
+
+Machine states are broadcast to the Fly proxies in an eventually consistent manner. So, edge proxies may not have an up-to-date picture about machine states. A machine that appears as `started` to the edge proxy may actually have been recently stopped.
+
+If the edge proxy forwards a request to a recently stopped machine, and there are other machines available to handle the request, the `PM11` error will be returned to the edge proxy. The error informs the proxy about the `stopped` state of the machine, and instructs the edge to forward the request to another machine.
+
+If the edge proxy believes there's only one machine that can service the request, this logic is bypassed. The request is forwarded to the machine even if it was stopped recently.
+
+The current threshold for 'recently stopped' is 5 minutes.
+
+#### PA01: Replay/retry buffer exceeded
+
+To prepare for the possibility of receiving [`fly-replay` response header](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header), or for retrying failed requests, Fly edge proxies buffer requests up to 10MB.
+
+If a request grows larger than 10MB, buffering stops, making it impossible to replay or retry the request. When this happens, `PA01` is emitted.
+
+#### PA02: Excess fly-replay headers
+
+After a ['fly-replay' response header](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header) replays a request, the application may respond normally, or it may issue another `fly-replay`, up to 10 times. `PA02` is emitted when `fly-replay` is returned more than 10 times.
+
+#### PA03: Invalid fly-replay
+
+Your app returned an invalid ['fly-replay' response](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header).
+
+#### PA04: Replay target app not found
+
+Your app returned a ['fly-replay' response header](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header) targeting a non-existent application in the `app` parameter.
+
+
+#### PA05: Unauthorized replay target app
+
+Your app returned a ['fly-replay' response header](https://fly.io/docs/networking/dynamic-request-routing/#the-fly-replay-response-header) targeting an application belonging to a different Fly.io organization. Only apps in the same
+organization may replay requests to each other.
+
+### Edge proxy errors
+
+This category of errors refers to internal Fly.io errors happening only on edge proxies.
+
+#### PE01: Replay source app not found
+
+An internal error occurred while using `fly-replay` related to the source app name.
+
+#### PE02: Replay source organization not found
+
+An internal error occurred while using `fly-replay` related to the source organization.
+
+### Routing errors
+
+This category refers to request routing errors between proxies and applications.
+
+#### PR01: No healthy machines
+
+No healthy machines were found to forward a request to. This error is most common in non-HTTP TCP services. The reasons could be:
+
+**Exhausting restart retries due to boot errors**
+
+Your app machines may all be stopped due to boot errors exhausting the number of restart retries. Check your app logs and `fly status`.
+
+**Deployments with volumes are failing**
+
+If your app uses volumes and your rolling deployment is failing, you might encounter this error. Check your app logs and `fly status`.
+
+**Using the `immediate` deploy strategy**
+
+If you use the `immediate` deploy strategy, all current machines will be replaced at once, possibly leading to downtime and some `PR01` errors.
+
+**App concurrency limits reached**
+
+[Concurrency limits](/docs/reference/concurrency/) set in `fly.toml` define how traffic should be balanced across machines in your app.
+
+To diagnose, check if:
+* your app is using too much CPU, memory or disk I/O
+* your app applies its own concurrency limits
+* Connection pools to external services like databases are exhausted
+* Connections to external services from your app are slow
+
+#### PR02: Machine not found
+
+The Fly proxy couldn't find a specific machine ID after the request was forwarded from an edge proxy. The VM was likely shut down between when the proxy received the request and when it got forwarded. This error is most common during [`bluegreen` deployments](https://fly.io/docs/reference/configuration/#picking-a-deployment-strategy).
+
+#### PR03: No candidate machines found after retries
+
+This error is functionally similar to `PR01`. It only applies to HTTP services however, and up to 90 retries are attempted before the proxy gives up and issues this error. This error should also display the cause of the most recent error before this one.
+
+#### PR04: No candidate machines found after retries
+
+This error is functionally similar to `PR03`, except it will not display previous errors.
+
+#### PR05: Statics retrieval failed
+
+The proxy failed to retrieve a static file from the specified Tigris storage bucket.
+
+#### PL01: Bypassed connection concurrency limit
+
+[Concurrency limits](https://fly.io/docs/reference/concurrency/#main-content-start) set in `fly.toml` define how traffic should be balanced across machines in your app.
+
+This error occurs when concurrency is measured as the number of concurrent **connections**.
+
+To diagnose, check if:
+* your app is using too much CPU, memory or disk I/O
+* your app applies its own concurrency limits
+* Connection pools to external services like databases are exhausted
+* Connections to external services from your app are slow
+
+#### PL02: Bypassed request concurrency limit
+
+This error is similar to `PL01`, but refers to concurrency measured as the number of concurrent **requests**.
diff --git a/monitoring/exporting-logs.html.md b/monitoring/exporting-logs.html.md
new file mode 100644
index 0000000000..6c0b9b56d8
--- /dev/null
+++ b/monitoring/exporting-logs.html.md
@@ -0,0 +1,119 @@
+---
+title: Export logs
+layout: docs
+objective: Aggregate your logs to a service of your choice.
+nav: firecracker
+redirect_from:
+  - /docs/going-to-production/monitoring/exporting-logs/
+  - /docs/metrics-and-logs/exporting-logs/
+---
+
+The Fly Log Shipper app enables you to aggregate your app's logs to a service of your choice.
+
+Your app's output to `stdout` become logs in Fly.io. Live log tail and log search are good enough for most things. But if you need to export your logs to an external service, such as Datadog or AWS S3, then you can use the Log Shipper.
+
+## The Fly Log Shipper
+
+Here's the easiest way to ship your logs to a location of your choosing.
+
+The [Fly Log Shipper app](https://github.com/superfly/fly-log-shipper+external) hooks into Fly.io's internal log stream. You can run this in your Fly.io organization like any other app.
+
+The Fly Log Shipper runs [Vector](https://vector.dev/+external), which grabs the logs and sends them to a location of your choosing (via a Vector [sink](https://vector.dev/docs/reference/configuration/sinks/+external)).
+
+You can select one or more items from the list of supported [Providers (sinks)](https://github.com/superfly/fly-log-shipper#provider-configuration+external) and configure the Fly Log Shipper to run those sinks.
+
+Each provider just needs some environment variables (or secrets) set for them to work.
+
+## Using the Fly Log Shipper
+
+Here's an example. To ship logs to [Logtail](https://betterstack.com/logtail+external), you would do the following:
+
+```bash
+# Make a directory for your log shipper app
+mkdir logshippper
+cd logshippper
+
+# Create the app but don't deploy just yet
+fly launch --no-deploy --image ghcr.io/superfly/fly-log-shipper:latest
+
+# Set some secrets. The secret / env var you set
+# determines which "sinks" are configured
+ORG=personal
+fly secrets set ORG=$ORG
+fly secrets set ACCESS_TOKEN=$(fly tokens create readonly $ORG)
+fly secrets set LOGTAIL_TOKEN=<token provided by logtail source>
+```
+
+You can configure as many providers as you'd like by adding more secrets. The secrets needed are determined by [which provider(s)](https://github.com/superfly/fly-log-shipper#provider-configuration+external) you want to use.
+
+Before launching your application, you should edit the generated `fly.toml` file and delete the entire `[[services]]` section. Replace it with this:
+
+```toml
+[[services]]
+  http_checks = []
+  internal_port = 8686
+```
+
+Then you can deploy it:
+
+```cmd
+fly deploy
+```
+
+## Shipping specific logs
+
+By default, the log shipper gets logs from every app running within your organization (organization is set by the `ORG` secret/environment variable).
+
+To narrow that down, you can set a [`SUBJECT`](https://github.com/superfly/fly-log-shipper#subject+external) environment variable in your instance of the Fly Log Shipper. That can be set as a secret, or as an environment variable in your `fly.toml` file.
+
+Subjects are in the format `logs.<app_name>.<region>.<instance_id>`. You can set the Log Shipper to narrow down to a specific instance, a specific region, and/or a specific application.
+
+There are [2 wildcards](https://docs.nats.io/nats-concepts/subjects#wildcards+external) you can use:
+
+* `*` wildcards go between strings and can be used multiple times
+* `>` wildcards go at the end of a string and can be used once
+
+For example, to only ship logs for an application named `sandwich`, you would set the `SUBJECT` environment variable like so (in your Log Shipper `fly.toml` file):
+
+```toml
+[env]
+  SUBJECT = "logs.sandwich.>"
+```
+
+This uses wildcard `>` to say to grab all logs from application `sandwich` no matter what region or instance they came from.
+
+Another example:
+
+```toml
+[env]
+  SUBJECT = "logs.*.dfw.>"
+```
+
+This `SUBJECT` says to grab logs from all instances of any applications hosted in the `dfw` region.
+
+## Configuring Vector
+
+Based on your provider (or preferences), it may be necessary to customize the [Vector configuration](https://vector.dev/docs/reference/configuration/+external). This is done with a `vector.toml` configuration file and, thanks to [Machine files](/docs/reference/configuration/#the-files-section), it's as simple as copying the [source](https://github.com/superfly/fly-log-shipper/blob/3b780b3a3c68fdbbbb55430d7d9ff1eb377fdbf0/vector-configs/vector.toml+external) `vector.toml` to a local directory, modifying it according to your requirements, then saving it and redeploying:
+
+```sh
+fly deploy --file-local="/etc/vector/vector.toml=/path/to/local/vector.toml"
+```
+
+That's it! The baked in config file is overwritten and Vector will use your modified config.
+
+## Internals
+
+Fly.io ships logs through a [NATS](https://nats.io+external) stream. This is available to all of your apps via `nats://[fdaa::3]:4223`, which is where the Log Shipper grabs the logs.
+
+The Vector configuration to grab those logs within the Log Shipper is in the [vector.toml file](https://github.com/superfly/fly-log-shipper/blob/main/vector-configs/vector.toml+external).
+
+You can contribute to (or, you know, fork) this repository to add providers (sinks) of your own!
+
+## Avoid duplicate log messages in high availability apps
+
+If you want to run more than one Machine for high availability, the [NATS](https://docs.nats.io/) endpoint supports [subscription queues](https://docs.nats.io/nats-concepts/core-nats/queue) to ensure messages are only sent to one subscriber of the named queue. The `QUEUE` secret can be set to configure an arbitrary queue name in your Log Shipper `fly.toml` file if you want to run multiple log processes for HA and avoid duplicate messages being shipped. For example:
+
+```toml
+[env]
+  QUEUE = "org-logs"
+```
diff --git a/monitoring/index.html.markerb b/monitoring/index.html.markerb
new file mode 100644
index 0000000000..c550e8fc43
--- /dev/null
+++ b/monitoring/index.html.markerb
@@ -0,0 +1,40 @@
+---
+title: "Monitoring on Fly.io"
+layout: docs
+nav: firecracker
+toc: false
+redirect_from:
+  - /docs/going-to-production/monitoring/
+  - /docs/metrics-and-logs/
+---
+
+<figure class="max-w-sm">
+  <img src="http://github.com/static/images/spooky.webp" alt="Illustration by Annie Ruygt of a smirking ghost sitting infront of a laptop">
+</figure>
+
+## Metrics
+
+_Fully-managed metrics solutions to help you monitor your apps._
+
+- **[Metrics](/docs/monitoring/metrics):** Learn how to configure and use the Fly.io metrics for Prometheus and Grafana, and built-in and custom metrics for  your apps.
+
+---
+
+## Error monitoring by Sentry
+
+_Error monitoring for your apps from our extension providers._
+
+- **[Sentry](/docs/monitoring/sentry/):** Use Sentry on Fly.io and get actionable insights to resolve the most important code-related issues. Fly.io organizations that use Sentry can claim a year’s worth of Team Plan credits.
+
+---
+
+## Logging
+
+_Live tail and search your app’s logs, access them via API, or ship them where you want them._
+
+- **[Logging overview](/docs/monitoring/logging-overview/):** How logs work on Fly.io.
+- **[Logs API options for programmatic access](/docs/monitoring/logs-api-options/)::** How to fetch, stream or export logs programmatically without touching the CLI.
+- **[Live tail logs](/docs/monitoring/live-tail-logs/):** Where to access live tail logs.
+- **[Search logs](/docs/monitoring/search-logs/):** Searchable app logs in Grafana (beta).
+- **[Export logs](/docs/monitoring/exporting-logs/):** Aggregate your logs to a service of your choice.
+- **[Error codes and troubleshooting](/docs/monitoring/error-codes/):** Look up error codes and get tips for troubleshooting.
diff --git a/monitoring/live-tail-logs.html.markerb b/monitoring/live-tail-logs.html.markerb
new file mode 100644
index 0000000000..9ac1368793
--- /dev/null
+++ b/monitoring/live-tail-logs.html.markerb
@@ -0,0 +1,40 @@
+---
+title: Live tail logs
+layout: docs
+nav: firecracker
+redirect_from: /docs/metrics-and-logs/live-tail-logs/
+---
+
+You can quickly live tail logs in your dashboard or using the `fly logs` command.
+
+## Use flyctl to view logs in your terminal
+
+The `fly logs` command prints the most recent app logs and then tails the current logs in real-time. This is useful for watching logs during deployment or when running other commands. You can open a new terminal window and run this command in an app's source directory, or use the `--app` option to specify an app:
+
+```cmd
+fly logs --app my-app-name
+```
+
+The logs continue to output until you close the terminal or stop it, for example with with `ctrl + c`.
+
+You can filter the log output by Machine or region. For example, use the Machine ID with the `--instance` option to see logs for that Machine only:
+
+```cmd
+fly logs --instance <machine id>
+```
+
+See the `fly logs` help or [docs](/docs/flyctl/logs/) for option details.
+
+### Use flyctl to activate debug logging for a command
+
+`LOG_LEVEL=debug` prints all the logs into the console as a command runs. To activate debug logging for `fly deploy` run:
+
+```cmd
+LOG_LEVEL=debug fly deploy
+```
+
+## Use the dashboard to view logs
+
+To view recent and live tail app logs in the dashboard, go to the **Live Logs** page. From there, you can use the dropdowns to filter logs by region or instance (Machine). 
+
+You can also view specific Machine logs. Go to **Machines**, click a Machine, and then click the Machine logs icon.
diff --git a/monitoring/logging-overview.html.markerb b/monitoring/logging-overview.html.markerb
new file mode 100644
index 0000000000..7f23e7922a
--- /dev/null
+++ b/monitoring/logging-overview.html.markerb
@@ -0,0 +1,37 @@
+---
+title: Logging overview
+layout: docs
+nav: firecracker
+redirect_from: /docs/metrics-and-logs/logs/
+---
+
+Fly.io app logs are the stdout from the processes run in your apps: whatever an app outputs becomes a log.
+
+Your apps run in Machines. Inside each Machine, we inject a process (init) that runs and monitors your app. Since we build Machines from Docker images, init is taking ENTRYPOINT + CMD and running that. The init program is, among other things, gathering process output from stdout and redirects it to a socket.
+
+Outside of the Machine, on the host, we take that output and send it to [Vector](https://vector.dev/docs/reference/configuration/sinks/nats/+external) via yet another socket. Vector ships logs (your app’s output) to an internal NATS cluster. Clients can subscribe to specific topics, and NATS sends the requested data to those subscribers.
+
+A proxy sits in front of NATS, to ensure you only see your own logs, and you can hook into NATS via this proxy to get your logs.
+
+Vector can act as a NATS client, read the logs, and ship them somewhere. An example of this our Fly Log Shipper app.
+
+## Live tail logs
+
+You can live tail logs from the dashboard or with the `fly logs` command. For more information, see [Live tail logs](/docs/monitoring/live-tail-logs/).
+
+## Logs API options
+
+Learn how to fetch, stream or export logs programmatically without touching the CLI. For more information, see [Logs API options](/docs/monitoring/logs-api-options/).
+
+## Search logs
+
+We have an app log search feature in Grafana that retains logs for 30 days. For more information, see [Search logs](/docs/monitoring/search-logs/).
+
+## Export logs
+
+Try the Fly Log Shipper app to export logs to a service. For more information, see [Export logs](/docs/monitoring/exporting-logs/).
+
+## Error codes and troubleshooting
+
+Look up error codes from logs and get tips on troubleshooting them. For more information, see [Error codes and troubleshooting](/docs/monitoring/error-codes/).
+
diff --git a/monitoring/logs-api-options.html.md b/monitoring/logs-api-options.html.md
new file mode 100644
index 0000000000..ffd52124c5
--- /dev/null
+++ b/monitoring/logs-api-options.html.md
@@ -0,0 +1,117 @@
+---
+title: Logs API options for programmatic access
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-10-01
+---
+
+## Overview
+
+Fly.io apps run on Firecracker microVMs we call Machines. Each Machine captures `stdout`/`stderr`, ships those logs over NATS, and stores them for a period of time in a Quickwit-backed search index. Most users consume logs via `fly logs` or by setting up log shipping to an external sink.
+
+But sometimes you want to grab logs directly, without a CLI or setting up an exporter, because you’re building a tool, automating something, or you just want to pipe logs into your own system.
+
+---
+
+## Options for fetching logs programmatically
+
+You can get logs programmatically via:
+
+- **Undocumented HTTP API**: What `fly logs` uses under the hood.
+- **NATS proxy**: Subscribe to real-time logs at the message level.
+- **Log shipper to external sink**: Ingest logs elsewhere, then query them via that system.
+
+Each has tradeoffs. If you want durable search, export logs. If you want low-latency push, use NATS. If you want to `curl` something now, use the HTTP API.
+
+### 1. HTTP API (same as `fly logs`)
+
+The Fly CLI hits an internal API to stream logs. You can use it too:
+
+```
+GET /api/v1/apps/:app_name/logs
+Authorization: <your-token>
+```
+
+You’ll get a stream of newline-delimited JSON log lines. You can pass query params like:
+
+- `region=cdg` (filter by region)
+- `instance=<id>` (filter by instance — sometimes flaky)
+- `start_time=2023-08-01T00:00:00Z` (to backfill)
+
+This endpoint isn’t officially documented, but it’s mostly stable: `flyctl` depends on it. That said, filters don’t always work as expected.
+
+Use this for quick fetches or simple polling scripts. If you hit rate limits or auth issues, check that your token has `read` access to the app.
+
+Importantly, this is the only option that gives you access to historical logs going back to the current retention window (about 15 days). The other options only start streaming from the moment they're connected.
+
+### 2. Subscribe to logs via NATS (experimental)
+
+Logs are streamed through NATS under subjects like:
+
+```
+logs.<app>.<region>.<instance>
+```
+
+You can subscribe directly using NATS clients, connecting via the proxy URL and authenticating with your org slug and personal access token.
+
+Example NATS subject:
+
+```
+logs.my-app.lhr.*
+```
+
+This gives you structured JSON log messages in real time.
+
+<div class="callout">
+**Note:** The NATS proxy is a dusty corner of Fly’s platform. It works, but it’s unofficial, experimental, and may change as we evolve our logging infrastructure. If you’re building something serious, we recommend exporting logs instead.
+</div>
+
+**Things to know:**
+
+- You’ll need to handle reconnections: if the network drops or the proxy restarts, your subscriber needs to reconnect and resume without losing messages.
+- You’ll need to handle backpressure: if your app can’t process logs fast enough, messages might pile up and get dropped. Design your consumer to either keep up or fail gracefully.
+- If you want to dedupe across subscribers, use NATS queue groups.
+- NATS only streams logs from starting from the moment you connect. You won’t get any history unless you’ve been subscribed the whole time.
+
+For more details on connecting to Fly’s NATS log stream (authentication, subject patterns, example clients), head over to the [Observability for User Apps](/docs/blueprints/observability-for-user-apps/?utm_source=chatgpt.com#streaming-fly-app-logs-to-your-end-users) guide.
+
+### 3. Log Shipper to External Sink
+
+If you want durable, queryable logs, export them. We maintain a small app called the [Fly Log Shipper](https://github.com/superfly/fly-log-shipper) that listens to NATS and forwards logs to sinks like Loki, Datadog, Elastic, Honeycomb, or even S3.
+
+The log shipper is a prebuilt Fly app running Vector, with configuration you can customize via TOML. It subscribes to log subjects and streams data wherever you want.
+
+Example config:
+
+```
+[sinks.loki]
+type = "loki"
+inputs = ["fly_logs"]
+endpoint = "https://my-loki-instance.example/"
+encoding.codec = "json"
+```
+
+To control which logs get forwarded, set the `SUBJECT` environment variable when deploying:
+
+```
+SUBJECT="logs.my-app.*.*"
+```
+
+Like NATS, the log shipper only sees logs from the moment it connects onward. If you deploy it today, you won’t see logs from yesterday.
+
+The log shipper is the most robust option if you want long-term retention, full-text search, alerting, or integration with your existing observability stack.
+
+More details:
+
+- [Fly Docs: Export logs](/docs/monitoring/exporting-logs/)
+- [Fly Blog: Shipping Logs](https://fly.io/blog/shipping-logs/)
+- [GitHub: superfly/fly-log-shipper](https://github.com/superfly/fly-log-shipper)
+
+---
+
+## Summary: So what should I use?
+
+- Want to grep logs from a script? Try the HTTP API.
+- Want real-time stream into your own system? NATS (with caveats).
+- Want reliable search and dashboards? Export logs via shipper.
diff --git a/monitoring/metrics.html.md b/monitoring/metrics.html.md
new file mode 100644
index 0000000000..2e9aad499c
--- /dev/null
+++ b/monitoring/metrics.html.md
@@ -0,0 +1,450 @@
+---
+title: Metrics on Fly.io
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/metrics/
+  - /docs/going-to-production/monitoring/publishing-metrics/
+  - /docs/metrics-and-logs/metrics
+---
+
+The Fly.io platform includes a fully-managed metrics solution to help you easily monitor your Fly apps.
+It includes the following components:
+
+- [**Prometheus on Fly.io**](#prometheus-on-fly-io): Managed Prometheus-compatible time series storage
+- [**Dashboards**](#dashboards): Managed Grafana with detailed visualizations of all built-in metrics
+- [**Built-in Metrics**](#built-in-metrics): Metrics automatically sent from every Fly app you deploy
+- [**Custom Metrics**](#custom-metrics): Expose additional metrics from Fly apps for further customization
+
+## Prometheus on Fly.io
+
+[Prometheus](https://prometheus.io/) is a popular open source monitoring system used to store and query metrics efficiently,
+with a stable [HTTP querying API](https://prometheus.io/docs/prometheus/latest/querying/api/) compatible with a range of systems.
+
+**Prometheus on Fly.io** is a fully-managed service based on [VictoriaMetrics](https://victoriametrics.com/).
+It [supports](https://docs.victoriametrics.com/#prometheus-querying-api-usage) most common Prometheus querying API endpoints:
+- [`/api/v1/query`](https://prometheus.io/docs/prometheus/latest/querying/api/#instant-queries)
+- [`/api/v1/query_range`](https://prometheus.io/docs/prometheus/latest/querying/api/#range-queries)
+- [`/api/v1/series`](https://prometheus.io/docs/prometheus/latest/querying/api/#finding-series-by-label-matchers)
+- [`/api/v1/labels`](https://prometheus.io/docs/prometheus/latest/querying/api/#getting-label-names)
+- [`/api/v1/label/<label_name>/values`](https://prometheus.io/docs/prometheus/latest/querying/api/#querying-label-values)
+- [`/api/v1/status/tsdb`](https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-stats)
+- [`/federate`](https://prometheus.io/docs/prometheus/latest/federation/)
+
+Note that [remote read](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) (`/api/v1/read`) [remote storage integration](https://prometheus.io/docs/prometheus/latest/storage/#remote-storage-integrations)
+is [not supported](https://docs.victoriametrics.com/FAQ.html#why-doesnt-victoriametrics-support-the-prometheus-remote-read-api).
+
+### MetricsQL
+
+Prometheus queries are typically based on the [PromQL](https://prometheus.io/docs/prometheus/latest/querying/basics/) query language.
+Prometheus on Fly.io queries use VictoriaMetrics [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html),
+a backwards-compatible query language that fixes user experience issues and adds
+useful features and functions on top of PromQL.
+
+Key features:
+
+- [Better `rate()` and `increase()`](https://medium.com/@romanhavronenko/victoriametrics-promql-compliance-d4318203f51e#cade)
+functions that just work. No need for [`irate` workarounds](https://www.percona.com/blog/2020/02/28/better-prometheus-rate-function-with-victoriametrics/)
+or appending Grafana's [magical `$__rate_interval`](https://grafana.com/blog/2020/09/28/new-in-grafana-7.2-__rate_interval-for-prometheus-rate-queries-that-just-work/) selector to every query.
+In fact, you can even omit the square brackets entirely and MetricsQL will do the right thing.
+- Many more [label manipulation functions](https://docs.victoriametrics.com/MetricsQL.html#label-manipulation-functions)
+such as `drop_common_labels`, `label_set`, etc.
+- [`topk_avg`](https://docs.victoriametrics.com/MetricsQL.html#topk_avg), which returns the top `k` time series averaged
+across the entire series range (not just individual points), plus the sum of all remaining series in an "other" label.
+Useful for giving a small, filtered view across a potentially large number of series.
+
+### Querying
+
+Queries can be sent to the following endpoint:
+```
+https://api.fly.io/prometheus/<org-slug>/
+```
+
+You’ll need to authenticate with a [Fly Access Token](https://fly.io/docs/security/tokens/). Depending on the token type, the header uses either the Bearer format (`Authorization: Bearer <token>`) or the FlyV1 format (`Authorization: FlyV1 <token>`). You may only query series scoped to your organizations.
+
+
+#### Manually
+
+**Find your Organization slug**
+
+List your organizations, find the org slug and set it as a local variable.
+
+```cmd
+flyctl orgs list
+ORG_SLUG=[org-slug]
+```
+
+**Get an access token**
+
+```cmd
+TOKEN=$(flyctl auth token)
+```
+
+**Test it out!**
+
+```shell
+curl https://api.fly.io/prometheus/$ORG_SLUG/api/v1/query \
+  --data-urlencode 'query=sum(increase(fly_edge_http_responses_count)) by (app, status)' \
+  -H "Authorization: Bearer $TOKEN"
+```
+
+## Dashboards
+
+For more advanced metrics monitoring, you can use dashboards to organize and visualize complex Prometheus
+queries.
+
+The Metrics tab on the [Fly.io Dashboard](https://fly.io/dashboard) provides an overview
+of your Fly apps using the built-in metrics stored in Prometheus.
+
+### Managed Grafana
+
+[Grafana](https://grafana.com/) is a popular open source data visualization web application, that allows you to
+compose queries against data sources into dynamic, reusable dashboards.
+
+We provide a managed Grafana instance at [fly-metrics.net](https://fly-metrics.net), preconfigured with your
+Prometheus data source and detailed dashboards covering the full set of built-in metrics.
+
+You can also use the Explore panel to run ad-hoc queries against the preconfigured Prometheus datasource,
+or create/import additional dashboards for further customization or to visualize custom metrics.
+
+Switch between your Fly.io Organizations by clicking the "Switch organization" link beneath
+the user icon in the lower-left of the screen.
+
+### External or self-hosted Grafana
+
+You can also configure your Prometheus endpoint with an existing Grafana installation, or [host one on Fly.io](https://github.com/fly-apps/grafana). Either way, you can set it up like this:
+
+1. [Add](https://grafana.com/docs/grafana/latest/datasources/add-a-data-source/) a [Prometheus data source](https://grafana.com/docs/grafana/latest/datasources/prometheus/) (Settings -> Data Sources -> Add data source -> Prometheus)
+2. Fill the form with the following:
+- HTTP -> URL: `https://api.fly.io/prometheus/<org-slug>/`
+- Custom HTTP Headers -> + Add Header:
+   - Header: `Authorization`
+   - Value: `FlyV1 <token>` (for tokens created with `fly tokens create`)
+   - Value: `Bearer <token>` (only for tokens from `flyctl auth token`)
+
+You're all set.
+
+We publish our [Fly.io Dashboards](https://grafana.com/grafana/dashboards/14741) to Grafana.com for use with external Grafana instances.
+To install, just [import the dashboard](https://grafana.com/docs/grafana/latest/dashboards/export-import/#import-dashboard) using the listed IDs.
+If you'd like to contribute changes to the dashboards, we have created a [repository](https://github.com/superfly/dashboards) for them.
+
+## Built-in metrics
+
+Fly apps automatically publish a number of built-in metrics.
+
+[Metric types](https://prometheus.io/docs/concepts/metric_types/) are all [Gauges](https://prometheus.io/docs/concepts/metric_types/#gauge)
+unless otherwise marked.
+
+Metrics with names ending in `_count` are all [Counters](https://prometheus.io/docs/concepts/metric_types/#counter).
+
+[Histogram](https://prometheus.io/docs/concepts/metric_types/#histogram) metrics with a base name of `<name>` expose multiple series:
+- `<name>_bucket{le}`
+- `<name>_sum`
+- `<name>_count`
+
+### Standard Labels
+
+All published series include the following labels:
+
+- `app`: App name
+- `region`: [Fly.io Region](https://fly.io/docs/reference/regions/#fly-io-regions)
+- `host`: 4-character host ID (lowercase hexadecimal)
+- `instance`: App instance ID (for all series except `fly_edge_` and `fly_volume_`)
+
+If your app exposes custom metrics with the same labels, they will be overwritten.
+
+### Proxy series
+
+Any app using a TCP-based handler (HTTP, TLS or straight TCP) publishes `edge` and `app` proxy metrics:
+
+Labels:
+- `proxy_id`: "blue" or "green" (flips when the proxy is restarted/updated)
+
+#### Edge - `fly_edge_`
+
+```
+fly_edge_http_responses_count{status}
+fly_edge_http_response_time_seconds{status} (Histogram)
+fly_edge_tcp_connects_count
+fly_edge_tcp_disconnects_count
+fly_edge_data_out (Counter, bytes)
+fly_edge_data_in (Counter, bytes)
+fly_edge_tls_handshake_errors{servername} (Counter)
+fly_edge_tls_handshake_time_seconds{version} (Histogram)
+```
+
+#### App - `fly_app_`
+```
+fly_app_concurrency
+fly_app_http_responses_count{status}
+fly_app_http_response_time_seconds{status} (Histogram)
+fly_app_connect_time_seconds (Histogram)
+fly_app_tcp_connects_count
+fly_app_tcp_disconnects_count
+```
+
+### Instance series - `fly_instance_`
+
+Derived from the [`/proc` file system](https://www.kernel.org/doc/html/latest/filesystems/proc.html) of your app VMs.
+
+`fly_instance_up = 1` shows the VM is reporting correctly.
+
+### Instance exit - `fly_instance_exit_`
+
+Information about instance exits. These metrics help you understand why your instances are terminating and can be used for alerting and debugging.
+
+- `fly_instance_exit_code`: The exit code of the main process when the instance terminates. A value of 0 typically indicates normal termination, while non-zero values indicate errors or abnormal termination.
+- `fly_instance_exit_oom`: A boolean flag (0 or 1) indicating whether the instance was killed due to out-of-memory (OOM). A value of 1 means the instance was terminated because it exceeded its memory limits.
+- `fly_instance_exit_vm_code`: The VM-level exit code, which may differ from the application exit code. This can help distinguish between application-level failures and VM-level issues.
+
+#### Instance memory - `fly_instance_memory_`
+
+Derived from [`/proc/meminfo`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#meminfo). All units are in *bytes*.
+
+```
+fly_instance_memory_mem_total
+fly_instance_memory_mem_free
+fly_instance_memory_mem_available
+fly_instance_memory_buffers
+fly_instance_memory_cached
+fly_instance_memory_swap_cached
+fly_instance_memory_active
+fly_instance_memory_inactive
+fly_instance_memory_swap_total
+fly_instance_memory_swap_free
+fly_instance_memory_dirty
+fly_instance_memory_writeback
+fly_instance_memory_slab
+fly_instance_memory_shmem
+fly_instance_memory_vmalloc_total
+fly_instance_memory_vmalloc_used
+fly_instance_memory_vmalloc_chunk
+```
+#### Instance Load and CPU
+
+- `load_average` is derived from [`/proc/loadavg`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#id11) ([`getloadavg`](https://man7.org/linux/man-pages/man3/getloadavg.3.html)). It's a ["system load average"](https://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html) measuring the number of processes in the system run queue, with samples representing averages over 1, 5, and 15 `minutes`.
+
+- `cpu` is derived from [`/proc/stat`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#miscellaneous-kernel-statistics-in-proc-stat),
+and counts the amount of time each CPU (`cpu_id`) has spent performing different kinds of work (`mode`, which may be one of `user`, `nice`, `system`, `idle`, `iowait`, `irq`, `softirq`, `steal`, `guest`, `guest_nice`).
+The time unit is 'clock ticks' of centiseconds (0.01 seconds).
+
+The following CPU metrics are related to [CPU Performance](/docs/machines/cpu-performance):
+- `cpu_baseline` is the baseline quota in number of CPUs, calculated from the CPU type and number of vCPUs.
+- `cpu_balance` is the accrued CPU burst balance in clock ticks (centiseconds).
+- `cpu_throttle` is derived from the `throttled_time` field of the cgroup [`cpu.stat`](https://docs.kernel.org/scheduler/sched-bwc.html#statistics), and counts the amount of time the CPU was throttled after exhausting its quota, in 'clock ticks' (centiseconds).
+
+```
+fly_instance_load_average{minutes}
+fly_instance_cpu{cpu_id, mode} (Counter, centiseconds)
+fly_instance_cpu_baseline (CPUs)
+fly_instance_cpu_balance (centiseconds)
+fly_instance_cpu_throttle (Counter, centiseconds)
+```
+#### Instance Disks - `fly_instance_disk_`
+
+Counters derived from fields 1-11 of [`/proc/diskstats`](https://www.kernel.org/doc/html/latest/admin-guide/iostats.html). The unit for `time_` series is **milliseconds**, and the unit for `sectors_` is 512-byte sectors.
+
+Labels:
+- `device`: Published for the ephemeral VM root disk (`vdb`) and any mounted Volume (`vdc`).
+
+```
+fly_instance_disk_reads_completed
+fly_instance_disk_reads_merged
+fly_instance_disk_sectors_read
+fly_instance_disk_time_reading
+fly_instance_disk_writes_completed
+fly_instance_disk_writes_merged
+fly_instance_disk_sectors_written
+fly_instance_disk_time_writing
+fly_instance_disk_io_in_progress
+fly_instance_disk_time_io
+fly_instance_disk_time_io_weighted
+```
+
+#### Instance Networking - `fly_instance_net_`
+
+Counters derived from [`/proc/net/dev`](https://www.kernel.org/doc/html/latest/networking/statistics.html#procfs).
+
+Labels:
+- `device`: interface name, either `eth0` or `dummy0` (ignore).
+
+```
+fly_instance_net_recv_bytes
+fly_instance_net_recv_packets
+fly_instance_net_recv_errs
+fly_instance_net_recv_drop
+fly_instance_net_recv_fifo
+fly_instance_net_recv_frame
+fly_instance_net_recv_compressed
+fly_instance_net_recv_multicast
+fly_instance_net_sent_bytes
+fly_instance_net_sent_packets
+fly_instance_net_sent_errs
+fly_instance_net_sent_drop
+fly_instance_net_sent_fifo
+fly_instance_net_sent_colls
+fly_instance_net_sent_carrier
+fly_instance_net_sent_compressed
+```
+
+#### Instance File Descriptors - `fly_instance_filefd_`
+
+Information about allocated, and maximum allowed allocated file descriptors derived from [`/proc/sys/fs/file-nr`](https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#file-max-file-nr).
+
+```
+fly_instance_filefd_allocated
+fly_instance_filefd_maximum
+```
+
+#### Instance Filesystem - `fly_instance_filesystem_`
+
+Filesystem metrics derived from [VFS File System Information](https://man7.org/linux/man-pages/man0/sys_statvfs.h.0p.html).
+
+Labels:
+- `mount`: mount point name(s), `/` and if using [Volumes](https://fly.io/docs/volumes/), the destination name in fly.toml.
+
+```
+fly_instance_filesystem_blocks
+fly_instance_filesystem_block_size
+fly_instance_filesystem_blocks_free
+fly_instance_filesystem_blocks_avail
+```
+
+### Volumes - `fly_volume_`
+
+Labels:
+- `id`: Volume ID
+
+If you're using [Volumes](https://fly.io/docs/volumes/) for any of your organization's apps, you'll be able to query these series,
+derived from the `LSize` and `Data%` of the volume's [thin LV](https://man7.org/linux/man-pages/man7/lvmthin.7.html).
+
+```
+fly_volume_size_bytes
+fly_volume_used_pct (0-100)
+```
+
+### Postgres - `pg_`
+
+If you have a [Postgres](https://fly.io/docs/reference/postgres/) database hosted on Fly.io, you'll automatically get the following series,
+published via [`postgres_exporter`](https://github.com/prometheus-community/postgres_exporter):
+
+```
+pg_stat_activity_count
+pg_stat_activity_max_tx_duration
+pg_stat_archiver_archived_count
+pg_stat_archiver_failed_count
+pg_stat_bgwriter_buffers_alloc
+pg_stat_bgwriter_buffers_backend_fsync
+pg_stat_bgwriter_buffers_backend
+pg_stat_bgwriter_buffers_checkpoint
+pg_stat_bgwriter_buffers_clean
+pg_stat_bgwriter_checkpoint_sync_time
+pg_stat_bgwriter_checkpoint_write_time
+pg_stat_bgwriter_checkpoints_req
+pg_stat_bgwriter_checkpoints_timed
+pg_stat_bgwriter_maxwritten_clean
+pg_stat_bgwriter_stats_reset
+pg_stat_database_blk_read_time
+pg_stat_database_blk_write_time
+pg_stat_database_blks_hit
+pg_stat_database_blks_read
+pg_stat_database_conflicts_confl_bufferpin
+pg_stat_database_conflicts_confl_deadlock
+pg_stat_database_conflicts_confl_lock
+pg_stat_database_conflicts_confl_snapshot
+pg_stat_database_conflicts_confl_tablespace
+pg_stat_database_conflicts
+pg_stat_database_deadlocks
+pg_stat_database_numbackends
+pg_stat_database_stats_reset
+pg_stat_database_tup_deleted
+pg_stat_database_tup_fetched
+pg_stat_database_tup_inserted
+pg_stat_database_tup_returned
+pg_stat_database_tup_updated
+pg_stat_database_xact_commit
+pg_stat_database_xact_rollback
+pg_stat_replication_pg_current_wal_lsn_bytes
+pg_stat_replication_pg_wal_lsn_diff
+pg_stat_replication_reply_time
+pg_replication_lag
+pg_database_size_bytes
+```
+
+## Custom Metrics
+
+For further customization beyond built-in metrics,
+Fly apps can expose a metrics endpoint we'll automatically scrape every 15 seconds and
+send the results to Prometheus.
+
+### Configuration
+
+Add a `[metrics]` section to your application's `fly.toml`:
+
+```toml
+[metrics]
+port = 9091
+path = "/metrics" # default for most prometheus exporters
+```
+
+If your app uses [multiple processes](/docs/apps/processes/), you can add multiple `[[metrics]]` sections, each with its own set of `processes`:
+
+```toml
+[[metrics]]
+port = 9394
+path = "/metrics"
+processes = ["web"]
+
+[[metrics]]
+port = 9113
+path = "/metrics"
+processes = ["proxy"]
+```
+
+### Instrumentation
+
+Instrument your app and expose your metrics on `0.0.0.0`.
+
+There are many supported [client libraries](https://prometheus.io/docs/instrumenting/clientlibs/) as well as off-the-shelf [exporters](https://prometheus.io/docs/instrumenting/exporters/) able to return Prometheus-formatted metrics.
+
+## Authentication
+
+Authenticating to the Prometheus API can be achieved a few different ways, depending on the level of access you want your token to have.
+
+### Fly Access Token
+
+As in the earlier example, a full access token can be generated with `flyctl auth token` and then passed as a bearer token in the `Authorization` header. The header looks like:
+
+```
+Authorization: Bearer THE_TOKEN
+```
+
+### Fly org-restricted or read-only token
+
+This kind of token or "[macaroon](https://fly.io/blog/macaroons-escalated-quickly/)" can be scoped to a single organization or configured to only allow read operations, which can be safer than using a full-blown read-write token that grants access to all organizations under your account.
+
+### Generating tokens
+Create an org-restricted token:
+
+```
+fly tokens create org -o THE_ORGANIZATION
+```
+
+Create a read-only org-restricted token:
+
+```
+fly tokens create readonly
+```
+
+These tokens look like this once generated: `FlyV1 fm2_lJPECAAAAAAAAC7txBAzYI6PRWhHLT...(a lot of base64-encoded text)`.
+
+#### Using tokens
+Use the correct scheme based on token type:
+
+- `Bearer <token>` → for `flyctl auth token`.
+- `FlyV1 <token>` → for all tokens created with `fly tokens create`.
+
+Example with a token created via `fly tokens create`:
+```
+Authorization: FlyV1 fm2_lJPECAAAAAAAAC7txBAzYI6PRWhHLT...(a lot of base64-encoded text)
+```
diff --git a/monitoring/search-logs.html.markerb b/monitoring/search-logs.html.markerb
new file mode 100644
index 0000000000..c88c54ffd8
--- /dev/null
+++ b/monitoring/search-logs.html.markerb
@@ -0,0 +1,25 @@
+---
+title: Search logs
+layout: docs
+nav: firecracker
+redirect_from: /docs/metrics-and-logs/search-logs/
+---
+
+<div class="warning icon">
+Searchable application logs is a beta feature. Learn more and post your suggestions or issues in the community thread: [Searchable application logs in Grafana](https://community.fly.io/t/searchable-application-logs-in-grafana/18878+external)
+</div>
+
+We’re working with [Quickwit](https://quickwit.io/docs+external) to bring you an application log cluster and search interface. 
+
+You can access searchable logs in Grafana:
+
+- Click **Log Search** in your Fly.io app dashboard, or
+- Go directly to your [Grafana metrics](https://fly-metrics.net/d/fly-logs/fly-logs+external)
+
+<div class="important icon">
+**Important:** If you’re already signed in to Grafana, then you'll need to log out and log back in.
+</div>
+
+Searchable logs are built on our [Tigris Storage](/docs/tigris/) and [Supabase Postgres](/docs/supabase/) extensions. 
+
+For the beta period, log search is free and we retain logs for 30 days. Learn how to build more complex queries [Quickwit’s query language](https://quickwit.io/docs/get-started/query-language-intro+external).
diff --git a/monitoring/sentry.html.md b/monitoring/sentry.html.md
new file mode 100644
index 0000000000..40cf7e6d1c
--- /dev/null
+++ b/monitoring/sentry.html.md
@@ -0,0 +1,99 @@
+---
+title: Application Monitoring by Sentry
+layout: docs
+nav: firecracker
+redirect_from: /docs/reference/sentry/
+date: 2025-07-21
+---
+
+[Sentry](https://sentry.io/) is a developer-first application monitoring platform that helps you identify and fix software problems before they impact your users. Through our partnership with Sentry, each of your Fly organizations can claim a year’s worth of [Team Plan](https://sentry.io/pricing) credits.
+
+## Set up Sentry for your Fly.io app
+
+In your project source directory, run the following command:
+
+```
+fly ext sentry create
+```
+
+This command will:
+
+- Create a Sentry account using your Fly.io user email
+- Create a Sentry organization linked to your Fly.io organization
+- Set the `SENTRY_DSN` secret in your app
+
+Once this is complete, your app will have the `SENTRY_DSN` environment variable available at runtime. Most Sentry SDKs will automatically pick this up and begin sending events.
+
+You can open the Sentry dashboard for your app by running:
+
+```
+fly ext sentry dashboard
+```
+
+## Instrument your application
+
+To start sending events to Sentry, you’ll need to instrument your app with the relevant SDK. See [Sentry's documentation for supported platforms](https://docs.sentry.io/platforms/).
+
+## Sentry Plan details
+
+Your organization receives one year of Sentry’s Team plan, which includes monthly:
+
+- 50k errors
+- 100k [performance units](https://sentry.io/changelog/2023-5-9-introducing-performance-units/)
+- 500 [session replays](https://sentry.zendesk.com/hc/en-us/articles/27282849806235-How-are-Replays-charged-Is-it-based-on-when-I-hit-play)
+- 1GB [attachments](https://docs.sentry.io/platforms/native/guides/minidumps/enriching-events/attachments/)
+
+If you need more than these allowances, sign in to your Sentry account and review upgrade options in the **Settings > Usage & Billing > Subscription** section.
+
+<div class="important">
+If you upgrade to a paid plan, you will not be able to return to the Fly.io‑sponsored promotional plan.
+</div>
+
+## After the one-year plan ends
+
+At the end of the promotional period, your Sentry organization will no longer have access to the sponsored Team plan. You have two options:
+
+### 1. Let the plan expire
+
+- Your organization will be downgraded to the free Developer plan
+- Monitoring will continue, but with lower plan limits
+- Events sent that exceed the quota will be dropped
+- Existing events and logs remain accessible for up to 30 days, based on Sentry's data retention policy
+
+For more information, see [https://sentry.zendesk.com/hc/en-us/articles/27118913621019](https://sentry.zendesk.com/hc/en-us/articles/27118913621019).
+
+### 2. Upgrade to a paid Sentry plan
+
+- You can maintain access to higher quotas and additional features
+- You can enable new SSO options (Google, GitHub, etc.)
+- You can optionally disable Fly.io SSO
+
+## Updating SSO and login methods
+
+Sentry organizations created via the Fly.io integration use Fly.io SSO by default. After your plan ends (or if you upgrade), you can switch to standard login:
+
+1. Go to **Organization Settings > Auth Settings** in Sentry
+1. Click **Disable Fly.io Auth**
+1. Sentry will email each organization member to set a password for their account
+
+This allows you to log in with email and password, and to enable other SSO providers depending on your Sentry subscription level.
+
+For details, see [https://sentry.zendesk.com/hc/en-us/articles/24206530196251](https://sentry.zendesk.com/hc/en-us/articles/24206530196251).
+
+## Do I need to migrate anything after my plan expires?
+
+No migration steps are needed. Your existing Sentry organization, project, data, alerts, and SDK configuration remain intact.
+
+When your plan changes:
+
+- Sentry will retain historical data according to the new plan’s retention limits
+- The `SENTRY_DSN` will continue working unless you explicitly remove or rotate it
+- The Sentry SDK will continue to send events, but any events that exceed quota will be dropped
+
+For more details, see [https://sentry.zendesk.com/hc/en-us/articles/36501551064219](https://sentry.zendesk.com/hc/en-us/articles/36501551064219).
+
+
+
+
+
+
diff --git a/mpg/configuration.html.md b/mpg/configuration.html.md
new file mode 100644
index 0000000000..05ff05923c
--- /dev/null
+++ b/mpg/configuration.html.md
@@ -0,0 +1,135 @@
+---
+title: Cluster configuration options
+layout: docs
+nav: mpg
+date: 2025-08-18
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+
+## Connection Pooling
+
+All Managed Postgres clusters come with PGBouncer for connection pooling, which helps manage database connections efficiently. You can configure how PGBouncer assigns connections to clients by changing the pool mode. 
+
+### Pool Mode Options
+
+There are two pool modes available:
+
+- **Session**: Connections are assigned to clients for the entire session. This is the default mode and provides the most compatibility with PostgreSQL features, including transactions, prepared statements, and advisory locks.
+- **Transaction**: Connections are assigned per transaction. This mode allows for higher connection reuse and better performance under high load, but has some limitations with certain PostgreSQL features.
+
+### When to Use Each Mode
+
+**Use Session mode when**:
+- Your application uses prepared statements
+- You need advisory locks or other session-specific features
+- You're unsure which mode to choose (Session is the safer default)
+- Your application has long-running transactions
+
+**Use Transaction mode when**:
+- You have a high-throughput application with many short transactions
+- You want to maximize connection reuse
+- Your application primarily uses simple queries without prepared statements
+- You need to support more concurrent connections with the same hardware
+- If you're using Elixir's Ecto library, you must use Transaction pool mode when connecting through the pooler, as Ecto's connection pooling behavior is incompatible with PGBouncer's Session mode.
+
+### Changing Pool Mode from the Dashboard
+
+To change the pool mode for your cluster:
+
+1. Navigate to your MPG cluster's "Connect" tab in the dashboard
+2. Click "View Pooler Settings" to expand the configuration options
+3. Select your desired pool mode.
+4. Click "Update Pool Mode"
+5. Confirm the change in the modal dialog
+
+**Note**: Changing the pool mode will restart the connection pooler nodes, which may cause brief connection interruptions. Your database itself will remain running.
+
+## Changing your MPG Plan
+
+Your Managed Postgres Plan determines the amount of resources your cluster has. All plans include a primary and replica, pg bouncers, and backups. You can change your cluster's plan at any time and the machines in the cluster will be updated to their new resources. 
+
+In order to change your plan: 
+
+1. Navigate to your MPG cluster's "Settings" tab in the dashboard
+2. Select your desired plan from the list
+3. Click the "Update Configuration" button 
+4. Your plan will be updated and all configuration changes will be applied to your database nodes. 
+
+<div class="warning icon">
+During the configuration update, your database nodes will restart. You may see a brief period of downtime during the upgrade and switchover. Please make sure to plan accordingly.
+</div>
+
+## Users and Roles
+
+Your Managed Postgres Cluster is created with one admin user named `fly-user`. You can create additional database users and set their roles from your dashboard. 
+
+Currently MPG supports the following roles for users:
+
+### Schema Admin
+
+The Schema Admin role is the closest to a Superuser role. It provides full read & write access to your cluster, as well as the ability to modify the structure of your database. 
+
+This is the default role granted to the `fly-user` user when your cluster is created.
+
+**What Schema Admin users can do:**
+- Read and write to all databases, tables, and schemas
+- Create, alter, and drop tables, views, functions, and other database objects
+- Create new schemas and manage database structure
+- Connect to any database in the cluster
+- Create temporary tables for session-specific operations
+
+
+**What Schema Admin users cannot do:**
+- Create new databases. This can be done from your Dashboard
+- Other actions requiring superuser permissions, other than those named above.
+
+
+### Writer
+
+The Writer role provides full read and write access to data while restricting the ability to modify the database structure. 
+
+**What Writer users can do:**
+- Read from and write to all existing tables and schemas
+- Insert, update, and delete records across all databases
+- Connect to any database in the cluster
+
+**What Writer users cannot do:**
+- Create or modify table structures
+- Create new schemas or databases
+- Create functions, procedures, or other schema objects
+- Create temporary tables
+- Alter database permissions or roles
+
+### Reader
+
+The Reader role provides read-only access to all data in the cluster. This role works well for connecting to reporting or analytics.
+
+**What Reader users can do:**
+-  View all data across databases, tables, and schemas
+-  Connect to any database in the cluster
+-  Run SELECT queries
+
+**What Reader users cannot do:**
+- Insert, update, or delete any data
+- Create any database objects or modify schemas
+- Create temporary tables
+- Modify database structure or permissions
+
+
+### Creating additional users
+
+To create additional users:
+1. Navigate to your MPG cluster's "Users" tab in the dashboard
+2. Enter a name for your new user
+3. Click "Create User" and wait for the user to be created.
+
+Note: If your cluster was created before July 2025, you'll need to opt in to the new Role system before you can add new users. This can be done on the Users tab of your dashboard. 
+
+### Authenticating with a custom user
+
+Once the user has been created, you can generate a connection string for them from the "Connect" tab of your dashboard. Select the user you'd like to authenticate as, and the connection string will be updated with their details. 
diff --git a/mpg/configuration.md b/mpg/configuration.md
new file mode 100644
index 0000000000..05ff05923c
--- /dev/null
+++ b/mpg/configuration.md
@@ -0,0 +1,135 @@
+---
+title: Cluster configuration options
+layout: docs
+nav: mpg
+date: 2025-08-18
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+
+## Connection Pooling
+
+All Managed Postgres clusters come with PGBouncer for connection pooling, which helps manage database connections efficiently. You can configure how PGBouncer assigns connections to clients by changing the pool mode. 
+
+### Pool Mode Options
+
+There are two pool modes available:
+
+- **Session**: Connections are assigned to clients for the entire session. This is the default mode and provides the most compatibility with PostgreSQL features, including transactions, prepared statements, and advisory locks.
+- **Transaction**: Connections are assigned per transaction. This mode allows for higher connection reuse and better performance under high load, but has some limitations with certain PostgreSQL features.
+
+### When to Use Each Mode
+
+**Use Session mode when**:
+- Your application uses prepared statements
+- You need advisory locks or other session-specific features
+- You're unsure which mode to choose (Session is the safer default)
+- Your application has long-running transactions
+
+**Use Transaction mode when**:
+- You have a high-throughput application with many short transactions
+- You want to maximize connection reuse
+- Your application primarily uses simple queries without prepared statements
+- You need to support more concurrent connections with the same hardware
+- If you're using Elixir's Ecto library, you must use Transaction pool mode when connecting through the pooler, as Ecto's connection pooling behavior is incompatible with PGBouncer's Session mode.
+
+### Changing Pool Mode from the Dashboard
+
+To change the pool mode for your cluster:
+
+1. Navigate to your MPG cluster's "Connect" tab in the dashboard
+2. Click "View Pooler Settings" to expand the configuration options
+3. Select your desired pool mode.
+4. Click "Update Pool Mode"
+5. Confirm the change in the modal dialog
+
+**Note**: Changing the pool mode will restart the connection pooler nodes, which may cause brief connection interruptions. Your database itself will remain running.
+
+## Changing your MPG Plan
+
+Your Managed Postgres Plan determines the amount of resources your cluster has. All plans include a primary and replica, pg bouncers, and backups. You can change your cluster's plan at any time and the machines in the cluster will be updated to their new resources. 
+
+In order to change your plan: 
+
+1. Navigate to your MPG cluster's "Settings" tab in the dashboard
+2. Select your desired plan from the list
+3. Click the "Update Configuration" button 
+4. Your plan will be updated and all configuration changes will be applied to your database nodes. 
+
+<div class="warning icon">
+During the configuration update, your database nodes will restart. You may see a brief period of downtime during the upgrade and switchover. Please make sure to plan accordingly.
+</div>
+
+## Users and Roles
+
+Your Managed Postgres Cluster is created with one admin user named `fly-user`. You can create additional database users and set their roles from your dashboard. 
+
+Currently MPG supports the following roles for users:
+
+### Schema Admin
+
+The Schema Admin role is the closest to a Superuser role. It provides full read & write access to your cluster, as well as the ability to modify the structure of your database. 
+
+This is the default role granted to the `fly-user` user when your cluster is created.
+
+**What Schema Admin users can do:**
+- Read and write to all databases, tables, and schemas
+- Create, alter, and drop tables, views, functions, and other database objects
+- Create new schemas and manage database structure
+- Connect to any database in the cluster
+- Create temporary tables for session-specific operations
+
+
+**What Schema Admin users cannot do:**
+- Create new databases. This can be done from your Dashboard
+- Other actions requiring superuser permissions, other than those named above.
+
+
+### Writer
+
+The Writer role provides full read and write access to data while restricting the ability to modify the database structure. 
+
+**What Writer users can do:**
+- Read from and write to all existing tables and schemas
+- Insert, update, and delete records across all databases
+- Connect to any database in the cluster
+
+**What Writer users cannot do:**
+- Create or modify table structures
+- Create new schemas or databases
+- Create functions, procedures, or other schema objects
+- Create temporary tables
+- Alter database permissions or roles
+
+### Reader
+
+The Reader role provides read-only access to all data in the cluster. This role works well for connecting to reporting or analytics.
+
+**What Reader users can do:**
+-  View all data across databases, tables, and schemas
+-  Connect to any database in the cluster
+-  Run SELECT queries
+
+**What Reader users cannot do:**
+- Insert, update, or delete any data
+- Create any database objects or modify schemas
+- Create temporary tables
+- Modify database structure or permissions
+
+
+### Creating additional users
+
+To create additional users:
+1. Navigate to your MPG cluster's "Users" tab in the dashboard
+2. Enter a name for your new user
+3. Click "Create User" and wait for the user to be created.
+
+Note: If your cluster was created before July 2025, you'll need to opt in to the new Role system before you can add new users. This can be done on the Users tab of your dashboard. 
+
+### Authenticating with a custom user
+
+Once the user has been created, you can generate a connection string for them from the "Connect" tab of your dashboard. Select the user you'd like to authenticate as, and the connection string will be updated with their details. 
diff --git a/mpg/create-and-connect.html.md b/mpg/create-and-connect.html.md
new file mode 100644
index 0000000000..cccba3bbc8
--- /dev/null
+++ b/mpg/create-and-connect.html.md
@@ -0,0 +1,145 @@
+---
+title: Create and Connect to a Managed Postgres Cluster
+layout: docs
+nav: mpg
+date: 2025-07-11
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+
+## Creating a Managed Postgres Cluster from the Dashboard
+
+ To create a new Managed Postgres (MPG) cluster, visit your Fly.io dashboard, select the "Managed Postgres" tab on the left, and click the "Create new cluster" button.
+
+You'll be prompted to set your clusters:
+
+- Cluster name (must be unique within your organization)
+- Region (see [available MPG regions](/docs/mpg/overview/#regions))
+- A plan with predefined hardware resources:
+  - Basic: 2 shared vCPUs, 1GB RAM
+  - Starter: 2 shared vCPUs, 2GB RAM
+  - Launch: 2 Performance vCPUs, 8GB RAM
+  - Scale: 4 Performance vCPUs, 32GB RAM
+  - Performance: 8 Performance vCPUs, 64GB RAM
+- Initial storage size: Up to 500 GB at creation
+- Optional Third Party Extensions to install (Currently only PGVector is supported)
+
+<div>
+    <img src="http://github.com/static/images/create-mpg.webp" alt="A screenshot of the Managed Postgres creation page.">
+</div>
+
+After configuring your cluster, select "Create Cluster" and wait a few moments for it to initialize. Once that's complete, you can now connect to your cluster
+
+## Creating a Managed Postgres Cluster from Flyctl
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/create-cluster.png" alt="Illustration by Annie Ruygt of a balloon holding a box of honey clusters cereal" class="w-full max-w-lg mx-auto">
+</figure>
+
+You can also create an MPG cluster using the flyctl command line tool. To begin, run:
+
+```cmd
+fly mpg create
+```
+ Follow the prompts to configure your cluster name, plan, and region. By default your cluster will be created with a 10GB volume, but you can specify larger using the `--volume-size` flag:
+
+```cmd 
+fly mpg create [flags]
+```
+```out
+ -n, --name string       The name of your Postgres cluster
+ -o, --org string        The target Fly.io organization
+      --pgvector          Enable PGVector for the Postgres cluster
+      --plan string       The plan to use for the Postgres cluster (basic, launch, scale)
+ -r, --region string     The target region
+      --volume-size int   The volume size in GB (default 10)
+```
+
+After all options are set the cluster will begin initializing. Once that's complete, you can now connect to your cluster.
+
+## Attach an application to your Managed Postgres Database 
+
+To connect your application running on Fly.io to your Managed Postgres instance, you'll need to add the DB connection details as a secret on your app. This can be done from the Dashboard or via flyctl.
+
+### Attaching an app from your MPG dashboard
+
+From the "Connect" tab of your MPG Cluster page you can attach a specific app in your organization to your database. 
+
+1. Select the app to attach in the dropdown
+2. If needed, customize the variable name to use for the database connection URL. The default is `DATABASE_URL`.  If your chosen app already has a secret named `DATABASE_URL`, you will need to choose a new variable name before you can deploy.
+3.  Select "Set secret and deploy". This will trigger a deploy of your chosen app to add the new secret. 
+4. Your app can now use the `DATABASE_URL` environment variable to connect to your database
+
+### Attaching an app using flyctl
+
+To attach an application to your database using flyctl run:
+```cmd
+fly mpg attach <clusterID> -a <app-to-attach>
+```
+This will also trigger a restart of the selected app in order to add the secret. You can find the cluster ID in your MPG dashboard or by using the `fly mpg list` command. 
+
+Both of the attachment options will use the pooled connection URL, which uses PGBouncer to help manage database connections efficiently. This is recommended for most apps. 
+
+### Manually connect an application using a connection string
+
+After your database is created, the "Connection" tab will display connection strings for both the pooled connection URL, and the direct database connection address. You can use these to manually connect an app to the database by setting it as a secret in your Fly.io application:
+
+```cmd
+fly secrets set DATABASE_URL="postgres://username:password@host:port/database"
+```
+
+## Connecting from a local machine using flyctl
+
+Because your MPG Cluster runs within your Fly.io private network, it's not accessible over the public internet. You can use flyctl to securely connect to your database from your local machine for development, manual DB work, or to connect to a local tool. All connections using flyctl are securely routed through your organizations [private wireguard network](/docs/networking/private-networking/)
+
+### Connecting with psql
+
+To connect directly to your Managed Postgres database using psql:
+
+```cmd
+fly mpg connect [flags]
+```
+
+This command will create a direct connection to your database and open a psql session. You'll need a compatible psql version installed locally.
+
+### Setting up a Proxy Connection
+
+You can create a proxy connection to your Managed Postgres database using the '[mpg proxy](https://fly.io/docs/flyctl/mpg-proxy/)' command:
+
+```cmd
+fly mpg proxy [flags]
+```
+
+This will open a connection on one of your local ports that forwards to your database.
+
+```out
+$ fly mpg proxy    
+? Select Organization: My Organization (personal)
+? Select a Postgres cluster my-test-cluster (iad)
+Proxying localhost:16380 to remote [fdaa:1:2345:0:0::11]:5432
+```
+
+
+This command is useful when you want to connect to your database from your local machine using tools other than psql, such as database management tools or your application in development. 
+
+To use the local proxy connection you can modify the direct connection string from your dashboard, replacing the "flympg.net" domain with "localhost": 
+
+```out
+Connection String: postgres://fly-user:<password>@localhost:16380/fly-db
+```
+
+## Alternative: Connect via WireGuard
+
+As an alternative to using flyctl proxy commands, you can connect to your MPG cluster directly through your organization's private network using WireGuard. 
+
+First, [set up a WireGuard connection to your private network](/docs/blueprints/connect-private-network-wireguard/). Once connected, you can use the direct connection string from your MPG dashboard:
+
+```cmd
+psql "postgresql://fly-user:<PASSWORD>@direct.<CLUSTER_HASH_ID>.flympg.net/fly-db"
+```
+
+This connection method is particularly useful for database management tools that need persistent connections or development environments where you want direct database access.
diff --git a/mpg/extensions.html.md b/mpg/extensions.html.md
new file mode 100644
index 0000000000..f0c03809bb
--- /dev/null
+++ b/mpg/extensions.html.md
@@ -0,0 +1,113 @@
+---
+title: Supported Postgres Extensions
+layout: docs
+nav: mpg
+date: 2025-07-23
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+
+## Overview
+
+Fly.io Managed Postgres (MPG) clusters include all modules and extensions provided with the default Postgres 16 distribution. This includes commonly used tools and utilities like `pgcrypto`, `pg_stat_monitor`, and `citext`. The PostgreSQL Extensions page allows you to enable or disable trusted PostgreSQL extensions for your managed database cluster. Extensions add extra functionality to your database, such as new data types, functions, or capabilities.
+
+By default the `plpgsql`, `pg_stat_monitor`, and `pgaudit` extensions are enabled and cannot be disabled.
+
+## Using the Extensions Page
+
+### Search for Extensions
+- Use the search bar to quickly find extensions by name or description
+
+### Select a Database
+- Use the dropdown on the right to choose which database to manage
+- Extensions are enabled/disabled per database, not cluster-wide
+
+### Enable or Disable Extensions
+- Click the toggle switch next to any extension to enable or disable it
+- Each extension displays its version number (e.g., v1.3) showing which version is installed when enabled, or which version will be installed when you enable it
+
+### Additional notes
+
+- If your cluster is still initializing or otherwise degraded, you'll need to wait before managing extensions
+
+## Supported Third Party Extensions
+
+Aside from the extensions bundled with the default Postgres distribution, we are working to support other commonly used third party extensions.
+
+Currently only [Vector](https://github.com/pgvector/pgvector) and [PostGIS](https://postgis.net) are supported, both can be enabled from the Extensions page for your cluster. PostGIS can be enabled when creating a cluster, too:
+
+- Via the dashboard, check "Enable PostGIS" under the "Extensions" section
+- When creating a cluster via flyctl, pass the `--enable-postgis-support` flag:
+
+```cmd
+flyctl mpg create --enable-postgis-support
+```
+
+We plan on supporting additional third party extensions based on user feedback. If there's an extension you rely on or commonly use, please let us know! 
+
+## Supported extensions
+
+This is a list of all bundled extensions included in MPG. Not all of these can be enabled at this time, but we are working on adding support for as many extensions as possible.
+
+| Name | Available | Description |
+| --- | --- | --- |
+| `adminpack` | | Support toolpack for pgAdmin to provide additional functionality like remote management of server log files. |
+| `amcheck` | | Provides functions to verify the logical consistency of the structure of indexes, such as B-trees. It's useful for detecting system catalog corruption and index corruption. |
+| `auth_delay` | | Causes the server to pause briefly before reporting authentication failure, to make brute-force attacks on database passwords more difficult. |
+| `auto_explain` | | Automatically logs execution plans of slow SQL statements. It helps in performance analysis by tracking down un-optimized queries in large applications that exceed a specified time threshold. |
+| `basebackup_to_shell` | | Adds a custom basebackup target called shell. This enables an administrator to make a base backup of a running PostgreSQL server to a shell archive. |
+| `basic-archive` | | An archive module that copies completed WAL segment files to the specified directory. Can be used as a starting point for developing own archive module. |
+| `bloom` | | Provides an index access method based on Bloom filters.<br>A Bloom filter is a space-efficient data structure that is used to test whether an element is a member of a set. |
+| `btree_gin` | ✓ | Provides GIN index operator classes with B-tree-like behavior. This allows you to use GIN indexes, which are typically used for full-text search, in situations where you might otherwise use a B-tree index, such as with integer or text data. |
+| `btree_gist` | ✓ | Provides GiST (Generalized Search Tree) index operator classes that implement B-tree-like behavior. This allows you to use GiST indexes, which are typically used for multidimensional and non-scalar data, in situations where you might otherwise use a B-tree index, such as with integer or text data. |
+| `citext` | ✓ | Provides a case-insensitive character string type, citext. Essentially, it internally calls lower when comparing values. Otherwise, it behaves almost exactly like text. |
+| `cube` | ✓ | Implements a data type cube for representing multidimensional cubes |
+| `dblink` | | Provides functions to connect to other PostgreSQL databases from within a database session. This allows for queries to be run across multiple databases as if they were on the same server. |
+| `dict_int` | ✓ | An example of an add-on dictionary template for full-text search. It's used to demonstrate how to create custom dictionaries in PostgreSQL. |
+| `dict_xsyn` | | Example synonym full-text search dictionary. This dictionary type replaces words with groups of their synonyms, and so makes it possible to search for a word using any of its synonyms. |
+| `earthdistance` | | This module provides two different approaches to calculating great circle distances on the surface of the Earth. The first one depends on the cube module. The second one is based on the built-in point data type, using longitude and latitude for the coordinates. |
+| `fuzzystrmatch` | ✓ | Determine similarities and distance between strings |
+| `hstore` | ✓ | Implements the hstore data type for storing sets of key/value pairs within a single PostgreSQL value. |
+| `intagg` | | Integer aggregator and enumerator. |
+| `intarray` | ✓ | Provides a number of useful functions and operators for manipulating null-free arrays of integers. |
+| `isn` | ✓ | Provides data types for the following international product numbering standards: EAN13, UPC, ISBN (books), ISMN (music), and ISSN (serials). |
+| `jsonb_plperl` | | Transform between jsonb and plperl |
+| `lo` | ✓ | Provides support for managing Large Objects (also called LOs or BLOBs). This includes a data type lo and a trigger lo_manage. |
+| `ltree` | ✓ | Implements a data type ltree for representing labels of data stored in a hierarchical tree-like structure. Extensive facilities for searching through label trees are provided. |
+| `oldsnapshot` | | Allows inspection of the server state that is used to implement old_snapshot_threshold. |
+| `pageinspect` | | Provides functions that allow you to inspect the contents of database pages at a low level, which is useful for debugging purposes. |
+| `passwordcheck` | | Checks users' passwords whenever they are set with CREATE ROLE or ALTER ROLE. If a password is considered too weak, it will be rejected and the command will terminate with an error. |
+| `pg_buffercache` | | Provides the set of functions for examining what's happening in the shared buffer cache in real time. |
+| `pg_freespacemap` | | Provides a means of examining the free space map (FSM), which PostgreSQL uses to track the locations of available space in tables and indexes. This can be useful for understanding space utilization and planning for maintenance operations. |
+| `pg_prewarm` | | Provides a convenient way to load relation data into either the operating system buffer cache or the PostgreSQL buffer cache. This can be useful for reducing the time needed for a newly started database to reach its full performance potential by preloading frequently accessed data. |
+| `pg_stat_monitor` | ✓ | A more advanced version of pg_stat_statements for tracking planning and execution statistics of all SQL statements executed by a server. Includes all columns available in pg_stat_statements plus provides additional ones.|
+| `pg_stat_statements` | | A module for tracking planning and execution statistics of all SQL statements executed by a server. Consider using an advanced version of pg_stat_statements - pg_stat_monitor |
+| `pg_surgery` | | Provides various functions to perform surgery on a damaged relation. These functions are unsafe by design and using them may corrupt (or further corrupt) your database. Use them with caution and only as a last resort |
+| `pg_trgm` | ✓ | Provides functions and operators for determining the similarity of alphanumeric text based on trigram matching. A trigram is a contiguous sequence of three characters. The extension can be used for text search and pattern matching operations. |
+| `pg_visibility` | | Provides a way to examine the visibility map (VM) and the page-level visibility information of a table. It also provides functions to check the integrity of a visibility map and to force it to be rebuilt. |
+| `pg_walinspect` | | Provides SQL functions that allow you to inspect the contents of write-ahead log of a running PostgreSQL database cluster at a low level, which is useful for debugging, analytical, reporting or educational purposes. |
+| `pgcrypto` | ✓ | Provides cryptographic functions for PostgreSQL. |
+| `pgrowlocks` | | Provides a function to show row locking information for a specified table. |
+| `pgstattuple` | | Provides various functions to obtain tuple-level statistics. It offers detailed information about tables and indexes, such as the amount of free space and the number of live and dead tuples. |
+| `plpgsql` | ✓ | PL/pgSQL procedural language |
+| `PostGIS` | ✓ | Geographic information system extension for PostgreSQL |
+| `postgis_raster` | ✓ | Raster data support for PostGIS |
+| `postgis_sfcgal` | ✓ | SFCGAL support for PostGIS |
+| `postgis_topology` | ✓ | Topology data support for PostGIS |
+| `postgres_fdw` | | Provides a Foreign Data Wrapper (FDW) for accessing data in remote PostgreSQL servers. It allows a PostgreSQL database to interact with remote tables as if they were local. |
+| `seg` | ✓ | Implements a data type seg for representing line segments, or floating point intervals. seg can represent uncertainty in the interval endpoints, making it especially useful for representing laboratory measurements. |
+| `segpgsql` | | SELinux-, label-based mandatory access control (MAC) security module. It can only be used on Linux 2.6.28 or higher with SELinux enabled. |
+| `spi` | | Provides several workable examples of using the Server Programming Interface (SPI) and triggers. |
+| `sslinfo` | | Provides information about the SSL certificate that the current client provided when connecting to PostgreSQL. |
+| `tablefunc` | ✓ | Includes various functions that return tables (that is, multiple rows). These functions are useful both in their own right and as examples of how to write C functions that return multiple rows. |
+| `tcn` | ✓ | Provides a trigger function that notifies listeners of changes to any table on which it is attached. |
+| `test_decoding` | | An SQL-based test/example module for WAL logical decoding |
+| `tsm_system_rows` | ✓ | Provides the table sampling method SYSTEM_ROWS, which can be used in the TABLESAMPLE clause of a SELECT command. |
+| `tsm_system_time` | ✓ | Provides the table sampling method SYSTEM_TIME, which can be used in the TABLESAMPLE clause of a SELECT command. |
+| `unaccent` | ✓ | A text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any). This allows accent-insensitive processing for full text search. |
+| `uuid-ossp` | ✓ | Provides functions to generate universally unique identifiers (UUIDs) using one of several standard algorithms |
+| `vector` | ✓ | vector data type and ivfflat and hnsw access methods |
diff --git a/mpg/guides-examples/phoenix-guide.html.md b/mpg/guides-examples/phoenix-guide.html.md
new file mode 100644
index 0000000000..811780fc1f
--- /dev/null
+++ b/mpg/guides-examples/phoenix-guide.html.md
@@ -0,0 +1,121 @@
+---
+title: "Phoenix with Managed Postgres"
+layout: docs
+nav: mpg
+date: 2025-09-16
+author: Kaelyn
+---
+
+This guide explains the key **Managed Postgres (MPG)-specific adjustments** you need when connecting a Phoenix app. We'll focus on:
+
+1. Connection Pooling Settings
+2. Running Migrations
+3. Using Oban with MPG
+4. Troubleshooting and Common Issues
+
+This guide doesn’t cover Phoenix or Ecto setup—we assume you already have that in place.
+
+## Connection Pooling with PgBouncer + Ecto
+
+Fly.io MPG uses [PgBouncer](https://www.pgbouncer.org/) for connection pooling. By default, MPG clusters run in **Session** mode but Ecto requires **Transaction** mode due to how it handles connection pooling.
+
+To configure PgBouncer:
+
+1. Open your MPG cluster in the dashboard.
+2. Go to **Connect → Pooler settings**.
+3. Set **Pool mode** to **Transaction**.
+
+You'll also need to update your repo config:
+
+```elixir
+config :my_app, MyApp.Repo,
+  url: System.fetch_env!("DATABASE_URL"),
+  pool_size: 8,
+  timeout: 15_000,
+  prepare: :unnamed
+```
+
+`prepare: :unnamed` is required because named prepared statements don't work with PgBouncer in transaction mode.
+
+## Running Migrations
+
+While you'll need to use Transaction mode with Ecto for most cases, Migrations are a special case. Migrations rely on [advisory locks](https://www.postgresql.org/docs/current/explicit-locking.html#ADVISORY-LOCKS) and session stickiness, which PgBouncer's [transaction pooling mode](https://www.pgbouncer.org/usage.html#pool-modes) doesn't support. For running migrations you'll need to configure your app to use the **direct database URL** instead.
+
+Update your secrets to add a `DIRECT_DATABASE_URL`
+
+```bash
+fly secrets set \
+  DATABASE_URL="postgresql://...@pgbouncer.<cluster>.flympg.net/fly-db" \
+  DIRECT_DATABASE_URL="postgresql://...@direct.<cluster>.flympg.net/fly-db"
+```
+
+In your fly.toml, update your release command to use the direct connection for running your migration:
+
+```toml
+[deploy]
+  release_command = "/bin/sh -lc 'DATABASE_URL=$DIRECT_DATABASE_URL bin/migrate'"
+```
+
+Or run a migration manually:
+
+```bash
+fly ssh console -C '/bin/sh -lc "DATABASE_URL=\"$DIRECT_DATABASE_URL\" bin/migrate"'
+```
+
+## Using Oban with MPG
+
+If you're using the [Oban library](https://hexdocs.pm/oban/Oban.html) for handling Job queues, you'll need to make a few adjustments as PgBouncer in transaction mode doesn't support `LISTEN/NOTIFY`, which Oban uses for job notifications. You have a few options:
+
+### 1. Use a non-Postgres notifier
+
+```elixir
+# Distributed Erlang notifier
+config :my_app, Oban,
+  repo: MyApp.ObanRepo,
+  notifier: Oban.Notifiers.PG,
+  queues: [default: 10]
+```
+
+Or with Phoenix PubSub:
+
+```elixir
+config :my_app, Oban,
+  repo: MyApp.ObanRepo,
+  notifier: {Oban.Notifiers.Phoenix, pubsub: MyApp.PubSub},
+  queues: [default: 10]
+```
+
+### 2. Run Oban on a direct connection
+
+If you have a requirement to use Postgres `LISTEN/NOTIFY`, you can set up Oban to use a direct database connection instead of using PG Bouncer
+
+```elixir
+config :my_app, Oban,
+  repo: MyApp.DirectRepo,
+  notifier: Oban.Notifiers.Postgres,
+  queues: [default: 10]
+```
+
+This uses direct DB connections. Each connection is an Ecto pool entry that bypasses PgBouncer. Because direct connections are limited, keep the pool very small.
+
+### 3. Legacy fallback (Oban < 2.14)
+
+Older versions required the Repeater plugin. Since Oban 2.14 (2023), polling fallback is built-in and Repeater is deprecated.
+
+## Troubleshooting and common errors
+
+### Troubleshooting checklist
+
+- Set PgBouncer pool mode to Transaction.
+- Set `prepare: :unnamed` on every Repo.
+- Use the pooled URL for app traffic and the direct URL for migrations and other session-scoped operations (advisory locks, etc.).
+- Keep Ecto pools modest on the Basic plan (API repo 8, Oban repo 6). Reduce if most connections sit idle.
+- Check MPG metrics around error timestamps for restarts or memory pressure.
+
+### Common errors and fixes
+
+- `tcp recv (idle): closed` or `tcp recv (idle): timeout` — These are idle connection reclaimed by the pooler, and don't represent an issue as Ecto reconnects automatically. To remove them, lower your pool size or ignore.
+- `FATAL 08P01 protocol_violation` on login — Set `prepare: :unnamed` and ensure PgBouncer is in Transaction mode.
+- Oban jobs not running — Use a non-Postgres notifier (PG or Phoenix) behind PgBouncer, or run Oban on a direct Repo. On Oban ≥ 2.14, do not add Repeater (polling fallback is automatic when PubSub isn't available).
+- Migrations hanging or failing — Run migrations with the direct database URL (via `release_command` or a one-off SSH command), not through PgBouncer.
+- `non-existing domain - :nxdomain` - Make sure [ipv6 is enabled](https://fly.io/docs/elixir/getting-started/#important-ipv6-settings)
diff --git a/mpg/import.html.md b/mpg/import.html.md
new file mode 100644
index 0000000000..a1f1e83e13
--- /dev/null
+++ b/mpg/import.html.md
@@ -0,0 +1,64 @@
+---
+title: Import data from another postgres cluster
+layout: docs
+nav: mpg
+date: 2025-07-11
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+
+## Import data from another postgres cluster into your Managed Postgres Cluster
+
+If you're migrating to Fly Managed Postgres (MPG) from an unmanaged Fly Postgres cluster or another Postgres provider, you'll need to import your data into your MPG cluster.
+
+There isn't currently an automated way to migrate an existing DB's data, but you can accomplish this with a standard Postgres dump and restore process after creating your MPG cluster.
+
+For simple databases, this can be as easy as running :
+
+```cmd
+ pg_dump "$LEGACY_PG_CONNECTION_STRING" | psql "$MPG_URI".
+```
+
+Because your MPG cluster runs within your Fly Private Network, you'll need to be connected to your organizations Wireguard network in order to restore into your MPG database. To run the import process from your local machine, you would take the following steps: 
+
+1. Create your Managed Postgres cluster from the Fly.io dashboard, or using `fly mpg create`
+
+  <div class="warning icon">
+  <b>Warning:</b> Your new cluster must be created with a volume at least as large as the database you're importing, otherwise the import process will fail. 
+  </div> 
+
+2. Open a proxy connection to your MPG database with
+  ```out
+  $ fly mpg proxy    
+  ? Select Organization: My Organization (personal)
+  ? Select a Postgres cluster my-test-cluster (iad)
+  Proxying localhost:16380 to remote [fdaa:1:2345:0:0::67]:5432
+  ```
+
+3. Find your MPG cluster's connection string in the dashboard, and modify it to use the local proxy: 
+  ```out
+  Connection String: postgres://fly-user:<password>@localhost:16380/fly-db
+  ``` 
+
+4. Run the dump and restore command
+```cmd
+ pg_dump "$LEGACY_PG_CONNECTION_STRING" | psql postgres://fly-user:<password>@localhost:16380/fly-db
+```
+
+5. If everything succeeds, all data from your legacy cluster will be imported into your new MPG cluster. 
+
+For larger or more complex databases, you may need to break the dump and restore process into multiple steps. You may also consider using dedicated PG migration tools like [pgloader](https://pgloader.io/) or [pgcopydb](https://github.com/dimitri/pgcopydb).
+
+## Limitations
+Some source databases may not be a good fit for importing into a Fly Managed Postgres cluster.  Some common cases that will prevent imports are if your source database:
+
+- Relies on a third party extension that [isn't supported by MPG](/docs/mpg/extensions)
+- Is larger than 1 TB (the maximum storage limit for MPG clusters)
+
+Note: While MPG supports up to 1 TB of storage, initial cluster creation is limited to 500 GB. For databases larger than 500 GB, you'll need to create your cluster with the maximum initial size and then expand storage after the import process.
+
+Multi-schema and multi-database imports are supported. If your app uses multiple schemas or databases, imports should work as expected when run with the default `fly-user` or another user with the `schema_admin` role.
diff --git a/mpg/index.html.md b/mpg/index.html.md
new file mode 100644
index 0000000000..da7fa3b323
--- /dev/null
+++ b/mpg/index.html.md
@@ -0,0 +1,93 @@
+---
+title: Managed Postgres
+layout: docs
+nav: mpg
+date: 2025-07-10
+redirect_from: /docs/mpg/overview/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+## What is Managed Postgres?
+
+Fly.io's Managed Postgres is our fully-managed database service that handles all aspects of running production PostgreSQL databases where we take care of:
+
+- Automatic backups and recovery
+- High availability with automatic failover
+- Performance monitoring and metrics
+- Resource scaling (CPU, RAM, storage)
+- 24/7 support and incident response
+- Automatic encryption of data at rest and in transit
+
+### What's included
+
+You'll be able to access:
+
+- A highly-available Postgres cluster within your Fly.io organization's [private network](/docs/networking/private-networking/)
+- Multiple databases and schemas on that cluster
+- Fly.io Support Portal to log tickets and get help
+- Any trusted extensions included in the [default Postgres 16 distribution](https://www.postgresql.org/docs/16/contrib.html)
+- The third party `pgvector` extension for vector similarity search
+- The third party `PostGIS` extension for adding geospatial data support, if enabled when provisioning your database
+
+### What's not there yet
+
+At the moment, the following features are under development:
+
+- Security patches and version upgrades
+- Third Party Postgres extensions besides `pgvector` or `postGIS`
+- Customer-facing alerting
+- Database migration tools
+
+We're working on expanding these capabilities and will provide updates as they become available.
+
+## Regions
+
+The current regions available for deploying Fly.io Managed Postgres are:
+
+- `ams` - Amsterdam, Netherlands
+- `fra` - Frankfurt, Germany
+- `gru` - São Paulo, Brazil
+- `iad` - Ashburn, Virginia, USA
+- `lax` - Los Angeles, California, USA
+- `nrt` - Tokyo, Japan
+- `ord` - Chicago, Illinois, USA
+- `sin` - Singapore
+- `sjc` - San Jose, California, USA
+- `syd` - Sydney, Australia
+
+We'll be rolling out more regions as soon as we can. Choose a region close to your application for optimal performance.
+
+## Database Storage
+
+Managed Postgres storage features:
+
+- Maximum storage limit: 1 TB
+- Initial storage size: Up to 500 GB at creation
+- Storage is replicated across all nodes in your cluster
+- Storage growth is monitored and managed automatically
+
+## Pricing
+
+The price of running Fly.io Managed Postgres depends on:
+
+- Your selected Managed Postgres Plan
+- The amount of storage your cluster has
+
+Your MPG plan determines the CPU and Memory configuration for your cluster. All plans include high availability, backups, and connection pooling.
+
+The current monthly plan pricing is:
+
+| Plan | CPU | Memory | Monthly Price |
+| --- | --- | --- | --- |
+| Basic | Shared-2x | 1GB | $38.00 |
+| Starter | Shared-2x | 2GB | $72.00|
+| Launch | Performance-2x| 8GB | $282.00 |
+| Scale | Performance-4x | 32GB | $962.00 |
+| Performance | Performance-8x | 64GB | $1,922.00 |
+
+Database storage is priced at **$0.28 per provisioned GB for a 30-day month**. For example, if you have 10GB of storage provisioned for your cluster, your monthly storage cost will be $2.80.
+
+Clusters created or deleted mid-month will have their pricing prorated accordingly.
diff --git a/mpg/metrics.html.md b/mpg/metrics.html.md
new file mode 100644
index 0000000000..7ecbad464f
--- /dev/null
+++ b/mpg/metrics.html.md
@@ -0,0 +1,63 @@
+---
+title: Monitoring and Metrics
+layout: docs
+nav: mpg
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+## Performance Monitoring
+
+The Managed Postgres dashboard provides comprehensive performance monitoring and metrics for your PostgreSQL clusters. The **Metrics** tab gives you real-time visibility into your database's performance, helping you identify bottlenecks and optimize your applications.
+
+### Accessing Metrics
+
+To view metrics for your cluster:
+
+1. Navigate to your MPG cluster in the Fly.io dashboard
+2. Click the **Metrics** tab
+3. Optionally filter by specific database using the database dropdown
+4. Select your desired time range (15 minutes, 1 hour, 6 hours, 24 hours, or 2 days)
+
+### Available Charts and Metrics
+
+The metrics dashboard provides detailed insights through various charts and gauges organized into categories:
+
+#### System Resource Metrics
+
+| Metric | Description |
+|--------|-------------|
+| **Database CPU Utilization** | CPU usage percentage for each database instance, labeled with Primary (P) and Replica (R) badges. Shows individual instance IDs and averages over the selected time period |
+| **Database Memory Utilization** | Memory usage for Primary and Replica database instances. Displays current usage and average consumption per instance |
+| **Pooler CPU Utilization** | CPU usage percentage for PGBouncer connection pooler instances. Typically remains low under normal operations |
+| **Pooler Memory Utilization** | Memory consumption in MB for connection pooler instances. Shows usage for each pooler with instance IDs |
+
+#### Connection Metrics
+
+| Metric | Description |
+|--------|-------------|
+| **Database Connections** | Shows active and idle database connections over time |
+| **Pooler Connections** | Tracks active and waiting connections through PGBouncer
+ |
+#### Database Operations
+
+| Metric | Description |
+|--------|-------------|
+| **Database Operations** | Row-level operations per second broken down by type (inserts, updates, deletes, and fetches). Shows throughput patterns and workload distribution across operation types |
+| **Cache Hit Ratio** | Percentage of data requests served from memory versus disk. Higher percentages (95%+) indicate efficient memory usage. Lower values suggest queries are hitting disk frequently |
+| **Deadlocks** | Count of database deadlocks detected when two or more transactions are waiting for each other to release locks. Shows frequency and timing of these mutual blocking situations |
+
+#### Storage
+
+| Metric | Description |
+|--------|-------------|
+| **Database Size** | Current storage usage across databases |
+
+#### Replication Metrics
+
+| Metric | Description |
+|--------|-------------|
+| **Replication Delay Bytes** | Amount of WAL (Write-Ahead Log) data in bytes that the replica is behind the primary. Measures the volume of changes waiting to be applied |
+| **Replication Delay Seconds** | Time in seconds that the replica lags behind the primary database. Represents how long ago the replica's current state reflects the primary |
diff --git a/mpg/overview.html.md b/mpg/overview.html.md
new file mode 100644
index 0000000000..c35f5d0583
--- /dev/null
+++ b/mpg/overview.html.md
@@ -0,0 +1,135 @@
+---
+title: Managed Postgres Overview
+layout: docs
+nav: mpg
+toc: false
+---
+
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/Managed_Postgres.png" alt="Illustration by Annie Ruygt of a balloon doing a lot of tasks" class="w-full max-w-lg mx-auto">
+</figure>
+
+## What is Managed Postgres?
+
+Fly.io's Managed Postgres is our database-as-a-service offering where we handle:
+
+- Automatic backups and recovery
+- High availability with automatic failover
+- Performance monitoring and metrics
+- Resource scaling (CPU, RAM, storage)
+- 24/7 support and incident response
+- Automatic encryption of data at rest and in transit
+
+### What's included
+
+You'll be able to access:
+
+- A highly-available Postgres cluster within your Fly.io organization's [private network](/docs/networking/private-networking/)
+- A single database on that cluster
+- Fly.io Support Portal to log tickets and get help
+- Any modules and extensions included in the [default Postgres 16 distribution](https://www.postgresql.org/docs/16/contrib.html)
+- The third party `pgvector` extension for vector similarity search, if enabled when provisioning your database
+
+### What's not there yet
+
+At the moment, the following features are under development:
+
+- Security patches and version upgrades
+- Multiple databases or schemas per cluster
+- Third Party Postgres extensions besides `pgvector`
+- Customer-facing monitoring and alerting
+- Database migration tools
+
+We're working on expanding these capabilities and will provide updates as they become available.
+
+## Creating a Managed Postgres Instance
+
+To create a new Managed Postgres cluster, visit your Fly.io dashboard and click the "Create new cluster" button in the Managed Postgres section.
+
+You'll be prompted to choose:
+
+- Cluster name (must be unique within your organization)
+- Region (see available regions below)
+- A plan with predefined hardware resources:
+  - Basic: 2 shared vCPUs, 1GB RAM
+  - Starter: 2 shared vCPUs, 2GB RAM
+  - Launch: 2 Performance vCPUs, 8GB RAM
+  - Scale: 4 Performance vCPUs, 32GB RAM
+  - Performance: 8 Performance vCPUs, 64GB RAM
+- Storage size (up to 500GB at creation)
+
+<div>
+    <img src="http://github.com/static/images/create-mpg.webp" alt="A screenshot of the Managed Postgres creation page.">
+</div>
+
+## Connecting to Your Managed Postgres Database
+
+To connect your Fly.io application to your Managed Postgres instance:
+
+1. After creation, the "Connection" tab will display your connection string
+2. Set it as a secret in your Fly.io application:
+
+```cmd
+fly secrets set DATABASE_URL="postgres://username:password@host:port/database"
+```
+
+3. Your application can now use the `DATABASE_URL` environment variable to connect
+
+For security, the connection string uses SSL by default. Make sure your application's Postgres client is configured to use SSL.
+
+## Using flyctl with Managed Postgres
+
+You can interact with your Managed Postgres instances using the Fly.io CLI (`flyctl`). Here are the key commands:
+
+### Connecting with psql
+
+To connect directly to your Managed Postgres database using psql:
+
+```cmd
+fly mpg connect [flags]
+```
+
+This command will establish a direct connection to your database using the psql client. You'll need psql installed locally.
+
+### Setting up a Proxy Connection
+
+To create a proxy connection to your Managed Postgres database:
+
+```cmd
+fly mpg proxy [flags]
+```
+
+This command is useful when you want to connect to your database from your local machine using tools other than psql, such as database management tools or your application in development.
+
+## Regions
+
+The current regions available for deploying Fly.io Managed Postgres are:
+
+- `fra` - Frankfurt, Germany
+- `gru` - São Paulo, Brazil
+- `iad` - Ashburn, USA
+- `lax` - Los Angeles, USA
+- `ord` - Chicago, USA
+- `syd` - Sydney, Australia
+
+We'll be rolling out more regions as soon as we can. Choose a region close to your application for optimal performance.
+
+## Database Storage
+
+Managed Postgres storage features:
+
+- Maximum storage limit: 1 TB
+- Initial storage size: Up to 500 GB at creation
+- Storage is replicated across all nodes in your cluster
+- Storage growth is monitored and managed automatically
+
+## Pricing
+
+The price of running Fly.io Managed Postgres depends on:
+
+- CPU/Memory configuration (Launch, Performance, or Enterprise plans)
+- Region in which you're deploying
+- Storage usage
+
+Database storage is priced at **$0.28 per GB for a 30-day month**. You can view detailed pricing in your Fly.io dashboard.
diff --git a/getting-started/app-services.html.md b/networking/app-services.html.md
similarity index 82%
rename from getting-started/app-services.html.md
rename to networking/app-services.html.md
index f8baaca591..b6f972cf68 100644
--- a/getting-started/app-services.html.md
+++ b/networking/app-services.html.md
@@ -1,20 +1,25 @@
 ---
 title: Connect to an App Service
 layout: docs
-sitemap: false
 nav: firecracker
+redirect_from: 
+  - /docs/getting-started/app-services/
 ---
 
+<figure>
+  <img src="http://github.com/static/images/docs-servers.webp" alt="">
+</figure>
+
 There are two basic ways to talk to a process running in your Fly Machine: 
 
 1. Via Fly Proxy, the Fly.io component that handles load balancing&mdash;this is what you'll need for any public web service
-2. Over the WireGuard [IPv6 private network ("6PN")](/docs/reference/private-networking/) that the app belongs to&mdash;this can be useful for, e.g., providing private supporting services to your Fly Apps
+2. Over the WireGuard [IPv6 private network ("6PN")](/docs/networking/private-networking/) that the app belongs to&mdash;this can be useful for, e.g., providing private supporting services to your Fly Apps
 
-## TL:DR
+## TL;DR
 
 Here's a cheat sheet for configuring apps to be reachable by each of these means:
 
-||Fly Proxy|Internal (6PN)|
+| &nbsp; |Fly Proxy|Internal (6PN)|
 |---|---|---|
 |Bind to | `0.0.0.0:<port>` ([<u>not UDP</u>](#udp-is-special)) | `fly-local-6pn:<port>`|
 |Needs `services` or<br>`http_service` in config? | YES | NO |
@@ -26,7 +31,7 @@ There's a bit more to the whole picture, which is why the rest of this document
 
 All services reachable from the public internet via a Fly App's global Anycast address are routed by Fly Proxy.
 
-Fly Proxy can load-balance requests for both public and private ([Flycast](/docs/reference/private-networking/#flycast-private-load-balancing)) services among a Fly App's VMs. Routing to a service with Fly Proxy also enables other Fly Proxy features, such as [starting and stopping Machines](/docs/apps/autostart-stop/) in response to fluctuations in request traffic.
+Fly Proxy can load-balance requests for both public and private ([Flycast](/docs/networking/flycast)) services among a Fly App's VMs. Routing to a service with Fly Proxy also enables other Fly Proxy features, such as [automatically starting and stopping Machines](/docs/launch/autostop-autostart/) in response to fluctuations in request traffic.
 
 ### Get the service listening on the right address within the VM
 
@@ -43,7 +48,7 @@ Define a [service](/docs/reference/configuration/#the-http_service-section) in `
 
 #### Private (Flycast) apps
 
-Configure a service as for a public app, but in addition: [Flycast](/docs/reference/private-networking/#flycast-private-load-balancing) doesn't do HTTPS, so make sure you've defined a non-HTTPS service, and also ensure that `force_https = true` is **not** included in any HTTP service definition.
+Configure a service as for a public app, but in addition: [Flycast](/docs/networking/flycast/) doesn't do HTTPS, so make sure you've defined a non-HTTPS service, and also ensure that `force_https = true` is **not** included in any HTTP service definition.
 
 ### Allocate a public or private IP to the app
 
@@ -53,14 +58,14 @@ To have Fly Proxy route requests to an app from the public internet, provision a
 
 #### Private (Flycast) apps
 
-To have Fly Proxy load-balance among VMs on a non-public app, [allocate a _private_ (Flycast) IPv6 address](/docs/reference/private-networking/#assigning-a-flycast-address) using `fly ips allocate-v6 --private`, and **remove any public IPs from the app** using `fly ips release <address>`. A Flycast IP can only be reached from within the private network it's allocated on, which must belong to the same Fly Organization as the Fly App it points to. 
+To have Fly Proxy load-balance among VMs on a non-public app, [allocate a _private_ (Flycast) IPv6 address](/docs/networking/flycast/) using `fly ips allocate-v6 --private`, and **remove any public IPs from the app** using `fly ips release <address>`. A Flycast IP can only be reached from within the private network it's allocated on, which must belong to the same Fly Organization as the Fly App it points to. 
 
 <section class="warning icon">
 If your configuration includes any services for Fly Proxy to route to, and the app has a public IP, that service is exposed to the whole internet.</section>
 
 ### A note on Fly App IPs and Fly-Replay routing
 
-App-wide IP addresses (public and private) tell Fly Proxy which app to deliver a request to. If a service _only_ needs to be reachable by Fly Proxy in its handling of the [Fly-Replay](/docs/reference/dynamic-request-routing/) response header, its app does not need an IP; app information is incorporated directly in the header.
+App-wide IP addresses (public and private) tell Fly Proxy which app to deliver a request to. If a service _only_ needs to be reachable by Fly Proxy in its handling of the [Fly-Replay](/docs/networking/dynamic-request-routing/) response header, its app does not need an IP; app information is incorporated directly in the header.
 
 ## Private services on 6PN (direct WireGuard connections)
 
@@ -82,7 +87,7 @@ Fly.io runs a specialized internal DNS service to find 6PN addresses for VMs. Qu
 
 Internal DNS gives us some useful presets for targeting requests. For instance, a DNS query on the address `<region>.<appname>.internal` yields the 6PN addresses of the VMs of app `<appname>` in region `<region>`. Addressing a request to `<region>.<appname>.internal` gets it delivered to one of those VMs.
 
-Our [private networking docs](https://fly.io/docs/reference/private-networking/#fly-internal-addresses) list the `.internal` names and what kind of information a DNS query returns for each.
+Our [private networking docs](https://fly.io/docs/networking/private-networking/#fly-io-internal-addresses) list the `.internal` names and what kind of information a DNS query returns for each.
 
 ## A note on IPv4 and IPv6 wildcards
 
@@ -148,7 +153,7 @@ cURL is a useful tool for checking that a service is reachable where it should b
 
 [6] If the check within the VM succeeded, but this step fails, check everything in note [5], plus: Ensure that there's an HTTP service configured and `force_https` is not set to `true`; Flycast doesn't work over HTTPS.
 
-[7] A Flycast IP [can be allocated](/docs/reference/private-networking/#assigning-a-flycast-address) on a different private network from the app it points to, if both networks belong to the same org. This lets your apps reach your service in a different 6PN, if the service is configured to be available over Flycast.
+[7] A Flycast IP [can be allocated](/docs/networking/flycast) on a different private network from the app it points to, if both networks belong to the same org. This lets your apps reach your service in a different 6PN, if the service is configured to be available over Flycast.
 
 [8] If this fails (i.e. you don't get the expected response from the service), then either (a) the service isn't functioning the way you expect, (b) it's not bound to the port you pointed cURL at, or (&#99;) it's not bound to its 6PN address, and won't be reachable via the private WireGuard network (including at `.internal` addresses).
 
diff --git a/networking/custom-domain-api.html.markerb b/networking/custom-domain-api.html.markerb
new file mode 100644
index 0000000000..d334f11a57
--- /dev/null
+++ b/networking/custom-domain-api.html.markerb
@@ -0,0 +1,271 @@
+---
+title: Automate the certificate process for custom domains
+layout: docs
+nav: firecracker
+---
+
+This document provides examples of using Fly.io GraphQL API queries and mutations to automate the certificates process, which is useful when you need to issue multiple certificates automatically, for example, if you have individual apps per user with custom domains.
+
+To add a custom domain to a single app, see [Use a custom domain](/docs/networking/custom-domain/).
+
+To illustrate how to automate the certificates API, we are going to show the flyctl command and the equivalent GraphQL request, wrapped in a compact easy-to-read Node application from our [fly-examples/hostnamesapi](https://github.com/fly-apps/hostnamesapi) repository.
+
+## GraphQL API Notes
+
+**Endpoints**: The Endpoint for the Fly.io GraphQL API is `https://api.fly.io/graphql`.
+
+**Authentication**: All queries require an API token which be obtained by signing into the [dashboard](https://fly.io/dashboard/apps/), selecting **Account > Settings > Access Tokens > Create Access Token**. Create a new token and carefully note the value; we suggest placing it in an environment variable such as `FLY_API_TOKEN` so it can be passed to applications. When used with the API, the token should be passed in an `Authorization` header with the value `Bearer <token value>`.
+
+**IDs and Names**: Applications can be referred to by name or by ID. Currently the Application ID and Name are interchangeable. This will change in a future semantically significant version. To see how to query for ID and Name, see [getappbyid.js](https://github.com/fly-apps/hostnamesapi/blob/master/getappbyid.js) and [getappbyname.js](https://github.com/fly-apps/hostnamesapi/blob/master/getappbyname.js) in the example repository.
+
+## Listing all the hosts of an application
+
+**With flyctl**: `fly certs list`
+
+**With GraphQL**: The example is in the repository as [getcerts.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcerts.js). This request takes the application name as a parameter.
+
+```graphql
+query($appName: String!) {
+  app(name: $appName) {
+    certificates {
+      nodes {
+        createdAt
+        hostname
+        clientStatus
+      }
+    }
+  }
+}
+```
+
+**Example output**:
+
+```json
+{
+  "app": {
+    "certificates": {
+      "nodes": [
+        {
+          "createdAt": "2020-03-04T14:17:14Z",
+          "hostname": "example.com",
+          "clientStatus": "Ready"
+        },
+        {
+          "createdAt": "2020-03-05T15:28:41Z",
+          "hostname": "exemplum.com",
+          "clientStatus": "Ready"
+        }
+		  ]
+	  }
+  }
+}
+```
+
+This lists every host associated with the application. Each host may have up to two (RSA/ECDSA) certificates associated with it. See "[Reading a certificate from an application](#reading-a-certificate-from-an-application)" to see how to query the certificates associated with the hostnames.
+
+## Creating a certificate for an application
+
+**With flyctl**: `fly certs add <hostname>`
+
+**With GraphQL**: The example is [addcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcerts.js). This request takes the application id and hostname as parameters.
+
+```graphql
+mutation($appId: ID!, $hostname: String!) {
+    addCertificate(appId: $appId, hostname: $hostname) {
+        certificate {
+            configured
+            acmeDnsConfigured
+            acmeAlpnConfigured
+            isAcmeHttpConfigured
+            certificateAuthority
+            certificateRequestedAt
+            dnsProvider
+            dnsValidationInstructions
+            dnsValidationHostname
+            dnsValidationTarget
+            hostname
+            id
+            source
+        }
+    }
+}
+```
+
+
+**Example Output**:
+
+```json
+{
+  "addCertificate": {
+    "certificate": {
+      "configured": true,
+      "acmeDnsConfigured": true,
+      "acmeAlpnConfigured": true,
+      "isAcmeHttpConfigured": true,
+      "certificateAuthority": "lets_encrypt",
+      "certificateRequestedAt": "2020-03-06T12:26:36Z",
+      "dnsProvider": "enom",
+      "dnsValidationInstructions": "CNAME _acme-challenge.codepope.wtf => example.com.o055.flydns.net.",
+      "dnsValidationHostname": "_acme-challenge.example.com",
+      "dnsValidationTarget": "example.com.o055.flydns.net",
+      "hostname": "example.com",
+      "id": "LO7FgYIy0sBZC8yuGNFKQH4QCq4ujMfJZumJCVNiQxhMq",
+      "source": "fly"
+    }
+  }
+}
+```
+
+The returned data here includes all the values needed to configure DNS records for pre-traffic validation.
+
+## Reading a certificate from an application
+
+**With flyctl**: `fly certs show hostname`
+
+**With GraphQL**: The example is [getcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/getcert.js). This request takes the application name and hostname as parameters.
+
+```graphql
+query($appName: String!, $hostname: String!) {
+  app(name: $appName) {
+    certificate(hostname: $hostname) {
+      configured
+      acmeDnsConfigured
+      acmeAlpnConfigured
+      isAcmeHttpConfigured
+      certificateAuthority
+      createdAt
+      dnsProvider
+      dnsValidationInstructions
+      dnsValidationHostname
+      dnsValidationTarget
+      hostname
+      id
+      source
+      clientStatus
+      issued {
+        nodes {
+          type
+          expiresAt
+        }
+      }
+    }
+  }
+}
+```
+
+**Example Output**:
+
+```json
+{
+  "app": {
+    "certificate": {
+      "configured": true,
+      "acmeDnsConfigured": true,
+      "acmeAlpnConfigured": true,
+      "isAcmeHttpConfigured": true,
+      "certificateAuthority": "lets_encrypt",
+      "createdAt": "2020-03-04T17:17:39Z",
+      "dnsProvider": "enom",
+      "dnsValidationInstructions": "CNAME _acme-challenge.example.com => example.com.o055.flydns.net.",
+      "dnsValidationHostname": "_acme-challenge.example.com",
+      "dnsValidationTarget": "example.com.o055.flydns.net",
+      "hostname": "example.com",
+      "id": "4n8ikGIzjsm0s5VclwTDaSODtveu2xCZkHkKCaRilafGk",
+      "source": "fly",
+      "clientStatus": "Ready",
+      "issued": {
+        "nodes": [
+          {
+            "type": "ecdsa",
+            "expiresAt": "2020-06-02T16:17:51Z"
+          },
+          {
+            "type": "rsa",
+            "expiresAt": "2020-06-02T16:17:45Z"
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
+Most of the output duplicates the details from adding a certificate, including the DNS validation settings. The difference here is the `issued` section which contains an array of nodes, each of which is the type and expiry date of certificates that have been issued against this host name. Here we see that ECSDA and RSA certificates have been issued.
+
+## Checking a certificate
+
+**With flyctl**: `fly certs check hostname`
+
+**With GraphQL**: The example is [checkcert.js](https://github.com/fly-apps/hostnamesapi/blob/master/checkcert.js). This request takes the application name and hostname as parameters. It is essentially the same as reading the certificate, but the presence of a request for the certificate's check value will start a validation process. The output is similar too.
+
+```graphql
+query($appName: String!, $hostname: String!) {
+  app(name: $appName) {
+    certificate(hostname: $hostname) {
+        check
+        configured
+        acmeDnsConfigured
+        acmeAlpnConfigured
+        isAcmeHttpConfigured
+        certificateAuthority
+        createdAt
+        dnsProvider
+        dnsValidationInstructions
+        dnsValidationHostname
+        dnsValidationTarget
+        hostname
+        id
+        source
+        clientStatus
+        issued {
+          nodes {
+              type
+              expiresAt
+          }
+        }
+    }
+  }
+}
+```
+
+## Deleting a certificate
+
+**With flyctl**: `fly certs delete hostname`
+
+**With GraphQL**: The example is [deletecert.js](https://github.com/fly-apps/hostnamesapi/blob/master/deletecert.js). This request takes the application name and hostname as parameters and will remove the hostname from the application.
+
+```graphql
+   mutation($appId: ID!, $hostname: String!) {
+        deleteCertificate(appId: $appId, hostname: $hostname) {
+            app {
+                name
+            }
+            certificate {
+                hostname
+                id
+            }
+        }
+    }
+```
+
+The GraphQL mutation returns the app name and the hostname and certificate id that was removed.
+
+**Example Output**:
+
+```json
+{
+  "deleteCertificate": {
+    "app": {
+      "name": "nginxproxy"
+    },
+    "certificate": {
+      "hostname": "example.com",
+      "id": "6AZc4AS6ysZgHPqFg7TGzIyofewuZnToxu6lUbBi8DHGQ"
+    }
+  }
+}
+```
+
+## Related topics
+
+- [Custom domains](/docs/networking/custom-domain/)
diff --git a/networking/custom-domain.html.markerb b/networking/custom-domain.html.markerb
new file mode 100644
index 0000000000..5059e92154
--- /dev/null
+++ b/networking/custom-domain.html.markerb
@@ -0,0 +1,155 @@
+---
+title: Custom domains
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/apps/custom-domain/
+  - /docs/app-guides/custom-domains-with-fly/
+  - /docs/networking/custom-domains-with-fly/
+---
+
+<figure>
+  <img src="http://github.com/static/images/docs-ui.webp" alt="">
+</figure>
+
+When you create a Fly App, it is automatically given a `fly.dev` subdomain, based on the app's name. This is great for testing, but when you want to go to full production you'll want your application to appear on your own domain and have HTTPS set up for you as it is with your `.fly.dev` domain. You can do this by adding your domain to your Fly App, then configuring DNS records through your DNS provider.
+
+## Add a custom domain for your app
+
+To add a custom domain, first attach your domain to your Fly App to get DNS configuration instructions, then configure your DNS records with your DNS provider.
+
+### Add your domain to your app
+
+Attach your domain to your Fly App. This prepares your app to generate TLS certificates and handle traffic for your custom domain, and shows you the DNS configuration options for your setup.
+
+You can add your domain with flyctl or in your app [dashboard](https://fly.io/dashboard/) under **Certificates**.
+
+For example, using the CLI:
+
+```cmd
+fly certs add example.com
+```
+
+This command will show you the applicable DNS configuration options for your setup, including:
+- A and AAAA records
+- CNAME records
+- Proxy setup (if using a CDN)
+- DNS-01 challenge (required for wildcards, optional for pre-traffic certificate generation)
+
+If you are adding a wildcard domain with the CLI, put quotes around the hostname to avoid shell expansion:
+
+```cmd
+fly certs add "*.example.com"
+```
+
+Use `fly certs check <hostname>` to check the certificate status and validation progress, or `fly certs setup <hostname>` to view the setup instructions again.
+
+### Configure DNS records
+
+Now that you've added your domain to your app, configure DNS records with your DNS provider to direct traffic to your Fly App. The setup instructions in the dashboard, or from `fly certs add`, show the recommended DNS configuration for your situation.
+
+Choose the DNS setup that matches your needs:
+
+#### A and AAAA records (recommended)
+
+Use A and AAAA records for most direct connections to your app. These records point your domain directly to your app's IP addresses.
+
+The A and AAAA records you need to set will be shown in your dashboard, and in the output from `fly certs add`. If your app doesn't have an IPv6 address, allocate one with `fly ips allocate-v6`.
+
+<div class="important">
+**Important:** Hostname validation will fail without an IPv6 address&mdash;and we won't attempt to issue or renew a certificate&mdash;unless you're using a [CNAME `_acme-challenge` for domain verification](#dns-challenge). However, we still recommend having both an IPv4 and an IPv6 address allocated if your app is serving traffic.
+</div>
+
+#### CNAME records
+
+CNAME records work well for subdomains (like `www.example.com` or `app.example.com`). A CNAME points your custom domain at a unique `.fly.dev` hostname for your app.
+CNAME records are also a good option if you have many IP addresses assigned to your app, or expect to change them in the future.
+
+Set the CNAME record with your DNS provider. Each app has a unique CNAME target that will be shown in the dashboard for your certificate, or in the output from `fly certs add`.
+
+Setting CNAME records for the apex domain can be problematic, and should be avoided unless your DNS provider supports CNAME flattening. Some providers use a special name for these records, such as ANAME or ALIAS, and some will flatten a CNAME at the apex automatically. In general, we recommend setting A/AAAA records on the apex domain.
+
+#### Proxy/CDN setup
+
+If you're using a proxy or CDN (like Cloudflare) in front of your Fly application, configure only an AAAA record pointing to your app's IPv6 address, as certificate generation requires IPv6 traffic.
+
+#### DNS Challenge
+
+Use the DNS-01 challenge when:
+
+- You need a wildcard certificate
+- You want to generate the certificate before directing traffic to your app
+- Automatic validation methods don't work for your setup
+
+This will require setting an `_acme-challenge` CNAME record on your domain. The required record will be shown in your dashboard, or in the output from `fly certs add`.
+
+### Certificate validation
+
+After you have configured your DNS, Fly.io automatically validates your domain ownership and issues certificates. This happens through one of these methods:
+
+- **TLS-ALPN challenge**: Validates through a TLS handshake with Fly Proxy. This is the preferred method and works automatically for direct connections.
+
+- **HTTP-01 challenge**: Validates by requesting a specific file from your domain. Used automatically when TLS-ALPN isn't available, such as with proxy/CDN configurations.
+
+- **DNS-01 challenge**: You manually add a DNS record to validate domain ownership. Required for wildcard certificates, or to generate certificates before directing traffic to your app.
+
+## Other `fly cert` commands
+
+* `fly certs list` - List the certificates associated with an app.
+* `fly certs check <hostname>` - Trigger a check on the domain validation and DNS configuration for the given hostname and return results in the same format as `fly certs show`.
+* `fly certs setup <hostname>` - Shows setup instructions for configuring DNS records for an existing certificate.
+* `fly certs remove <hostname>` - Remove a certificate from an app for the given hostname.
+
+
+## Teaching your app about custom domains
+
+Your application code needs to know how to accept custom domains and adjust the responses accordingly. If you're hosting content on behalf of your users, this typically means mapping the incoming hostname to a particular ID in your application database.
+
+When users make requests, their browser sends a `Host` header you can use to alter the behavior of your application. When you run your app server on Fly.io directly, just get the contents of the `Host` header to identify a request.
+
+If you're running your application on another provider, you will need to create a proxy application, like nginx to route traffic through Fly.io. Your application can then use the `X-Forwarded-Host` header to determine how to handle requests.
+
+## Supported top-level domains
+
+We support the top-level domains on the [IANA list](https://data.iana.org/TLD/tlds-alpha-by-domain.txt+external). Note that we only periodically update top-level domain support and there might be a delay before we add support for new top-level domains.
+
+## Troubleshoot certificate creation
+
+### Certificate creation or validation seems to hang, stall, or fail
+
+*Let's Encrypt™* is a free, automated, and open certificate authority that Fly.io uses to issue TLS certificates for custom domains. However, Let's Encrypt imposes certain rate limits to ensure fair usage. If you encounter issues when creating or validating a certificate for a custom domain on Fly.io, it's possible that you've hit these rate limits.
+
+The following [rate limits](https://letsencrypt.org/docs/rate-limits/) from Let's Encrypt apply:
+
+* Certificates per Registered Domain: 50 per week
+* Duplicate Certificate limit: 5 per week
+* Failed Validation limit: 5 failures per hostname, per hour
+
+Note that certificate renewals don’t count against your Certificates per Registered Domain limit.
+
+If you encounter issues when adding or validating a certificate for a custom domain on Fly.io, you can use the following methods to troubleshoot:
+
+* Use [Let's Debug](https://letsdebug.net/): A diagnostic tool/website to help figure out why you might not be able to issue a certificate for Let's Encrypt. Using a set of tests, it can identify a variety of issues, including: problems with basic DNS setup, problems with nameservers, rate limiting, networking issues, CA policy issues, and common website misconfigurations.
+* Wait and retry: If you've hit a rate limit, you'll need to wait until the rate limit window passes before you can successfully create or validate a certificate again. We don’t have a way to reset it.
+
+The best way to avoid hitting rate limits is to use staging environments and domains for testing and development, and to carefully plan your certificate issuance to stay within the limits. Avoid failed validation by ensuring that your DNS records are correctly configured, with no conflicting records.
+
+If you're building a platform on top of Fly.io, and you expect that your users will frequently delete and then recreate the same resources within a short window, consider implementing "soft delete" logic into your platform that retains the Fly.io resources for a period of time, negating the need to recreate certs frequently.
+
+### I use Cloudflare, and there seems to be a problem issuing or validating my Fly.io TLS certificate
+
+If you're using Cloudflare's proxying feature (orange cloud), Fly.io can generate a certificate using the HTTP-01 challenge.
+
+For this to work:
+
+1. **Configure DNS records properly**: Create only an AAAA record pointing to your app's IPv6 address. Do not create an A record or CNAME when using Cloudflare's proxy.
+2. **Set SSL mode**: Use "Full" or "Full (Strict)" SSL mode in Cloudflare. "Flexible" mode can cause redirect loops.
+
+Alternatively, you can use the [DNS-01 challenge method](#dns-challenge) instead of the automatic validation method, though this may conflict with Cloudflare's own certificate issuance.
+
+## Related reading
+
+- [Networking overview](/docs/networking/) Broader look at how Fly.io handles routing, DNS, IPs, and certificates.
+- [Automate the certificate process for custom domains](/docs/networking/custom-domain-api/) Use Fly.io's GraphQL API to automate cert provisioning and domain verification.
+- [TLS termination by Fly Proxy](/docs/security/tls-termination/) — How Fly.io handles HTTPS for your apps and manages TLS certificates automatically behind the scenes.
+- [Understanding Cloudflare](/docs/networking/understanding-cloudflare/) What happens when you put Fly.io behind Cloudflare, and how to avoid common pitfalls.
diff --git a/networking/custom-private-networks.html.markerb b/networking/custom-private-networks.html.markerb
new file mode 100644
index 0000000000..0f8a3a48d4
--- /dev/null
+++ b/networking/custom-private-networks.html.markerb
@@ -0,0 +1,147 @@
+---
+title: "Custom private networks"
+layout: docs
+nav: firecracker
+---
+
+You can isolate users, data, or code using custom private networks. 
+
+Every organization gets a default [private network](https://fly.io/docs/networking/private-networking/) (6PN) and all the apps in that network can communicate privately using `.internal` domains. When you create a new app, you can choose to place it on a distinct custom 6PN within your organization. Apps on separate 6PNs can never communicate unless explicitly configured to do so.
+
+## When to use custom private networks
+
+Custom private networks (6PNs) are a good solution for tenant isolation within a single organization. If you run a _Something_-as-a-Service platform on top of Fly.io, then you can create an app on a custom 6PN per customer for isolation. For example, you could have an app on a custom 6PN for each customer instance of your service, or for each customer running untrusted code on your platform. Customer Machines can communicate freely within their app (or between apps in their network), but won't be able to reach Machines or apps on other 6PNs.
+
+Depending on your requirements for billing and app management, separate organizations per customer might be a better option for tenant or client isolation. You can use [unified billing](https://fly.io/docs/about/billing/#unified-billing) to manage billing for multiple organizations, or have each organization billed separately.
+
+## Network names and IDs
+
+Network names are unique within your organization. We permanently associate a network ID with the network name the first time you specify the name and we never re-use that network ID within your organization. If you specify an existing network name when you create an app, we place the app on the associated network.
+
+If you destroy all the apps on a custom 6PN, the network technically still exists.
+
+It's a best practice to use a formula for naming custom 6PNs, especially if you're going to have a lot of them or if you need to add more than one app to each custom 6PN. For example, `customerID-network` or `appName-someID-network`. Network names can have letters, numbers, and dashes, but must start with a letter.
+
+## Create a custom private network
+
+<div class="note icon">
+You can't add an existing app to a custom 6PN or change an app's 6PN. An app can only exist in one 6PN.
+</div>
+
+Create a custom 6PN with the Machines API when you create an app with a `POST /v1/apps` request.
+
+For example:
+
+```json
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps" \\
+  -d '{
+      "app_name": "my-app-name",
+      "org_slug": "personal",
+      "network": "my-custom-network-name"
+    }'
+```
+
+See the [Machines API docs](https://fly.io/docs/machines/api/) for more information about using the API.
+
+Create a custom 6PN with flyctl when you create an app:
+
+```
+fly apps create <app name> --network <network name>
+```
+
+The `fly apps create` command creates an "empty" app with no Machines. You'll need to manually create Machines for the app using flyctl or the Machines API.
+
+## Connect apps in different 6PNs
+
+Private apps on different 6PNs can't communicate without being explicitly configured to do so.
+
+### Public apps
+
+If an app has a publicly reachable service, then apps on different 6PNs can reach that service using the public IP addresses.
+
+### Private apps with Flycast
+
+You can use a Flycast private IPv6 address to expose an app on one 6PN to another 6PN; the app won't be accessible via Flycast from its own network. When you assign the Flycast address, use the `--network` option to specify the name of the network from which requests will originate. For example:
+
+```cmd
+fly ips allocate-v6 --private --network custom-network-name
+```
+
+Learn more about using [Flycast](/docs/networking/flycast/).
+
+### Forward requests with the `fly-replay` response header
+
+The `fly-replay` response header tells Fly Proxy to forward HTTP requests to another app or Machine in your organization. You can use `fly-replay` to deliver requests to customer apps or Machines on custom 6PNs without having to expose them publicly.
+
+For example, you could receive HTTP requests on a public "router" app and then forward the requests to specific apps or Machines on  different customer 6PNs. The customer apps need to have services configured to expose a port on which to receive the requests. Make sure the customer apps don't have public IP addresses: apps created with the Machines API or with `fly apps create` don't get public IPs by default, but most apps created with `fly launch` do.
+
+Learn more about using the [`fly-replay` response header](/docs/networking/dynamic-request-routing/#the-fly-replay-response-header).
+
+## Connect directly to Machines on custom 6PNs
+
+As an administrator with a multi-tenant setup, you might need to troubleshoot customer issues. You can use flyctl's networking commands to reach Machines on a customer's 6PN within your organization, including:
+
+- `fly ssh console --app <app name>` or `fly ssh console --machine <machine id>` to SSH into an app Machine. See the [`fly ssh console` docs](/docs/flyctl/ssh-console/).
+- `fly ssh sftp` commands to work with files on an app Machine. See the [`fly ssh sftp` docs](/docs/flyctl/ssh-sftp/).
+- `fly proxy <local:remote> [remote_host] --app <app name>` to create a WireGuard tunnel to an app Machine. See the [`fly proxy` docs](/docs/flyctl/proxy/).
+
+## Check which network an app or Machine is on
+
+You can retrieve the network name for all apps in your organization and you can also verify that apps or Machines are on different networks by examining their private IPv6 addresses.
+
+### Get network names
+
+Right now the only way to get an app's network name is by listing all the apps in an organization with the Machines API.
+
+`GET /v1/apps?org_slug=<org name>`
+
+**Example response:**
+
+```json
+{
+    "total_apps": 22,
+    "apps": [
+        {
+            "id": "682kqp63x4k9d543",
+            "name": "aged-cherry-366",
+            "machine_count": 4,
+            "volume_count": 2,
+            "network": "default"
+        },
+        {
+            "id": "704e9387kyy13xgn",
+            "name": "muddy-violet-667",
+            "machine_count": 2,
+            "volume_count": 2,
+            "network": "test-network"
+        },
+...
+```
+
+See the [Machines API docs](https://fly.io/docs/machines/api/) for more information about using the API.
+
+### Network ID embedded in private IPv6 addresses
+
+Each 6PN is identified by a network ID, which is encoded into 32-bits of each private IPv6 address.
+
+You can confirm whether two Machines are on different networks by comparing their private IPv6 addresses. You can get a Machine's 6PN address in any of the following ways:
+
+- run `fly machines list -a my-app-name` 
+- run `fly machines status <machine id>`
+- from the Machine's `FLY_PRIVATE_IP` environment variable
+- [list the Machines in an app](/docs/machines/api/machines-resource/#list-machines) or [get a specific Machine config](/docs/machines/api/machines-resource/#get-a-machine) using the Machines API
+
+All Fly.io private IPv6 addresses start with `fdaa`. The 32-bits following `fdaa` identify the 6PN. For example, the following addresses belong to Machines on different 6PNs:
+
+```
+Machine 1: fdaa:2:45b:a7b:174:db43:d3c6:2
+Machine 2: fdaa:9:d844:a7b:e:33bd:e8b1:2
+```
+
+Machine 1's network ID is embedded in `:2:45b:` and Machine 2's network ID is embedded in `:9:d844:`.
+
+[Flycast](/docs/networking/flycast/) addresses also include the network ID in the same 32-bit grouping. Run `fly ips list` to get an app's private IPv6 address.
+
+Learn about [6PN addresses in detail](/docs/networking/private-networking/#6pn-addresses-in-detail).
diff --git a/networking/dynamic-request-routing.html.markerb b/networking/dynamic-request-routing.html.markerb
new file mode 100644
index 0000000000..1bbebd1747
--- /dev/null
+++ b/networking/dynamic-request-routing.html.markerb
@@ -0,0 +1,372 @@
+---
+title: Dynamic Request Routing with fly-replay
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/fly-replay/
+  - /docs/reference/regional-request-routing/
+  - /docs/reference/dynamic-request-routing/
+---
+
+The `fly-replay` feature gives you fine-grained control over request routing in your Fly.io applications. It allows you to dynamically route requests between regions, specific Machines, or even different apps within your organization.
+
+## How fly-replay Works
+
+When your app responds to a request with a `fly-replay` response, [Fly Proxy](/docs/reference/fly-proxy) will automatically replay the original request according to your specified routing rules. This enables advanced patterns like:
+
+- Routing write operations to primary database regions
+- Load balancing between specific Machines
+- Cross-app request routing within your organization
+- Implementing sticky sessions
+
+<%= youtube "https://www.youtube.com/watch?v=riCh9Xeuf0s" %>
+
+## Replay Header Format
+
+Your app can add a `fly-replay` header to its response. The `fly-replay` header accepts the following fields:
+
+|Field |Description |
+|---|---|
+|`region` | The region(s) to route the request to. Accepts comma-separated list of [region codes](/docs/reference/regions/) |
+|`instance` | The ID of a specific Machine to route to |
+|`prefer_instance` | The ID of a specific Machine to route to, if possible |
+|`app` | The name of another app (in same organization) to route to |
+|`state` | Optional string included in `fly-replay-src` header on replay |
+|`elsewhere` | If `true`, excludes responding Machine from next load-balance |
+
+### Example Usage
+
+Route to a specific region:
+```
+fly-replay: region=sjc
+```
+
+Route to one of the given regions, in order of preference:
+```
+fly-replay: region="iad,ord,us,na"
+```
+
+Route to a preferred region, or fallback to any available machine:
+```
+fly-replay: region="sjc,any"
+```
+
+Route to specific Machine:
+```
+fly-replay: instance=00bb33ff
+```
+
+Route to another app:
+```
+fly-replay: app=app-in-same-org
+```
+
+You can combine multiple fields:
+```
+fly-replay: region="sjc,any";app=app-in-same-org
+```
+
+<div class="note icon">
+**Note**: A comma-separated list of regions must be quoted.
+</div>
+
+### Geographic groups and aliases
+
+When replaying to a region, you can use geographic aliases like `us`, `eu`, or `sa` to target a broader area.
+
+| Alias | Area|
+|---------|------------------------|
+| `apac` | Asia-Pacific |
+| `eu` | Europe |
+| `na` | North America |
+| `sa` | South America |
+| `us`, `usa` | United States |
+| `any` | Earth |
+
+## Replay JSON Format
+
+Your app can set the response content-type to `application/vnd.fly.replay+json` and include replay instructions in the response body.
+For a complex replay the JSON body is easier to compose than the header format, and also supports more functionality.
+
+### JSON Structure
+
+The `application/vnd.fly.replay+json` replay body accepts the following fields:
+
+|Field |Description |
+|---|---|
+|`region` | The region(s) to route the request to. Accepts comma-separated list of [region codes](/docs/reference/regions/) |
+|`instance` | The ID of a specific Machine to route to |
+|`prefer_instance` | The ID of a specific Machine to route to, if possible |
+|`app` | The name of another app (in same organization) to route to |
+|`state` | Optional string included in `fly-replay-src` header on replay |
+|`elsewhere` | If `true`, excludes responding Machine from next load-balance |
+|`transform.path` | Rewrite the path and query parameters of the request |
+|`transform.delete_headers` | Delete headers from the request, hiding them from the replay target |
+|`transform.set_headers` | Set new headers on the request, overwriting headers of the same name |
+|`cache.prefix` | Cache the replay for matching requests (see [Replay Caching](#replay-caching)) |
+|`cache.ttl` | Cache the replay for this many seconds (see [Replay Caching](#replay-caching)) |
+|`cache.invalidate` | Invalidate the cache for the current route (see [Replay Caching](#replay-caching)) |
+
+### Example Usage
+
+Route to another app, and modify the request:
+
+```json
+{
+  "app": "target-app",
+  "region": "iad,us",
+  "transform": {
+    "path": "/new/path?param=value",
+    "delete_headers": ["x-unwanted-header", "cookie"],
+    "set_headers": [
+      { "name": "x-custom-header", "value": "new-value" },
+      { "name": "authorization", "value": "Bearer token123" }
+    ]
+  }
+}
+```
+
+## Replay Caching
+
+Replay caching allows Fly Proxy to remember and reuse replay decisions, reducing both load on your application and the latency of replayed requests. There are two types of replay caching:
+
+- **Path-based**: Cache replays for specific URL paths
+- **Session-based**: Cache replays for specific cookie or header values
+
+<div class="note icon">
+**Note**: Replay caching is an optimization, not a guarantee. Your app should _not_ depend on this mechanism to function.
+The app issuing `fly-replay` still serves as the ultimate source of truth, and we may decide to consult that app at any moment even if a replay cache has previously been set.
+To ensure reliable operation, the app issuing `fly-replay` should still have multiple instances deployed in multiple regions.
+</div>
+
+### Path-based Replay Caching
+
+Replay caching for paths is configured per-request during a replay. To cache a replay for a path:
+
+- Issue a `fly-replay` header as usual
+- Set `fly-replay-cache: /some/path/*`
+  - This needs to be a path-matching pattern, and implicitly ends with a wildcard `/*`. This is where the cached replay is applied.
+  - The cached replay is unique to the request domain. The domain may also be set explicitly: `example.com/some/path/*`
+  - The domain part should not include ports; use `example.com`, not `example.com:80`.
+  - The pattern must also match the current request.
+- Set `fly-replay-cache-ttl-secs: number_of_seconds`
+
+For apps using the JSON format, specify a `cache` object as part of the replay:
+
+```json
+{
+  "app": "target-app",
+  "cache": {
+    "prefix": "/some/path/*",
+    "ttl": 60
+  }
+}
+```
+
+### Session-based Replay Caching
+
+If your app's sessions are identified by a cookie or authorization header, and should consistently route to the same target, Fly Proxy can cache that replay.
+
+Unlike path-based caching (which requires your app to return `fly-replay-cache` headers), session-based caching is configured in your `fly.toml`. When your app issues a `fly-replay` response for a request with a matching cookie or header, Fly Proxy will cache that replay decision and automatically apply it to subsequent requests with the same session identifier.
+
+#### Configuration
+
+Configure session-based replay caching in your `fly.toml`. This can be set under `http_service.http_options` or `services.ports.http_options`:
+
+```toml
+[http_service]
+  internal_port = 8080
+  force_https = true
+
+  [[http_service.http_options.replay_cache]]
+    path_prefix = "/"
+    ttl_seconds = 300
+    type = "cookie"
+    name = "session_id"
+
+  [[http_service.http_options.replay_cache]]
+    path_prefix = "/api"
+    ttl_seconds = 600
+    type = "header"
+    name = "Authorization"
+```
+
+In this example:
+- Replays for requests to `/` (and its subpaths) are cached for 5 minutes based on the `session_id` cookie value
+- Replays for requests to `/api` (and its subpaths) are cached for 10 minutes based on the `Authorization` header value
+- When multiple rules match, the longest matching path takes precedence
+
+If your app accepts requests for multiple hostnames, you can narrow the configuration by specifying a hostname in `path_prefix`:
+
+```toml
+  [[http_service.http_options.replay_cache]]
+    path_prefix = "api.example.com/api"
+```
+
+Caches are not shared between hostnames, even when `path_prefix` doesn't specify a hostname. Each hostname maintains its own cache.
+
+For more details on configuration options, see the [fly.toml configuration reference](/docs/reference/configuration/#http_service-http_options-replay_cache).
+
+### Invalidating the Replay Cache
+
+If the replay target does eventually change, the replay target may proactively invalidate the cache by:
+- Issuing a `fly-replay` back to the origin
+- Setting `fly-replay-cache: invalidate`
+
+Or, using the JSON format:
+
+```json
+{
+  "app": "origin-app",
+  "cache": {
+    "invalidate": true
+  }
+}
+```
+
+This works for invalidating both the path-based cache, and the session-based cache.
+
+### Bypassing Replay Cache
+
+Sometimes, you might want a client to bypass a cached replay without actually invalidating the cache.
+For example, you might have an API endpoint that _mostly_ needs to be replayed to a "leader" instance. But depending on application logic, it could sometimes be handled by any instance.
+
+The recommended approach is to clearly separate endpoints that require replay from those that don't.
+However, when that is not possible, the replaying app can be configured to allow bypass.
+
+For path-based replay caching, additionally set the header:
+
+```
+fly-replay-cache-allow-bypass: yes
+```
+
+or set the JSON field `"allow_bypass": true`.
+
+For session-based replay caching, set [allow_bypass](/docs/reference/configuration/#http_service-http_options-replay_cache-allow_bypass) to `true` in your `fly.toml` configuration for your `replay_cache` rule.
+
+Then, when your client makes a request, it can set the header:
+
+```
+fly-replay-cache-control: skip
+```
+
+to skip any cached replay that might be present.
+
+<div class="note icon">
+**Note**: This behavior is opt-in because enabling it by default could make your app vulnerable to malicious clients creating unexpected load on the replaying machine.
+</div>
+
+### Was my request served by the cache?
+
+If your app needs to know whether a request was served from the replay cache, it can check the fly-replay-cache-status header. This header is sent to the replay _target_ app or machine.
+
+- Absent: the request was not replayed and was delivered directly to the app or machine.
+- `miss`: the request didn't use replay cache; it first hit another machine and got replayed here.
+- `hit`: the request did use the replay cache! It never reached the source app or machine and was redirected straight to the target.
+- `bypass`: even though the cache might have been set, it was explicitly skipped by setting the `fly-replay-cache-control: skip` header.
+
+## Implementation Details
+
+### Requirements and Limitations
+
+- Your app must use the [http handler](/docs/networking/services/#http-handler)
+- Requests larger than 1MB cannot be replayed
+- Field combinations must be logically valid (e.g., don't specify both app and instance if instance isn't in that app)
+
+For large uploads that exceed the 1MB limit, consider:
+- Using direct-to-storage uploads where possible
+- Using the [fly-prefer-region](#the-fly-prefer-region-request-header) header instead
+
+For `fly-replay-cache`, the following limitations apply:
+- The `state` field cannot be set in the `fly-replay` intended to be cached
+- Transformations for the headers or path cannot be defined.
+- The TTL needs to be a minimum of 10 seconds
+- Only one step of lookup is performed in the cache; as such, if the target app issues another `fly-replay-cache`, the caching behavior in this case is undefined
+- The `fly-replay-src` header (described below) will _not_ be set for requests replayed through the cache
+
+### The fly-replay-src Header
+
+When a request is replayed, Fly Proxy adds a `fly-replay-src` header containing metadata about the original request:
+
+|Field |Description |
+|---|---|
+|`instance` | ID of Machine that sent fly-replay |
+|`region` | Region request was replayed from |
+|`t` | Timestamp (microseconds since Unix epoch) |
+|`state` | Contents of original state field, if any |
+
+This header is useful for tracking request paths and implementing consistency patterns. See the [official Ruby client](https://github.com/superfly/fly-ruby/blob/main/lib/fly-ruby/regional_database.rb#L74-L76+external) for an example of using these fields to prevent read-your-write inconsistency.
+
+This header is not set when the request is replayed through a cached `fly-replay` entry (`fly-replay-cache`).
+
+### The fly-preferred-instance-unavailable Header
+
+If you replay with `prefer_instance` set, Fly Proxy will attempt to route to this Machine. This may not happen for a number of reasons, for example the Machine may not be found, or found but at its configured [hard_limit](/docs/reference/load-balancing/#load).
+
+In these cases, the request will be delivered to a different Machine that matches the remaining fields in your replay. Along with the other Fly.io-specific headers, a `fly-preferred-instance-unavailable` header will be set containing the ID of the instance that could not be reached.
+
+### Web Socket Considerations
+
+It is worth noting that an application returning `fly-replay` headers should not negotiate a web socket upgrade itself.  Some frameworks automatically handle this process.  Instead, the application or instance receiving the requests should handle the upgrade.
+
+## Alternative Routing Headers
+
+For cases where `fly-replay` isn't suitable, Fly.io provides two alternative request headers:
+
+### The fly-prefer-region Header
+
+```
+fly-prefer-region: ams
+```
+
+Attempts to route directly to specific region(s). You can specify multiple regions as comma-separated values for fallback preferences:
+
+```
+fly-prefer-region: iad,ord,us
+```
+
+Falls back to the next region in the list, or to the nearest region with healthy Machines if none of the specified regions are available. Useful for large uploads that can't be replayed.
+
+### The fly-prefer-instance-id Header
+
+```
+fly-prefer-instance-id: 90801679a10038
+```
+
+Attempts to route to a specific Machine. Falls back to any matching Machine if the target Machine cannot be found, or is unable to accept requests.
+
+If the request is delivered to a different Machine, the [fly-preferred-instance-unavailable](#the-fly-preferred-instance-unavailable-header) request header will be set.
+
+### The fly-force-instance-id Header
+
+```
+fly-force-instance-id: 90801679a10038
+```
+
+Forces routing to a specific Machine. The Fly Proxy will attempt to reach the Machine multiple times if the Machine is unhealthy. No fallback if Machine is ultimately unavailable.
+
+<div class="note icon">
+**Note**: Get Machine IDs using `fly status` or `fly Machines list`.
+</div>
+
+## Common Use Cases
+
+### Multi-Region Databases
+
+When using [global read replicas](/docs/postgres/high-availability-and-global-replication), use `fly-replay` to ensure write operations go to the primary region:
+
+```
+fly-replay: region=sjc
+```
+
+See our blueprint for [Multi-region databases and fly-replay](/docs/blueprints/multi-region-fly-replay/) for a complete implementation guide.
+
+### Cross-App Routing
+
+Use `fly-replay` to implement routing layers or FaaS-style architectures:
+
+```
+fly-replay: app=customer-function-app
+```
+
+This allows you to build router apps that can dynamically route requests to other apps in your organization.
diff --git a/networking/egress-ips.html.md b/networking/egress-ips.html.md
new file mode 100644
index 0000000000..e022e956ae
--- /dev/null
+++ b/networking/egress-ips.html.md
@@ -0,0 +1,106 @@
+---
+title: "Egress IP addresses"
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-10-02
+---
+
+## Overview
+
+- By default, outbound (egress) IPs from Fly Machines are **unstable** and may change.
+- You can allocate **static egress IPs** per machine (both IPv4 and IPv6) via `fly machine egress-ip`.
+- Static egress IPs come with trade-offs: cost, binding to machine lifecycle, and deployment quirks.
+- A common workaround is to front outbound traffic through a **proxy** app that _does_ have static egress IPs.
+- App-scoped egress IPs are in development and may simplify this in the future.
+
+---
+
+## Why Egress IPs Matter
+
+Some external services—APIs, databases, payment providers—require allowlisting source IPs. Without static egress IPs, outbound IPs from Fly machines may change due to machine lifecycle or infrastructure changes.
+
+- Machines often egress over IPv6 when the destination has an AAAA record and the application prefers it. For example, `curl` will try IPv6 first if available, then fall back to IPv4 if needed. Fly doesn’t force IPv6, but many apps will use it when it's available. 
+- IPv4 traffic is NAT'd and may vary. This means the source IP address is rewritten by the host, and which IP you get can change depending on where the machine runs or is restarted.
+- You need static egress if you're allowlisting IPs with third-party services.
+
+---
+
+## Static Egress IPs (Machine-Scoped)
+
+### Allocate a Static Egress IP
+
+```bash
+fly machine egress-ip allocate <machine-id> --app <app-name>
+```
+
+- This assigns a stable IPv4 + IPv6 pair to the specified machine.
+
+### View and Manage
+
+```bash
+fly machine egress-ip list --app <app-name>
+fly machine egress-ip release <machine-id> --app <app-name>
+```
+
+### Caveats
+
+Static egress IPs are **per-machine**, not per-app.
+
+- IPs are released when a machine is destroyed.
+- IPs don’t automatically transfer across deploys.
+- Blue/green deployments will replace machines—and their IPs.
+- Deployment-time jobs may bypass egress routing.
+- Extra latency and connectivity issues are possible in some regions.
+
+<div class="callout">
+Static egress IPs are billed per hour per machine.
+</div>
+
+---
+
+## The Proxy Pattern
+
+To avoid assigning static IPs to every machine, route traffic through a shared proxy app.
+
+### How It Works
+
+1. Deploy a small Fly app (e.g. `egress-proxy`) with static egress IPs.
+1. Run a forward HTTP/HTTPS proxy on it.
+1. Set `http_proxy` / `https_proxy` env vars in consuming apps.
+1. Outbound traffic from those apps will route through the proxy.
+
+### Benefits
+
+- Fewer IPs to manage.
+- Primary app machines can be ephemeral.
+- Centralize allowlisting.
+
+### Downsides
+
+- Primarily supports HTTP/S traffic. Other protocols (like raw TCP or Postgres) may be possible with extra work, such as using SOCKS5 proxies, `haproxy` in TCP mode, or `socat`, but those setups are more complex and outside the scope of this guide. 
+- Adds some latency (~100ms typical).
+- Requires maintaining a separate proxy app.
+
+<div class="callout">
+Example implementation: [fly-apps/fly-fixed-egress-ip-proxy](https://github.com/fly-apps/fly-fixed-egress-ip-proxy)
+</div>
+
+---
+
+## Best Practices
+
+- Use static egress only when required.
+- Prefer the proxy pattern for maintainability.
+- Test connectivity after assigning egress IPs.
+- Avoid destroying machines unnecessarily.
+- Monitor for failures during deploy-time migrations.
+
+---
+
+## Future Work
+
+App-scoped egress IPs are in development. These will simplify routing and avoid per-machine binding.
+
+Until then, static IPs and proxy patterns remain the best tools available.
+
diff --git a/networking/flycast.html.markerb b/networking/flycast.html.markerb
new file mode 100644
index 0000000000..44cbd744e2
--- /dev/null
+++ b/networking/flycast.html.markerb
@@ -0,0 +1,83 @@
+---
+title: "Flycast - Private Fly Proxy services"
+layout: docs
+nav: firecracker
+---
+
+Flycast provides network addressing and routing for private apps on Fly.io private networks. With Flycast, requests to your private apps get routed through the Fly Proxy, rather than Machine-to-Machine via default [private networking](/docs/networking/private-networking/). And unlike private networking using `.internal` addresses you don't need to keep Machines running for the app to be reachable.
+
+Use Flycast within your organization's private network to:
+
+* Have [Fly Proxy autostop/autostart](/docs/launch/autostop-autostart/) Machines based on network requests.
+* Get Fly Proxy's [geographically aware load balancing](/docs/reference/load-balancing/) for private services.
+* Connect to a service from another app that can't use DNS.
+* Connect from third-party software, like a database, that doesn't support round-robin DNS entries.
+* Access specific ports or services in your app from other Fly.io organizations.
+* Use advanced Fly Proxy features like TLS termination or PROXY protocol support.
+
+## Flycast quickstart
+
+The fastest way to create a new private app with a Flycast address:
+
+```
+fly launch --flycast
+```
+
+Access the services on the Flycast private IPv6 address, or with `my-app-name.flycast`, from other apps in the organization's default private network.
+
+## Flycast requirements
+
+To use Flycast for your app, you need:
+
+- A Flycast private IPv6 address for your app on one of your Fly.io organization networks.
+- Your app to bind to `0.0.0.0:port`. (Binding to `fly-local-6pn:<port>` won't work for Flycast.)
+- Services configured in your app's `fly.toml` with an [`[http_service]`](/docs/reference/configuration/#the-http_service-section) or [`[services]`](/docs/reference/configuration/#the-services-sections) section. Don't use `force_https`; Flycast is HTTP-only.
+
+<div class="warning icon">
+**Warning:** If you have public IP addresses assigned to your app, then services in `fly.toml` are exposed to the public internet. Verify your app's IP addresses with `fly ips list`, and remove public IP addresses as needed with: `fly ips release [ip address] [ip address] ...`.
+
+</div>
+
+## Allocate a Flycast address
+
+A Flycast address is an app-wide private IPv6 address that Fly Proxy can route to over the private network. By default, the Flycast IP address is allocated on an app's default organization network.
+
+There are a few ways to add a Flycast address to an existing app.
+
+Allocate a Flycast address on deploy:
+```
+fly deploy --flycast
+```
+
+Allocate a Flycast address without deploying:
+
+```cmd
+ fly ips allocate-v6 --private
+ ```
+ 
+### Access an app from another organization
+
+You can use Flycast to expose an app in one Fly.io organization to another Fly.io organization; the app won't be accessible via Flycast from its own organization. Use the `--org` option when you allocate the Flycast address:
+
+```cmd
+ fly ips allocate-v6 --private --org my-other-org
+ ```
+
+### Access an app from another private network
+
+You can also use Flycast to expose an app on one private network to another private network in your organization; the app won't be accessible via Flycast from its own network. Use the `--network` option to specify the network from which requests will originate:
+
+```cmd
+fly ips allocate-v6 --private --network custom-network-name
+```
+
+Learn more about [custom private networks](/docs/networking/custom-private-networks/).
+
+## Flycast and Fly.io DNS
+
+Flycast addresses can also be found by using the Fly.io DNS. If an app has a Flycast address allocated to it, there will be an AAAA record at `my-app-name.flycast`.
+
+## More Flycast
+
+- [Autostop/autostart for private apps](/docs/blueprints/autostart-internal-apps/)
+- [Run private apps with Flycast](/docs/blueprints/private-applications-flycast/)
diff --git a/networking/index.html.markerb b/networking/index.html.markerb
new file mode 100644
index 0000000000..f313618ef1
--- /dev/null
+++ b/networking/index.html.markerb
@@ -0,0 +1,43 @@
+---
+title: "Networking"
+layout: docs
+nav: firecracker
+toc: false
+order: 10
+---
+
+Networking on Fly.io.
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/vU9xcRCX7-U?si=pH-Cj3S5IBvr-hhr" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe><br/>
+
+- **[Connect to an App Service](/docs/networking/app-services/):** An overview of how to connect to your app over the private WireGuard network (6PN), and how to make your app reachable from the internet.
+
+- **[Public networking](/docs/networking/services):** Details about public network services on Fly.io, including allocating IP addresses, finding a Machine's outbound IP, connection handlers, and redirects.
+
+- **[Private networking](/docs/networking/private-networking):** Learn about Fly.io's IPv6 private network (6PN) and DNS on Fly Machines.
+
+- **[Custom Private Networks](/docs/networking/custom-private-networks):** Isolate users, data, and code on custom private networks.
+
+- **[Flycast - Private Fly Proxy Services](/docs/networking/flycast):** Route requests to private apps through Fly Proxy to take advantage of features like load balancing and autostop/autostart based on traffic.
+
+- **[Egress IP Addresses](/docs/networking/egress-ips/):** How to get stable outbound IPs from your Fly apps using machine-scoped assignments or a shared proxy setup.
+ 
+- **[Dynamic request routing](/docs/networking/dynamic-request-routing/):** Use Fly.io request and response headers to customize request routing to regions, apps, and even specific Machines.
+
+- **[Custom domains](/docs/networking/custom-domain/):** Add a custom domain for your app and troubleshoot certificate creation.
+
+- **[Understanding Cloudflare](/docs/networking/understanding-cloudflare/):** How to use Cloudflare on Fly.io.
+
+- **[Automate the certificate process with the GraphQL API](/docs/networking/custom-domain-api):** Issue multiple certificates automatically for custom domains with the GraphQL API.
+
+- **[HTTP request headers](/docs/networking/request-headers/):** Fly.io-specific and standard HTTP headers added by the HTTP connection handler.
+
+- **[Run UDP services](/docs/networking/udp-and-tcp/):** How to set up apps that use UDP.
+
+- **[TLS support](/docs/networking/tls/):** Supported TLS cipher suites.
+
+## Related topics
+
+- [Fly Proxy](/docs/reference/fly-proxy)
+- [How Fly Proxy does load balancing](/docs/reference/load-balancing/)
+- [Fly Regions](/docs/reference/regions/)
diff --git a/networking/private-networking.html.md b/networking/private-networking.html.md
new file mode 100644
index 0000000000..14ac87933f
--- /dev/null
+++ b/networking/private-networking.html.md
@@ -0,0 +1,338 @@
+---
+title: "Private Networking"
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/privatenetwork/
+  - /docs/reference/private-networking/
+---
+
+Fly Apps in an organization are connected by a mesh of WireGuard tunnels using IPv6 called a 6PN. Private networking over your 6PN is always available to apps by default; you don't have to do anything special to get it.
+
+Apps within the same organization are assigned special addresses (6PN addresses) tied to 6PN. Those applications can talk to each other because of their 6PN addresses, but applications from other organizations can't. The Fly.io platform won't forward packets between different 6PNs, unless you explicitly allow it, for example when you [allocate a Flycast address](/docs/networking/flycast/#allocate-a-flycast-address).
+
+You can connect apps running outside of Fly.io to your 6PN using WireGuard. You can even connect your dev laptop to your 6PN. To do that, you'll use flyctl, the Fly.io CLI, to generate a [WireGuard configuration that has a 6PN address](#private-network-vpn).
+
+## Fly.io `.internal` DNS
+
+You can use `.internal` domains to connect your app to databases, API servers, or other apps in your 6PN. If you don't need the granular subdomains and routing available with `.internal`, and you want to use Fly Proxy features for your internal apps, then you should use [Flycast](/docs/networking/flycast/) instead.
+
+A Fly Machine is configured to resolve domain names with a custom DNS server from the Fly Platform. This DNS server can resolve arbitrary DNS queries, so you can look up `google.com` with it. But it’s also aware of 6PN addresses, and will let you look up 6PN addresses for other apps in your organization. Those addresses live under the custom top-level domain `.internal`.
+
+Underneath `.internal` there are second-level domains for every app in your Fly organization. For example, if your app is in an organization with another app called `my-app-name`, then there will be a AAAA record at `my-app-name.internal`. The AAAA record will contain all the 6PN addresses of the started Fly Machines that belong to the `my-app-name` Fly App. Note that different libraries and tools will use multi-address AAAA records differently; most will only use the first address that is returned, but others might round-robin between entries for every request -- if you'd like to know more, consult the documentation for the library or tool you are using for DNS lookup.
+
+Each `<appname>.internal` domain has further subdomains which can be used to return a more precise subset of the started Machines in that app. For example, you can add a region name qualifier to return the 6PN addresses of an app's Machines in a specific region: `iad.my-app-name.internal`. Querying this domain returns the 6PN addresses of `my-app-name` Machines in the `iad` region.
+
+Some `.internal` domains do not contain an AAAA record, but instead contain a TXT record with Machine, app, or region information. For example, if you request the TXT records using `regions.my-app-name.internal`, then you'll get back a comma-separated list of regions that `my-app-name` is deployed in. And you can discover all the apps in the organization by requesting the TXT records associated with `_apps.internal`. This will return a comma-separated list of the app names.
+
+<div class="important icon">
+**Important:** All AAAA queries to Fly.io `.internal` domains only return 6PN information for started (running) Machines. Any stopped Machines, including those autostopped by Fly Proxy, are not included in the response to the DNS query.
+</div>
+
+The following table lists the available `.internal` domains for AAAA queries:
+
+| Name | AAAA Response |
+| -- | --- |
+|`<appname>.internal`|6PN addresses of all Machines<br> in any region for the app|
+|`top<number>.nearest.of.<appname>.internal`|6PN addresses of top _number_<br> closest Machines for the app|
+|`<machine_id>.vm.<appname>.internal`|6PN address of a specific<br> Machine for the app|
+|`<process_group>.process.<appname>.internal`|6PN addresses of Machines<br> in process group for the app|
+|`<region>.<appname>.internal`|6PN addresses of Machines<br> in region for the app|
+|`global.<appname>.internal`|alias for `<appname>.internal`|
+|`<value>.<key>.kv._metadata.<appname>.internal`|6PN addresses of Machines<br> with matching [metadata](https://community.fly.io/t/dynamic-machine-metadata/13115)|
+|`<peername>._peer.internal`|6PN address of peer|
+
+The following table lists the available `.internal` domains for TXT queries:
+
+| Name | TXT Response |
+| -- | -- |
+|`vms.<appname>.internal`|comma-separated list of Machine ID and<br> region name for started app Machines|
+|`all.vms.<appname>.internal`|comma-separated list of Machine ID and<br> region name for all deployed app Machines|
+|`regions.<appname>.internal`|comma-separated list of region names<br> where Machines are started for app|
+|`all.regions.<appname>.internal`|comma-separated list of region names<br> where Machines are deployed for app|
+|`_apps.internal`|comma-separated list of the names of all<br> apps in current organization|
+|`_peer.internal`|comma-separated list of the names of all<br> WireGuard peers in current organization|
+|`_instances.internal`|comma-separated list of Machine ID, app name,<br>6PN address, and region for all started Machines<br> in current organization|
+|`all._instances.internal`|comma-separated list of Machine ID, app name,<br>6PN address, and region for all deployed Machines<br> in current organization|
+
+
+See the [fly-examples/privatenet](https://github.com/fly-apps/privatenet+external) repo for examples that use the `.internal` domains.
+
+## Listening for connections on 6PN addresses
+
+When deploying a Fly Machine, we alias the 6PN address of the Machine to `fly-local-6pn` in the Machine's `/etc/hosts` file.
+
+Your app's service needs to bind to/listen on `fly-local-6pn` to be accessible via its 6PN address. For example, if you have a service running on port 8080, then you need to bind it to `fly-local-6pn:8080` for it to be accessible to other Machines over the 6PN.
+
+<div class="note icon">
+`fly-local-6pn` is to 6PN addresses as `localhost` is to 127.0.0.1, so you can also bind directly to the 6PN address itself.
+</div>
+
+Learn more about [connecting to app services](/docs/networking/app-services/).
+
+## Connect a Fly Machine to the Fly.io DNS
+
+The custom Fly.io DNS server is always available at the IPv6 address `fdaa::3`. If you want to get fancy, you can install `dig` on the Machine and query the DNS directly. For example:
+
+```cmd
+root@f066b83b:/# dig +short aaaa my-app-name.internal @fdaa::3
+```
+```output
+fdaa:0:18:a7b:7d:f066:b83b:2
+```
+
+When deploying a Fly Machine, we overwrite `/etc/resolv.conf` to point the DNS server to `fdaa::3`. Since this is the default configuration we set up for Machines on Fly.io, you probably don't need to do anything special to make this work.
+
+In rare cases, such as having an unusual file system layout, or using a networking stack that needs the nameserver explicitly indicated, you might need to point your app to the Fly.io DNS yourself. From any Fly Machine, the nameserver is always at `fdaa::3`.
+
+## 6PN addresses in detail
+
+<div class="note icon">
+**Note:** 6PN addresses directly connect one Fly Machine with another, bypassing the Fly Proxy. To use Fly Proxy features like autostop/autostart on your private network, you can use [Flycast](/docs/networking/flycast/).
+</div>
+
+Most of the time, the `.internal` DNS is all you'll need for routing. If you need more complicated routing, you might be able to take advantage of the structure of 6PN addresses in your app's design. Rather than a single address, each Fly Machine is assigned a `/112` 6PN subnet, which is structured as follows:
+
+| &nbsp; | &nbsp; | &nbsp; |
+| ------- | ------- | ---------------------- |
+| `fdaa`  | 16 bits | ULA prefix             |
+| network | 32 bits | network identifier     |
+| host    | 32 bits | host server identifier |
+| machine | 32 bits | fly machine identifier |
+| &mdash; | 16 bits | free space             |
+
+<div class="warning icon">
+**Caution:** 6PN addresses are **not** static and will change over time, for various reasons. If you need an unchanging method to address an individual Fly Machine, you can use the domain `<machine_id>.vm.<appname>.internal`.
+</div>
+
+The machine identifier portion of the 6PN address is not related to the 14 character Machine ID; the two are independent. A Fly Machine's current 6PN address can be found in the environment variable `FLY_PRIVATE_IP`. A Machine's 6PN address is not static, so do not assume that a Fly Machine's Machine ID can be permanently mapped to a particular 6PN address. 6PN addresses will change when an app is moved into a new organization, or when a Fly Machine is migrated onto a new host server. However, a 6PN address change can only happen on a reboot, so supplying a procedure to check for a change in 6PN address on Machine startup is sufficient to handle this event.
+
+## Custom private networks
+
+You can create additional private networks within your organization. Custom private networks are useful when you need to isolate tenants or users for security purposes. For example, if you run a software-as-service platform on top of Fly.io, and your customers are running untrusted code on Machines or you want every customer to have their own secure app.
+
+Learn more about [custom private networks](/docs/networking/custom-private-networks/) and how to create them.
+
+## Private Network VPN
+
+You can use the [WireGuard](https://wireguard.com/+external) VPN to connect to the 6PN private network. WireGuard is a flexible and secure way to plug into each one of your Fly.io organizations and connect to any app within that organization.
+
+### Set up a private network VPN
+
+To set up your VPN, you'll use flyctl to generate a tunnel configuration file with private keys already embedded. Then you can load that file into your local WireGuard application to create a tunnel. Activate the tunnel and you'll be using the internal Fly.io DNS service which resolves `.internal` addresses - and passes on other requests to Google's DNS for resolution.
+
+#### 1. Install your WireGuard App
+
+Visit the [WireGuard](https://www.wireguard.com/install/+external) site for installation options. Install the software that is appropriate for your system. Windows and macOS have apps available to install. Linux systems have packages, typically named wireguard and wireguard-tools, you should install both.
+
+#### 2. Create your tunnel configuration
+
+To create your tunnel, run:
+
+```cmd
+fly wireguard create
+```
+
+Select the organization you want the WireGuard tunnel to work with:
+
+```output
+? Select organization:  [Use arrows to move, type to filter]
+> My Org (personal)
+  Test Org (test-org)
+```
+
+The `fly wireguard create` command configures the WireGuard service and generates a tunnel configuration file, complete with private keys which cannot be recovered. This configuration file will be used in the next step. First, save the configuration file:
+
+```output
+!!!! WARNING: Output includes private key. Private keys cannot be recovered !!!!
+!!!! after creating the peer; if you lose the key, you’ll need to remove    !!!!
+!!!! and re-add the peering connection.                                     !!!!
+? Filename to store WireGuard configuration in, or 'stdout':  mypeer.conf
+Wrote WireGuard configuration to 'mypeer.conf'; load in your WireGuard client
+```
+
+We suggest you name your saved configuration with the same name as the peer you have created. Add the extension `.conf` to ensure it will be recognized by the various WireGuard apps as a configuration file for a tunnel. Note that the name (excluding the `.conf` extension) shouldn't exceed 15 characters since this is the maximum length for an interface name on Linux.
+
+<div class="important icon">
+**Important:** If you want to interact with your peer using its name, such as queries to `_peer.internal` or `<peername>._peer.internal`, then you need to specify a name when you create the tunnel.
+
+Defaults are used when you don't specify a `region` and `name` in the `fly wireguard create` command. Default generated names start with `interactive-*` and we filter `interactive-*` out of DNS (because of the sheer volume of them).
+
+To specify a peer name and region, first look up available regions by running `fly platform regions`. Select a region with a check mark in the Gateway column.
+
+Then run: `fly wireguard create [your-org] [region] [peer-name]`
+</div>
+
+#### 3. Import your tunnel
+
+##### Windows
+
+Run the WireGuard app. Click **Import tunnel(s) from file**. Select your configuration file. The WireGuard app will display the details of your tunnel. Click **Activate** to bring the tunnel online.
+
+##### macOS
+
+Run the WireGuard app. Click **Import tunnel(s) from file**. Select your configuration file and click **Import**. You might be prompted by the OS that WireGuard would like to add VPN configurations; click **Allow**. The WireGuard app will display the details of your tunnel. Click **Activate** to bring the tunnel online.
+
+##### Ubuntu Linux
+
+If you don't have `wg-quick` installed, then run the command below. For Ubuntu 18.04 to 22.04, `openresolv` is also required.
+
+```
+sudo apt install wireguard-tools openresolv
+```
+
+Copy the configuration file to `/etc/wireguard`; you'll need root/sudo permissions:
+
+```
+sudo cp basic.conf /etc/wireguard
+```
+
+Run `wg-quick` to bring `up` the connection by name (i.e. less the `.conf` extension). For example:
+
+```cmd
+wg-quick up mypeer
+```
+```output
+[#] ip link add mypeer type wireguard
+[#] wg setconf mypeer /dev/fd/63
+[#] ip -6 address add fdaa:0:4:a7b:ab6:0:a:102/120 dev mypeer
+[#] ip link set mtu 1420 up dev mypeer
+[#] resolvconf -a tun.mypeer -m 0 -x
+[#] ip -6 route add fdaa:0:4::/48 dev mypeer
+```
+### Connect to the Fly.io DNS over WireGuard
+
+The DNS server address is different on WireGuard connections than on Machines. That's because you can run multiple WireGuard connections; your dev laptop could be WireGuard-connected to multiple organizations, but a Machine can't be.
+
+Your DNS server address for a WireGuard connection is part of the WireGuard tunnel configuration that flyctl generates. Your platform WireGuard tools might read and automatically configure DNS from that configuration, or they might not. Here's an example of a WireGuard configuration file generated by the `fly wireguard create` command:
+
+```yaml
+[Interface]
+PrivateKey = [redacted]
+Address = fdaa:0:18:a7b:d6b:0:a:2/120
+DNS = fdaa:0:18::3
+```
+
+You guessed it; it's the `DNS` line. Your DNS server address will also start with `fdaa:`, but the next two parts are unique to your organization's network. All 6PN addresses are prefixed by the organization's network ID; that's the part of the address that locks it to your organization.
+
+All our WireGuard DNS addresses follow this pattern: take the organization prefix, and tack `::3` onto the end. In this example, the WireGuard peer address is:
+
+```
+fdaa:0:18:a7b:d6b:0:a:2
+```
+
+The 6PN prefix is the first 3 `:`-separated parts, so the DNS server address for this example is:
+
+```
+fdaa:0:18::3
+```
+
+To use `dig` to probe DNS on a WireGuard connection, supply the DNS server address to it. For example:
+
+```cmd
+root@f066b83b:/# dig +short aaaa my-app-name.internal @fdaa:0:18::3
+```
+```output
+fdaa:0:18:a7b:7d:f066:b83b:2
+```
+
+### Test the VPN tunnel
+
+If you have the `dig` tool installed, a TXT query to `_apps.internal` will show all the apps in the organization you are connected to:
+
+```cmd
+dig +noall +answer _apps.internal txt
+```
+```output
+_apps.internal.		5	IN	TXT	"my-app-name,my-app-name-0,my-app-name-1"
+```
+
+You can also query for peer names and addresses:
+
+```cmd
+dig +short txt _peer.internal @fdaa:0:18::3
+```
+```output
+"my-peer"
+```
+
+```cmd
+dig +short aaaa my-peer._peer.internal @fdaa:0:18::3
+```
+```output
+fdaa:0:18:a7b:7d:f066:b83b:102
+```
+
+Query for the 6PN addresses of all started Machines in an app:
+
+```
+dig +short aaaa my-app-name.internal
+```
+
+### Manage WireGuard on Fly.io
+
+#### List the tunnels
+
+To list all the tunnels set up for an organization, run `fly wireguard list`. You can provide an organization on the command line or select an org when prompted.
+
+#### Remove a tunnel
+
+To remove a tunnel, run `fly wireguard remove`. You can specify the organization and tunnel name on the command line or be prompted for both.
+
+### Troubleshoot a WireGuard VPN connection
+
+Having trouble connecting to a Fly.io hosted app? When you can't connect to something, it's helpful to establish a baseline of what is, or what is not, working.
+
+#### Am I connected to Fly.io VPN?
+
+When connected locally, you can run a `dig` command to list all the apps your connection has access to.
+
+```cmd
+dig _apps.internal TXT +short
+```
+```output
+my-app,my-app-db
+```
+
+If results are returned, you have a VPN connection to an org at Fly.io and the results list all the app names.
+
+If no results are returned, either you do not have a WireGuard VPN connection open or there are NO apps running in the org.
+
+#### Am I connected to the right Fly.io org?
+
+WireGuard connections are created to a specific org. Each org's network is isolated from other orgs. You may have a VPN connection to Fly.io, but it may be to a different org than where your app is located. By default, you are working with your **personal** organization. If the app is in a business focused org or a shared org, you need to ensure your VPN connection is the org where the app lives.
+
+You can also try to ping your app's Machine.
+
+Mac version:
+```cmd
+ping6 my-app.internal
+```
+
+Linux version:
+```cmd
+ping -6 my-app.internal
+```
+
+If the ping succeeds, you have a VPN connection to the same org that your application's Machine is running in.
+
+If the ping fails, check which org the application is deployed in.
+
+```cmd
+fly status
+```
+```output
+App
+  Name     = my-app
+  Owner    = my-biz
+  Hostname = my-app.fly.dev
+  Image    = my-app:deployment-0123456789
+
+Machines
+PROCESS ID              VERSION REGION  STATE   ROLE    CHECKS  LAST UPDATED
+app     90706e10f12094  10      ord     started                 2024-04-16T20:20:59Z
+```
+
+The `Owner` is the **organization**. In this example, it is `my-biz`.
+
+Then check that your WireGuard connection is to the same organization. To be certain, you can remove the current connection and re-create it explicitly specifying the org.
diff --git a/networking/request-headers.html.md b/networking/request-headers.html.md
new file mode 100644
index 0000000000..dcdbc4352b
--- /dev/null
+++ b/networking/request-headers.html.md
@@ -0,0 +1,47 @@
+---
+title: Request headers
+layout: docs
+nav: firecracker
+---
+
+Request headers carry information that is specific to the incoming request and its path taken to the application. Request headers are added by the HTTP handler service.
+
+## Request Headers
+
+### `Fly-Client-IP`
+
+**Client IP Address**: The IP address of the client from the perspective of Fly Proxy. If you are using another reverse proxy service in front of the Fly.io platform, this header will be set to proxy service's IP addresses, rather than the client making the request. In that case, you'll need to parse the IP addresses in the [`X-Forwarded-For` header](#x-forwarded-for) to find the client IP address.
+
+### `Fly-Forwarded-Port`
+
+**Original connection port**: This header is always set by the Fly Proxy and denotes the actual port that the client connected to the Fly edge node which is then forwarded to the application instance.
+
+### `Fly-Region`
+
+**Edge Node Region**: This header is a three letter region code which represents the region that the connection was accepted in and routed from.
+
+Not to be confused with the [environment variable](/docs/machines/runtime-environment/#fly_region) `FLY_REGION`, which is where the application is running.
+
+### `X-Forwarded-For`
+
+**Client and Proxy List**: A comma separated list of IP addresses including the address of the client that originated the request and the addresses of the proxy servers the request passed through. For example, "77.97.0.98, 77.83.142.33" contains the client and the one proxy it passed through. On the Fly.io platform, the last address (rightmost) in this list will be a shared or dedicated IP address assigned to your app.
+
+This header must be treated with caution to avoid spoofing attempts. Follow the directives in the [MDN documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For+external) for `X-Forwarded-For` to learn how parse the header safely. If you aren't using another reverse proxy in front of the Fly.io platform, the [`Fly-Client-IP` header](#fly-client-ip) might be a better choice to get client IP addresses.
+
+### `X-Forwarded-Proto`
+
+**Original client protocol**: The protocol which the client used to make the request. Either `http` or `https`.
+
+### `X-Forwarded-Port`
+
+**Original connection port**: This header may be set by the client and should denote the port that the client set out to connect to.
+
+### `X-Forwarded-SSL`
+
+**SSL Status**: This indicates if the client connected over SSL. Its value can be either `on` or `off`. 
+
+## Request and Response Headers
+
+### `Via`
+
+**Proxy Route**: This header, added by proxies, shows the path taken, and protocols used, by the connection. MDN has [full documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Via) for this header. For example, a connection through the Fly edge may show `2 fly.io` in the field, denoting that version 2 of HTTP was used by the connection as it passed through the Fly Proxy.
diff --git a/networking/services.html.markerb b/networking/services.html.markerb
new file mode 100644
index 0000000000..8ad57a4d74
--- /dev/null
+++ b/networking/services.html.markerb
@@ -0,0 +1,276 @@
+---
+title: "Public Network Services"
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/services/
+---
+
+Fly.io has public and private network services available. The public network services connect apps to the wider public internet, while the [private network services](/docs/reference/private-networking) allow apps to communicate with other apps within the Fly.io private network.
+
+## Anycast IP addresses
+
+IPv6 addresses and shared IPv4 Anycast addresses are free. Dedicated IPv4 addresses are [billed](/docs/about/pricing/#anycast-ip-addresses) monthly.
+
+### About Anycast
+
+We announce global IP blocks from all of our datacenters over BGP, otherwise known as Anycast. Anycast is a core internet routing mechanism that connects clients to the "nearest" server advertising a block of IPs. You can read [all about it on Wikipedia](https://en.wikipedia.org/wiki/Anycast+external).
+
+### IPv6
+
+A new Fly App running a public service configured in [`fly.toml`](/docs/reference/configuration/) automatically gets a dedicated Anycast IPv6 address when it's first deployed.
+
+<div class="note icon">
+If you create apps with public services in their Machine config by using [`fly machine` commands](/docs/machines/flyctl/fly-machine-run/#define-a-fly-proxy-network-service) or the [Machines API](https://fly.io/docs/machines/api/), then you need to run `fly ips allocate-v6` to get a dedicated IPv6 address.
+</div>
+
+### Shared IPv4
+
+Along with the dedicated IPv6 address, apps are automatically given a shared Anycast IPv4 address on the first deployment when they're configured to handle one or both of the following protocols and ports in [`fly.toml`](/docs/reference/configuration/):
+
+* HTTP on port 80, or
+* TLS & HTTP on port 443
+
+This includes apps configured with the simplified [`[http_service]`](/docs/reference/configuration/#the-http_service-section) section, which handles only these protocols and ports by default.
+
+You can use a shared IPv4 address for TCP ports other than 80 and 443 by using the [TLS handler](#tls-handler) when you specify the port.
+
+Shared IPv4 addresses are recommended unless you have an [explicit need for your own IP](#dedicated-ipv4). Shared IPv4 addresses are shared across many apps and organizations. Routing is based on your app's domain.
+
+To allocate a shared IPv4 to an app without a public IPv4 address, run:
+
+```cmd
+fly ips allocate-v4 --shared
+```
+
+<div class= "note icon">
+If you create apps with public services in their Machine config using [`fly machine` commands](/docs/machines/flyctl/fly-machine-run/#define-a-fly-proxy-network-service) or the [Machines API](https://fly.io/docs/machines/api/), then you need to run `fly ips allocate-v4 --shared` to get a shared IPv4 address.
+</div>
+
+### Dedicated IPv4
+
+Dedicated IPv4 addresses are [billed](/docs/about/pricing/#anycast-ip-addresses) monthly.
+
+Shared IPv4 addresses are recommended unless you have an explicit need for your own IP. Some of the reasons to use a dedicated IPv4 address include:
+
+- Your app uses a non-HTTP protocol that doesn't use TLS.
+- Your app needs to do something over UDP (we don't support UDP over shared IPv4 or dedicated IPv6).
+- You want your app to accept raw TCP and handle TLS termination.
+- You have a Fly Postgres exposed to the internet over TLS for external connections.
+
+Allocating a dedicated IPv4 Anycast address is opt-in only. To manually allocate a dedicated IPv4 address for your app, run:
+
+```cmd
+fly ips allocate-v4
+```
+
+After allocating a dedicated IPv4 address, release the shared IPv4 address:
+
+```cmd
+fly ips release <ip address to release>
+```
+
+### Switch from dedicated IPv4 to shared IPv4
+
+The following steps should allow you to switch an app with a custom domain from a dedicated IPv4 address to a free shared IPv4 without downtime.
+
+1. Add a shared IPv4 address with `flyctl ips allocate-v4 --shared`.
+2. If you don't use a CNAME to `.fly.dev`, [add the shared IPv4 as an A record](/docs/networking/custom-domain/#set-the-a-record).
+3. Confirm your app works via shared IP: `curl -Iv http://<your-hostname> --resolve <your-hostname>:80:<new-shared-ipv4>`. You should receive a 301 redirect response.
+4. If you are using a custom domain and don't already have an SSL certificate for this app, [create one](/docs/networking/custom-domain/#get-certified). The cert is required for routing to your app via the custom domain, even for HTTP connections.
+5. Wait for DNS caches to clear. Five minutes is likely enough, but this varies wildly. This is determined by the larger of your DNS record’s TTL and that of our `<your-app>.fly.dev` record.
+6. Remove the dedicated IPv4 from the app using `fly ips release <ipv4-address-to-release>`. You can view your app's IP addresses using `fly ips list`.
+7. Remove the unwanted IPv4 address from your DNS if it was set manually as an A record.
+
+If you do not have a custom domain (your app is accessed by its `.fly.dev` address), you don't have to change any DNS records yourself, and you don't need to add your own SSL cert.
+
+## Connection handlers
+
+Handlers convert TCP connections into something your app can handle. Use handlers to specify which middleware applies to incoming TCP connections for each port you accept external connections on.
+
+### TCP pass through
+
+If you don't specify handlers, we just forward TCP to your app as-is. This is useful if you want to handle TLS termination yourself, for example.
+
+### Configure connection handlers
+
+Set the `handlers` config setting in the [`services.ports` section](/docs/reference/configuration/#services-ports) of your `fly.toml` file.
+
+Valid handler strings:
+* [`"http"`:](#http-handler) Convert TCP connection to HTTP
+* [`"tls"`](#tls-handler): Convert TLS connection to unencrypted TCP
+* [`"pg_tls"`](#postgres-tls-handler): Handle TLS for PostgreSQL connections
+* [`"proxy_proto"`](#proxy-protocol): Wrap TCP connection in PROXY protocol
+
+You can also configure [TLS options](/docs/reference/configuration/#http_service-tls_options) for the `[http_service]` section, which has a TLS (and HTTP) handler by default on port 443.
+
+### HTTP handler
+
+Many apps have limited HTTP support, the `http` handler normalizes HTTP connections and sends HTTP 1.1 requests to the application process. This is roughly how `nginx` and other reverse proxies work, and allows your app to globally accept modern HTTP protocols (like HTTP/2) without extra complexity.
+
+If your application stack has good HTTP/2 support (like Go), you will get better performance accepting TCP connections directly, and using the TLS handler to terminate SSL. Your app _does_ need to understand `h2c` for this to work, however.
+
+The HTTP handler adds a number of standard HTTP headers to requests, and a few Fly.io-specific headers for convenience:
+
+| Header | Description
+| -- | -- |
+| `Fly-Client-IP` | The IP address Fly.io accepted a connection from |
+| `X-Forwarded-For` | A comma separated list of proxy servers the request passed through. MDN has [full documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) for this header |
+| `X-Forwarded-Proto` | Original client protocol, either `http` or `https` |
+| `X-Forwarded-SSL` | Indicates if client connected over SSL, either `on` or `off` |
+| `X-Forwarded-Port` | Original connection port, header may be set by client |
+| `Fly-Forwarded-Port` | Original connection port, always set by Fly.io |
+| `Fly-Region` | Original incoming connection region |
+| `Fly-Preferred-Instance-Unavailable` | The ID of a preferred instance that the proxy could not route to |
+
+You can set a preference on HTTP requests for which region you would like to connect to. You can specify a single region or multiple regions in order of preference:
+
+```
+Fly-Prefer-Region: iad
+```
+
+Or with multiple preferences (tries regions in order):
+
+```
+Fly-Prefer-Region: iad,ord,us,na
+```
+
+You can set a preference for a specific machine instance:
+
+```
+Fly-Prefer-Instance-Id: instance-number
+```
+
+You can force routing to a specific machine instance:
+
+```
+Fly-Force-Instance-Id: instance-number
+```
+
+Configuration example in `fly.toml`:
+
+```toml
+[[services]]
+...
+  [[services.ports]]
+    handlers = ["http"]
+    port = 80
+    force_https = true  # optional
+```
+
+### TLS handler
+
+The `tls` handler terminates TLS using Fly.io-managed application certificates, then forwards a plaintext connection to the application process. This is useful for running TCP services and offloading `TLS` to the Fly Proxy.
+
+For performance purposes, the Fly Proxy will terminate TLS on the host a client connects to, and then forward the connection to the nearest available Machine.
+
+<div class="note icon">
+**Note:** The TLS handler includes ALPN negotiation for HTTP/2. When possible, apps will connect to these kinds of Fly.io services using HTTP/2, and we will forward an unencrypted HTTP/2 connection (`h2c`) to the application process.
+</div>
+
+Configuration examples in `fly.toml`:
+
+```toml
+[[services]]
+...
+  [[services.ports]]
+    handlers = ["tls", "http"]
+    port = 443
+    tls_options = { "alpn" = ["h2", "http/1.1"], "versions" = ["TLSv1.2", "TLSv1.3"] }
+```
+
+```toml
+[http_service]
+...
+[http_service.tls_options]
+  alpn = ["h2", "http/1.1"]
+  versions = ["TLSv1.2", "TLSv1.3"]
+  default_self_signed = false
+```
+
+### Postgres TLS handler
+
+The `pg_tls` handler manages Postgres connections, so that you can expose your Postgres databases over the proxy securely. Some interesting notes by @glebarez on why standard TLS termination won't work for Postgres: https://github.com/glebarez/pgssl#readme
+
+Example configuration from default Fly Postgres app `fly.toml`:
+
+```toml
+[[services]]
+...
+  [[services.ports]]
+    port = 5433
+    handlers = ["pg_tls"]
+```
+
+### PROXY protocol handler
+
+The `proxy_proto` handler adds information about the original connection, including client IP + port and server IP + port (from the client's perspective). Most apps need additional logic to accept the PROXY protocol, either using a prebuilt library or implementing the [PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt+external) directly.
+
+Fly.io supports version 1 (human-readable header format) of the PROXY protocol by default with the `proxy_proto` handler. You can configure the `proxy_proto` handler to use version 2 (binary header format) in the [`services.ports.proxy_proto_options`](/docs/reference/configuration/#services-ports-proxy_proto_options) section of your `fly.toml` file.
+
+Configuration examples in `fly.toml`:
+
+```toml
+[[services.ports]]
+  handlers = ["proxy_proto"]
+  port = 5000
+  proxy_proto_options = { version = "v2" }
+```
+
+## HTTP to HTTPS redirects
+
+The `force_https` configuration option automatically redirects HTTP to HTTPS. When enabled, all HTTP requests return a redirect response with a `301` status code. This option can only be set on HTTP handlers - deployments will fail if set on other handlers.
+
+## Outbound IP addresses
+
+Fly Machines have IPv6 addresses from which they make requests to the wider internet without going through the Fly Proxy.
+
+By default, we don’t offer static IPs or regional IP ranges, and we discourage the use of our outbound IPs to bypass firewalls. A Machine's outbound IP is liable to change without notice. This shouldn't be a daily occurrence, but it will happen if a Machine is moved for whatever reason, such as a load-balancing of Fly Machines between servers in one region.
+
+If you do need a static outbound IP, you can assign one on a per-machine basis. You can allocate one to a machine with `fly machine egress-ip allocate <machine-id>. This will assign both an IPv4 and IPv6 address to the machine. Like dedicated IPv4 addresses, these are [billed](/docs/about/pricing/#static-machine-ip) monthly.
+
+You can also use the `fly machine egress-ip list` command to see all the IPs assigned to your machines, and release IPs with `fly machine egress-ip release <egress-ip>`.
+
+### Find your Machine's outbound IP
+
+The Machine's outbound IPv6 address is available in the `FLY_PUBLIC_IP` [environment variable](/docs/machines/runtime-environment/). Use `fly ssh console -s` to get an interactive shell on the Machine of your choice.
+
+```cmd
+echo $FLY_PUBLIC_IP
+```
+```out
+2605:4c40:92:520a:0:8c93:3d8a:1
+```
+
+You can also call out to an external service that'll tell you your IP. For example:
+
+```cmd
+curl text.ipv6.wtfismyip.com
+```
+```out
+2605:4c40:92:520a:0:8c93:3d8a:1
+```
+
+or
+
+```cmd
+dig +short txt o-o.myaddr.l.google.com @ns1.google.com
+```
+```out
+"2605:4c40:92:520a:0:8c93:3d8a:1"
+```
+
+So this Machine's outbound IPv6 address is `2605:4c40:92:520a:0:8c93:3d8a:1`.
+
+You may have to install software on the Machine to use `dig` or `curl`. On Debian, `dig` belongs to the `dnsutils` package.
+
+## Default-Deny security policy
+
+All requests to Fly.io apps are routed to our edge servers, where we use our memory-safe Rust proxy to direct traffic. The proxy listens on all ports and all Anycast addresses, so ports appear to be 'open' from the wider internet. However, nothing on your app is exposed unless you expose it via [services](/docs/networking/app-services/). You’re locked down by default.
+
+## Related reading
+
+- [Connect to an App Service](/docs/networking/app-services/) How to expose your Fly App’s processes publicly or privately through services.
+- [Dynamic Request Routing with fly‑replay](/docs/networking/dynamic-request-routing/) How to route requests between regions, apps, or machines using Fly‑specific headers.
+- [Connect Your Private Network with WireGuard](/docs/blueprints/connect-private-network-wireguard/) Set up secure access between Fly.io and your private infrastructure using WireGuard tunnels.
+- [Private Networking](/docs/networking/private-networking/) How services communicate securely over Fly.io’s private network without going through the public internet.
diff --git a/networking/tls.html.md b/networking/tls.html.md
new file mode 100644
index 0000000000..c968349796
--- /dev/null
+++ b/networking/tls.html.md
@@ -0,0 +1,32 @@
+---
+title: TLS Support
+layout: docs
+nav: firecracker
+redirect_from:
+  - /docs/reference/tls/
+---
+
+The Fly proxy only supports TLSv1.2 and TLSv1.3 with strong ciphers. Learn more about our [built-in TLS termination](/docs/security/tls-termination/).
+
+## Supported Cipher Suites
+
+These suites give us broad, secure coverage. We do not support very old browsers.
+
+**TLS 1.3:**
+
+```
+TLS_AES_128_GCM_SHA256
+TLS_AES_256_GCM_SHA384
+TLS_CHACHA20_POLY1305_SHA256
+```
+
+**TLS 1.2:**
+
+```
+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+```
+
+
+You can always get an updated list of supported ciphers from the [SSL Labs test results](https://www.ssllabs.com/ssltest/analyze.html?d=fly.io&s=2a09%3a8280%3a1%3a0%3a0%3a0%3aa%3a791&hideResults=on&latest+external).
diff --git a/networking/udp-and-tcp.html.markerb b/networking/udp-and-tcp.html.markerb
new file mode 100644
index 0000000000..0681d18b20
--- /dev/null
+++ b/networking/udp-and-tcp.html.markerb
@@ -0,0 +1,195 @@
+---
+title: "Running apps on UDP and TCP"
+layout: docs
+nav: firecracker
+author: thomas
+categories:
+  - networking
+date: 2021-12-07
+redirect_from:
+  - /docs/app-guides/udp-and-tcp/
+---
+
+You can run any containerized app on our platform, regardless of what protocols it talks over, including apps that rely on UDP in addition to TCP. This guide walks you through how to set up your UDP app on Fly.io.
+
+Before getting started, here's the summary of important points about using up UDP on Fly.io (that we'll expand on below):
+
+* You need a dedicated IPv4 address. You can't use a shared IPv4 address or an IPv6 address for UDP. We support public IPv6 and shared IPv4 for TCP.
+
+* The UDP side of your app needs to bind to the special `fly-global-services` address. But the TCP side of your app can't; it should bind to `0.0.0.0`.
+
+* The UDP side of your app needs to bind to the same port that is used externally. Fly will not rewrite the port; Fly only rewrites the IP address for UDP packets.
+
+* We swipe a couple dozen bytes from your MTU for UDP, which usually doesn't matter, but in rare cases might.
+
+## You need a dedicated IPv4 address
+
+You'll need a [dedicated IPv4 address](/docs/networking/services/#dedicated-ipv4) for your app to accept UDP packets. We don't support UDP over public IPv6. Every Fly.io app gets a public IPv6 address and a shared IPv4 address that will work for the TCP side of your app.
+
+<div class="note icon">
+**Note:** UDP does work over [Fly.io IPv6 private networking](/docs/reference/private-networking/).
+</div>
+
+## Your app needs to bind to the `fly-global-services` address
+
+To receive UDP packets, your app needs to bind to the special `fly-global-services` address (that's it; that's the address). Just as importantly: it needs to reply to messages using that address.
+
+You usually need to explicitly bind your UDP service to `fly-global-services`. Sorry, but `0.0.0.0`, `*`, and `INADDR_ANY` generally won't do: Linux will use the wrong source address in replies if you use those.
+
+**But: TCP can't use `fly-global-services`**
+
+You can't bind your TCP service to `fly-global-services`; the TCP side of your app should probably bind to `*`.
+
+### Why the `fly-global-services` address?
+
+For the most part, UDP "just works" on Fly.io, the way you'd expect it to.
+
+The thing about forwarding UDP that makes it different from HTTP is that UDP messages don't have HTTP headers. When a standard proxy receives an HTTP message and sends it to its target, it stashes the original source address in the headers, so the target knows who it's talking to. You can't generally do that with UDP messages. But you need to know who you're talking to in order to respond to a UDP message!
+
+We use ⚡️`eBPF magic`⚡️ to shuttle UDP packets across our forwarding fabric while transparently mapping source addresses. What that means for you is that you can generally just write a standard socket program that reads UDP messages and replies to them based on the source address of the packet. 
+
+<div class="callout">If we didn't do this `fly-global-services` thing, our UDP proxying logic would also try to proxy your app's own DNS traffic; it can't otherwise tell the difference between UDP packets you're sending to respond to a user and UDP packets your app generates in the ordinary course of its business.</div>
+
+## Your app needs to listen on the same port externally and internally
+
+Fly will only rewrite the IP addresses for UDP packets. The destination port for inbound packets will not be rewritten. That means if your app receives UDP traffic on port 5000 externally, the app needs to bind to `fly-global-services:5000` to receive that UDP traffic.
+
+## You might need to be mindful of MTUs
+
+An invariant on almost every network is the maximum packet size, the MTU. Typically, the MTU is 1500 bytes. If you exceed 1500 bytes, your packets will fragment. [You don't want to fragment](https://datatracker.ietf.org/doc/html/draft-mathis-frag-harmful-00).
+
+Fly.io takes a bite out of your packets for two purposes:
+
+1. We forward all traffic across a [WireGuard](https://www.wireguard.com/) mesh, and WireGuard eats 60 bytes of every packet.
+
+2. The UDP proxy forwarding system we use grabs another dozen bytes to record the original addresses of the packets --- the source address we saw when your client's packet hit our edge. You don't see these bytes; they're stripped off the packet before it's delivered to your app. But they're used in transit.
+
+In most cases this won't matter to you at all. Modern UDP protocols are designed to assume they have far less than 1500 bytes to work with, because there are all sorts of weird links on the Internet with smaller MTUs.
+
+But if you're doing something super-custom, it's best to assume you've got something more like 1300 bytes to work with, not 1500.
+
+## Example UDP app
+
+Let's build a simple echo service. You can play the home version at [this GitHub repository](https://github.com/fly-apps/udp-echo-). We'll listen on port 5000, UDP and TCP, and just bat back whatever clients send us.
+
+Use `flyctl launch` to create a `fly.toml` file. Use it to wire up the ports.
+
+```toml
+[[services]]
+  internal_port = 5000
+  protocol = "udp"
+
+  [[services.ports]]
+    port = "5000"
+
+[[services]]
+  internal_port = 5000
+  protocol = "tcp"
+
+  [[services.ports]]
+    port = "5000"
+```
+
+We're going to build this app in Go (don't worry, it's simple, you'll be able to follow it even if you aren't a gopher). It's going to be vanilla socket code.
+
+### Let's See Some Code
+
+You light up UDP and TCP with standard socket code. Usually, the only fussy bit will be the `fly-global-services` bind for UDP. Here's what that looks like in Go:
+
+```golang
+func main() {
+  // in other programming languages, this might look like:
+	//    s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)
+	//    s.bind("fly-global-services", port)
+
+	udp, err := net.ListenPacket("udp", fmt.Sprintf("fly-global-services:%d", port))
+	if err != nil {
+		log.Fatalf("can't listen on %d/udp: %s", port, err)
+	}
+
+	// in other programming languages, this might look like:
+	//    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
+	//    s.bind("0.0.0.0", port)
+	//    s.listen()
+
+	tcp, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
+	if err != nil {
+		log.Fatalf("can't listen on %d/tcp: %s", port, err)
+	}
+
+	go handleTCP(tcp)
+
+	handleUDP(udp)
+}
+
+```
+
+The handlers for this app are textbook Go code; after the UDP bind, nothing else in your app will care about Fly.io.
+
+Here's TCP:
+
+```golang
+func handleTCP(l net.Listener) {
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			if errors.Is(err, net.ErrClosed) {
+				return
+			}
+
+			log.Printf("error accepting on %d/tcp: %s", port, err)
+			continue
+		}
+
+		go handleConnection(conn)
+	}
+}
+
+func handleConnection(c net.Conn) {
+	defer c.Close()
+
+	lines := bufio.NewReader(c)
+
+	for {
+		line, err := lines.ReadString('\n')
+		if err != nil {
+			return
+		}
+
+		c.Write([]byte(line))
+	}
+}
+```
+
+And here's UDP:
+
+```golang
+func handleUDP(c net.PacketConn) {
+	packet := make([]byte, 2000)
+
+	for {
+		n, addr, err := c.ReadFrom(packet)
+		if err != nil {
+			if errors.Is(err, net.ErrClosed) {
+				return
+			}
+
+			log.Printf("error reading on %d/udp: %s", port, err)
+			continue
+		}
+
+		c.WriteTo(packet[:n], addr)
+	}
+}
+```
+
+In a real Go app doing something like DNS, you might have a single thread reading messages off the UDP socket and passing them to a pool of workers over a buffered channel; you might not want to fork off a thread for every UDP message you receive. This is just an echo service, so we'll dispense with that detail.
+
+This program, [with a simple Dockerfile](https://github.com/fly-apps/udp-echo-/blob/main/Dockerfile) and the `fly.toml` configuration above, should just work on Fly.io. [Boot it up](https://fly.io/docs/flyctl/deploy/) and throw some UDP packets at it with netcat:
+
+```cmd
+echo hello world | nc -w1 -u udp-echo-sample.fly.dev 5000
+```
+```output
+hello world
+```
diff --git a/networking/understanding-cloudflare.html.md b/networking/understanding-cloudflare.html.md
new file mode 100644
index 0000000000..f7183f6ee3
--- /dev/null
+++ b/networking/understanding-cloudflare.html.md
@@ -0,0 +1,102 @@
+---
+title: "Understanding Cloudflare"
+layout: docs
+nav: firecracker
+author: kaelyn
+date: 2025-07-16
+---
+
+Many Fly.io apps use Cloudflare—sometimes just for DNS, sometimes with proxying enabled, and sometimes for both. This guide covers the supported configurations, how to set them up, and what to watch out for when using Cloudflare with Fly.io.
+
+## DNS-only setup
+
+This is the simplest and most reliable way to use Cloudflare with Fly.io. To configure a DNS-only setup:
+
+1. Point your domain to your Fly.io app using an `AAAA` record for the IPv6 address and an `A` record for the IPv4 address.
+2. Alternatively, use a `CNAME` record pointing to your app's unique target, shown in your certificate setup instructions.
+3. Disable the Cloudflare proxy (select "grey cloud") for these records.
+4. SSL certificates will be handled by Fly.io automatically using Let's Encrypt.
+
+## CDN proxy setup ("orange cloud")
+
+Enabling Cloudflare's proxy gives you caching and DDoS protection, but it also changes how SSL certificates work. Cloudflare terminates TLS traffic, which interferes with Fly.io's default TLS-ALPN-01 certificate issuance process.
+
+The recommended approach for using Cloudflare's CDN proxy is to configure it to forward HTTP requests, which allows HTTP-01 challenges to work properly. To configure a CDN proxy setup:
+
+1. Create an `AAAA` record only pointing to your Fly.io app's IPv6 address.
+2. Do not add `A` or `CNAME` records. If you previously had an `A` record pointing elsewhere (such as a legacy server or placeholder), remove it, even if the correct `AAAA` record is present. Having any `A` record alongside the `AAAA` can confuse Let’s Encrypt validation and prevent certificate renewal.
+3. Enable the Cloudflare proxy (orange cloud).
+4. Set SSL mode in Cloudflare to Full (strict).
+5. Enable Always Use HTTPS in Cloudflare.
+
+<div class="callout">
+**Important:** This setup allows Fly.io to handle HTTP-01 validation and issue certificates automatically.
+</div>
+
+
+### Using the DNS-01 challenge (manual certificate setup)
+
+If the HTTP-01 challenge doesn't work for your setup, you can fall back to using a DNS-01 challenge to manually issue a certificate.
+
+To do this:
+1. Use the Fly.io dashboard or run:
+
+```bash
+fly certs create <your-domain>
+```
+
+2. Add the required TXT records to Cloudflare when prompted.
+3. The certificate will issue once DNS propagation is complete.
+
+### How Fly.io handles TLS and certificate management
+
+TLS certificates are provisioned automatically using Let’s Encrypt. We handle renewals in advance and manage rate limits carefully per hostname, so you don’t need to worry about expiration dates or throttling.
+
+We don’t currently support bringing your own ACME provider like ZeroSSL or SSL.com into our provisioning flow. If you prefer to terminate TLS yourself and handle your own ACME HTTP challenges, you can do that by passing TCP through to your Fly app. The Fly Proxy won’t interfere with these challenges, and there's no IPv6 requirement if you're managing this independently.
+
+Both approaches are valid, but we recommend using the platform's built-in TLS termination and certificate management, especially as certificate validity periods get shorter.
+
+## Common issues to watch for
+
+- Cloudflare's Universal SSL may interfere with DNS-01 challenges. Disable it or use HTTP-01 instead to avoid this.
+- Check that your domain allows Let's Encrypt with a CAA record like:
+
+```
+   example.com.  CAA  0 issue "letsencrypt.org"
+```
+
+- Only one application should manage certificates for a domain. Using more than one can cause conflicts.
+- Let's Encrypt has limits. Check the certificate status tab in the Fly.io dashboard if issuance fails.
+
+<div class="callout">
+**Cloudflare Universal SSL Ghost Records Issue:** If you're using Cloudflare and Let's Encrypt can't issue a certificate, you may be encountering phantom _acme-challenge TXT records. This happens when Cloudflare's Universal SSL automatically inserts hidden ACME challenge TXT records that don't appear in your DNS dashboard but show up when you run `dig TXT _acme-challenge.yourdomain.com`. These ghost records interfere with Let's Encrypt's validation process.
+
+To resolve this:
+1. Go to Edge Certificates in Cloudflare's SSL/TLS settings and disable Universal SSL.
+2. Purge cache ("Purge Everything" in Cloudflare) and/or enable Development Mode.
+3. Wait several minutes for DNS cache to clear, then confirm with `dig` that only your intended TXT record is present.
+4. Retry certificate issuance from Fly.io.
+</div>
+
+## Tools for debugging
+
+These tools can help when diagnosing certificate or DNS issues:
+
+- [crt.sh](https://crt.sh/): Check issued certificates.
+- [DNSChecker](https://dnschecker.org/): Confirm DNS propagation.
+- [Let's Debug](https://letsdebug.net/): Analyze certificate validation issues.
+- dig: Inspect DNS records from the command line.
+
+For example:
+
+```bash
+dig AAAA your-app.example.com
+
+dig TXT _acme-challenge.your-app.example.com
+```
+
+## Related topics
+
+- [Custom domain guide](https://fly.io/docs/networking/custom-domain/)
+- [Custom domain API reference](https://fly.io/docs/networking/custom-domain-api/)
+- [flyctl certs commands](https://fly.io/docs/flyctl/certs/)
diff --git a/partials/_accordion.html.erb b/partials/_accordion.html.erb
new file mode 100644
index 0000000000..a6faeeda95
--- /dev/null
+++ b/partials/_accordion.html.erb
@@ -0,0 +1,29 @@
+<% if nav.is_a?(Hash) %>
+  <% nav[:open] = section_open?(nav) %>
+  <dl class="accordion<%= nav[:open] ? " open" : "" %>">
+    <dt class="accordion-header">
+      <% title = nav[:title] || nav[:text] %>
+      <% if nav[:path] %>
+        <%= nav_link(nav[:path], class: "title-link") do %>
+          <span class="truncate pointer-events-none"><%= title %></span>
+        <% end %>
+      <% else %>
+        <span class="accordion-title"><%= title %></span>
+      <% end %>
+      <button class="accordion-trigger" aria-expanded="<%= nav[:open] %>">
+        <span class="sr-only">Toggle <%= title %> section</span>
+      </button>
+    </dt>
+    <dd class="accordion-target">
+      <ul class="accordion-content" role="region" aria-label="<%= title %>">
+        <% if nav[:links].is_a?(Array) %>
+          <% nav[:links].each do |page| %>
+            <li><%= render_accordion_item(page) %></li>
+          <% end %>
+        <% end %>
+      </ul>
+    </dd>
+  </dl>
+<% else %>
+  <%= render_accordion_item(nav) %>
+<% end %>
\ No newline at end of file
diff --git a/partials/_accordion_nav.html.erb b/partials/_accordion_nav.html.erb
new file mode 100644
index 0000000000..627f83a1ff
--- /dev/null
+++ b/partials/_accordion_nav.html.erb
@@ -0,0 +1,89 @@
+<% 
+  def section_open?(section)
+    (!section[:path].nil? && current_page?(section[:path])) ||
+    (!section[:open].nil? && section[:open]) ||
+    (section[:links] && section[:links].any? { |page| current_page?(page[:path]) || (page[:links] && section_open?(page)) })
+  end
+
+  nav.each { |nav| nav[:open] = section_open?(nav) unless nav[:title].nil? }
+
+  nav.each do |nav| 
+%>
+  <% if nav[:links].nil? %>
+    <%= nav_link nav[:title], nav[:path], class: "title-link" %>
+  <% elsif nav[:text] %>
+    <%= nav_link nav[:text], nav[:path], class: "#{nav[:type]}-link" %>
+  <% elsif nav[:accordion] == false %>
+    <dl>
+      <dt>
+        <%= nav_link nav[:title], nav[:path], class: "index-link" %>
+      </dt>
+      <dd>
+        <ul>
+          <% nav[:links]&.each do |page| %>
+            <li><%= nav_link page[:text], page[:path], class: "subpage-link" %></li>
+          <% end %>
+        </ul>
+      </dd>
+    </dl>
+  <% else %>
+    <dl class="accordion<%= nav[:open] ? " open" : "" %>">
+      <dt class="accordion-header">
+        <% if nav[:title] && nav[:path] %>
+          <%= nav_link nav[:title], nav[:path], class: "title-link" %>
+        <% else %>
+          <span class="accordion-title"><%= nav[:title] %></span>
+        <% end %>
+        <%# Only show the accordion trigger if there are real subpages %>
+        <% if nav[:links] && nav[:links].size > 0 %>
+          <button class="accordion-trigger" aria-expanded="<%= nav[:open] %>">
+            <span class="sr-only">Toggle <%= nav[:title] %> section</span>
+          </button>
+        <% end %>
+      </dt>
+      <dd class="accordion-target">
+        <ul class="accordion-content" role="region" aria-label="<%= nav[:title] %>">
+          <% nav[:links]&.each do |page| %>
+            <% if page[:links] %>
+              <li>
+                <dl class="accordion<%= section_open?(page) ? " open" : "" %>">
+                  <dt class="accordion-header">
+                    <% if page[:title] && page[:path] %>
+                      <%= nav_link page[:title], page[:path], class: "title-link" %>
+                    <% else %>
+                      <span class="accordion-title"><%= page[:title] %></span>
+                    <% end %>
+                    <button class="accordion-trigger" aria-expanded="<%= section_open?(page) %>">
+                      <span class="sr-only">Toggle <%= page[:title] %> section</span>
+                    </button>
+                  </dt>
+                  <dd class="accordion-target">
+                    <ul class="accordion-content" role="region" aria-label="<%= page[:title] %>">
+                      <% page[:links]&.each do |subpage| %>
+                        <li>
+                          <% if subpage[:type] == "flyctl" %>
+                            <%= flyctl_nav_link subpage[:text], subpage[:path] %>
+                          <% else %>
+                            <%= nav_link subpage[:text], subpage[:path] %>
+                          <% end %>
+                        </li>
+                      <% end %>
+                    </ul>
+                  </dd>
+                </dl>
+              </li>
+            <% else %>
+              <li>
+                <% if page[:type] == "flyctl" %>
+                  <%= flyctl_nav_link page[:text], page[:path] %>
+                <% else %>
+                  <%= nav_link page[:text], page[:path] %>
+                <% end %>
+              </li>
+            <% end %>
+          <% end %>
+        </ul>
+      </dd>
+    </dl>
+  <% end %>
+<% end %>
\ No newline at end of file
diff --git a/partials/_apps_nav.html.erb b/partials/_apps_nav.html.erb
index 7c4bf6f578..3f2b0f6669 100644
--- a/partials/_apps_nav.html.erb
+++ b/partials/_apps_nav.html.erb
@@ -1,43 +1,57 @@
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Back to Docs", "/docs/" %>
-  </li>
-</ul>
+<%= partial "/docs/partials/back_to_docs" unless current_page?('/docs') %>
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly Apps", "/docs/apps/" %>
-    <ul>
-      <li>
-        <%= nav_link "Launch a New App", "/docs/apps/launch/" %>
-      </li>
-      <li>
-        <%= nav_link "Deploy Changes to an App", "/docs/apps/deploy/" %>
-      </li>
-      <li>
-        <%= nav_link "Get Information about an App", "/docs/apps/info/" %>
-      </li>  
-      <li>
-        <%= nav_link "Add Volume Storage", "/docs/apps/volume-storage/" %>
-      </li>
-      <li>
-        <%= nav_link "Scale VM Resources", "/docs/apps/scale-machine/" %>
-      </li>
-      <li>
-        <%= nav_link "Scale VM Count", "/docs/apps/scale-count/" %>
-      </li>
-      <li>
-        <%= nav_link "Restart an App", "/docs/apps/restart/" %>
-      </li>
-      <li>
-        <%= nav_link "Run Multiple Processes in an App", "/docs/apps/processes/" %>
-      </li>
-      <li>
-        <%= nav_link "Delete an App", "/docs/apps/delete/" %>
-      </li>
-      <li>
-        <%= nav_link "Fly Launch Configuration Reference", "/docs/reference/configuration/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
\ No newline at end of file
+<% 
+  @nav = [
+    {
+      title: "Apps on Fly.io",
+      path: "/docs/apps/",
+      accordion: false,
+      links: [
+        { text: "Fly Apps overview", path: "/docs/apps/overview/" },
+        { text: "Get app info", path: "/docs/apps/info/" },
+        { text: "Restart an app", path: "/docs/apps/restart/" },
+        { text: "Delete an app", path: "/docs/apps/delete/" },
+        { text: "Move an app between orgs", path: "/docs/apps/move-app-org/" }
+      ]
+    },
+    {
+      title: "Fly Launch",
+      path: "/docs/launch/",
+      open: true,
+      links: [
+        { text: "Launch a new app", path: "/docs/launch/create/" },
+        { text: "Deploy an app", path: "/docs/launch/deploy/" },
+        { text: "Scale Machine CPU and RAM", path: "/docs/launch/scale-machine/" },
+        { text: "Scale the number of Machines", path: "/docs/launch/scale-count/" },
+        { text: "Autostop/autostart Machines", path: "/docs/launch/autostop-autostart/" },
+        { text: "Autoscale based on metrics", path: "/docs/launch/autoscale-by-metric/" },
+        { text: "Add volume storage", path: "/docs/launch/volume-storage/" },
+        { text: "Use process groups", path: "/docs/launch/processes/" },
+        { text: "Deploy with GitHub Actions", path: "/docs/app-guides/continuous-deployment-with-github-actions/" },
+        { text: "Deploy monorepo apps", path: "/docs/launch/monorepo/" },
+        { text: "Troubleshoot when a host is down", path: "/docs/apps/trouble-host-unavailable/" },
+        { text: "App config reference (fly.toml)", path: "/docs/reference/configuration/" }
+      ]
+    },
+    {
+      title: "Secrets",
+      open: true,
+      links: [
+        { text: "Set runtime secrets", path: "/docs/apps/secrets/" },
+        { text: "Set build secrets", path: "/docs/apps/build-secrets/" }
+      ]
+    },
+    {
+      title: "Production Apps",
+      open: true,
+      links: [
+        { text: "Going to production", path: "/docs/apps/going-to-production/" },
+        { text: "App availability and resiliency", path: "/docs/apps/app-availability/" },
+        { text: "Fine-tune and benchmark apps", path: "/docs/apps/fine-tune-apps/" },
+        { text: "App handover guide", path: "/docs/apps/app-handover-guide/" },
+        { text: "Concurrency settings", path: "/docs/apps/concurrency/" }
+      ]
+    },
+  ]
+%>
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_back_to_docs.html.erb b/partials/_back_to_docs.html.erb
index 478dce114c..081b682393 100644
--- a/partials/_back_to_docs.html.erb
+++ b/partials/_back_to_docs.html.erb
@@ -1,11 +1,3 @@
-<div class="mb-6 md:-ml-3.5 relative flex items-center flex-wrap md:text-sm font-semibold hover:text-violet-600 transition-colors">
-  <svg viewBox="0 0 12 12" fill="currentColor" class="w-3 h-3 mr-0.5 relative -top-px -left-1">
-    <g bufferred-rendering="static">
-      <path d="M5.558 1.183a.629.629 0 01.884 0l4.375 4.376a.625.625 0 01-.442 1.066H9.75v3.751a.628.628 0 01-.625.625h-1.25a.628.628 0 01-.625-.625V8.5a.628.628 0 00-.625-.625h-1.25a.628.628 0 00-.625.625v1.876a.628.628 0 01-.625.625h-1.25a.628.628 0 01-.625-.625V6.625h-.625a.625.625 0 01-.442-1.066l4.375-4.376z" />
-    </g>
-  </svg>
-  <a href="http://github.com/docs/">
-    Docs home
-  </a>
-  <hr class="mt-2 w-full h-px border-0 bg-gradient-to-r from-black/[0.025] via-black/[0.075] to-black/[0.025]">
-</div>
\ No newline at end of file
+<a href="http://github.com/docs/" class="home-link">
+  Docs Index
+</a>
\ No newline at end of file
diff --git a/partials/_breadcrumbs.html.erb b/partials/_breadcrumbs.html.erb
new file mode 100644
index 0000000000..31a280e93a
--- /dev/null
+++ b/partials/_breadcrumbs.html.erb
@@ -0,0 +1,25 @@
+<nav aria-label="Breadcrumb" class="mb-11 flex items-center space-x-2 text-sm font-semibold text-gray-500">
+  <a href="http://github.com/docs/" class="hover:text-violet-600 transition-colors truncate">Docs</a>
+  <%
+    segments = current_page.request_path.split('/').drop(2)
+    segments.each_with_index do |segment, index|
+      path = "/docs/#{segments.take(index + 1).join('/')}"
+      title = if index == segments.size - 1
+                page_title
+              else
+                get_page_title(path)
+              end
+      is_last = index == segments.size - 1
+  %>
+    <span data-lvl="<%= index %>" class="flex items-center truncate">
+      <svg class="w-4 h-4 text-gray-500/50 shrink-0" fill="currentColor" viewBox="0 0 20 20">
+        <path fill-rule="evenodd" d="M7.293 14.707a1 1 0 010-1.414L10.586 10 7.293 6.707a1 1 0 011.414-1.414l4 4a1 1 0 010 1.414l-4 4a1 1 0 01-1.414 0z" clip-rule="evenodd" />
+      </svg>
+      <% if is_last %>
+        <span class="ml-2 text-navy-950 truncate"><%= title %></span>
+      <% else %>
+        <a href="http://github.com/%3C%=%20path%20%%3E" class="ml-2 hover:text-violet-600 transition-colors truncate"><%= title %></a>
+      <% end %>
+    </span>
+  <% end %>
+</nav>
diff --git a/partials/_demo_nav.html.erb b/partials/_demo_nav.html.erb
new file mode 100644
index 0000000000..6d7cccd909
--- /dev/null
+++ b/partials/_demo_nav.html.erb
@@ -0,0 +1,41 @@
+<style>
+  .singleton-link {display: block; margin-top: 1em; margin-bottom: 1em }
+</style>
+<%= partial "/docs/partials/back_to_docs" unless current_page?('/docs') %>
+
+<% 
+  @nav = [
+    {
+      title: "Deep Dive Demo",
+      path: "/docs/deep-dive/",
+      accordion: false,
+      links: [
+        { text: "Launch the demo", path: "/docs/deep-dive/launch-deep-dive/" }
+      ]
+    },
+    {
+      title: "What You Get",
+      open: true,
+      links: [
+        { text: "Your Fly App", path: "/docs/deep-dive/application/" },
+        { text: "PostgreSQL database", path: "/docs/deep-dive/postgresql/" },
+        { text: "Tigris Object Storage", path: "/docs/deep-dive/tigris/" },
+        { text: "Upstash Redis", path: "/docs/deep-dive/redis/" },
+      ]
+    },
+    { text: "Add OpenAI Whisper", path: "/docs/deep-dive/whisper/", type: "singleton" },
+    { text: "Recap", path: "/docs/deep-dive/recap", type: "singleton" },
+    {
+      title: "Runtimes reference",
+      open: true,
+      links: [
+        { text: "Django", path: "/docs/deep-dive/django/" },
+        { text: "Next.js", path: "/docs/deep-dive/nextjs/" },
+        { text: "Node.js", path: "/docs/deep-dive/nodejs/" },
+        { text: "Phoenix", path: "/docs/deep-dive/phoenix/" },
+        { text: "Rails", path: "/docs/deep-dive/rails/" },
+      ]
+    }
+  ]
+%>
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_firecracker_nav.html.erb b/partials/_firecracker_nav.html.erb
index cbc6f528e7..18ea77f4fc 100644
--- a/partials/_firecracker_nav.html.erb
+++ b/partials/_firecracker_nav.html.erb
@@ -1,303 +1,231 @@
-<%= partial "/docs/partials/back_to_docs" unless current_page?('/docs') %>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Getting Started", "/docs/getting-started" %>
-    <ul role="region" aria-label="Getting Started">
-      <li>
-        <%= nav_link "Speedrun: Launch on Fly.io", "/docs/speedrun/" %>
-      </li>
-      <li>
-        <%= nav_link "Hands-on with Fly.io", "/docs/hands-on/" %>
-      </li>
-      <li>
-        <%= nav_link "Troubleshooting Deployments", "/docs/getting-started/troubleshooting/" %>
-      </li>
-      <li>
-        <%= nav_link "Connect to an App Service", "/docs/getting-started/app-services/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Language & Framework Guides", "/docs/languages-and-frameworks/" %>
-    <ul role="region" aria-label="Language & Framework Guides">
-      <li>
-        <%= nav_link "Run an Elixir App", "/docs/elixir/getting-started" %>
-      </li>
-      <li>
-        <%= nav_link "Run a Rails App", "/docs/rails/getting-started/" %>
-      </li>
-      <li>
-        <%= nav_link "Run a Laravel App", "/docs/laravel/" %>
-      </li>
-      <li>
-        <%= nav_link "Run a Django App", "/docs/django/getting-started/" %>
-      </li>
-      <li>
-        <%= nav_link "Run a JavaScript App", "/docs/js/" %>
-      </li>
-      <li>
-        <%= nav_link "More...", "/docs/languages-and-frameworks/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly Launch", "/docs/apps/" %>
-    <ul role="region" aria-label="Fly Apps">
-      <li>
-        <%= nav_link "Launch a New App", "/docs/apps/launch/" %>
-      </li>
-      <li>
-        <%= nav_link "Deploy a Fly App", "/docs/apps/deploy/" %>
-      </li>
-      <li>
-        <%= nav_link "Get Information about an App", "/docs/apps/info/" %>
-      </li>
-      <li>
-        <%= nav_link "Use a Custom Domain", "/docs/apps/custom-domain/" %>
-      </li>
-      <li>
-        <%= nav_link "Scale Machine CPU and RAM", "/docs/apps/scale-machine/" %>
-      </li>
-      <li>
-        <%= nav_link "Scale the Number of Machines", "/docs/apps/scale-count/" %>
-      </li>
-      <li>
-        <%= nav_link "Auto Stop and Start Machines", "/docs/apps/autostart-stop/" %>
-      </li>
-      <li>
-        <%= nav_link "Add volume storage", "/docs/apps/volume-storage/" %>
-      </li>
-      <li>
-        <%= nav_link "Manage volume storage", "/docs/apps/volume-manage/" %>
-      </li>
-      <li>
-        <%= nav_link "Restart an App", "/docs/apps/restart/" %>
-      </li>
-      <li>
-        <%= nav_link "Run Multiple Processes in an App", "/docs/apps/processes/" %>
-      </li>
-      <li>
-        <%= nav_link "Delete an App", "/docs/apps/delete/" %>
-      </li>
-      <li>
-        <%= nav_link "Troubleshoot apps when a host is unavailable", "/docs/apps/trouble-host-unavailable/" %>
-      </li>
-      <li>
-        <%= nav_link "Fly Launch Configuration Reference", "/docs/reference/configuration/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly GPUs", "/docs/gpus/" %>
-    <ul role="region" aria-label="Fly Apps">
-      <li>
-        <%= nav_link "GPU Quickstart", "/docs/gpus/gpu-quickstart/" %>
-      </li>
-       <li>
-        <%= nav_link "Getting Started with GPU Machines", "/docs/gpus/getting-started-gpus/" %>
-      </li>
-      <li>
-        <%= nav_link "Python GPU Dev Machine", "/docs/gpus/python-gpu-example/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Databases & Storage", "/docs/database-storage-guides/" %>
-    <ul role="region" aria-label="Databases & Storage">
-      <li>
-        <%= nav_link "Volumes", "/docs/volumes" %>
-      <li>
-        <%= nav_link "Fly Postgres", "/docs/postgres/" %>
-      </li>
-      <li>
-        <%= nav_link "SQLite & LiteFS", "/docs/litefs/" %>
-      </li>
-      <li>
-        <%= nav_link "Supabase Postgres", "/docs/reference/supabase/" %>
-      </li>
-      <li>
-        <%= nav_link "Upstash for Redis®", "/docs/reference/redis/" %>
-      </li>
-      <li>
-        <%= nav_link "More...", "/docs/database-storage-guides/#other-storage-apps" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+<%
+  @nav = [
+    {
+      title: "Getting Started",
+      path: "/docs/getting-started/launch",
+      open: current_page?("/docs"),
+      links: [
+        { text: "Quickstart: Launch your app", path: "/docs/getting-started/launch/" },
+        { text: "Launch HelloFly Demo App", path: "/docs/getting-started/launch-demo" },
+        { text: "Deep Dive Demo App", path: "/docs/deep-dive/" },
+        { text: "Choose a Language or Framework", path: "/docs/getting-started/get-started-by-framework/" },
+        { text: "Fly.io Essentials", path: "/docs/getting-started/essentials/" },
+        { text: "Troubleshoot Deployments", path: "/docs/getting-started/troubleshooting/" }
+      ]
+    },
+    {
+      title: "Guides (Blueprints)",
+      path: "/docs/blueprints/",
+      open: false,
+      links: [
+        { text: "Guides Overview", path: "/docs/blueprints/" }
+      ]
+    },
+    {
+      title: "Apps on Fly.io",
+      path: "/docs/apps/overview",
+      open: false,
+      links: [
+        { text: "Fly Apps Overview", path: "/docs/apps/overview/" },
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly Machines", "/docs/machines/" %>
-    <ul role="region" aria-label="Fly Machines">
-      <li>
-        <%= nav_link "Run a new Machine", "/docs/machines/run/" %>
-      </li>
-      <li>
-        <%= nav_link "Working with the Machines API", "/docs/machines/working-with-machines/" %>
-      </li>
-      <li>
-        <%= nav_link "Machines API Spec", "https://docs.machines.dev/swagger/index.html" %>
-      </li>
-      <li>
-        <%= nav_link "Run User Code on Fly Machines", "/docs/machines/guides-examples/functions-with-machines/" %>
-      </li>
-      <li>
-        <%= nav_link "Machine Sizing", "/docs/machines/guides-examples/machine-sizing/" %>
-      </li>
-      <li>
-        <%= nav_link "Machine restart policy", "/docs/machines/guides-examples/machine-restart-policy/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+        { text: "Fly Launch", path: "/docs/launch/" },
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Other Guides", "/docs/guides/" %>
-    <ul role="region" aria-label="Other Guides">
-      <li>
-        <%= nav_link "Going to Production", "/docs/going-to-production/" %>
-      </li>
-      <li>
-        <%= nav_link "Custom Domains for SaaS", "/docs/app-guides/custom-domains-with-fly/" %>
-      </li>
-      <li>
-        <%= nav_link "Deploy with GitHub Actions", "/docs/app-guides/continuous-deployment-with-github-actions/" %>
-      </li>
-      <li>
-        <%= nav_link "Run Multiple Processes", "/docs/app-guides/multiple-processes/" %>
-      </li>
-      <li>
-        <%= nav_link "Run UDP Services", "/docs/app-guides/udp-and-tcp/" %>
-      </li>
-      <li>
-        <%= nav_link "Crontab with Supercronic", "/docs/app-guides/supercronic/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly.io Reference", "/docs/reference/" %>
-    <ul role="region" aria-label="Fly.io Reference">
-      <li>
-        <%= nav_link "flyctl", "/docs/flyctl/" %>
-      </li>
-      <li>
-        <%= nav_link "Fly Launch Configuration (fly.toml)", "/docs/reference/configuration/" %>
-      </li>
-      <li>
-        <%= nav_link "Apps", "/docs/reference/apps/" %>
-      </li>
-      <li>
-        <%= nav_link "Architecture", "/docs/reference/architecture/" %>
-      </li>
-      <li>
-        <%= nav_link "Availability and Resiliency", "/docs/reference/app-availability/" %>
-      </li>
-      <li>
-        <%= nav_link "Builders", "/docs/reference/builders/" %>
-      </li>
-      <li>
-        <%= nav_link "Deploy Tokens", "/docs/reference/deploy-tokens/" %>
-      </li>
-      <li>
-        <%= nav_link "Dynamic Request Routing", "/docs/reference/dynamic-request-routing/" %>
-      </li>
-      <li>
-        <%= nav_link "Sentry Error Tracking", "/docs/reference/sentry/" %>
-      </li>
-      <li>
-        <%= nav_link "Fly Launch", "/docs/reference/fly-launch/" %>
-      </li>
-      <li>
-        <%= nav_link "Load Balancing", "/docs/reference/load-balancing/" %>
-      </li>
-      <li>
-        <%= nav_link "Machines", "/docs/reference/machines/" %>
-      </li>
-      <li>
-        <%= nav_link "Metrics", "/docs/reference/metrics/" %>
-      </li>
-      <li>
-        <%= nav_link "Monorepo Apps", "/docs/reference/monorepo/" %>
-      </li>
-      <li>
-        <%= nav_link "Private Networking", "/docs/reference/private-networking/" %>
-      </li>
-      <li>
-        <%= nav_link "Public Networking", "/docs/reference/services/" %>
-      </li>
-      <li>
-        <%= nav_link "Regions", "/docs/reference/regions/" %>
-      </li>
-      <li>
-        <%= nav_link "Runtime Environment", "/docs/reference/runtime-environment/" %>
-      </li>
-      <li>
-        <%= nav_link "Build Secrets", "/docs/reference/build-secrets/" %>
-      </li>
-      <li>
-        <%= nav_link "Runtime Secrets", "/docs/reference/secrets/" %>
-      </li>
-      <li>
-        <%= nav_link "TLS Support", "/docs/reference/tls/" %>
-      </li>
-      <li>
-        <%= nav_link "Volumes", "/docs/reference/volumes" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+        { text: "Secrets", path: "/docs/apps/secrets/" },
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "About", "/docs/about/" %>
-    <ul role="region" aria-label="About">
-      <li>
-        <%= nav_link "Pricing", "/docs/about/pricing/" %>
-      </li>
-      <li>
-        <%= nav_link "Billing", "/docs/about/billing/" %>
-      </li>
-      <li>
-        <%= nav_link "Engineering Jobs", "/docs/hiring/" %>
-      </li>
-      <li>
-        <%= nav_link "Healthcare on Fly.io", "/docs/about/healthcare/" %>
-      </li>
-      <li>
-        <%= nav_link "Support", "/docs/about/support/" %>
-      </li>
-      <li>
-        <%= nav_link "Security", "/docs/about/security/" %>
-      </li>
-      <li>
-        <%= nav_link "Extensions Program", "/docs/about/extensions/" %>
-      </li>
-      <li>
-        <%= nav_link "Extensions API", "/docs/reference/extensions_api/" %>
-      </li>
-      <li>
-        <%= nav_link "Open Source", "/docs/about/open-source/" %>
-      </li>
-      <li>
-        <%= nav_link "Using Our Brand", "/docs/about/brand/" %>
-      </li>
-      <li>
-        <%= nav_link "Privacy Policy", "/legal/privacy-policy/" %>
-      </li>
-      <li>
-        <%= nav_link "Terms of Service", "/legal/terms-of-service/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+        { text: "Production Checklist", path: "/docs/apps/going-to-production/" }
+      ]
+    },
+    {
+      title: "Languages & Frameworks",
+      path: "/docs/languages-and-frameworks/",
+      open: false,
+      links: [
+        { text: "Elixir", path: "/docs/elixir/" },
+        { text: "Rails", path: "/docs/rails/getting-started/" },
+        { text: "Laravel", path: "/docs/laravel/" },
+        { text: "Django", path: "/docs/django/getting-started/" },
+        { text: "JavaScript", path: "/docs/js/" },
+        { text: "Rust", path: "/docs/rust/" },
+        { text: "Python", path: "/docs/python/" },
+        { text: "More...", path: "/docs/languages-and-frameworks/" }
+      ]
+    },
+    {
+      title: "Fly Machines",
+      path: "/docs/machines/overview",
+      open: false,
+      links: [
+        { text: "Introduction to Fly Machines", path: "/docs/machines/overview/" },
+        { text: "Machines API", path: "/docs/machines/api/" },
+        { text: "Run a New Machine", path: "/docs/machines/flyctl/fly-machine-run/" },
+        { text: "Update a Machine", path: "/docs/machines/flyctl/fly-machine-update/" },
+        { text: "Machine Sizing", path: "/docs/machines/guides-examples/machine-sizing/" },
+        { text: "Machine Restart Policy", path: "/docs/machines/guides-examples/machine-restart-policy/" },
+        { text: "Machine States", path: "/docs/machines/machine-states/" },
+        { text: "Run User Code on Fly Machines", path: "/docs/machines/guides-examples/functions-with-machines/" },
+        { text: "One App Per Customer - Why?", path: "/docs/machines/guides-examples/one-app-per-user-why/" },
+        { text: "The Machine Runtime Environment", path: "/docs/machines/runtime-environment/" }
+      ]
+    },
+    {
+      title: "Managed Postgres",
+      path: "/docs/mpg",
+      open: false,
+      links: [
+        { text: "Create and Connect to a Managed Postgres Cluster", path: "/docs/mpg/create-and-connect/" },
+        { text: "Cluster Configuration Options", path: "/docs/mpg/configuration/" },
+        { text: "Phoenix with Managed Postgres", path: "/docs/mpg/guides-examples/phoenix-guide/" },
+        { text: "Monitoring and Metrics", path: "/docs/mpg/metrics/" },
+        { text: "Import data from another postgres cluster", path: "/docs/mpg/import/" },
+        { text: "Supported Postgres Extensions", path: "/docs/mpg/extensions/" }
+      ]
+    },
+    {
+      title: "Fly GPUs",
+      path: "/docs/gpus/gpu-quickstart",
+      open: false,
+      links: [
+        { text: "GPU Quickstart", path: "/docs/gpus/gpu-quickstart/" },
+        { text: "Getting Started with GPU Machines", path: "/docs/gpus/getting-started-gpus/" },
+        { text: "Python GPU Dev Machine", path: "/docs/gpus/python-gpu-example/" }
+      ]
+    },
+    {
+      title: "Databases & Storage",
+      path: "/docs/database-storage-guides/",
+      open: false,
+      links: [
+        { text: "Fly Managed Postgres", path: "/docs/mpg/" },
+        { text: "Tigris Object Storage", path: "/docs/tigris/" },
+        { text: "Upstash for Redis®", path: "/docs/upstash/redis/" }
+      ]
+    },
+    {
+      title: "Fly Volumes",
+      path: "/docs/volumes/overview",
+      open: false,
+      links: [
+        { text: "Fly Volumes Overview", path: "/docs/volumes/overview/" },
+        { text: "Create and Manage Volumes", path: "/docs/volumes/volume-manage/" },
+        { text: "Manage Volume Snapshots", path: "/docs/volumes/snapshots/" },
+        { text: "Volume States", path: "/docs/volumes/volume-states/" }
+      ]
+    },
+    {
+      title: "Fly Kubernetes",
+      path: "/docs/kubernetes/fks-quickstart",
+      open: false,
+      links: [
+        { text: "Fly Kubernetes Quickstart", path: "/docs/kubernetes/fks-quickstart/" },
+        { text: "Fly Kubernetes Features", path: "/docs/kubernetes/fks-features/" },
+        { text: "Create an FKS Cluster", path: "/docs/kubernetes/clusters/" },
+        { text: "Connect to an FKS Cluster", path: "/docs/kubernetes/connect-clusters/" },
+        { text: "Configure FKS Services", path: "/docs/kubernetes/services/" },
+        { text: "Use GPUs with FKS", path: "/docs/kubernetes/using-gpus/" },
+        { text: "Use Volumes with FKS", path: "/docs/kubernetes/using-volumes/" }
+      ]
+    },
+    {
+      title: "Networking",
+      path: "/docs/networking/",
+      open: false,
+      links: [
+        { text: "Connect to an App Service", path: "/docs/networking/app-services/" },
+        { text: "Public Networking", path: "/docs/networking/services/" },
+        { text: "Private Networking", path: "/docs/networking/private-networking/" },
+        { text: "Custom Private Networks", path: "/docs/networking/custom-private-networks/" },
+        { text: "Flycast - Private Proxy Services", path: "/docs/networking/flycast/" },
+        { text: "Egress IP Addresses", path: "/docs/networking/egress-ips/" },        
+        { text: "Dynamic Request Routing", path: "/docs/networking/dynamic-request-routing/" },
+        { text: "Custom Domains", path: "/docs/networking/custom-domain/" },
+        { text: "Automate Certificates via API", path: "/docs/networking/custom-domain-api/" },
+        { text: "Understanding Cloudflare", path: "/docs/networking/understanding-cloudflare/" },
+        { text: "Request Headers", path: "/docs/networking/request-headers/" },
+        { text: "Run UDP Services", path: "/docs/networking/udp-and-tcp/" },
+        { text: "TLS Support", path: "/docs/networking/tls/" }
+      ]
+    },
+    {
+      title: "Monitoring",
+      path: "/docs/monitoring/",
+      open: false,
+      links: [
+        { text: "Metrics", path: "/docs/monitoring/metrics/" },
+        { text: "Sentry Error Tracking", path: "/docs/monitoring/sentry/" },
+        {
+          title: "Logging",
+          path: "/docs/monitoring/logging-overview/",
+          links: [
+            { text: "Live Tail Logs", path: "/docs/monitoring/live-tail-logs/" },
+            { text: "Logs API Options", path: "/docs/monitoring/logs-api-options/" },
+            { text: "Search Logs", path: "/docs/monitoring/search-logs/" },
+            { text: "Export Logs", path: "/docs/monitoring/exporting-logs/" },
+            { text: "Error Codes", path: "/docs/monitoring/error-codes/" }
+          ]
+        }
+      ]
+    },
+    {
+      title: "Security",
+      path: "/docs/security/",
+      open: false,
+      links: [
+        { text: "Organization Roles and Permissions", path: "/docs/security/org-roles-permissions/" },
+        { text: "SSO for Organizations", path: "/docs/security/sso/" },
+        { text: "Remove a Member from an Org", path: "/docs/security/remove-org-member/" },
+        { text: "TLS Termination", path: "/docs/security/tls-termination/" },
+        { text: "App Security by Arcjet", path: "/docs/security/arcjet/" },
+        { text: "Access Tokens", path: "/docs/security/tokens/" },
+        { text: "OpenID Connect", path: "/docs/reference/openid-connect/" },
+        { text: "Shared Responsibility Model", path: "/docs/security/shared-responsibility/" },
+        { text: "Security Practices and Compliance", path: "/docs/security/security-at-fly-io/" }
+      ]
+    },
+    {
+      title: "Reference",
+      path: "/docs/reference/",
+      open: false,
+      links: [
+        { text: "flyctl", path: "/docs/flyctl/" },
+        { text: "App Config Reference (fly.toml)", path: "/docs/reference/configuration/" },
+        { text: "Architecture", path: "/docs/reference/architecture/" },
+        { text: "Autoscaling", path: "/docs/reference/autoscaling/" },
+        { text: "AWS to Fly Overview", path: "/docs/reference/aws-to-fly-guide/" },
+        { text: "Builders", path: "/docs/reference/builders/" },
+        { text: "Content Encoding", path: "/docs/reference/content-encoding/" },
+        { text: "Fly Launch", path: "/docs/reference/fly-launch/" },
+        { text: "Health Checks", path: "/docs/reference/health-checks/" },
+        { text: "Load Balancing", path: "/docs/reference/load-balancing/" },
+        { text: "Machine Migration", path: "/docs/reference/machine-migration/" },
+        { text: "Multiple Processes in Apps", path: "/docs/app-guides/multiple-processes/" },
+        { text: "Fly Proxy", path: "/docs/reference/fly-proxy/" },
+        { text: "Fly Proxy Autostop/Autostart", path: "/docs/reference/fly-proxy-autostop-autostart/" },
+        { text: "Regions", path: "/docs/reference/regions/" },
+        { text: "Suspend/Resume", path: "/docs/reference/suspend-resume/" },
+      ]
+    },
+    {
+      title: "About",
+      path: "/docs/about/",
+      open: false,
+      links: [
+        { text: "Pricing", path: "/docs/about/pricing/" },
+        { text: "Billing", path: "/docs/about/billing/" },
+        { text: "Cost Management", path: "/docs/about/cost-management/" },
+        { text: "Free Trial", path: "/docs/about/free-trial/" },
+        { text: "Support", path: "/docs/about/support/" },
+        { text: "Engineering Jobs", path: "/docs/hiring/" },
+        { text: "Healthcare on Fly.io", path: "/docs/about/healthcare/" },
+        { text: "Extensions Program", path: "/docs/about/extensions/" },
+        { text: "Extensions API", path: "/docs/reference/extensions_api/" },
+        { text: "Merch", path: "/docs/about/merch/" },
+        { text: "Open Source", path: "/docs/about/open-source/" },
+        { text: "Using Our Brand", path: "/docs/about/brand/" },
+        { text: "Privacy Policy", path: "/legal/privacy-policy/" },
+        { text: "Terms of Service", path: "/legal/terms-of-service/" }
+      ]
+    }
+  ]
+%>
+
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_flyctl_nav.html.erb b/partials/_flyctl_nav.html.erb
index dcbf1b81d7..008ea39c66 100644
--- a/partials/_flyctl_nav.html.erb
+++ b/partials/_flyctl_nav.html.erb
@@ -1,138 +1,60 @@
 <%= partial "/docs/partials/back_to_docs" %>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly.io Reference", "/docs/reference/" %>
-    <ul>
-      <li>
-        <%= nav_link "Introducing Flyctl", "/docs/flyctl" %>
-      </li>
-      <li>
-        <%= nav_link "Install Flyctl", "/docs/hands-on/install-flyctl/" %>
-      </li>
-      <li>
-        <%= nav_link "Integrating Flyctl ", "/docs/flyctl/integrating/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
 
-<ul class="outline-list">
-  <li>
-    <span>
-      Commands
-    </span>
-    <ul>
-      <li>
-        <%= flyctl_nav_link "Launch an App", "/docs/flyctl/launch/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Apps", "/docs/flyctl/apps/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Machines", "/docs/flyctl/machine/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Login and Authentication", "/docs/flyctl/auth/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Certificates for Apps", "/docs/flyctl/certs/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage health checks", "/docs/flyctl/checks/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Get or check App config", "/docs/flyctl/config/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Run a console", "/docs/flyctl/console/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Consul clusters", "/docs/flyctl/consul/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Open web dashboard", "/docs/flyctl/dashboard/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Deploy an App", "/docs/flyctl/deploy/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "View Fly.io docs", "/docs/flyctl/docs/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "View or update App image", "/docs/flyctl/image/" %>
-      </li>      
-      <li>
-        <%= flyctl_nav_link "Manage IP addresses", "/docs/flyctl/ips/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "LiteFS Cloud", "/docs/flyctl/litefs-cloud/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "View App logs", "/docs/flyctl/logs/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Monitor deployments", "/docs/flyctl/monitor/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Organizations", "/docs/flyctl/orgs/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Ping your App", "/docs/flyctl/ping/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Platform information", "/docs/flyctl/platform/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Postgres clusters", "/docs/flyctl/postgres/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Proxy connection to App", "/docs/flyctl/proxy/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Redis instances", "/docs/flyctl/redis/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Selecting Regions", "/docs/flyctl/regions/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage App releases", "/docs/flyctl/releases/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Scaling Apps", "/docs/flyctl/scale/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage App secrets", "/docs/flyctl/secrets/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "View services configured on an App", "/docs/flyctl/services/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage settings", "/docs/flyctl/settings/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Move files to or from a VM", "/docs/flyctl/sftp/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage SSH", "/docs/flyctl/ssh/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "View App status", "/docs/flyctl/status/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Create a token", "/docs/flyctl/tokens/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Check flyctl version", "/docs/flyctl/version/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage VM instances", "/docs/flyctl/vm/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "Manage Disks", "/docs/flyctl/volumes/" %>
-      </li>
-      <li>
-        <%= flyctl_nav_link "WireGuard VPN", "/docs/flyctl/wireguard/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+<% 
+  @nav = [
+    {
+      title: "flyctl - The Fly.io CLI",
+      path: "/docs/flyctl/",
+      accordion: false,
+      links: [
+        { text: "Install flyctl", path: "/docs/flyctl/install/" },
+        { text: "Integrate flyctl", path: "/docs/flyctl/integrating/" }
+      ]
+    },
+    {
+      title: "Commands",
+      open: true,
+      links: [
+        { text: "Launch an App", path: "/docs/flyctl/launch/", type: "flyctl" },
+        { text: "Manage Apps", path: "/docs/flyctl/apps/", type: "flyctl" },
+        { text: "Manage Machines", path: "/docs/flyctl/machine/", type: "flyctl" },
+        { text: "Login and Authentication", path: "/docs/flyctl/auth/", type: "flyctl" },
+        { text: "Certificates for Apps", path: "/docs/flyctl/certs/", type: "flyctl" },
+        { text: "Manage health checks", path: "/docs/flyctl/checks/", type: "flyctl" },
+        { text: "Get or check App config", path: "/docs/flyctl/config/", type: "flyctl" },
+        { text: "Run a console", path: "/docs/flyctl/console/", type: "flyctl" },
+        { text: "Manage Consul clusters", path: "/docs/flyctl/consul/", type: "flyctl" },
+        { text: "Open web dashboard", path: "/docs/flyctl/dashboard/", type: "flyctl" },
+        { text: "Deploy an App", path: "/docs/flyctl/deploy/", type: "flyctl" },
+        { text: "View Fly.io docs", path: "/docs/flyctl/docs/", type: "flyctl" },
+        { text: "View or update App image", path: "/docs/flyctl/image/", type: "flyctl" },
+        { text: "Manage IP addresses", path: "/docs/flyctl/ips/", type: "flyctl" },
+        { text: "LiteFS Cloud", path: "/docs/flyctl/litefs-cloud/", type: "flyctl" },
+        { text: "View App logs", path: "/docs/flyctl/logs/", type: "flyctl" },
+        { text: "Managed Postgres clusters", path: "/docs/flyctl/mpg/", type: "flyctl" },
+        { text: "Manage Organizations", path: "/docs/flyctl/orgs/", type: "flyctl" },
+        { text: "Ping your App", path: "/docs/flyctl/ping/", type: "flyctl" },
+        { text: "Platform information", path: "/docs/flyctl/platform/", type: "flyctl" },
+        { text: "Legacy Postgres clusters", path: "/docs/flyctl/postgres/", type: "flyctl" },
+        { text: "Proxy connection to App", path: "/docs/flyctl/proxy/", type: "flyctl" },
+        { text: "Manage Redis instances", path: "/docs/flyctl/redis/", type: "flyctl" },
+        { text: "Manage App releases", path: "/docs/flyctl/releases/", type: "flyctl" },
+        { text: "Scaling Apps", path: "/docs/flyctl/scale/", type: "flyctl" },
+        { text: "Manage App secrets", path: "/docs/flyctl/secrets/", type: "flyctl" },
+        { text: "View services configured on an App", path: "/docs/flyctl/services/", type: "flyctl" },
+        { text: "Manage settings", path: "/docs/flyctl/settings/", type: "flyctl" },
+        { text: "Move files to or from a VM", path: "/docs/flyctl/sftp/", type: "flyctl" },
+        { text: "Manage SSH", path: "/docs/flyctl/ssh/", type: "flyctl" },
+        { text: "View App status", path: "/docs/flyctl/status/", type: "flyctl" },
+        { text: "Manage Tigris storage", path: "/docs/flyctl/storage/", type: "flyctl" },
+        { text: "Create a token", path: "/docs/flyctl/tokens/", type: "flyctl" },
+        { text: "Check flyctl version", path: "/docs/flyctl/version/", type: "flyctl" },
+        { text: "Manage Disks", path: "/docs/flyctl/volumes/", type: "flyctl" },
+        { text: "WireGuard VPN", path: "/docs/flyctl/wireguard/", type: "flyctl" }
+      ]
+    }
+  ]
+%>
+
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
+      
diff --git a/partials/_guides_nav.html.erb b/partials/_guides_nav.html.erb
new file mode 100644
index 0000000000..8aad0bcccf
--- /dev/null
+++ b/partials/_guides_nav.html.erb
@@ -0,0 +1,74 @@
+<%= partial "/docs/partials/back_to_docs" %>
+
+<%
+  @nav = [
+    {
+      title: "Guides (Blueprints)",
+      path: "/docs/blueprints/",
+      accordion: false,
+      links: [
+        { text: "Guides Overview", path: "/docs/blueprints/" }
+      ]
+    },
+    {
+      title: "Architecture Patterns",
+      open: true,
+      links: [
+        { text: "Resilient apps use multiple Machines", path: "/docs/blueprints/resilient-apps-multiple-machines/" },
+        { text: "Getting Started with N-Tier Architecture", path: "/docs/blueprints/n-tier-architecture/" },
+        { text: "Shared Nothing Architecture", path: "/docs/blueprints/shared-nothing/" },
+        { text: "Session Affinity (a.k.a. Sticky Sessions)", path: "/docs/blueprints/sticky-sessions/" },
+        { text: "Multi-region databases and fly-replay", path: "/docs/blueprints/multi-region-fly-replay/" },
+        { text: "Deploying Remote MCP Servers", path: "/docs/blueprints/remote-mcp-servers/" }
+      ]
+    },
+    {
+      title: "Deployment & Developer Workflow",
+      open: true,
+      links: [
+        { text: "Seamless Deployments on Fly.io", path: "/docs/blueprints/seamless-deployments/" },
+        { text: "Rollback Guide", path: "/docs/blueprints/rollback-guide/" },
+        { text: "Git Branch Preview Environments on Github", path: "/docs/blueprints/review-apps-guide/" },
+        { text: "Staging and production isolation", path: "/docs/blueprints/staging-prod-isolation/" },
+        { text: "Per-User Dev Environments with Fly Machines", path: "/docs/blueprints/per-user-dev-environments/" },
+        { text: "Using base images for faster deployments", path: "/docs/blueprints/using-base-images-for-faster-deployments/" },
+        { text: "Managing Docker Images with Fly.io's Private Registry", path: "/docs/blueprints/using-the-fly-docker-registry/" }
+      ]
+    },
+    {
+      title: "Networking & Connectivity",
+      open: true,
+      links: [
+        { text: "Run private apps with Flycast", path: "/docs/blueprints/private-applications-flycast/" },
+        { text: "Jack into your private network with WireGuard", path: "/docs/blueprints/connect-private-network-wireguard/" },
+        { text: "Bridge your other deployments to Fly.io", path: "/docs/blueprints/bridge-deployments-wireguard/" },
+        { text: "Connecting to User Machines", path: "/docs/blueprints/connecting-to-user-machines/" },
+        { text: "Run an SSH server", path: "/docs/blueprints/opensshd/" }
+      ]
+    },
+    {
+      title: "Scaling, Performance & Observability",
+      open: true,
+      links: [
+        { text: "Observability for User Apps", path: "/docs/blueprints/observability-for-user-apps/" },
+        { text: "Autoscale Machines", path: "/docs/blueprints/autoscale-machines/" },
+        { text: "Autostart and autostop private apps", path: "/docs/blueprints/autostart-internal-apps/" },
+        { text: "Setting Hard and Soft Concurrency Limits", path: "/docs/blueprints/setting-concurrency-limits/" },
+        { text: "Using Fly Volume forks for faster startup times", path: "/docs/blueprints/volume-forking/" },
+        { text: "Going to Production with Healthcare Apps", path: "/docs/blueprints/going-to-production-with-healthcare-apps/" }
+      ]
+    },
+    {
+      title: "Background Jobs & Automation",
+      open: true,
+      links: [
+        { text: "Building Infrastructure Automation without Terraform", path: "/docs/blueprints/infra-automation-without-terraform/" },
+        { text: "Deferring long-running tasks to a distributed work queue", path: "/docs/blueprints/work-queues/" },
+        { text: "Task scheduling guide with Cron Manager and friends", path: "/docs/blueprints/task-scheduling/" },
+        { text: "Crontab with Supercronic", path: "/docs/blueprints/supercronic/" }
+      ]
+    }
+  ]
+%>
+
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_hands_on_nav.html.erb b/partials/_hands_on_nav.html.erb
index ab5a45ebfe..cef2992d64 100644
--- a/partials/_hands_on_nav.html.erb
+++ b/partials/_hands_on_nav.html.erb
@@ -1,29 +1,20 @@
 <%= partial "/docs/partials/back_to_docs" %>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Hands-on with Fly.io", "/docs/hands-on/" %>
-    <ul>
-      <li>
-        <%= nav_link "1. Install flyctl", "/docs/hands-on/install-flyctl/" %>
-      </li>
-      <li>
-        <%= nav_link "2. Sign up", "/docs/hands-on/sign-up/" %>
-      </li>
-      <li>
-        <%= nav_link "3. Sign in", "/docs/hands-on/sign-in/" %>
-      </li>
-      <li>
-        <%= nav_link "4. Launch app", "/docs/hands-on/launch-app/" %>
-      </li>
-      <li>
-        <%= nav_link "5. Check app status", "/docs/hands-on/check-app-status/" %>
-      </li>
-      <li>
-        <%= nav_link "6. Visit app", "/docs/hands-on/open-app/" %>
-      </li>
-      <li>
-        <%= nav_link "7. Learn more", "/docs/hands-on/next/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
\ No newline at end of file
+<%
+  @nav = [
+    {
+      title: "Hands-on with Fly.io",
+      path: "/docs/hands-on/",
+      accordion: false,
+      links: [
+        { text: "1. Install flyctl", path: "/docs/hands-on/install-flyctl/" },
+        { text: "2. Sign up / Sign in", path: "/docs/hands-on/sign-up-sign-in/" },
+        { text: "3. Launch app", path: "/docs/hands-on/launch-app/" },
+        { text: "4. Check app status", path: "/docs/hands-on/check-app-status/" },
+        { text: "5. Visit app", path: "/docs/hands-on/open-app/" },
+        { text: "6. Deploy changes", path: "/docs/hands-on/deploy-app/" },
+        { text: "7. Learn more", path: "/docs/hands-on/next/" }
+      ]
+    }
+  ]
+%>
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_litefs_nav.html.erb b/partials/_litefs_nav.html.erb
index 048ea82d07..21047b2ab8 100644
--- a/partials/_litefs_nav.html.erb
+++ b/partials/_litefs_nav.html.erb
@@ -1,93 +1,45 @@
 <%= partial "/docs/partials/back_to_docs" %>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "LiteFS Overview", "/docs/litefs/" %>
-    <ul>
-      <li>
-        <%= nav_link "Speedrun: Adding LiteFS to your app", "/docs/litefs/speedrun" %>
-      </li>
-      <li>
-        <%= nav_link "Getting Started with LiteFS on Fly.io", "/docs/litefs/getting-started-fly" %>
-      </li>
-      <li>
-        <%= nav_link "Getting Started with LiteFS in Docker", "/docs/litefs/getting-started-docker" %>
-      </li>
-      <li>
-        <%= nav_link "How LiteFS Works", "/docs/litefs/how-it-works" %>
-      </li>
-      <li>
-        <%= nav_link "FAQ", "/docs/litefs/faq" %>
-      </li>
-    </ul>
-  </li>
-</ul>
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "LiteFS Cloud", "/docs/litefs/" %>
-    <ul>
-      <li>
-        <%= nav_link "Using LiteFS Cloud for Backups", "/docs/litefs/cloud-backups" %>
-      </li>
-      <li>
-        <%= nav_link "Restoring from a LiteFS Cloud Backup", "/docs/litefs/cloud-restore" %>
-      </li>
-      <li>
-        <%= nav_link "Disaster Recovery from LiteFS Cloud", "/docs/litefs/disaster-recovery" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+<%
+  @nav = [
+    {
+      title: "Get Started with LiteFS",
+      accordion: true,
+      open: true,
+      links: [
+        { text: "LiteFS overview", path: "/docs/litefs/" },
+        { text: "Speedrun: Adding LiteFS to your app", path: "/docs/litefs/speedrun" },
+        { text: "Getting Started with LiteFS on Fly.io", path: "/docs/litefs/getting-started-fly" },
+        { text: "Getting Started with LiteFS in Docker", path: "/docs/litefs/getting-started-docker" },
+        { text: "How LiteFS Works", path: "/docs/litefs/how-it-works" },
+        { text: "FAQ", path: "/docs/litefs/faq" }
+      ]
+    },
+    {
+      title: "Using LiteFS",
+      accordion: true,
+      links: [
+        { text: "LiteFS Releases", path: "/docs/litefs/releases" },
+        { text: "Built-in HTTP Proxy", path: "/docs/litefs/proxy" },
+        { text: "Running database migrations", path: "/docs/litefs/migrations" },
+        { text: "Backing up your cluster", path: "/docs/litefs/backup" },
+        { text: "Determining the primary", path: "/docs/litefs/primary" },
+        { text: "Tracking replication position", path: "/docs/litefs/position" },
+        { text: "Reading the event stream", path: "/docs/litefs/events" }
+      ]
+    },
+    {
+      title: "LiteFS Reference",
+      accordion: true,
+      links: [
+        { text: "Export Command", path: "/docs/litefs/export" },
+        { text: "Import Command", path: "/docs/litefs/import" },
+        { text: "Mount Command", path: "/docs/litefs/mount" },
+        { text: "Run Command", path: "/docs/litefs/run" },
+        { text: "Config Reference", path: "/docs/litefs/config" }
+      ]
+    }
+  ]
+%>
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Using LiteFS", "/docs/litefs/" %>
-    <ul>
-      <li>
-        <%= nav_link "LiteFS Releases", "/docs/litefs/releases" %>
-      </li>
-      <li>
-        <%= nav_link "Built-in HTTP Proxy", "/docs/litefs/proxy" %>
-      </li>
-      <li>
-        <%= nav_link "Running database migrations", "/docs/litefs/migrations" %>
-      </li>
-      <li>
-        <%= nav_link "Backing up your cluster", "/docs/litefs/backup" %>
-      </li>
-      <li>
-        <%= nav_link "Determining the primary", "/docs/litefs/primary" %>
-      </li>
-      <li>
-        <%= nav_link "Tracking replication position", "/docs/litefs/position" %>
-      </li>
-      <li>
-        <%= nav_link "Reading the event stream", "/docs/litefs/events" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-
-<ul class="outline-list">
-  <li>
-    <%= nav_link "LiteFS Reference", "/docs/litefs/" %>
-    <ul>
-      <li>
-        <%= nav_link "Export Command", "/docs/litefs/export" %>
-      </li>
-      <li>
-        <%= nav_link "Import Command", "/docs/litefs/import" %>
-      </li>
-      <li>
-        <%= nav_link "Mount Command", "/docs/litefs/mount" %>
-      </li>
-      <li>
-        <%= nav_link "Run Command", "/docs/litefs/run" %>
-      </li>
-      <li>
-        <%= nav_link "Config Reference", "/docs/litefs/config" %>
-      </li>
-    </ul>
-  </li>
-</ul>
-  
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
\ No newline at end of file
diff --git a/partials/_machines_nav.html.erb b/partials/_machines_nav.html.erb
index ea26863a6d..02f3221aff 100644
--- a/partials/_machines_nav.html.erb
+++ b/partials/_machines_nav.html.erb
@@ -1,43 +1,60 @@
 <%= partial "/docs/partials/back_to_docs" %>
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Fly Machines", "/docs/machines/" %>
-  </li>
-</ul>
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Run a new Machine", "/docs/machines/run/" %>
-  </li>
-</ul>
+<%
+  @nav = [
+    {
+      title: "Fly Machines",
+      path: "/docs/machines/",
+      accordion: false,
+      links: [
+        { text: "Introduction to Fly Machines", path: "/docs/machines/overview/" }
+      ]
+    },
+    {
+      title: "Machines API",
+      path: "/docs/machines/api/",
+      open: true,
+      links: [
+        { text: "Working with the Machines API", path: "/docs/machines/api/working-with-machines-api/" },
+        { text: "Apps", path: "/docs/machines/api/apps-resource/" },
+        { text: "Machines", path: "/docs/machines/api/machines-resource/" },
+        { text: "Tokens", path: "/docs/machines/api/tokens-resource/" },
+        { text: "Volumes", path: "/docs/machines/api/volumes-resource/" },
+        { text: "OpenAPI Specification", path: "https://docs.machines.dev/#description/introduction+external" }
+      ]
+    },
+    {
+      title: "Machines and flyctl",
+      open: true,
+      links: [
+        { text: "Run a new Machine", path: "/docs/machines/flyctl/fly-machine-run/" },
+        { text: "Update a Machine", path: "/docs/machines/flyctl/fly-machine-update/" }
+      ]
+    },
+    {
+      title: "Guides and Examples",
+      open: true,
+      links: [
+        { text: "Machine placement and regional capacity", path: "/docs/machines/guides-examples/machine-placement/" },
+        { text: "Machine restart policy", path: "/docs/machines/guides-examples/machine-restart-policy/" },
+        { text: "Machine sizing", path: "/docs/machines/guides-examples/machine-sizing/" },
+        { text: "Multi-container Machines", path: "/docs/machines/guides-examples/multi-container-machines/" },
+        { text: "Network policies", path: "/docs/machines/guides-examples/network-policies/" },
+        { text: "Run user code on Fly Machines", path: "/docs/machines/guides-examples/functions-with-machines/" },
+        { text: "One app per customer - why?", path: "/docs/machines/guides-examples/one-app-per-user-why/" }
+      ]
+    },
+    {
+      title: "Reference",
+      open: true,
+      links: [
+        { text: "Machine states", path: "/docs/machines/machine-states/" },
+        { text: "The Machine runtime environment", path: "/docs/machines/runtime-environment/" },
+        { text: "CPU Performance", path: "/docs/machines/cpu-performance/" },
+        { text: "flyctl Machine commands", path: "/docs/flyctl/machine/" }
+      ]
+    }
+  ]
+%>
 
-<ul class="outline-list">
-  <li>
-    <%= nav_link "Working with the Machines API", "/docs/machines/working-with-machines/" %>
-  </li>
-  <li>
-    <%= nav_link "Machines API Spec", "https://docs.machines.dev/swagger/index.html" %>
-  </li>
-</ul>
-
-<ul class="outline-list">
-  <li>    
-    <span>
-      Guides and Examples
-    </span>
-    <ul>
-      <li>
-        <%= nav_link "Run User Code on Fly Machines", "/docs/machines/guides-examples/functions-with-machines/" %>
-      </li>
-      <li>
-        <%= nav_link "Run Machines with flyctl", "/docs/machines/guides-examples/machines-app-using-flyctl/" %>
-      </li>
-      <li>
-        <%= nav_link "Machine Sizing", "/docs/machines/guides-examples/machine-sizing/" %>
-      </li>
-      <li>
-        <%= nav_link "Machine restart policy", "/docs/machines/guides-examples/machine-restart-policy/" %>
-      </li>
-    </ul>
-  </li>
-</ul>
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_machines_toc_nav.html.erb b/partials/_machines_toc_nav.html.erb
new file mode 100644
index 0000000000..f645da58a3
--- /dev/null
+++ b/partials/_machines_toc_nav.html.erb
@@ -0,0 +1,3 @@
+<%= partial "/docs/partials/back_to_docs" %>
+<%= nav_link "Machines API", "/docs/machines/api/", class: "index-link" %>
+<%= table_of_contents(current_page) %>
\ No newline at end of file
diff --git a/partials/_mpg_nav.html.erb b/partials/_mpg_nav.html.erb
new file mode 100644
index 0000000000..a3b3ec6331
--- /dev/null
+++ b/partials/_mpg_nav.html.erb
@@ -0,0 +1,40 @@
+<%= partial "/docs/partials/back_to_docs" %>
+
+<%
+  @nav = [
+    {
+      title: "Managed Postgres",
+      path: "/docs/mpg/",
+      accordion: false,
+      links: [
+        { text: "Managed Postgres Overview", path: "/docs/mpg/" }
+      ]
+    },
+    {
+      title: "Getting Started",
+      open: true,
+      links: [
+        { text: "Create and Connect to a Managed Postgres Cluster", path: "/docs/mpg/create-and-connect/" },
+        { text: "Cluster Configuration Options", path: "/docs/mpg/configuration/" }
+      ]
+    },
+    {
+      title: "Guides and Examples",
+      open: true,
+      links: [
+        { text: "Phoenix with Managed Postgres", path: "/docs/mpg/guides-examples/phoenix-guide/" }
+      ]
+    },
+    {
+      title: "Management",
+      open: true,
+      links: [
+        { text: "Monitoring and Metrics", path: "/docs/mpg/metrics/" },
+        { text: "Import data from another postgres cluster", path: "/docs/mpg/import/" },
+        { text: "Supported Postgres Extensions", path: "/docs/mpg/extensions/" }
+      ]
+    }
+  ]
+%>
+
+<%= partial "/docs/partials/accordion_nav", locals: { nav: @nav } %>
diff --git a/partials/_sign_in.html.erb b/partials/_sign_in.html.erb
index 1d86ce7570..5a71f58dfa 100644
--- a/partials/_sign_in.html.erb
+++ b/partials/_sign_in.html.erb
@@ -6,10 +6,10 @@ fly auth login
 
 When your browser opens to the Fly.io sign-in screen, enter your user name and password to sign in. If you signed up with GitHub, then click `Sign in with GitHub` to sign in.
 
-Microsoft WSL users may need to run the following command to make this work:
+After logging in you'll be returned to your command line, ready to use Fly.io.
 
-```cmd
-ln -s /usr/bin/wslview /usr/local/bin/xdg-open
-```
+<div class="note icon">
+Microsoft WSL users may need to run the following command, which creates a symbolic link that allows the browser to open:
 
-Whichever route you take you will be returned to your command line, ready to use Fly.io.
+`ln -s /usr/bin/wslview /usr/local/bin/xdg-open`
+</div>
diff --git a/partials/_sign_up.html.erb b/partials/_sign_up.html.erb
index e352d5e8c8..8e74d423b0 100644
--- a/partials/_sign_up.html.erb
+++ b/partials/_sign_up.html.erb
@@ -1,17 +1,13 @@
-If it’s your first time using Fly.io, you’ll need to sign up for an account. To sign up, run:
+If it’s your first time using Fly.io, you’ll need to create an account. To sign up, run:
 
 ```cmd
 fly auth signup
 ```
 
-This will take you to the sign-up page where you can sign up in one of the following ways:
+This will take you to the sign-up page where you can use your email address, your Google account, or your GitHub account to create a Fly.io account. When you sign up with GitHub, we'll send you a confirmation email with a link to set a password; you'll need a password so we can actively verify that it's you for some Fly.io operations.
 
-* **Sign up with email**: Enter your name, email and password.
+<div class="note icon">
+**Note:** At some point, you'll be prompted for credit card payment information. New accounts start on our Pay As You Go plan. See [Pricing](/docs/about/pricing) and [Billing](/docs/about/billing/) for more details.
+</div>
 
-* **Sign up with Google**: Use your Google account to sign in to Fly.io.
-
-* **Sign up with GitHub**: Use your GitHub to sign in to Fly.io. Look out for the confirmation email we'll send you, which will give you a link to set a password; you'll need a password set so we can actively verify that it is you for some Fly.io operations.
-
-You will also be prompted for credit card payment information, required for charges outside the free allowances on Fly.io. See [Pricing](/docs/about/pricing) for more details.
-
-Whichever route you take you will be signed up, signed in, and returned to your command line, ready to use Fly.io.
+After signing up you'll be returned to your command line, ready to use Fly.io.
diff --git a/partials/_simple_list.html.erb b/partials/_simple_list.html.erb
new file mode 100644
index 0000000000..24d55a4ed8
--- /dev/null
+++ b/partials/_simple_list.html.erb
@@ -0,0 +1,12 @@
+<dl>
+  <dt>
+    <%= nav_link nav[:title], nav[:path], class: "index-link" %>
+  </dt>
+  <dd>
+    <ul>
+      <% nav[:links].each do |page| %>
+        <li><%= render_accordion_item(page) %></li>
+      <% end %>
+    </ul>
+  </dd>
+</dl>
\ No newline at end of file
diff --git a/partials/docs/_flyctl_install.html.erb b/partials/docs/_flyctl_install.html.erb
new file mode 100644
index 0000000000..aa3000e27d
--- /dev/null
+++ b/partials/docs/_flyctl_install.html.erb
@@ -0,0 +1,52 @@
+flyctl is a command-line utility that lets you work with Fly.io using `fly` commands, from creating your account to deploying your applications. It runs on your local device so you'll want to install the version that's appropriate for your operating system.
+
+<h3 id="macos" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
+  <a href="#macos" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
+  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="24" height="24" viewBox="0 0 24 24">
+    <path d="M22 17.607c-.786 2.28-3.139 6.317-5.563 6.361-1.608.031-2.125-.953-3.963-.953-1.837 0-2.412.923-3.932.983-2.572.099-6.542-5.827-6.542-10.995 0-4.747 3.308-7.1 6.198-7.143 1.55-.028 3.014 1.045 3.959 1.045.949 0 2.727-1.29 4.596-1.101.782.033 2.979.315 4.389 2.377-3.741 2.442-3.158 7.549.858 9.426zm-5.222-17.607c-2.826.114-5.132 3.079-4.81 5.531 2.612.203 5.118-2.725 4.81-5.531z" />
+  </svg>
+  macOS
+</h2>
+
+If you have the [Homebrew](https://brew.sh) package manager installed, flyctl can be installed by running:
+
+```cmd
+brew install flyctl
+```
+
+If not, you can run the install script:
+
+```cmd
+curl -L https://fly.io/install.sh | sh
+```
+If you used curl to install flyctl, then you need to add the flyctl directory to your shell rc file. Check the output of the install script for the entries to copy and paste into the file. Now you can use the `fly` command from any directory.
+
+<h3 id="linux" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
+  <a href="#linux" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
+  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="24" height="24" viewBox="0 0 24 24">
+    <path d="M20.581 19.049c-.55-.446-.336-1.431-.907-1.917.553-3.365-.997-6.331-2.845-8.232-1.551-1.595-1.051-3.147-1.051-4.49 0-2.146-.881-4.41-3.55-4.41-2.853 0-3.635 2.38-3.663 3.738-.068 3.262.659 4.11-1.25 6.484-2.246 2.793-2.577 5.579-2.07 7.057-.237.276-.557.582-1.155.835-1.652.72-.441 1.925-.898 2.78-.13.243-.192.497-.192.74 0 .75.596 1.399 1.679 1.302 1.461-.13 2.809.905 3.681.905.77 0 1.402-.438 1.696-1.041 1.377-.339 3.077-.296 4.453.059.247.691.917 1.141 1.662 1.141 1.631 0 1.945-1.849 3.816-2.475.674-.225 1.013-.879 1.013-1.488 0-.39-.139-.761-.419-.988zm-9.147-10.465c-.319 0-.583-.258-1-.568-.528-.392-1.065-.618-1.059-1.03 0-.283.379-.37.869-.681.526-.333.731-.671 1.249-.671.53 0 .69.268 1.41.579.708.307 1.201.427 1.201.773 0 .355-.741.609-1.158.868-.613.378-.928.73-1.512.73zm1.665-5.215c.882.141.981 1.691.559 2.454l-.355-.145c.184-.543.181-1.437-.435-1.494-.391-.036-.643.48-.697.922-.153-.064-.32-.11-.523-.127.062-.923.658-1.737 1.451-1.61zm-3.403.331c.676-.168 1.075.618 1.078 1.435l-.31.19c-.042-.343-.195-.897-.579-.779-.411.128-.344 1.083-.115 1.279l-.306.17c-.42-.707-.419-2.133.232-2.295zm-2.115 19.243c-1.963-.893-2.63-.69-3.005-.69-.777 0-1.031-.579-.739-1.127.248-.465.171-.952.11-1.343-.094-.599-.111-.794.478-1.052.815-.346 1.177-.791 1.447-1.124.758-.937 1.523.537 2.15 1.85.407.851 1.208 1.282 1.455 2.225.227.871-.71 1.801-1.896 1.261zm6.987-1.874c-1.384.673-3.147.982-4.466.299-.195-.563-.507-.927-.843-1.293.539-.142.939-.814.46-1.489-.511-.721-1.555-1.224-2.61-2.04-.987-.763-1.299-2.644.045-4.746-.655 1.862-.272 3.578.057 4.069.068-.988.146-2.638 1.496-4.615.681-.998.691-2.316.706-3.14l.62.424c.456.337.838.708 1.386.708.81 0 1.258-.466 1.882-.853.244-.15.613-.302.923-.513.52 2.476 2.674 5.454 2.795 7.15.501-1.032-.142-3.514-.142-3.514.842 1.285.909 2.356.946 3.67.589.241 1.221.869 1.279 1.696l-.245-.028c-.126-.919-2.607-2.269-2.83-.539-1.19.181-.757 2.066-.997 3.288-.11.559-.314 1.001-.462 1.466zm4.846-.041c-.985.38-1.65 1.187-2.107 1.688-.88.966-2.044.503-2.168-.401-.131-.966.36-1.493.572-2.574.193-.987-.023-2.506.431-2.668.295 1.753 2.066 1.016 2.47.538.657 0 .712.222.859.837.092.385.219.709.578 1.09.418.447.29 1.133-.635 1.49zm-8-13.006c-.651 0-1.138-.433-1.534-.769-.203-.171.05-.487.253-.315.387.328.777.675 1.281.675.607 0 1.142-.519 1.867-.805.247-.097.388.285.143.382-.704.277-1.269.832-2.01.832z" />
+  </svg>
+  Linux
+</h2>
+
+Run the install script:
+
+```cmd
+curl -L https://fly.io/install.sh | sh
+```
+
+<h3 id="windows" class="group flex items-center relative mt-14 sm:mt-16 mb-10 group text-navy font-heading pb-1 border-b">
+  <a href="#windows" class="absolute ml-[-1em] pr-[0.5em] after:hash opacity-0 group-hover:opacity-50 transition-all" aria-label="Anchor"></a>
+  <svg fill="currentColor" class="relative top-[-2px] mr-3" width="20" height="20" viewBox="0 0 24 24">
+    <path d="M0 12v-8.646l10-1.355v10.001h-10zm11 0h13v-12l-13 1.807v10.193zm-1 1h-10v7.646l10 1.355v-9.001zm1 0v9.194l13 1.806v-11h-13z"/>
+  </svg>
+  Windows
+</h2>
+
+Run the PowerShell install script:
+
+```cmd
+pwsh -Command "iwr https://fly.io/install.ps1 -useb | iex"
+```
+
+If you encounter an error saying the `pwsh` command is not found, `powershell` can be used instead, though we recommend [installing the latest version of PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows).
diff --git a/partials/docs/_litefs_sunset.html.erb b/partials/docs/_litefs_sunset.html.erb
new file mode 100644
index 0000000000..e485c59d00
--- /dev/null
+++ b/partials/docs/_litefs_sunset.html.erb
@@ -0,0 +1,3 @@
+<div class="warning">
+**The documentation in this section is deprecated and refers to a product that was retired on October 15, 2024.** [LiteFS](https://github.com/superfly/litefs) itself is not affected by the retirement of the LiteFS Cloud service. Learn more about how to disconnect from LiteFS Cloud and other options for disaster recovery in our community post: [Sunsetting LiteFS Cloud](https://community.fly.io/t/sunsetting-litefs-cloud/20829).
+</div>
\ No newline at end of file
diff --git a/partials/docs/_volumes_access.html.erb b/partials/docs/_volumes_access.html.erb
new file mode 100644
index 0000000000..b7fd04dfeb
--- /dev/null
+++ b/partials/docs/_volumes_access.html.erb
@@ -0,0 +1,5 @@
+Access and write to a volume on a Machine just like a regular directory. 
+
+For Machines managed with Fly Launch, the `destination` under `[mounts]` in `fly.toml` is the path for the mounted volumes. 
+
+For unmanaged Machines, you specify the mount path when you [add a volume to a cloned Machine](#add-a-volume-to-an-unmanaged-machine) or [create a Machine and attach a volume](/docs/machines/flyctl/fly-machine-run/#mount-a-fly-volume).
diff --git a/partials/gpus/_ollama-create.erb b/partials/gpus/_ollama-create.erb
new file mode 100644
index 0000000000..c35c64a7b5
--- /dev/null
+++ b/partials/gpus/_ollama-create.erb
@@ -0,0 +1,50 @@
+You can get an `ollama` image running on a GPU in a few minutes. Get started by adapting the following `fly.toml` file:
+
+```toml
+app = '<your-app>'
+primary_region = 'ams'
+
+[build]
+  image = 'ollama/ollama'
+
+[[mounts]]
+  source = 'models'
+  destination = '/root/.ollama'
+  initial_size = '10gb'
+
+[http_service]
+  internal_port = 11434
+  force_https = false
+  auto_stop_machines = 'stop'
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+[[vm]]
+  size = 'a100-80gb'
+```
+
+Modify the app name and region to suit your preferences and save the file as `fly.ollama.toml`.
+Then you can launch the app:
+
+```cmd
+fly launch -c fly.ollama.toml --flycast
+```
+
+There are a couple of things to note here:
+- The `ollama` image is a GPU image, so you need to specify a GPU size in the `[[vm]]` section.
+- Not all regions have GPUs available, refer to [region GPU availability](/docs/gpus/#regions-with-gpus) for more info
+- The `[[mounts]]` section is used to mount a volume to store the models. This is a good practice to keep the models separate from the app code.
+- The volume size in this config file is 10gb, that's enough for small models. Change this value if you need more.
+- The `--flycast` flag creates a private IPv6 address for the app.
+
+Finally, this _only_ starts the `ollama` server; at this point you cannot interact with any models yet.
+To do so, you will have to pull in a model with this one easy, short, intuitive command:
+
+```cmd
+fly m run -e OLLAMA_HOST=http://<your-app>.flycast --shell --command "ollama pull llama3.1" ollama/ollama
+```
+
+This command will pull in the `llama3.1` model. You can change the model name to suit your needs.
+At this point this model is now available to the internal network of the organization it is deployed in.
+You can access it using Flycast from this URL: `http://<your-app>.flycast`.
diff --git a/partials/postgres/_pg-create.erb b/partials/postgres/_pg-create.erb
new file mode 100644
index 0000000000..cea4607a5d
--- /dev/null
+++ b/partials/postgres/_pg-create.erb
@@ -0,0 +1,56 @@
+To create a Postgres cluster, use the `fly postgres create` command. The command will walk you through the creation with prompts for name, region, and VM resources.
+
+<div class="callout">Because we keep adding shorter aliases, you can use any of the following and get the same result: `flyctl postgres`, `fly postgres`, `flyctl pg`, and `fly pg`.</div>
+
+```cmd
+fly postgres create
+```
+```output
+? Choose an app name (leave blank to generate one): pg-test
+? Select Organization: TestOrg (personal)
+
+? Select region: Toronto, Canada (yyz)
+```
+
+During this process, you get to choose from several preset resource configurations for the app:
+
+```
+? Select configuration:  [Use arrows to move, type to filter]
+> Development - Single node, 1x shared CPU, 256MB RAM, 1GB disk
+  Production (High Availability) - 3 nodes, 2x shared CPUs, 4GB RAM, 40GB disk
+  Production (High Availability) - 3 nodes, 4x shared CPUs, 8GB RAM, 80GB disk
+  Specify custom configuration
+```
+
+The "Production" options give you a three-node cluster in a leader-replica configuration. A single-node "Development" instance can readily be scaled and [expanded to more regions](/docs/postgres/advanced-guides/high-availability-and-global-replication/).
+
+If you select the "Development" single-node cluster configuration, then you can choose to scale down to zero if there are no open connections after one hour.
+
+```
+? Scale single node pg to zero after one hour? (y/N)
+```
+
+<div class="callout">
+You might need to configure any apps that connect to your Postgres app to scale to zero as well, otherwise your Postgres database will never have zero connections and will never scale down. Your app might also need to be able to wait for the database to start back up. Learn more about the [scale to zero feature](/docs/postgres/managing/scale-to-zero/), including how to turn it off.
+</div>
+
+```
+Creating postgres cluster in organization TestOrg
+Creating app...
+Setting secrets on pg-test...
+Provisioning 1 of 1 machines with image flyio/postgres-flex:15.2
+Waiting for machine to start...
+Machine 3287457df90185 is created
+==> Monitoring health checks
+  Waiting for 3287457df90185 to become healthy (started, 3/3)
+
+Postgres cluster pg-test created
+  Username:    postgres
+  Password:    45V1YkwVDUzbkHj
+  Hostname:    pg-test.internal
+  Flycast:     fdaa:2:45b:0:1::7
+  Proxy port:  5432
+  Postgres port:  5433
+  Connection string: postgres://postgres:45V1YkwVDUzbkHj@pg-test.flycast:5432
+
+Save your credentials in a secure place -- you won't be able to see them again!
\ No newline at end of file
diff --git a/partials/tigris/_tigris-storage-create.erb b/partials/tigris/_tigris-storage-create.erb
new file mode 100644
index 0000000000..7644a78467
--- /dev/null
+++ b/partials/tigris/_tigris-storage-create.erb
@@ -0,0 +1,31 @@
+
+```cmd
+fly storage create
+```
+```output
+? Select Organization: fly-ephemeral (fly-ephemeral)
+? Choose a name, use the default, or leave blank to generate one:
+Your project (summer-grass-2004) is ready.
+
+Set one or more of the following secrets on your target app.
+BUCKET_NAME: summer-grass-2004
+AWS_ENDPOINT_URL_S3: https://fly.storage.tigris.dev
+AWS_ACCESS_KEY_ID: tid_xxxxxx
+AWS_SECRET_ACCESS_KEY: tsec_xxxxxx
+```
+
+### Public buckets
+
+By default, buckets are private. If you need to serve public assets like images or JavaScript files, create a *public bucket*:
+
+```cmd
+fly storage create --public
+```
+
+You can also make a public bucket private.
+
+```cmd
+fly storage update mybucket --private
+```
+
+Currently, buckets must be public or private. ACL settings will be ignored by the Tigris API.
\ No newline at end of file
diff --git a/postgres/advanced-guides/high-availability-and-global-replication.html.markerb b/postgres/advanced-guides/high-availability-and-global-replication.html.markerb
index 54bdc7b71a..8662c4fafd 100644
--- a/postgres/advanced-guides/high-availability-and-global-replication.html.markerb
+++ b/postgres/advanced-guides/high-availability-and-global-replication.html.markerb
@@ -3,108 +3,206 @@ title: High Availability & Global Replication
 objective: Set up a Postgres cluster, configure replicas, perform failovers, and learn what tradeoffs should be considered for a global Postgres deployment.
 layout: framework_docs
 order: 1
-redirect_from: /docs/postgres/high-availability-and-global-replication/
+redirect_from: 
+  - /docs/postgres/high-availability-and-global-replication/
+  - /docs/getting-started/multi-region-databases
 ---
 
-Fly Postgres uses [stolon](https://github.com/sorintlab/stolon) for leader election and streaming replication between 2+ Postgres servers. It provides a number of things, including a “keeper” that controls the Postgres process, a "sentinel" that builds the cluster view, and a “proxy” that always routes connections to the current leader.
-
-If the leader becomes unhealthy (e.g. network or hardware issues), the proxy drops all connections until a new leader is elected. Once it’s ready, new connections go to the new leader automatically. The previous leader's VM will be replaced by another VM which will rejoin the cluster as a replica.
+Fly Postgres uses [repmgr](https://www.repmgr.org/) to manage replication clusters of three or more Postgres servers. You'll know your app uses repmgr if it uses a postgres-flex image. Run `fly status --app <app name>` or `fly image show --app <app name>` to view the image name and version. 
 
+Older Fly Postgres apps use [stolon](https://github.com/sorintlab/stolon) for leader election and streaming replication between two or more Postgres servers.
 
 ## Adding replicas
-The easiest way to add additional replicas at this time is through the `fly machine clone` command:
+
+The easiest way to add replicas (standbys) is with the `fly machine clone` command:
+
+```cmd
+fly machine clone <machine ID> --region <region> --app <app name>
+```
+
+For example:
 
 ```cmd
-fly machine clone 148e306c77e089 --region ord --app <app-name>
+fly machine clone 148e306c77e089 --region iad --app my-app-name
 ```
 ```output
-Cloning machine 148e306c77e089 into region lax
-Provisioning a new machine with image registry-1.docker.io/flyio/postgres:14...
+Cloning machine 148e306c77e089 into region iad
+Volume 'pg_data' will start empty
+Provisioning a new machine with image registry-1.docker.io/flyio/postgres-flex:15...
   Machine 17814e3b990389 has been created...
   Waiting for machine 17814e3b990389 to start...
   Waiting for 17814e3b990389 to become healthy (started, 3/3)
 Machine has been successfully cloned!
 ```
 
-This will clone the spec from the source machine and use it to create the new replica in a desired region.
+The `fly machine clone` command clones the spec from the source Machine and uses it to create the new replica in the specified region.
 
 
 ## Performing a failover
-To perform a manual failover against your HA Postgres app, run the following command:
-
-```cmd
-fly postgres failover --app <app-name>
-```
-```output
-Performing a failover
-  Waiting for e784927ad23583 to become healthy (started, 3/3)
-  Waiting for 148e306c77e089 to become healthy (started, 3/3)
-Failover complete
-```
-
-<em>Note: Only healthy members residing in your `PRIMARY_REGION` will be considered for leadership.</em>
-
-## Performing a regional failover
 
-There may be situations where you want to move leadership into a completely new region.  While this process is a bit more involved, you can achieve this by performing the steps below.
+To perform a failover, first make sure you have 3 or more servers in your primary region. Then run the following command:
 
-If you haven't already pulled down your `fly.toml` configuration file, you can do so by running:
-```
-fly config save --app <app-name>
-```
-
-Now, let's open up the `fly.toml` file and set the [`primary_region`](https://fly.io/docs/reference/configuration/#primary-region) and the `PRIMARY_REGION` environment variable to our target region. In this example, we are looking to move leadership into the `lax` region.
-```toml
-primary_region = "lax"
-
-[env]
-PRIMARY_REGION = "lax"
+```cmd
+fly postgres failover --app <app name>
 ```
 
-Before we can deploy this change, we must first identify which Postgres version we are currently running.
+For example:
 ```cmd
-fly image show
+fly postgres failover --app my-app-name
 ```
 ```output
-Image Details
-MACHINE ID      REGISTRY              REPOSITORY      TAG VERSION DIGEST
-e784927ad23583  registry-1.docker.io  flyio/postgres  14.4  v0.0.32 sha256:9daaa15119742e5777f5480ef476024e8827016718b5b020ef33a5fb084b60e8
-148e275b1d1d89  registry-1.docker.io  flyio/postgres  14.4  v0.0.32 sha256:9daaa15119742e5777f5480ef476024e8827016718b5b020ef33a5fb084b60e8
+Performing a failover
+Connecting to fdaa:2:45b:a7b:174:f553:db80:2... complete
+Stopping current leader...  17811073b07918
+Starting new leader
+Promoting new leader...  4d891247b0d698
+Connecting to fdaa:2:45b:a7b:174:f553:db80:2... complete
+NOTICE: promoting standby to primary
+DETAIL: promoting server "fdaa:2:45b:a7b:174:f553:db80:2" (ID: 665772506) using pg_promote()
+NOTICE: waiting up to 60 seconds (parameter "promote_check_timeout") for promotion to complete
+NOTICE: STANDBY PROMOTE successful
+DETAIL: server "fdaa:2:45b:a7b:174:f553:db80:2" (ID: 665772506) was successfully promoted to primary
+NOTICE: executing STANDBY FOLLOW on 1 of 1 siblings
+INFO: STANDBY FOLLOW successfully executed on all reachable sibling nodes
+Waiting 30 seconds for the old leader to stop...
+Restarting old leader... 17811073b07918
+Waiting for leadership to swap to 4d891247b0d698...
+  Waiting for 17811073b07918 to become healthy (started, 3/3)
+  Waiting for 4d891247b0d698 to become healthy (started, 3/3)
+  Waiting for 3d8d9e15c9de58 to become healthy (started, 3/3)
+Failover complete
 ```
 
-Take note of the version specified within the `Tag` column, we will be using this in our next command.
+<div class="note icon">
+**Note:** Only healthy servers residing in your primary region will be considered for leadership.
+</div>
 
-**Warning: This deploy process will result in a small amount of downtime.  Once the PRIMARY_REGION change has been deployed, your cluster will become read-only until the failover process completes.**
+## Performing a regional failover
 
-```cmd
-fly deploy . --image flyio/postgres:<tag> --strategy=immediate
-```
+There may be situations where you want to move leadership into a completely new region.
+
+1. Add at least three replicas into the new region to maintain quorum when switching leadership. See [Adding replicas](#adding-replicas).
+
+2. Run `fly status --app <app name>` to check the number of servers in each region. For example:
+
+    ```cmd
+    fly status --app my-app-name
+    ```
+    ```output
+    ID            	STATE  	ROLE   	REGION	CHECKS            	IMAGE                             	CREATED             	UPDATED
+    e78423d1a33148	started	replica	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:35:20Z	2024-01-03T15:35:32Z
+    e2866756a37148	started	replica	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:45:44Z	2024-01-03T15:45:54Z
+    d891116b6505e8	started	primary	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:17:32Z	2024-01-03T15:36:19Z
+    784eee9a216118	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:25:01Z	2024-01-03T16:01:31Z
+    784e2edc425348	started	replica	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:48:59Z	2024-01-03T15:49:10Z
+    2874443f054548	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:24:15Z	2024-01-03T15:34:29Z
+    ```
+
+    The output shows the primary and two replicas in ewr, and three replicas in iad, which is the new target region for this example.
+
+3. If you haven't already pulled down your `fly.toml` configuration file, you can do so by running:
+
+    ```
+    fly config save --app <app name>
+    ```
+
+4. Open the `fly.toml` file and set the [`primary_region`](https://fly.io/docs/reference/configuration/#primary-region) and the `PRIMARY_REGION` environment variable to your new target region. For example, to move leadership into the iad region:
+
+    ```toml
+    primary_region = "iad"
+
+    [env]
+    PRIMARY_REGION = "iad"
+    ```
+
+5. Before deploying this change, identify which Postgres image you are currently running. Use `fly status` to get the image info.
+
+    For example:
+
+    ```cmd
+    fly status -app my-app-name
+    ```
+    ```output
+    ID            	STATE  	ROLE   	REGION	CHECKS            	IMAGE                             	CREATED             	UPDATED
+    784eee9a216118	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:25:01Z	2024-01-03T14:25:13Z
+    2874443f054548	started	primary	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:24:15Z	2024-01-03T14:24:24Z
+    ...
+    ```
+
+6. Copy the image name, in this example `flyio/postgres-flex:15.3`, you'll use it for the next command.
+
+7. Deploy the app to pick up the changes you made to the `fly.toml` file, specifying the image to use. For example:
+
+    ```cmd
+    fly deploy . --image flyio/postgres-flex:15.3 --strategy=immediate
+    ```
+
+      <div class="warning icon">
+      **Warning:** The deploy process will result in a small amount of downtime. Once the `fly.toml` file change has been deployed, your cluster will become read-only until the failover process completes.
+      </div>
+
+    Once the deploy process has completed, you might need to wait a moment for all the servers to become healthy.
+
+8. Run the `fly pg failover` command to move the primary server to the new region:
+
+    ```cmd
+    fly pg failover
+    ```
+    Example output for a successful failover:
+
+    ```output
+    Performing a failover
+    Connecting to fdaa:2:45b:a7b:22b:ea40:9fed:2... complete
+    Stopping current leader...  d891116b6505e8
+    Starting new leader
+    Promoting new leader...  e2866756a37148
+    Connecting to fdaa:2:45b:a7b:22b:ea40:9fed:2... complete
+    NOTICE: promoting standby to primary
+    DETAIL: promoting server "fdaa:2:45b:a7b:22b:ea40:9fed:2" (ID: 453196900) using pg_promote()
+    NOTICE: waiting up to 60 seconds (parameter "promote_check_timeout") for promotion to complete
+    NOTICE: STANDBY PROMOTE successful
+    DETAIL: server "fdaa:2:45b:a7b:22b:ea40:9fed:2" (ID: 453196900) was successfully promoted to primary
+    NOTICE: executing STANDBY FOLLOW on 4 of 4 siblings
+    INFO: STANDBY FOLLOW successfully executed on all reachable sibling nodes
+    Waiting 30 seconds for the old leader to stop...
+    Restarting old leader... d891116b6505e8
+    Waiting for leadership to swap to e2866756a37148...
+      Waiting for 784eee9a216118 to become healthy (started, 3/3)
+      Waiting for d891116b6505e8 to become healthy (started, 3/3)
+      Waiting for e2866756a37148 to become healthy (started, 3/3)
+      Waiting for 2874443f054548 to become healthy (started, 3/3)
+      Waiting for 784e2edc425348 to become healthy (started, 3/3)
+      Waiting for e78423d1a33148 to become healthy (started, 3/3)
+    Failover complete
+    ```
+
+That's it! Run `fly status` to verify your changes. Continuing the example, the output shows that the primary server has switched from ewr to iad:
 
-Once the deploy process has completed, we can now work to transfer leadership into our new region. Ensure the new region has at least three healthy replicas to maintain quorum (see above on how to add more replicas), then:
 ```cmd
-fly pg failover
+fly status -a my-app-name
 ```
 ```output
-Performing a failover
-  Waiting for e784927ad23583 to become healthy (started, 3/3)
-  Waiting for 148e306c77e089 to become healthy (started, 3/3)
-Failover complete
+ID            	STATE  	ROLE   	REGION	CHECKS            	IMAGE                             	CREATED             	UPDATED
+e78423d1a33148	started	replica	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:35:20Z	2024-01-03T16:13:53Z
+e2866756a37148	started	primary	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:45:44Z	2024-01-03T16:13:21Z
+d891116b6505e8	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:17:32Z	2024-01-03T16:15:57Z
+784eee9a216118	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:25:01Z	2024-01-03T16:12:44Z
+784e2edc425348	started	replica	iad   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T15:48:59Z	2024-01-03T16:12:47Z
+2874443f054548	started	replica	ewr   	3 total, 3 passing	flyio/postgres-flex:15.3 (v0.0.46)	2024-01-03T14:24:15Z	2024-01-03T16:12:09Z
 ```
 
-That's it! You should now run `fly status` to verify your changes.
-
 ## Connecting to read replicas
 
 The generated connection string uses port `5432` to connect to PostgreSQL. This port always forwards you to a writable instance. Port `5433` is direct to the PostgreSQL member, and used to connect to read replicas directly.
 
-You can use the proxy port (`5432`) to connect from every region, but it will be quite slow. Especially because we put our PostgreSQL cluster in Santiago. Connecting to "local" replicas is much quicker, but does take some app logic.
+You can use the proxy port (`5432`) to connect from every region, but it will be quite slow. Connecting to "local" replicas is much quicker, but does take some app logic.
 
 The basic logic to connect is:
 
-1. Set a `PRIMARY_REGION` environment variable on your app, `scl` for our `chaos-postgres` cluster.
-2. Check the `FLY_REGION` environment variable at connect time, use `DATABASE_URL` as is when `FLY_REGION=scl`
+1. Set a `PRIMARY_REGION` environment variable on your app.
+2. Check the `FLY_REGION` environment variable at connect time, use `DATABASE_URL` as is when `FLY_REGION` is the same as `PRIMARY_REGION`.
 3. Modify the `DATABASE_URL` when running in other regions:
-   1. Change the port to `5433`
+   * Change the port to `5433`
 
 This is what it looks like in Ruby:
 
@@ -127,26 +225,27 @@ class Fly
 end
 ```
 
-Running this in `scl` will use the built-in `DATABASE_URL` and connect to port `5432`:
+Running this in the primary region will use the built-in `DATABASE_URL` and connect to port `5432`:
 
 ```
-postgres://<user>:<password>@top1.nearest.of.chaos-postgres.internal:5432/rails_on_fly?sslmode=disable
+postgres://<user>:<password>@top1.nearest.of.<postgres cluster app name>.internal:5432/rails_on_fly?sslmode=disable
 ```
 
 In the other regions, the app will connect to port `5433`:
+
 ```
-postgres://<user>:<password>@top1.nearest.of.chaos-postgres.internal:5433/rails_on_fly?sslmode=disable
+postgres://<user>:<password>@top1.nearest.of.<postgres cluster app name>.internal:5433/rails_on_fly?sslmode=disable
 ```
 
-
-## Detect write requests
+## Detecting write requests
 
 ### Catch read-only errors
+
 PostgreSQL conveniently sends a "read only transaction" error when you attempt to write to a read replica. All you need to do to detect write requests is catch this error.
 
 ### Replay the request
 
-Once caught, just send a `fly-replay` header specifying the primary region. For `chaos-postgres`, send `fly-replay: region=scl`, and we'll take care of the rest.
+Once caught, just send a `fly-replay` header specifying the primary region, for example `fly-replay: region=scl`, and we'll take care of the rest.
 
 If you're working in Rails, just add this to your `ApplicationController`:
 
@@ -167,11 +266,11 @@ end
 
 ## Library support
 
-We would like to build libraries to make this seamless for most application frameworks and runtimes. If you have a particular app you'd like to distribute with PostgreSQL, [post in our community forums](https://community.fly.io/t/multi-region-database-guide/1600) and we'll write some code for you.
+We would like to build libraries to make this seamless for most application frameworks and runtimes. If you have a particular app you'd like to distribute with PostgreSQL, [post in our community forums](https://community.fly.io/t/multi-region-database-guide/1600).
 
 ## Consistency model
 
-This is a fairly typical read replica model. Read replicas are usually eventually consistent, and can fall behind the leader. Running read replicas across the world _can_ exacerbate this effect and make read replicas stale more frequently.
+This is a fairly typical read replica model. Read replicas are usually eventually consistent, and can fall behind the leader. Running read replicas across the world can exacerbate this effect and make read replicas stale more frequently.
 
 ### Request with writes
 
@@ -181,19 +280,19 @@ Requests to the primary region are strongly consistent. When you use the replay
 
 Most apps accept a `POST` or `PUT`, do a bunch of writes, and then redirect the user to a `GET` request. In most cases, the database will replicate the changes before the user makes the second request. But not always!
 
-Most read heavy applications aren't especially sensitive to stale data on subsequent requests. A lagging read replica might result in an out of date view for users, but this might be reasonable for your use case.
+Most read-heavy applications aren't especially sensitive to stale data on subsequent requests. A lagging read replica might result in an out-of-date view for users, but this might be reasonable for your use case.
 
-If your app is sensitive to this (meaning, you never, under any circumstances want to show users stale data), you should be careful using read replicas.
+If your app is sensitive to stale data (meaning, you never, under any circumstances want to show users stale data), you should be careful using read replicas.
 
 ### Managing eventual consistency
 
 For apps that are sensitive to consistency issues, you can add a counter or timestamp to user sessions that indicates what "version" of the database a particular user is expecting. When the user makes a request and the session's data version differs from the replica, you can use the same `fly-replay` header to redirect their request to the primary region – and then you'll know it's not stale.
 
-In theory, you _could_ run PostgreSQL with synchronous replication and block until replicas receive writes. This probably won't work well for far flung read replicas.
+In theory, you could run PostgreSQL with synchronous replication and block until replicas receive writes. This probably won't work well for far flung read replicas.
 
 ## This is wrong for some apps
 
-We built this set of features for read heavy apps that are primary HTTP request based. That is, most requests only perform reads and only some requests include writes.
+We built this set of features for read-heavy apps that are primarily HTTP request based. That is, most requests only perform reads and only some requests include writes.
 
 ### Write-heavy workloads
 
@@ -205,4 +304,4 @@ Truly write-heavy apps require latency aware data partitioning, either at the ap
 
 ### Long lived connections
 
-If your app makes heavy use of long lived connections with interpolated writes, like websockets, this will not work for you. This technique is specific to HTTP request/response based apps that bundle writes up into specific requests.
+If your app makes heavy use of long lived connections with interpolated writes, like WebSockets, this will not work for you. This technique is specific to HTTP request/response based apps that bundle writes up into specific requests.
diff --git a/postgres/connecting/app-connection-examples.html.markerb b/postgres/connecting/app-connection-examples.html.markerb
index 22ed80e692..2243770424 100644
--- a/postgres/connecting/app-connection-examples.html.markerb
+++ b/postgres/connecting/app-connection-examples.html.markerb
@@ -9,7 +9,7 @@ These examples demonstrate connections from within the same Fly.io internal IPv6
 
 ## psql
 
-If you have an active [WireGuard tunnel](/docs/reference/private-networking/#private-network-vpn) to your organization's private network, you can connect from a local machine to your Postgres cluster the same way you would from a Fly app within the same private network. For example, the following command would start an interactive terminal session on the cluster leader with `psql`:
+If you have an active [WireGuard tunnel](/docs/networking/private-networking/#private-network-vpn) to your organization's private network, you can connect from a local machine to your Postgres cluster the same way you would from a Fly app within the same private network. For example, the following command would start an interactive terminal session on the cluster leader with `psql`:
 
 ```cmd
 psql postgres://postgres:secret123@appname.internal:5432
@@ -17,7 +17,7 @@ psql postgres://postgres:secret123@appname.internal:5432
 
 You can, of course, run psql from a shell on a Fly app as well (as long as that app has psql installed).
 
-### Connecting with Ruby
+## Connecting with Ruby
 [docs](https://github.com/ged/ruby-pg)
 
 Ruby apps use the `pg` gem to connect to postgres.
@@ -36,7 +36,7 @@ conn.exec( "SELECT * FROM pg_stat_activity" ) do |result|
 end
 ```
 
-### Connecting with Rails
+## Connecting with Rails
 [docs](https://guides.rubyonrails.org/configuring.html#configuring-a-database)
 
 Rails apps automatically connect to the database specified in the `DATABASE_URL` environment variable.
@@ -48,8 +48,65 @@ flyctl secrets set DATABASE_URL=postgres://postgres:secret123@postgresapp.intern
 
 or by attaching the Postgres database to your Fly app.
 
+## Connecting with Python
 
-### Connecting with Go
+[`psycopg`](https://www.psycopg.org/psycopg3/) is the recommended driver for connecting
+to postgres:
+
+```python
+import psycopg
+
+conninfo = "postgres://postgres:secret123@postgresapp.internal:5432/yourdb"
+with psycopg.connect(conninfo) as connection:
+    with connection.cursor() as cursor:
+        cursor.execute(...)
+        results = cursor.fetchall()
+```
+
+## Connecting with Django
+
+[docs](https://docs.djangoproject.com/en/stable/ref/settings/#databases)
+
+[`psycopg`](https://www.psycopg.org/psycopg3/) is the recommended driver for connecting
+to postgres. You can use the [`django-environ`](https://pypi.org/project/django-environ/)
+package to translate the `DATABASE_URL` environment variable into Django database
+configuration. First, install both packages:
+
+```cmd
+python -m pip install psycopg django-environ
+```
+
+Now we can define `DATABASES` in our ``settings.py`` file.
+
+```python
+import environ  # ← Added
+
+...
+
+env = environ.Env()  # ← Added
+environ.Env.read_env(BASE_DIR / ".env")  # ← Added
+
+DATABASES = {
+    # env.db() reads the DATABASE_URL environment variable.
+    "default": env.db(),  # ← Updated
+}
+```
+
+You can set the `DATABASE_URL` manually with `flyctl secrets set`:
+
+```cmd
+flyctl secrets set DATABASE_URL=postgres://postgres:secret123@postgresapp.internal:5432/yourdb
+```
+
+or by adding it to the `.env` file:
+
+```
+# .env
+SECRET_KEY=06\Rd75]S.vzZtrZoxc3!*~JR*/te[8BR%L-7~I7eFsGCqk,ze
+DATABASE_URL=postgres://postgres:secret123@postgresapp.internal:5432/yourdb  # ← Added
+```
+
+## Connecting with Go
 [docs](https://github.com/jackc/pgx/wiki/Getting-started-with-pgx-through-database-sql)
 
 `pgx` is the recommended driver for connecting to postgres. It supports the standard `database/sql` interface as well as directly exposing low level / high performance APIs.
@@ -90,7 +147,7 @@ func main() {
 }
 ```
 
-### Connecting with Node.js
+## Connecting with Node.js
 [docs](https://node-postgres.com)
 
 You'll use the `pg` npm module to connect to Postgres from a Node.js app.
@@ -105,7 +162,7 @@ console.log(res.rows[0].message) // Hello world!
 await client.end()
 ```
 
-### Connecting with Prisma – Node.js
+## Connecting with Prisma – Node.js
 [docs](https://www.prisma.io/)
 
 Prisma is an open-source object-relational mapper (ORM) for Node.js and works with both JavaScript and TypeScript. It consists of 3 components:
@@ -194,7 +251,7 @@ main()
   })
 ```
 
-### Connecting with Sequelize – Node.js
+## Connecting with Sequelize – Node.js
 [docs](https://sequelize.org)
 
 Sequelize is an open-source object-relational mapper (ORM) for Node.js and works with JavaScript and TypeScript.
@@ -289,7 +346,7 @@ let sequelize = new Sequelize(process.env.DATABASE_URL);
 [Fly docs: How to add Read Replica database with flyctl](https://fly.io/docs/postgres/advanced-guides/high-availability-and-global-replication/)
 
 
-Set the Sequelize consturctor in `model/index.js` to conditionally connect to the primary/read-replica database depending on the `primary region` value set in `fly.toml`.
+Set the Sequelize constructor in `model/index.js` to conditionally connect to the primary/read-replica database depending on the `primary region` value set in `fly.toml`.
 ```javascript
 let sequelize;
 if (config.use_env_variable) {
@@ -313,4 +370,4 @@ if (config.use_env_variable) {
     sequelize = new Sequelize(u.toString());
   }
 ```
-</details>
\ No newline at end of file
+</details>
diff --git a/postgres/connecting/connecting-external.html.markerb b/postgres/connecting/connecting-external.html.markerb
index e3450c85a5..1857d2b805 100644
--- a/postgres/connecting/connecting-external.html.markerb
+++ b/postgres/connecting/connecting-external.html.markerb
@@ -5,7 +5,11 @@ layout: framework_docs
 order: 2
 ---
 
-Fly Postgres databases can be used by applications outside their Fly.io [internal private network](/docs/reference/private-networking/); this means in a different private network belonging to your organization, in another Fly organization, or outside Fly.io altogether.
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/factory.png" alt="Illustration by Annie Ruygt of bird workers on a factory assemmbly line" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly Postgres databases can be used by applications outside their Fly.io [internal private network](/docs/networking/private-networking/); this means in a different private network belonging to your organization, in another Fly organization, or outside Fly.io altogether.
 
 We don't expose Postgres apps to the internet by default. To get this working, you'll need to make two adaptations: configuring your Postgres app to accept connections from the Fly proxy, and providing a publicly-resolvable hostname to your app.
 
@@ -51,7 +55,7 @@ This may come with a default `services` section for `internal_port` 8080. Replac
   port = 5432
 ```
 
-Note the use of the `pg_tls` [handler](/docs/reference/services/#connection-handlers) to manage the specific requirements of Postgres connections.
+Note the use of the `pg_tls` [handler](/docs/networking/services/#connection-handlers) to manage the specific requirements of Postgres connections.
 
 For additional information on services and service ports:
 [The services sections](https://fly.io/docs/reference/configuration/#the-services-sections)
@@ -69,19 +73,19 @@ fly image show --app <pg-app-name>
 ```
 ```out
 Image Details
-  Registry   = registry-1.docker.io
-  Repository = flyio/postgres
-  Tag        = 14.4
-  Version    = v0.0.32
+  Registry   = docker-hub-mirror.fly.io
+  Repository = flyio/postgres-flex
+  Tag        = 16.4
+  Version    = v0.0.62
 ```
 
 Deploy your cluster, using `--image` with the `image:tag` found in the previous step:
 
 ```cmd
-fly deploy . --app <pg-app-name> --image flyio/postgres:<major-version>
+fly deploy . --app <pg-app-name> --image flyio/postgres-flex:<major-version>
 ```
 
-As an example, if you are running Postgres 14.x you would specify `flyio/postgres:14` as your target image.
+As an example, if you are running Postgres 16.x you would specify `flyio/postgres-flex:16` as your target image.
 
 After the deployment completes, you can verify your `services` configuration by running the `fly services list` command:
 
diff --git a/postgres/connecting/connecting-internal.html.markerb b/postgres/connecting/connecting-internal.html.markerb
index 00064998f4..f810486cc5 100644
--- a/postgres/connecting/connecting-internal.html.markerb
+++ b/postgres/connecting/connecting-internal.html.markerb
@@ -3,6 +3,7 @@ title: Connect From a Fly App
 objective: Access your Postgres from within the same Fly.io private network.
 layout: framework_docs
 order: 1
+toc: false
 ---
 
 Connection string URIs are a common way to describe a connection to a Postgres server. The output from `flyctl postgres create` provides a connection string of the format:
@@ -11,6 +12,6 @@ Connection string URIs are a common way to describe a connection to a Postgres s
 postgres://{username}:{password}@{hostname}:{port}/{database}?options
 ```
 
-Fly Postgres is an app that belongs to your Fly organization. The `hostname` in this string resolves to an internal IPv6 address that can be reached by any of your apps that live in the same [IPv6 private network](/docs/reference/private-networking/).
+Fly Postgres is an app that belongs to your Fly organization. The `hostname` in this string resolves to an internal IPv6 address that can be reached by any of your apps that live in the same [IPv6 private network](/docs/networking/private-networking/).
 
 You can give this connection string to another Fly app by passing it as a secret, or by [Attaching](/docs/postgres/managing/attach-detach) it.
diff --git a/postgres/connecting/connecting-with-flyctl.html.markerb b/postgres/connecting/connecting-with-flyctl.html.markerb
index 59186904bc..76dd43d0d3 100644
--- a/postgres/connecting/connecting-with-flyctl.html.markerb
+++ b/postgres/connecting/connecting-with-flyctl.html.markerb
@@ -3,6 +3,7 @@ title: Connect With flyctl
 objective: Access your Postgres app from the terminal using flyctl.
 layout: framework_docs
 order: 1
+toc: false
 ---
 
 To connect to your Postgres database from outside your Fly organization, you need a WireGuard connection. However, flyctl on your local machine can connect using [user-mode WireGuard](/blog/our-user-mode-wireguard-year/) magic, without you having to set up your own WireGuard tunnel.
diff --git a/postgres/getting-started/create-pg-cluster.html.markerb b/postgres/getting-started/create-pg-cluster.html.markerb
index e3fa100a98..f9a8bc878c 100644
--- a/postgres/getting-started/create-pg-cluster.html.markerb
+++ b/postgres/getting-started/create-pg-cluster.html.markerb
@@ -3,66 +3,10 @@ title: Create a Fly Postgres Cluster
 layout: framework_docs
 order: 2
 objective: Create a new Fly Postgres cluster.
+toc: false
 ---
 
-To create a Postgres cluster, use the `fly postgres create` command. The command will walk you through the creation with prompts for name, region, and VM resources.
-
-<div class="callout">Because we keep adding shorter aliases, you can use any of the following and get the same result: `flyctl postgres`, `fly postgres`, `flyctl pg`, and `fly pg`.</div>
-
-```cmd
-fly postgres create
-```
-```output
-? Choose an app name (leave blank to generate one): pg-test
-? Select Organization: TestOrg (personal)
-Some regions require a paid plan (fra, maa).
-See https://fly.io/plans to set up a plan.
-
-? Select region: Toronto, Canada (yyz)
-```
-
-During this process, you get to choose from several preset resource configurations for the app:
-
-```
-? Select configuration:  [Use arrows to move, type to filter]
-> Development - Single node, 1x shared CPU, 256MB RAM, 1GB disk
-  Production (High Availability) - 3 nodes, 2x shared CPUs, 4GB RAM, 40GB disk
-  Production (High Availability) - 3 nodes, 4x shared CPUs, 8GB RAM, 80GB disk
-  Specify custom configuration
-```
-
-The "Production" options give you a three-node cluster in a leader-replica configuration. A single-node "Development" instance can readily be scaled and [expanded to more regions](/docs/postgres/advanced-guides/high-availability-and-global-replication/).
-
-If you select the "Development" single-node cluster configuration, then you can choose to scale down to zero if there are no open connections after one hour.
-
-```
-? Scale single node pg to zero after one hour? (y/N)
-```
-
-<div class="callout">
-You might need to configure any apps that connect to your Postgres app to scale to zero as well, otherwise your Postgres database will never have zero connections and will never scale down. Your app might also need to be able to wait for the database to start back up. Learn more about the [scale to zero feature](/docs/postgres/managing/scale-to-zero/), including how to turn it off.
-</div>
-
-```
-Creating postgres cluster in organization TestOrg
-Creating app...
-Setting secrets on pg-test...
-Provisioning 1 of 1 machines with image flyio/postgres-flex:15.2
-Waiting for machine to start...
-Machine 3287457df90185 is created
-==> Monitoring health checks
-  Waiting for 3287457df90185 to become healthy (started, 3/3)
-
-Postgres cluster pg-test created
-  Username:    postgres
-  Password:    45V1YkwVDUzbkHj
-  Hostname:    pg-test.internal
-  Flycast:     fdaa:2:45b:0:1::7
-  Proxy port:  5432
-  Postgres port:  5433
-  Connection string: postgres://postgres:45V1YkwVDUzbkHj@pg-test.flycast:5432
-
-Save your credentials in a secure place -- you won't be able to see them again!
+<%= partial "/docs/partials/postgres/pg-create" %>
 
 Connect to postgres
 Any app within the TestOrg organization can connect to this Postgres using the above connection string
diff --git a/postgres/getting-started/enabling-timescale.html.markerb b/postgres/getting-started/enabling-timescale.html.markerb
new file mode 100644
index 0000000000..e50869c914
--- /dev/null
+++ b/postgres/getting-started/enabling-timescale.html.markerb
@@ -0,0 +1,39 @@
+---
+title: Enable TimescaleDB
+layout: framework_docs
+order: 20
+objective: Learn how to enable Timescale on your Postgres database.
+redirect_from: /docs/postgres/managing/enabling-timescale/
+---
+
+TimescaleDB is an open source time-series database built on top of PostgreSQL. It is a powerful tool for analyzing time-series data,
+and is a great fit for many applications you might run on Fly.io.
+
+The default Fly Postgres app no longer includes the TimescaleDB extension. To enable TimescaleDB,
+provision a new Postgres app using our TimescaleDB-adapted image.
+
+## Provision a new Postgres app with TimescaleDB
+
+Specify the `postgres-flex-timescaledb` image with the `--image-ref` flag:
+
+```cmd
+fly pg create --image-ref flyio/postgres-flex-timescaledb:16
+```
+
+## Create the extension
+
+Connect to your postgres database:
+```cmd
+# Connect to your target database
+fly pg connect --app <database-app-name>
+```
+
+From the `postgres=# %` prompt, create the extension:
+```sql
+CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;
+```
+
+## (Optional) Attach to an app
+```
+ fly pg attach <database-app-name> --app <app-name>
+```
diff --git a/postgres/getting-started/what-you-should-know.html.md b/postgres/getting-started/what-you-should-know.html.md
index 5f30856d9a..086e727e40 100644
--- a/postgres/getting-started/what-you-should-know.html.md
+++ b/postgres/getting-started/what-you-should-know.html.md
@@ -1,56 +1,55 @@
 ---
 title: "This Is Not Managed Postgres"
-objective: Read our warnings about why we don't call Fly Postgres "managed"!
 layout: framework_docs
 order: 1
 ---
 
 Before you use Fly Postgres, here are some things worth understanding about it:
 
-Fly Postgres is a regular app you deploy on Fly.io, with an automated creation process and some platform integration to simplify management. It relies on building blocks available to all Fly apps, like `flyctl`, volumes, private networking, health checks, logs, metrics, and more. The source code is available on [GitHub](https://github.com/fly-apps/postgres-ha) to view and fork.
+Fly Postgres is a regular app you deploy on Fly.io, with an automated creation process and some platform integration to simplify management. It relies on building blocks available to all Fly apps, like `flyctl`, volumes, private networking, health checks, logs, metrics, and more. The source code is available on [GitHub](https://github.com/fly-apps/postgres-flex) to view and fork.
 
 This is not a managed database. If Postgres crashes because it ran out of memory or disk space, you'll need to do a little work to get it back.
 
-### Here's what Fly.io manages
+## Here's what Fly.io manages
 
 - **Basic provisioning & upgrade tools** - `fly pg` provides a set of commands and building blocks that automates the provisioning of databases, connecting them to your applications, and accessing remote Postgres shells.
-- **Daily volume snapshots** - Fly.io takes daily snapshots of Postgres volumes and saves them for 7 days.
+- **Daily volume snapshots** - Fly.io takes daily snapshots of Postgres volumes and saves them for 5 days.
 - **Global networking & server infrastructure** - Fly.io provides the Firecracker VMs and interconnecting WireGuard network to run your Postgres database cluster.
 - **Prometheus metrics** - Fly.io collects and exposes various metrics via Prometheus, but you have to set up a tool, like Grafana, for aggregation and alerting.
-- **Open Source templates** - Templates and documentation are available at [https://github.com/fly-apps/postgres-ha](https://github.com/fly-apps/postgres-ha) in the event that you need to work the Fly Postgres app to fine-tune it for your specific application.
+- **Open Source templates** - Templates and documentation are available at [https://github.com/fly-apps/postgres-flex](https://github.com/fly-apps/postgres-flex) in the event that you need to work the Fly Postgres app to fine-tune it for your specific application.
 
-### Here's what you manage
+## Here's what you manage
 
 Deploying a Fly Postgres database means you may need to manage the following:
 
 - **Provisioning the right cluster config for you** - Consider what your availability needs are. If you run only a single instance, then anything that happens to that disk, that server or the network in that region can cause your database to be unavailable.
 - **Scaling storage and memory resources** - If your database runs out of disk space or memory, you'll have to scale it up, or down if you don't need the resources.
 - **Upgrading Postgres versions & security patches** - Fly.io provides tools like `fly image update` to upgrade your database instances to new minor versions of Postgres, but you'll have to run the upgrades yourself. Same for security patches: you'll have to apply those to running Postgres clusters.
-- **Developing a database backup & restoration plan** - Fly.io's self-managed Postgres ships with a basic daily volume snapshot tool that keeps snapshots around for 7 days. It does not manage off-site backups, etc.
+- **Developing a database backup & restoration plan** - Fly.io's self-managed Postgres ships with a basic daily volume snapshot tool that keeps snapshots around for 5 days. It does not manage off-site backups, etc.
 - **Monitoring & alerts** - Fly.io collects and exposes relevant Prometheus metrics, but you'll have to configure your own monitoring and alerts to keep tabs on the performance and resource utilization of your database instances.
 - **Recovering from outages** - If the volume in your database fills up, a replica fails, etc. you'll have to do a little bit of work to bring your database back to health.
 - **Global replication** - You can add read-only replicas outside the primary region to [speed up read-heavy globally distributed apps](https://fly.io/blog/globally-distributed-postgres/),  by scaling your Fly Postgres app. It's up to you to tweak your application to get writes to the leader instance, but the [Fly-Replay header](https://fly.io/docs/reference/fly-replay/) simplifies that.
-- **Configuration Tuning** - You may need to tune your Postgres configuration to match your application's needs. 
-There are a lot of knobs to turn, but `fly pg config` only supports a few of them out of the box. For more details, see [Postgres Configuration](#postgres-configuration).
-- **Advanced customization** - TimescaleDB is included in the default image and can be enabled with these [instructions](https://fly.io/docs/postgres/managing/enabling-timescale/). If your application demands additional Postgres extensions or something else in the VM, you can [fork and maintain your own branch of Fly's open source Postgres HA app](https://github.com/fly-apps/postgres-ha). 
+- **Configuration Tuning** - You may need to tune your Postgres configuration to match your application's needs.
+There are a lot of knobs to turn, but `fly pg config` only supports a few of them out of the box. For more details, see [Postgres Configuration Tuning](https://fly.io/docs/postgres/managing/configuration-tuning/).
+- **Advanced customization** - TimescaleDB is included in the default image and can be enabled with these [instructions](https://fly.io/docs/postgres/managing/enabling-timescale/). If your application demands additional Postgres extensions or something else in the VM, you can [fork and maintain your own branch of Fly's open source Postgres Flex app](https://github.com/fly-apps/postgres-flex).
 
-## Fully managed Postgres
+## Recommended Managed Postgres option
 
-### Recommended External Providers
+- [Fly.io's Managed Postgres](/docs/mpg/) We recommend Fly.io Managed Postgres, a production-ready Postgres service that handles the hard parts for you: high availability, automatic failover, encrypted backups, monitoring and metrics, seamless scaling, and 24/7 support to keep your data fast, safe, and always online.
 
-If you want a fully managed database solution for your Fly Apps, there are many great options, including:
+## Other Managed Postgres providers
 
-- [Crunchy Bridge Managed Postgres](https://www.crunchydata.com/products/crunchy-bridge) (on AWS, Azure, GCP, or Heroku)
-- [Neon Serverless Postgres](https://neon.tech/)
-- [PlanetScale Serverless MySQL](https://planetscale.com/) ([guide to use with Fly Apps](https://fly.io/docs/app-guides/planetscale/))
-- [Supabase Postgres](https://supabase.com/database)
+Other providers:
 
-### Other Places
+- [Crunchy Bridge Managed Postgres](https://www.crunchydata.com/products/crunchy-bridge+external) (on AWS, Azure, GCP, or Heroku)
+- [Neon Serverless Postgres](https://neon.tech/+external)
+- [PlanetScale Serverless MySQL](https://planetscale.com/+external) ([guide to use with Fly Apps](https://fly.io/docs/app-guides/planetscale/))
+- [Supabase Postgres](https://supabase.com/)
 
 You can connect your Fly Apps to the usual suspects, too:
 
-- [Amazon RDS for PostgreSQL](https://aws.amazon.com/rds/postgresql/)
-- [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/products/postgresql/#overview)
-- [Digital Ocean Managed Postgres](https://www.digitalocean.com/products/managed-databases-postgresql)
-- [Google Cloud SQL for PostgreSQL](https://cloud.google.com/sql/docs/postgres/)
-- [Heroku Managed Data Services](https://www.heroku.com/managed-data-services)
+- [Amazon RDS for PostgreSQL](https://aws.amazon.com/rds/postgresql/+external)
+- [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/products/postgresql/#overview+external)
+- [Digital Ocean Managed Postgres](https://www.digitalocean.com/products/managed-databases-postgresql+external)
+- [Google Cloud SQL for PostgreSQL](https://cloud.google.com/sql/docs/postgres/+external)
+- [Heroku Managed Data Services](https://www.heroku.com/managed-data-services+external)
diff --git a/postgres/index.html.md b/postgres/index.html.md
index 8eaca4de79..a1722a2416 100644
--- a/postgres/index.html.md
+++ b/postgres/index.html.md
@@ -1,18 +1,20 @@
 ---
-title: "Fly Postgres"
+title: "Fly Postgres (Unmanaged)"
 layout: framework_docs
 redirect_from: /docs/reference/postgres/
+toc: false
 ---
 
-<img src="http://github.com/static/images/postgres.webp" srcset="http://github.com/service/http://github.com/static/images/postgres@2x.webp%202x " alt="A model airplane with the Fly.io logo painted on its side, sitting next to some paint and brushes.">
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/postgres.png" alt="Illustration by Annie Ruygt of a balloon disguised as an elephant" class="w-full max-w-lg mx-auto">
+</figure>
 
-[Postgres](https://www.postgresql.org/), formally known as PostgreSQL, is a powerful open source object relational database system that's used by many popular web frameworks to persist application data.
+[Postgres](https://www.postgresql.org/+external), formally known as PostgreSQL, is a powerful open source object relational database system that's used by many popular web frameworks to persist application data.
 
-Fly Postgres is a Fly app with flyctl sugar on top to help you bootstrap and manage a database cluster for your apps. It comes with most commonly used functionality (replication, failover, metrics, monitoring and daily snapshots).
+Fly Postgres (unmanaged) is a Fly app with flyctl sugar on top to help you bootstrap and manage a database cluster for your apps. It comes with most commonly used functionality (replication, failover, metrics, monitoring and daily snapshots).
 
 **[Read about why Fly Postgres is not the same thing as a managed database service](/docs/postgres/getting-started/what-you-should-know).**
 
-
 When you create a Fly Postgres cluster, you're offered several preset configurations. The "High Availability" options are three-node clusters. In case of a node failure, a HA Fly Postgres cluster will automatically take the bad actor out of the picture and, if necessary, fail over leadership to the healthy node.
 
 Flyctl also offers a single-instance "Development" config. If you choose this option and the hardware it's running on has network problems or the SSD fails, your database will go down. In the latter case, you will lose any data accumulated since the last snapshot. Fly Postgres is designed so that you can turn a single-node cluster into a high-availability one just by adding a second instance in the same region.
@@ -21,4 +23,4 @@ In the single-instance "Development" config, you'll also be given the option to
 
 You can also add read-only replicas in other regions and take advantage of the Fly.io platform's proxy features to build a [Globally Distributed Postgres cluster](/docs/postgres/advanced-guides/high-availability-and-global-replication).
 
-The Fly Postgres app is fully open source. Just fork [fly-apps/postgres-ha](https://github.com/fly-apps/postgres-ha) and add whatever meets your needs. You can even update an existing cluster with your new image using `fly deploy --image`. One caveat is that once you fork, you won't be able to use `fly postgres` commands to administer your app. 
+The Fly Postgres app is fully open source. Just fork [fly-apps/postgres-flex](https://github.com/fly-apps/postgres-flex) and add whatever meets your needs. You can even update an existing cluster with your new image using `fly deploy --image`. One caveat is that once you fork, you won't be able to use `fly postgres` commands to administer your app. 
diff --git a/postgres/managing/attach-detach.html.markerb b/postgres/managing/attach-detach.html.markerb
index 4653e01bbc..2004d92a32 100644
--- a/postgres/managing/attach-detach.html.markerb
+++ b/postgres/managing/attach-detach.html.markerb
@@ -11,26 +11,30 @@ objective: "`fly pg attach`: Conveniently create a new database in a Fly Postgre
 
 ## Attach a Fly App
 
-`fly postgres attach` is a convenience command to quickly associate a Fly app with your Fly Postgres cluster. 
+`fly postgres attach` is a convenience command to quickly associate a Fly App with your Fly Postgres cluster app. 
 
 ```
-flyctl postgres attach --app <app-name> <postgres-app-name>
+fly postgres attach <postgres app name> --app <app name>
 ```
 
 When you attach an app to Postgres, a number of things happen:
 
-* A new database and user are created in the Postgres App. If the attached app is named "myapp", both the database and the user are named "myapp" too.
+* A new database and user are created in the Postgres cluster app, using the name of the consuming app (a Fly App). If the consuming app is named "my-app", then both the database and the user are named "my_app".
 * The user is allocated a generated password.
-* The consuming app and the Postgres app are marked as attached in the great floating ledger in the Fly.io cloud. The main value of this is in order to be able to use `fly pg detach` later.
+* The consuming app and the Postgres app are marked as attached in the great floating ledger in the Fly.io cloud, which enables you to use `fly postgres detach` later.
 
-When the `attach`ed app starts it will have access to an environment variable `DATABASE_URL` set to a Postgres connection URI with the username, password, host, port and dbname filled in.
+When the now-attached consuming app starts, it will have access to an environment variable `DATABASE_URL` set to a Postgres connection URI with the username, password, host, port, and dbname filled in.
 
 ## Detach a Fly App
 
-If the consuming app's access to this database was purely due to `fly postgres attach`, you can revoke that access using `flyctl postgres detach`.
+If the consuming app's access to this database was purely due to `fly postgres attach`, then you can revoke that access using `fly postgres detach`.
 
 ```
-flyctl postgres detach --app <app-name> <postgres-app-name>
+fly postgres detach <postgres app name> --app <app name>
 ```
 
-This will remove the `<app-name>` user from the Postgres cluster, and the `DATABASE_URL` secret from the `<app-name>` app. The platform will no longer view the two apps as associated. The database is not removed.
+This will remove the `<app name>` user from the Postgres cluster, and the `DATABASE_URL` secret from the `<app name>` app. The platform will no longer view the two apps as associated. The database is not removed.
+
+## Check if a Fly App is attached to a Postgres app
+
+Run `fly postgres users list --app <postgres app name>` on your Postgres cluster app. If there is an attached Fly App, then the app's name will be in the list of users. See [Users & Roles](/docs/postgres/managing/users-and-roles/).
diff --git a/postgres/managing/backup-and-restore.html.markerb b/postgres/managing/backup-and-restore.html.markerb
index 97f6e40828..8247f9a79e 100644
--- a/postgres/managing/backup-and-restore.html.markerb
+++ b/postgres/managing/backup-and-restore.html.markerb
@@ -64,8 +64,8 @@ fly volumes list -a <postgres-app-name>
 ```
 ```output
 ID                   NAME    SIZE REGION ATTACHED VM CREATED AT
-vol_x915grn008vn70qy pg_data 10GB atl    b780ce3d    2 weeks ago
-vol_ke628r677pvwmnpy pg_data 10GB atl    359d0e24    2 weeks ago
+vol_x915grn008vn70qy pg_data 10GB sjc    b780ce3d    2 weeks ago
+vol_ke628r677pvwmnpy pg_data 10GB sjc    359d0e24    2 weeks ago
 ```
 
 The number of volumes varies depending on how many database replicas were elected when provisioning the database. One primary database and one replica yields 2 volumes.
@@ -84,12 +84,27 @@ vs_OPQXXna6kA2Qnhz8 26 MiB 2 days ago
 
 The values under the `ID` columns are what will be used to restore a snapshot.
 
+## Identifying your Postgres image version
+Depending on when you created your Postgres cluster, it may be running an older image than the default for newly created clusters. Different Postgres major versions may not be fully compatible, so it's important to use the same version for your restored cluster.
+
+To see your Postgres image and version, run `fly image show`. 
+
+```cmd
+fly image show -a <postgres-app-name>
+```
+```output
+MACHINE ID      REGISTRY                REPOSITORY      TAG     VERSION DIGEST                        LABELS                                                                          
+e286004f696700  registry-1.docker.io    flyio/postgres  14.6    v0.0.41 sha256:3c25db96357a78e827ca7d fly.app_role=postgres_clusterfly.pg-version=14.6-1.pgdg110+1fly.version=v0.0.41
+```
+The values under the `REPOSITORY` and `TAG` columns reference the image you'll use to restore the snapshot. 
+Legacy postgres images use the `flyio/postgres` repository, while new Postgres Flex images use the `flyio/postgres-flex` repository. In the above example, the machine is running a legacy `flyio/postgres:14.6` image.
+
 ## Restoring from a snapshot
 
-To restore a Postgres application from a snapshot, simply specify the `--snapshot-id` argument when running the `create` command as shown below:
+To restore a Postgres application from a snapshot, simply specify the `--snapshot-id` argument and the `--image-ref` argument when running the `create` command as shown below:
 
 ```cmd
-fly postgres create --snapshot-id <snapshot-id>
+fly postgres create --snapshot-id <snapshot-id> --image-ref <image-version>
 ```
 ```output
 ? App Name: my-app-db-restored
@@ -108,7 +123,11 @@ Postgres cluster my-app-db-restored created
 Save your credentials in a secure place, you won't be able to see them again!
 ```
 
-This provisions and launches a new Fly Postgres database server with the specified snapshot.
+This provisions and launches a new Fly Postgres database server with the specified snapshot and the same image as your existing database.
+
+<div class="important icon">
+  <b>Important:</b> The size of the volume provisioned for the new Fly Postgres application must be equal to or greater than the volume from where the snapshot was taken.
+</div>
 
 ## Connect the Restored Database
 
diff --git a/postgres/managing/deleting.html.markerb b/postgres/managing/deleting.html.markerb
index a46deb4d1d..85780566cf 100644
--- a/postgres/managing/deleting.html.markerb
+++ b/postgres/managing/deleting.html.markerb
@@ -3,6 +3,7 @@ title: Delete a Postgres Cluster
 objective: 
 layout: framework_docs
 order: 90
+toc: false
 ---
 
 **Before deleting any app with a volume, including a Fly Postgres app, make certain that you no longer need any of its data; once an app is deleted, its volumes are deleted and you lose access to their snapshots too.**
diff --git a/postgres/managing/enabling-timescale.htm.markerb b/postgres/managing/enabling-timescale.htm.markerb
deleted file mode 100644
index 38e36ca651..0000000000
--- a/postgres/managing/enabling-timescale.htm.markerb
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Enable TimescaleDB
-objective: Learn how to enable Timescale on your Postgres database.
-layout: framework_docs
-order: 80
-redirect_from: /docs/postgres/managing/enabling-timescale/
----
-
-TimescaleDB is an open source time-series database built on top of PostgreSQL. It is a powerful tool for analyzing time-series data,
-and is a great fit for many applications you might run on Fly.io.
-
-The default Fly Postgres app no longer includes the TimescaleDB extension. To enable TimescaleDB,
-provision a new Postgres app using our TimescaleDB-adapted image.
-
-## Provision a new Postgres app with TimescaleDB
-
-Specify the `postgres-flex-timescaledb` image with the `--image-ref` flag:
-
-```cmd
-fly pg create --image-ref flyio/postgres-flex-timescaledb:15
-```
-
-## Create the extension
-
-Connect to your postgres database:
-```cmd
-# Connect to your target database
-fly pg connect --app <app-name> --database <db-name>
-```
-
-From the `postgres=# %` prompt, create the extension:
-```sql
-CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;
-```
diff --git a/postgres/managing/horizontal-scaling.html.markerb b/postgres/managing/horizontal-scaling.html.markerb
index b466430118..09454a61de 100644
--- a/postgres/managing/horizontal-scaling.html.markerb
+++ b/postgres/managing/horizontal-scaling.html.markerb
@@ -3,6 +3,7 @@ title: Horizontal Scaling
 objective:
 layout: framework_docs
 order: 50
+toc: false
 ---
 
 Horizontally scale your Postgres cluster with the  [`flyctl machine clone`](https://fly.io/docs/flyctl/machine-clone/) command. Here's an example:
diff --git a/postgres/managing/scale-to-zero.html.markerb b/postgres/managing/scale-to-zero.html.markerb
index 28fc33fced..2c8aeb9cda 100644
--- a/postgres/managing/scale-to-zero.html.markerb
+++ b/postgres/managing/scale-to-zero.html.markerb
@@ -14,7 +14,7 @@ If you select the Development configuration when you [create your Fly Postgres a
 After one hour, if there are no open connections, then the database shuts down and waits to restart until something tries to connect again. If there are open connections, then the database stays running and checks for open connections again in one hour.
 
 <div class="callout">
-You might need to configure any apps that connect to your Postgres app to scale to zero as well, otherwise your Postgres database will never have zero connections and will never scale down. Your app might also need to be able to wait for the database to start back up. You can learn more about [making apps exit when idle](/docs/apps/autostart-stop/#stop-a-machine-by-terminating-its-main-process).
+You might need to configure any apps that connect to your Postgres app to scale to zero as well, otherwise your Postgres database will never have zero connections and will never scale down. Your app might also need to be able to wait for the database to start back up. You can learn more about [making apps exit when idle](/docs/launch/autostop-autostart/#apps-that-shut-down-when-idle).
 </div>
 
 ## Turn off the scale to zero feature
diff --git a/postgres/managing/upgrades.html.markerb b/postgres/managing/upgrades.html.markerb
index ad68956531..d3fe8ca70e 100644
--- a/postgres/managing/upgrades.html.markerb
+++ b/postgres/managing/upgrades.html.markerb
@@ -3,9 +3,10 @@ title: Upgrade Postgres
 objective: Upgrade Fly instances with the latest version of Postgres.
 layout: framework_docs
 order: 60
+toc: false
 ---
 
-You can upgrade a Fly Postgres cluster across minor Postgres versions with [`fly image update`](/docs/flyctl/image-update/). This updates your VMs to the [latest release](https://github.com/fly-apps/postgres-ha/releases) of the [postgres-ha](https://github.com/fly-apps/postgres-ha) app
+You can upgrade a Fly Postgres cluster across minor Postgres app versions with [`fly image update`](/docs/flyctl/image-update/). This updates your Machines to the [latest release](https://github.com/fly-apps/postgres-flex/releases) of the [postgres-flex](https://github.com/fly-apps/postgres-flex) app.
 
 Check your current image with [`fly status`](/docs/flyctl/status/):
 
@@ -19,6 +20,12 @@ And upgrade with:
 fly image update -a <postgres-app-name>
 ```
 
-The update won't go ahead if the major Postgres version in your existing Postgres app does not match that in the newest postgres-ha release.
+The update only works if the major Postgres version in your existing Postgres app matches that in the newest Postgres app release, for example `postgres-flex:15.2` to `postgres-flex:15.3`.
 
-Upgrading Postgres across major versions is more complicated, and right now the way to do this is to provision a new cluster and restore a backup of your database data into it.
\ No newline at end of file
+Upgrading Postgres across major versions is more complicated, and right now the way to do this is to provision a new cluster and restore a backup of your database data into it.
+
+<div class="important note">
+**Important:** If you're running the legacy version of Fly Postgres, then you won't be able to use `fly image update` to upgrade to the new Postgres Flex app. You'll need to create a new Postgres app and import your data using the [`fly postgres import`](/docs/flyctl/postgres-import/) tool.
+
+To see your Postgres image and version, run `fly image show`. Legacy postgres images use the `flyio/postgres` repository, new Postgres Flex images use the `flyio/postgres-flex` repository.
+</div>
diff --git a/postgres/managing/users-and-roles.html.markerb b/postgres/managing/users-and-roles.html.markerb
index fee7177d8e..59ac388241 100644
--- a/postgres/managing/users-and-roles.html.markerb
+++ b/postgres/managing/users-and-roles.html.markerb
@@ -3,24 +3,29 @@ title: Users & Roles
 objective: Add users and roles to control who can access what in the database.
 layout: framework_docs
 order: 1
+toc: false
 ---
 
 A Postgres cluster is configured with three users when created:
 
 - `postgres` - a role with superuser and login privileges that was created for you along with the cluster. Since the `postgres` role has superuser rights, it's recommended that you only use it for admin tasks and create new users with access restricted to the minimum necessary for applications
-- `flypgadmin` - this role is used internally by Fly.io to configure and query the Postgres cluster
-- `repluser` - this is the user replica servers use for replication from the leader
+- `flypgadmin` - a role used internally by Fly.io to configure and query the Postgres cluster
+- `repmgr` - a role used by repmgr to manage replication for the Postgres cluster
 
-You can view a list of users using `flyctl`:
+If you [attached a Fly App](/docs/postgres/managing/attach-detach/) to your Postgres cluster app with `fly postgres attach`, then you'll have a an additional database and user with the same name as the consuming app.
+
+You can list users with flyctl. For example, for a Postgres cluster app named `pg-test`:
 
 ```cmd
-fly postgres users list -a pg-test
+fly postgres users list --app pg-test
 ```
 
 ```output
-Running flyadmin user-list
-USERNAME   SUPERUSER DATABASES
-flypgadmin true      postgres
-postgres   true      postgres
-repluser   false     postgres
+NAME          	SUPERUSER	DATABASES
+my_app_name	    yes      	my_app_name, postgres, repmgr
+flypgadmin    	yes      	my_app_name, postgres, repmgr
+postgres      	yes      	my_app_name, postgres, repmgr
+repmgr        	yes      	my_app_name, postgres, repmgr
 ```
+
+In this example, there's an attached Fly App in the list of users.
diff --git a/python/do-more.html.md b/python/do-more.html.md
new file mode 100644
index 0000000000..65751c708b
--- /dev/null
+++ b/python/do-more.html.md
@@ -0,0 +1,8 @@
+---
+title: Do More
+layout: framework_docs_overview
+toc: false
+order: 4
+---
+
+You got your python app up and running, now what? There's lots of appliances you can add to your python project, in these guides we explore how to set them up on the fly.io side as well as in your python app.
\ No newline at end of file
diff --git a/python/do-more/add-object-storage.html.markerb b/python/do-more/add-object-storage.html.markerb
new file mode 100644
index 0000000000..7aaeab69d2
--- /dev/null
+++ b/python/do-more/add-object-storage.html.markerb
@@ -0,0 +1,56 @@
+---
+title: "Add Object Storage"
+layout: framework_docs
+objective: How to setup S3-compatible object storage and interact with it.
+order: 1
+---
+
+## Create a Tigris Storage Buckets
+
+<%= partial "/docs/partials/tigris/tigris-storage-create" %>
+
+To verify that everything has gone well, we can check whether the appropriate secrets have been set for our app:
+
+```cmd
+fly secrets list
+```
+
+## Connecting to the Bucket
+
+The de-facto library for interacting with s3 storage is [boto3](https://pypi.org/project/boto3/+external), let's add it to the project:
+
+```cmd
+poetry add boto3
+```
+
+Now we can initialize the client:
+
+```python
+import boto3
+
+S3_URL = os.getenv("AWS_ENDPOINT_URL_S3")
+svc = boto3.client('s3', endpoint_url=S3_URL)
+```
+
+<div class="callout">
+The AWS credentials will be automatically extracted from the environment.
+</div>
+
+Let's plug that into our app:
+
+```python
+@app.get("/")
+async def read_root():
+    buckets = svc.list_buckets()
+    return {"buckets": [bucket["Name"] for bucket in buckets["Buckets"]]}
+```
+
+At this point you can interact with the bucket through the `boto3` interface; refer to [the docs](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html+external) for all the possibilities.
+
+When you re-deploy your app you should see a list of the buckets you have access to:
+
+```cmd
+fly deploy
+```
+
+Take a look at [the gist](https://gist.github.com/fliepeltje/5be7d0a6f1ada057b1eb3aa357cd4961+external) of this setup to get a full picture.
\ No newline at end of file
diff --git a/python/do-more/add-ollama.html.markerb b/python/do-more/add-ollama.html.markerb
new file mode 100644
index 0000000000..2058f5ec1e
--- /dev/null
+++ b/python/do-more/add-ollama.html.markerb
@@ -0,0 +1,50 @@
+---
+title: "Add Ollama"
+layout: framework_docs
+objective: How to setup ollama and interact with its API.
+order: 1
+---
+
+<%= partial "/docs/partials/gpus/ollama-create" %>
+
+Now that we have a functioning `ollama` with a model, we have to expose the ollama host to our app. One way to do this is to set the host as a secret:
+
+```cmd
+fly secrets set OLLAMA_HOST=http://<your-app>.flycast
+```
+
+To interact with our new AI friend, we will have to install the `ollama` package:
+
+```cmd
+poetry add ollama
+```
+
+Now we can initialize the client:
+
+```python
+import os
+from ollama import AsyncClient
+
+OLLAMA_HOST = os.getenv('OLLAMA_HOST')
+ollama_client = AsyncClient(OLLAMA_HOST)
+```
+
+From here we can start integrating it into our app:
+
+```python
+@app.get("/")
+async def read_root():
+    resp = await ollama_client.generate(
+        model="llama3.1",
+        prompt="Why is the sky not green?",
+    )
+    return resp["response"]
+```
+
+When you re-deploy your app you should see llama's answer:
+
+```cmd
+fly deploy
+```
+
+You can check out [this gist](https://gist.github.com/fliepeltje/8a8ce9e364097ce61db67cd713799b24+external) for the complete example app.
diff --git a/python/do-more/add-postgres.html.markerb b/python/do-more/add-postgres.html.markerb
new file mode 100644
index 0000000000..e631ed3392
--- /dev/null
+++ b/python/do-more/add-postgres.html.markerb
@@ -0,0 +1,94 @@
+---
+title: "Add Postgres"
+layout: framework_docs
+objective: How to setup and connect to a postgres database.
+order: 0
+---
+
+<%= partial "/docs/partials/postgres/pg-create" %>
+
+<div class="warning icon">
+Warning: Fly Postgres is not managed postgres. Read what that means [here](/docs/postgres/getting-started/what-you-should-know/).
+</div>
+
+## Connecting to the Database
+
+To connect to our database, we first have to communicate with our app what the connection string is.
+Copy the value after "Connection string" in the output and then set a new secret:
+
+```cmd
+fly secrets set DATABASE_URL=postgres://postgres:<password>@<db-name>.flycast:5432
+```
+
+<div class="callout">
+By default your postgres app is only available within your organization. Only apps within the fly organization are able to connect to it via the connection string above. 
+</div>
+
+Now we can access the `DATABASE_URL` from the environment:
+
+```python
+import os
+
+DATABASE_URL = os.getenv("DATABASE_URL")
+```
+
+At this point you can use a database driver to interact with the database. You have some options here:
+
+- [psycopg2](https://www.psycopg.org/docs/+external) / [psycopg3](https://www.psycopg.org/psycopg3/+external)
+- [asyncpg](https://pypi.org/project/asyncpg/+external)
+- [aiosql](https://pypi.org/project/aiosql/+external)
+- [sqlalchemy](https://www.sqlalchemy.org/+external)
+
+Let's create a function to get some metadata about the database using `asyncpg`:
+
+```cmd
+poetry add asyncpg
+```
+
+```python
+import asyncpg
+
+async def get_db_meta() -> list[str]:
+    conn = await asyncpg.connect(DATABASE_URL)
+    records = await conn.fetch("http://github.com/select%20nspname%20from%20pg_namespace;")
+    return [x["nspname"] for x in records]
+```
+
+Then we can add this to our app:
+
+```python
+@app.get("/")
+async def read_root():
+    names = await get_db_meta()
+    return {"names": names}
+```
+
+Finally you can deploy the app to see it in action:
+
+```cmd
+fly deploy
+```
+
+You can check out [this gist](https://gist.github.com/fliepeltje/5a2b63d4b1169f5cb200a665cee3f926+external) for the complete example app.
+
+## Developing with Postgres Locally
+
+Often you will want to setup a local postgres to run against. One way to do this is to use `docker` and `direnv`. With the following command you can spin up a postgres database for your project:
+
+```cmd
+docker run --name <your-db-name> \
+  -e POSTGRES_DB=<your-db-name> \
+  -e POSTGRES_USER=postgres \
+  -e POSTGRES_PASSWORD=postgres \
+  -p 5432:5432 \
+  -d postgres
+```
+
+Then in your project you can specify an `.envrc` file:
+
+```bash
+export DATABASE_URL="postgres://postgres:postgres@localhost:5432/<your-db-name>"
+```
+
+If you run `direnv allow` the `DATABASE_URL` will be available to your app locally.
+
diff --git a/python/frameworks.html.markerb b/python/frameworks.html.markerb
new file mode 100644
index 0000000000..74ade33f47
--- /dev/null
+++ b/python/frameworks.html.markerb
@@ -0,0 +1,11 @@
+---
+title: Python Framework Guides
+layout: framework_docs_overview
+toc: false
+order: 3
+---
+
+
+<p>Each one of the language guides will take you through creating and deploying a simple application.</p>
+
+<p>If you don't see a framework supported here that you'd like to run on Fly.io, <%=link_to "tell us in the Community", "https://community.fly.io/" %>.</p>
diff --git a/python/frameworks/fastapi.html.markerb b/python/frameworks/fastapi.html.markerb
new file mode 100644
index 0000000000..42ed61848b
--- /dev/null
+++ b/python/frameworks/fastapi.html.markerb
@@ -0,0 +1,68 @@
+---
+title: "Run a FastAPI app"
+layout: framework_docs
+objective: FastAPI is a modern, fast (high-performance), web framework for building APIs with Python based on standard Python type hints.
+redirect_from:
+  - /docs/languages-and-frameworks/fastapi/
+  - /docs/getting-started/fastapi/
+order: 1
+---
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "FastAPI", link: "https://fastapi.tiangolo.com/" } %>
+
+FastAPI is a modern, fast (high-performance), web framework for building APIs with Python based on standard Python type hints.
+
+Deploying a FastAPI app on Fly.io is... well it's fast! You can be up and running in less than a minute. 
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/python/partials/speedrun", locals: { runtime: "FastAPI", repo: "hello-fastapi" }  %>
+
+## _Deploy a FastAPI app from scratch_
+
+<%= partial "/docs/python/partials/poetry_new", locals: { runtime: "FastAPI" }  %>
+
+
+Then we have to add the FastAPI dependency:
+
+```cmd
+poetry add "fastapi[standard]"
+```
+
+Now, let's create a simple FastAPI app in `main.py`:
+
+```python
+from fastapi import FastAPI
+
+app = FastAPI()
+
+@app.get("/")
+async def hello_fly():
+    return 'hello from fly.io'
+
+```
+
+We can then serve the development version of the app using the `fastapi` cli tool:
+
+```cmd
+fastapi dev
+```
+
+This will display a 'hello from fly.io!' message when you visit the root URL.
+With the development environment we also get cool features like hot-reloading.
+
+To run in production mode, we can amend the command:
+
+```cmd
+fastapi run
+```
+
+<section class="callout">
+The `fastapi` assumes your app is stored in `main.py` or `app.py` - if this is not the case, you must specify that when running the app: 
+
+`fastapi run hello/entrypoint.py`
+</section>
+
+<%= partial "/docs/python/partials/deploy", locals: { runtime: "FastAPI", repo: "hello-fastapi" }  %>
diff --git a/python/frameworks/flask.html.markerb b/python/frameworks/flask.html.markerb
new file mode 100644
index 0000000000..51c5cd646a
--- /dev/null
+++ b/python/frameworks/flask.html.markerb
@@ -0,0 +1,70 @@
+---
+title: "Run a Flask App"
+layout: framework_docs
+objective: Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. 
+redirect_from:
+  - /docs/languages-and-frameworks/flask/
+  - /docs/getting-started/flask/
+order: 2
+---
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Flask", link: "https://flask.palletsprojects.com/" } %>
+
+Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. 
+
+Spinning up a flask app is fun! 
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/python/partials/speedrun", locals: { runtime: "Flask", repo: "hello-flask-poetry" }  %>
+
+## _Deploy a Flask app from scratch_
+
+<%= partial "/docs/python/partials/poetry_new", locals: { runtime: "Flask" }  %>
+
+To run this app we will need 2 dependencies:
+
+- flask: the framework
+- gunicorn: the server
+
+```cmd
+poetry add flask gunicorn
+```
+
+Now let's create a basic app in `app.py`:
+
+```python
+from flask import Flask
+
+app = Flask(__name__)
+
+@app.route("/")
+def hello_fly():
+    return "hello from fly.io"
+```
+
+To check that everything is working, we can use the included flask cli tool:
+
+```cmd
+flask run
+```
+```out
+ * Debug mode: off
+WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
+ * Running on http://127.0.0.1:5000
+Press CTRL+C to quit
+```
+
+Note that `flask run` command works since our file is named `app.py`. It also works if your file is named `wsgi.py`, so you don't have to use [`--app`](https://flask.palletsprojects.com/en/latest/cli/) to tell Flask where your app is. More details [here](https://flask.palletsprojects.com/en/latest/quickstart/#a-minimal-application).
+
+If your file is saved as `hello.py` instead of `app.py`, you would need to use the `--app` option to point to Flask where your app is: 
+
+```cmd
+flask --app hello run
+```
+
+If you open http://127.0.0.1:5000/ in your web browser, it should display `hello from fly.io`.
+
+<%= partial "/docs/python/partials/deploy", locals: { runtime: "Flask", repo: "hello-flask-poetry" }  %>
diff --git a/python/frameworks/streamlit.html.markerb b/python/frameworks/streamlit.html.markerb
new file mode 100644
index 0000000000..1d9715f099
--- /dev/null
+++ b/python/frameworks/streamlit.html.markerb
@@ -0,0 +1,59 @@
+---
+title: Run a Streamlit app
+layout: framework_docs
+objective: Streamlit turns data scripts into shareable web apps in minutes. All in pure Python. No front‑end experience required.
+redirect_from:
+  - /docs/languages-and-frameworks/streamlit/
+  - /docs/getting-started/streamlit/
+order: 3
+---
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Streamlit", link: "https://streamlit.io/" } %>
+
+Streamlit turns data scripts into shareable web apps in minutes. All in pure Python. No front‑end experience required.
+
+Spinning up a `streamlit` app takes no time at all! 
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/python/partials/speedrun", locals: { runtime: "streamlit", repo: "hello-streamlit" }  %>
+
+## _Deploy a Streamlit from scratch_
+
+<%= partial "/docs/python/partials/poetry_new", locals: { runtime: "Streamlit" }  %>
+
+
+Then we have to add the streamlit dependency:
+
+```cmd
+poetry add streamlit
+```
+
+Now, let's create a simple streamlit app in `main.py`:
+
+```python
+import streamlit as st
+
+st.write('hello from fly.io')
+```
+
+We can then serve the development version of the app using the `streamlit` cli tool:
+
+```cmd
+streamlit run main.py
+```
+
+This will display a 'hello from fly.io!' message when you visit the root URL.
+
+Before deploying, we must add a bit of configuration to `.streamlit/config.toml`:
+
+```toml
+[server]
+headless = true
+```
+
+This ensures that our app doesn't give a prompt when we ship it. 
+
+<%= partial "/docs/python/partials/deploy", locals: { runtime: "streamlit", repo: "hello-streamlit" }  %>
\ No newline at end of file
diff --git a/python/index.html.md b/python/index.html.md
new file mode 100644
index 0000000000..2644aa34ef
--- /dev/null
+++ b/python/index.html.md
@@ -0,0 +1,20 @@
+---
+title: Python on Fly.io
+layout: framework_docs
+toc: false
+redirect_from:
+  - /docs/languages-and-frameworks/python/
+  - /docs/getting-started/python/
+---
+
+Fly.io is a great place to launch your Python applications, especially if you plan on running them on multiple servers around the world so your users have a fast, snappy, low-latency experience.
+
+If you have questions or comments about running Python applications on Fly.io, create a new topic in our [community forum](https://community.fly.io/) and tag it with "python" so the right people can give you the support you need.
+
+## Getting Started
+
+Run through the [FastAPI Speedrun](/docs/python/frameworks/fastapi) to get a feel for what it's like to deploy on Fly.io. 
+
+## The Basics
+
+[The Basics](/docs/python/the-basics/) covers everything you need to set up, run, and manage production Python apps on Fly.io. These documents also identify some common problems you may encounter and provide some pointers on how to resolve them.
\ No newline at end of file
diff --git a/python/partials/_deploy.erb b/python/partials/_deploy.erb
new file mode 100644
index 0000000000..7553e0bbe3
--- /dev/null
+++ b/python/partials/_deploy.erb
@@ -0,0 +1,40 @@
+And with that you can deploy the app!
+
+```cmd
+fly launch
+```
+
+```output
+Scanning source code
+Detected a <%= runtime %> app
+Warning: This organization has no payment method, turning off high availability
+Creating app in [redacted]/[app-name]
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+Organization: Your Name              (fly launch defaults to the personal org)
+Name:         [app-name]             (derived from your directory name)
+Region:       Amsterdam, Netherlands (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+Sentry:       false                  (not requested)
+
+...
+
+==> Building image
+...
+==> Building image with Docker
+...
+
+Watch your deployment at https://fly.io/apps/[app-name]/monitoring
+...
+
+Visit your newly deployed app at https://[app-name].fly.dev/
+```
+
+This will generate a `fly.toml` file with the configuration for your app and a Dockerfile that uses [multi-stage builds](/docs/python/the-basics/multi-stage-builds).
+Refer to the [fly.toml docs](https://fly.io/docs/reference/configuration/) for more configuration options.
+
+To deploy a new version of your app, simply run `fly deploy` in the project directory.
+
+You can check out the full (yet minimal) example in [this GitHub repository](https://github.com/fly-apps/<%= repo %>) for a reference.
\ No newline at end of file
diff --git a/python/partials/_poetry_new.erb b/python/partials/_poetry_new.erb
new file mode 100644
index 0000000000..8e8a7cdb96
--- /dev/null
+++ b/python/partials/_poetry_new.erb
@@ -0,0 +1,9 @@
+For managing our project, we use [Poetry](https://python-poetry.org/). 
+For more information on the initial setup with poetry, refer to [setting up a python environment](/docs/python/the-basics/initial-setup).
+We can initialize a new project like so:
+
+```cmd
+poetry new <%= runtime.downcase %>-app
+cd <%= runtime.downcase %>-app
+poetry shell
+```
\ No newline at end of file
diff --git a/python/partials/_speedrun.erb b/python/partials/_speedrun.erb
new file mode 100644
index 0000000000..f3ef9458ea
--- /dev/null
+++ b/python/partials/_speedrun.erb
@@ -0,0 +1,7 @@
+The fastest way to get a basic <%= runtime.titleize %> server on Fly.io is to use our <%= runtime %> template:
+
+```cmd
+git clone git@github.com:fly-apps/<%= repo %>.git <%= runtime.downcase %>-app
+cd <%= runtime.downcase %>-app
+fly launch --generate-name
+```
\ No newline at end of file
diff --git a/python/the-basics.html.md b/python/the-basics.html.md
new file mode 100644
index 0000000000..d152fea205
--- /dev/null
+++ b/python/the-basics.html.md
@@ -0,0 +1,22 @@
+---
+title: The Basics
+layout: framework_docs_overview
+toc: false
+order: 2
+---
+
+
+These guides will help you get through the basics of setting up your Python application with pieces of infrastructure commonly found in the wild. Most Python frameworks follow the same flow in terms of setup and vary only in their application code. For frameworks that also have a frontend component additional steps will be required.
+
+To develop Python applications, you will need to install python. We also recommend installing poetry to manage your dependencies. 
+
+## Install flyctl and log in
+
+In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+
+For most popular frameworks you can deploy your app with just one command: 
+
+```cmd
+fly launch
+```
+
diff --git a/python/the-basics/initial-setup.html.md b/python/the-basics/initial-setup.html.md
new file mode 100644
index 0000000000..1236a65bdb
--- /dev/null
+++ b/python/the-basics/initial-setup.html.md
@@ -0,0 +1,64 @@
+---
+title: "Setting up a Python Environment"
+layout: framework_docs
+objective: How to setup a functional python environment on your local machine.
+order: 0
+---
+
+## Initial Local Setup
+
+Make sure that [Python](https://www.python.org/) is already installed on your computer along with a way to create virtual environments.
+
+This allows you to run your project locally, and test that it works, before deploying it to Fly.io.
+
+<section class="callout">
+We recommend the latest [supported versions](https://devguide.python.org/versions/#supported-versions) of Python.
+</section>
+
+## Dependency Management
+
+For project and dependency management we use [Poetry](https://python-poetry.org/). Like most package managers, Poetry combines multiple tools in one. 
+
+You have other options:
+- [venv](https://docs.python.org/3/library/venv.html) and [pip](https://pip.pypa.io/)
+- [Pipenv](https://github.com/pypa/pipenv)
+- [pyenv](https://github.com/pyenv/pyenv)
+- [pip-tools](https://pypi.org/project/pip-tools/)
+
+If you are just starting out, it is easiest to follow along using `poetry`. 
+After installing it, you will have to set 2 flags for virtual environment management.
+
+```cmd
+poetry config virtualenvs.create true
+poetry config virtualenvs.in-project true
+```
+
+This will make your development environment resemble what ends up happening inside the docker image. 
+
+You can create a new project using this command:
+
+```cmd
+poetry new <app-name>
+```
+
+Once inside the project, you can add packages with the add command:
+
+```cmd
+poetry add <dep>
+```
+
+This will automatically create a virtual environment for you. 
+
+To interact with your virtual environment, you can prefix your commands with `poetry run`:
+
+```cmd
+poetry run python main.py
+```
+
+Alternatively, you can activate the environment:
+
+```cmd
+poetry shell
+python main.py
+```
+
diff --git a/python/the-basics/multi-stage-builds.html.md b/python/the-basics/multi-stage-builds.html.md
new file mode 100644
index 0000000000..27162ad4db
--- /dev/null
+++ b/python/the-basics/multi-stage-builds.html.md
@@ -0,0 +1,58 @@
+---
+title: Multi-stage Builds
+layout: framework_docs
+objective: A strategy to make your containers smaller in size and reduce attack surface.
+order: 3
+---
+
+Python apps need at the very least a Python runtime to be executed. However, sometimes you need much more to get a python app to work than just the runtime. Some dependencies need specific libraries and utilities to be built and compiled. For that reason many developers choose to use something called a multi-stage docker build.
+
+In short, we split the process of building and compiling dependencies and running the app. This is good for a number of reasons:
+
+- The resulting image is smaller in size
+- The 'attack surface' of your application is smaller
+
+Let's make a multi-stage `Dockerfile` from scratch. Here's part 1:
+
+<div class="note icon">
+In this example we assume the use of `poetry`, however you can adapt the file to work with other dependency managers too.
+</div>
+
+```dockerfile
+FROM python:3.11.9-bookworm AS builder
+
+ENV PYTHONUNBUFFERED=1 \ 
+    PYTHONDONTWRITEBYTECODE=1 
+
+RUN pip install poetry && poetry config virtualenvs.in-project true
+
+WORKDIR /app
+
+COPY pyproject.toml poetry.lock ./
+
+RUN poetry install
+```
+
+So what's going on here? First, we use a "fat" python 3.11.9 image and installing and building all dependencies. Defining it as `builder` gives us a way to interact with it later. What essentially happens here is exactly what happens when you install a project locally using poetry: a `.venv/` directory is created and in it are all your built dependencies and binaries. You can inspect your own `.venv/` folder to see what that looks like. This directory is the primary artifact that we want.
+
+Part 2, the runtime, looks something like this:
+
+```dockerfile
+FROM python:3.11.9-slim-bookworm
+
+WORKDIR /app
+
+COPY --from=builder /app .
+COPY [python-app]/ ./[python-app]
+
+CMD ["/app/.venv/bin/python", "[python-app]/app.py"]
+```
+
+Here we see very little actually going on; instead of the "fat" image, we now pick the slim variant. This one is about 5 times smaller in size, but is unable to compile many of the dependencies we would want compiled. We have already done that part though, so we can copy that `.venv/` folder over to this image without having to compile it again.
+
+With this setup our image will be around 200MB most of the time (depending on what else you include). This setup is used for nearly all Python apps you deploy on Fly.io.
+
+<div class="note icon">
+The image size is largely dependent on what files you add in the dockerfile; by default the entire working directory is copied in. If you do not want to add certain files, you can specify them in a `.dockerignore` file.
+</div>
+
diff --git a/rails/advanced-guides/machine.html.md b/rails/advanced-guides/machine.html.md
index 426d79326c..dcb7b36355 100644
--- a/rails/advanced-guides/machine.html.md
+++ b/rails/advanced-guides/machine.html.md
@@ -10,14 +10,6 @@ This is a technology preview.  It demonstrates how you can launch fly
 machines dynamically to perform background tasks from within a Rails
 application.
 
-Before proceeding, a bit of background.
-
-Fly.io uses [Firecracker](https://firecracker-microvm.github.io/) to run VMs, and uses either [Nomad](https://www.nomadproject.io/) or [Machines](https://fly.io/docs/reference/machines/) for orchestration.  The default today is Nomad, but most of the new features are being implemented for Machines, so Machines are where you would look for upcoming features.
-
-In a nutshell, the advantage of Nomad is that it performs high level orchestration.  The advantage of machines is that it is lower level.  Lower level means that at times you will need to do more work, but this also means that you have more control.
-
-This guide focuses on Machines.
-
 ## Deploying a Rails project as a Fly.io Machine
 
 ```cmd
@@ -51,7 +43,7 @@ Optionally configure your project:
 bin/rails generate fly:app --passenger --serverless
 ```
 
-The above command will configure you application to scale to zero whenever it has been idle for 5 minutes.  See [generator options](https://github.com/rubys/fly.io-rails#generator-options) for more details.
+The above command will configure your application to scale to zero whenever it has been idle for 5 minutes.  See [generator options](https://github.com/rubys/fly.io-rails#generator-options) for more details.
 
 Feel free to tailor the generated files further to suit your needs.  If you don't run the `fly:app` generator, the files necessary to deploy your application will be generated on your first deploy using default options.
 
@@ -81,10 +73,10 @@ ENV PATH="$FLYCTL_INSTALL/bin:$PATH"
 
 A good place to put these lines is immediately before the `# Deploy your application` comment.
 
-Next we need to make our Fly token available to our application:
+Next we need to make a Fly token available to our application:
 
 ```cmd
-fly secrets set FLY_API_TOKEN=$(fly auth token)
+fly secrets set FLY_API_TOKEN=$(fly tokens deploy)
 ```
 
 ## Add a controller
@@ -152,7 +144,7 @@ Overall the tasks to be performed by this job:
   * Specify a machine configuration.  For simplicity we will use the
     same Fly application name and the same Fly image as our Rails
     application.  The server command will be `curl` specifying the
-    URL that was passed as an argument to the job. 
+    URL that was passed as an argument to the job.
   * Start a machine using this configuration, and
     check for errors, and log the results.
   * Query the status of the machine every 10 seconds for a maximum
diff --git a/rails/advanced-guides/phusion-passenger.html.md b/rails/advanced-guides/phusion-passenger.html.md
index 09aed5b997..82617bf5d5 100644
--- a/rails/advanced-guides/phusion-passenger.html.md
+++ b/rails/advanced-guides/phusion-passenger.html.md
@@ -35,9 +35,6 @@ RUN rm /etc/nginx/sites-enabled/default
 ADD config/fly/rails.conf /etc/nginx/sites-enabled/rails.conf
 ADD config/fly/envvars.conf /etc/nginx/main.d/envvars.conf
 
-ADD config/fly/mkswap.sh /etc/my_init.d/95-mkswap.sh
-RUN chmod +x /etc/my_init.d/95-mkswap.sh
-
 ENV RAILS_LOG_TO_STDOUT true
 
 ARG BUNDLE_WITHOUT=development:test
@@ -121,22 +118,11 @@ env RAILS_LOG_TO_STDOUT;
 
 The above are commonly used variables, feel free to adjust as you see fit.
 
-## Making a swapfile
-
-The Dockerfile provided by Phusion will create a swapfile when your application
-is run in a container.  Fly uses your Dockerfile to build an image, but then
-deploys that image to a VM, so while the commands necessary to build a
-swapfile are there, they aren't executed on your VM.  We can execute them by
-placing the following into `config/fly/mkswap.sh`:
+## Enabling swap
 
-```
-#!/bin/sh
-fallocate -l 512M /swapfile
-chmod 0600 /swapfile
-mkswap /swapfile
-swapon /swapfile
-exit 0
-```
+See
+[`swap_size_mb`](https://fly.io/docs/reference/configuration/#swap_size_mb-option) for configuring
+for deploys.
 
 ## Deployment
 
diff --git a/rails/advanced-guides/sqlite3.html.md b/rails/advanced-guides/sqlite3.html.md
index bf3315327b..a7290751f5 100644
--- a/rails/advanced-guides/sqlite3.html.md
+++ b/rails/advanced-guides/sqlite3.html.md
@@ -8,7 +8,7 @@ status: beta
 While Rails applications on [Fly.io](https://fly.io) normally run on Postgres databases, you can
 choose to run them on [sqlite3](https://www.sqlite.org/index.html).
 
-To make this work, you will need to place your databases on persistent [Volumes](https://www.sqlite.org/index.html)
+To make this work, you will need to place your databases on persistent [Volumes](/docs/volumes/overview/)
 as your deployment image will get overwritten the next time you deploy.
 
 Volumes are limited to one host, this currently means that fly.io hosted Rails applications that use
diff --git a/rails/cookbooks/build.html.markerb b/rails/cookbooks/build.html.markerb
index 36e7be0315..97b7bf438a 100644
--- a/rails/cookbooks/build.html.markerb
+++ b/rails/cookbooks/build.html.markerb
@@ -10,7 +10,7 @@ The initial cookbooks in this series seemed to automatically cache
 build steps and perform predictably - make a change to the Dockerfile
 and the build will pick up from the point of the change.
 
-In such cases, when there are steps that can be executed in order
+In such cases, when there are steps that can be executed in any order
 it is a good idea to order the steps that take longest and/or are
 least likely to change earlier than quick steps that may change
 more frequently.
diff --git a/rails/cookbooks/databases.html.markerb b/rails/cookbooks/databases.html.markerb
index 4db789881b..8192f1d945 100644
--- a/rails/cookbooks/databases.html.markerb
+++ b/rails/cookbooks/databases.html.markerb
@@ -81,7 +81,7 @@ Since this isn't a Rails tutorial, an overview of the contents will suffice:
 
 Before we deploy this application, we need to
 create the redis database.  We will be using
-[Upstash for Redis](https://fly.io/docs/reference/redis/), and creating
+[Upstash for Redis](https://fly.io/docs/upstash/redis/), and creating
 the database and connecting it to the demo application is a matter
 of issuing two commands:
 
@@ -107,7 +107,7 @@ do it now.
 The counter itself needs to be saved in a database, and by default that
 database is sqlite3 for Rails.  For that database to be kept intact
 across deploys it needs to be placed on a
-[volume](https://fly.io/docs/reference/volumes/).
+[volume](https://fly.io/docs/volumes/).
 
 We can create a volume using the CLI:
 
diff --git a/rails/cookbooks/deploy.html.markerb b/rails/cookbooks/deploy.html.markerb
index 28004efdd7..67b0ddbac4 100644
--- a/rails/cookbooks/deploy.html.markerb
+++ b/rails/cookbooks/deploy.html.markerb
@@ -48,23 +48,11 @@ install yjit by default if rustc is available.
 
 ## Enabling swap
 
-While RAM is always faster, not everything that is loaded into RAM needs 
+While RAM is always faster, not everything that is loaded into RAM needs
 equal treatment.  Enabling swap can allow less frequently used regions
-of memory to be moved out to disk (which these days is SSD).  Running
-the following commands at runtime will enable swap:
-
-```
-fallocate -l 512M /swapfile
-chmod 0600 /swapfile
-mkswap /swapfile
-echo 10 > /proc/sys/vm/swappiness
-swapon /swapfile
-echo 1 > /proc/sys/vm/overcommit_memory
-```
-
-The way to incorporate these commands into your deploy is to change
-the CMD (or ENTRYPOINT) of your Dockerfile to run either a rake task 
-or shell script which runs these commands then starts your server.
+of memory to be moved out to disk (which these days is SSD). See
+[`swap_size_mb`](https://fly.io/docs/reference/configuration/#swap_size_mb-option) for configuring
+for deploys.
 
 ## Recap
 
diff --git a/rails/cookbooks/index.html.md b/rails/cookbooks/index.html.md
index 4b22470bfa..1f86de9867 100644
--- a/rails/cookbooks/index.html.md
+++ b/rails/cookbooks/index.html.md
@@ -34,7 +34,7 @@ application, and then proceed from there, running `fly deploy` after you make
 changes.  The recipes the follow contain fragments that can be added
 to multiple cookbooks.
 
-For best results, you are encouraged to try out each step.  To do so, you will need to [Log in to Fly](https://fly.io/docs/getting-started/log-in-to-fly/).  Nothing you do in this tutorial will exceed the [Free Allowances](https://fly.io/docs/about/pricing/#free-allowances) provided.
+For best results, you are encouraged to try out each step.  To do so, you will need to [Log in to Fly](/docs/getting-started/sign-up-sign-in/).  Nothing you do in this tutorial will exceed the [Free Allowances](https://fly.io/docs/about/pricing/#free-allowances) provided.
 These cookbooks can be more than mere educational materials.  Using throwaway applications is
 often better than experimenting in production when you want to make configuration changes.
 Starting a minimal application, using `flyctl ssh console` to shell into that machine and
diff --git a/rails/cookbooks/sources.html.markerb b/rails/cookbooks/sources.html.markerb
index 5f0912262b..f2890e4116 100644
--- a/rails/cookbooks/sources.html.markerb
+++ b/rails/cookbooks/sources.html.markerb
@@ -110,10 +110,10 @@ For node, four different ways were defined, so there are four different techniqu
 * node as base: specify the desired node version on the FROM line, but then
   use a Ruby version manager to install the desired version of Ruby.
 
-A few examples to demonstrate these concepts:
-  * [minimal/import maps](./sources/Dockerfile1)
-  * [esbuild/volta](./sources/Dockerfile2)
-  * [api](./sources/Dockerfile3)
+A few example Dockerfiles that you can download to demonstrate these concepts:
+  * [minimal/import maps](/docs/rails/cookbooks/sources/Dockerfile1)
+  * [esbuild/volta](/docs/rails/cookbooks/sources/Dockerfile2)
+  * [api](/docs/rails/cookbooks/sources/Dockerfile3)
 
 ## dockerignore
 
diff --git a/rails/getting-started/dockerfiles.html.md b/rails/getting-started/dockerfiles.html.md
index 8efbf656a6..c8584271ef 100644
--- a/rails/getting-started/dockerfiles.html.md
+++ b/rails/getting-started/dockerfiles.html.md
@@ -2,6 +2,7 @@
 title: Dockerfiles and fly.toml
 layout: framework_docs
 order: 4
+redirect_from: /rails/getting-started/dockerfiles/
 ---
 
 Once you have completed running `fly launch` you have some new files,
diff --git a/rails/getting-started/existing.html.md b/rails/getting-started/existing.html.md
index b6521016e3..7bde626df4 100644
--- a/rails/getting-started/existing.html.md
+++ b/rails/getting-started/existing.html.md
@@ -7,7 +7,7 @@ order: 3
 
 If you have an existing Rails app that you want to move over to Fly, this guide walks you through the initial deployment process and shows you techniques you can use to troubleshoot issues you may encounter in a new environment.
 
-### Provision Rails and Postgres Servers
+## Provision Rails and Postgres Servers
 
 To configure and launch your Rails app, you can use `fly launch` and follow the wizard.
 
@@ -56,10 +56,10 @@ Once ready: run 'fly deploy' to deploy your Rails app.
 
 You can set a name for the app, choose a default region, and choose to launch
 and attach either or both a PostgreSQL and Redis databases.  Be sure to include
-Redis is if you make use of Action Cable, caching, and popular third party gems
+Redis is if you make use of Action Cable, caching, and popular third-party gems
 like Sidekiq.
 
-### Deploy your application
+## Deploy your application
 
 Deploying your application is done with the following command:
 
@@ -94,18 +94,18 @@ This shows the past few log file entries and tails your production log files.
 Rails stack tracebacks can be lengthy, and the information you often want
 to see is at the top.  If not enough information is available in the
 `fly logs` command, try running `fly dashboard`, and select `Monitoring`
-in the left hand column.
+in the left-hand column.
 
 ### Open a Rails console
 
-It can be helpful to open a Rails console to run commands and diagnose production issues.  If you are not running with a sqlite3 or a volume, the recommended way to do this is to run a [console](../../../reference/configuration/#console-command) in an emphemeral machine:
+It can be helpful to open a Rails console to run commands and diagnose production issues.  If you are not running with a sqlite3 or a volume, the recommended way to do this is to run a [console](/docs/reference/configuration/#console-command) in an ephemeral Machine:
 
 ```cmd
 fly console
 ```
 
 If you are running with sqlite3 or a volume, you will need to ssh into an existing machine.  You may need to first make sure that you have enough
-[memory](../dockerfiles/#out-of-memory) to accomodate the additional session.
+[memory](../dockerfiles/#out-of-memory) to accommodate the additional session.
 
 ```cmd
 fly ssh console --pty -C "/rails/bin/rails console"
@@ -121,7 +121,7 @@ Now that you know the basics of troubleshooting production deployments, lets hav
 
 ### Access to Environment Variables at Build Time
 
-Some third party gems and services require configuration including the
+Some third-party gems and services require configuration including the
 setting of secrets/environment variables.  The `assets:precompile` step
 will load your configuration and may fail if those secrets aren't set
 even if they aren't actually used by the `assets:precompile` step.
@@ -144,13 +144,13 @@ if Rails.application.credentials.stripe
 end
 ```
 
-If that is not sufficient and you have need for more such dummy values, add
+If that is not sufficient and you need more such dummy values, add
 them directly to the `Dockerfile`.  Just be sure that any such values you add
 to your Dockerfile don't contain actual secrets as your Dockerfile will
 generally be committed to git or otherwise may be visible.
 
 If you have need for actual secrets at build time, take a look
-at [Build Secrets](../../../reference/build-secrets/).
+at [Build Secrets](/docs/apps/build-secrets/).
 
 Finally, if there are no other options you can generate a Dockerfile that will
 run `assets:precompile` at deployment time with the following command:
@@ -205,21 +205,18 @@ Dockerfile:
 $ bin/rails generate dockerfile
 ```
 
-You can see the versions of each tool that will be use on your deployment
+You can see the versions of each tool that will be used on your deployment
 machine by looking for lines that start with `ARG` in your Dockerfile.
 
-
 ### ActiveStorage
 
 From the [documentation](https://guides.rubyonrails.org/active_storage_overview.html#what-is-active-storage-questionmark):
 
-<blockquote style="margin-left: 3em">
-Active Storage facilitates uploading files to a cloud storage service like Amazon S3, Google Cloud Storage, or Microsoft Azure Storage and attaching those files to Active Record objects. It comes with a local disk-based service for development and testing and supports mirroring files to subordinate services for backups and migrations.
-</blockquote>
+> Active Storage facilitates uploading files to a cloud storage service like Amazon S3, Google Cloud Storage, or Microsoft Azure Storage and attaching those files to Active Record objects. It comes with a local disk-based service for development and testing and supports mirroring files to subordinate services for backups and migrations.
 
 Accordingly:
 
-* Don't use [Disk service](https://community.fly.io/t/active-storage-images-are-not-persisting-in-disk-part-2/13095/3) unless you put the data on a [Volume](https://fly.io/docs/reference/volumes/) and are prepared to sync the data between machines
+* Don't use [Disk service](https://community.fly.io/t/active-storage-images-are-not-persisting-in-disk-part-2/13095/3) unless you put the data on a [Volume](https://fly.io/docs/volumes/) and are prepared to sync the data between machines
 * If you want to have your active storage data hosted on fly.io, consider using the [postgres adapter](https://github.com/lsylvester/active_storage-postgresql) or [MinIO](https://fly.io/docs/app-guides/minio/).
 * Of course, you are welcome to use [Amazon S3](https://edgeguides.rubyonrails.org/active_storage_overview.html#s3-service-amazon-s3-and-s3-compatible-apis), [Microsoft Azure](https://edgeguides.rubyonrails.org/active_storage_overview.html#microsoft-azure-storage-service), or [Google Cloud Services](https://edgeguides.rubyonrails.org/active_storage_overview.html#google-cloud-storage-service).
 
@@ -244,15 +241,15 @@ care to make sure that each Rails application uses a different database name.
 
 ### ActiveSupport::MessageEncryptor::InvalidMessage
 
-Generally this means that there is a problem with your `RAILS_MASTER_KEY`. It is a common initial setup problem, but once it works it tends to keep working.
+Generally, this means that there is a problem with your `RAILS_MASTER_KEY`. It is a common initial setup problem, but once it works it tends to keep working.
 
 `fly launch` will extract your master key if your project has one and make it
 available to your deployed application as a
-[secret](https://fly.io/docs/reference/secrets/).
+[secret](/docs/apps/secrets/).
 
-If you've already run `fly launch` on a project which doesn't have a master key
+If you've already run `fly launch` on a project that doesn't have a master key
 (commonly because files containing these values are excluded from being pushed by being listed in your `.gitignore` file), you will need to generate a key
-and set the secret yourself.  The [Ruby on Rails Guides](https://guides.rubyonrails.org/security.html#custom-credentials) contain information on generating new credentials.
+and set the secret yourself.  The [Ruby on Rails Guides](https://guides.rubyonrails.org/security.html#custom-credentials) contains information on generating new credentials.
 
 If you've got your app's secrets stored in an encrypted credentials file such as `config/credentials.yml.enc`
 or `config/credentials/production.yml.enc`, you'll need to provide the master key to your app via
diff --git a/rails/getting-started/fly-rails.html.md b/rails/getting-started/fly-rails.html.md
index 8c12f2f44a..539f9a300e 100644
--- a/rails/getting-started/fly-rails.html.md
+++ b/rails/getting-started/fly-rails.html.md
@@ -11,7 +11,7 @@ Please note that the `fly-rails` gem is designed to work well with common Rails
 
 ## Install the `flyctl` command line interface
 
-First you'll need to [install the Fly CLI, and signup for a Fly.io account](/docs/hands-on/install-flyctl/). The gem used in the next step will use this CLI to deploy your application to Fly.io and it's something that's worth learning more about as you become more comfortable with Fly.io.
+First you'll need to [install the Fly CLI, and signup for a Fly.io account](/docs/flyctl/install/). The gem used in the next step will use this CLI to deploy your application to Fly.io and it's something that's worth learning more about as you become more comfortable with Fly.io.
 
 ## Install the gem
 
diff --git a/rails/getting-started/index.html.md b/rails/getting-started/index.html.md
index 74bf601f59..3d8697786a 100644
--- a/rails/getting-started/index.html.md
+++ b/rails/getting-started/index.html.md
@@ -4,13 +4,13 @@ layout: framework_docs
 order: 1
 redirect_from: /docs/getting-started/rails/
 subnav_glob: docs/rails/getting-started/*.html.*
-objective: Quickly get a very basic Rails blog up and running on Fly.io. This guide is the fastest way to try using Fly, so if you're short on time start here.
+objective: Quickly get a very basic Rails app up and running on Fly.io. This guide is the fastest way to try using Fly, so if you're short on time start here.
 related_pages:
-  - /docs/rails/the-basics
   - /docs/flyctl/
   - /docs/reference/configuration/
-  - /docs/reference/redis
+  - /docs/upstash/redis/
   - /docs/postgres/
+  - /docs/tigris/
 ---
 
 <div>
@@ -18,11 +18,9 @@ related_pages:
 </div>
 
 In this guide we'll develop and deploy a Rails application that first
-demonstrates a trivial view, then scaffolds a database table, and finally makes
-use of [Turbo Streams](https://turbo.hotwired.dev/handbook/streams) to dynamically
-update pages.
+demonstrates a trivial view.
 
-In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/hands-on/install-flyctl/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/log-in-to-fly/).
+In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
 
 Once you have logged on, here are the three steps and a recap.
 
@@ -38,20 +36,27 @@ and deploy the application.
 
 ### Create an application
 
-Start by verifying that you have Rails version 7 installed, and then by
+Start by verifying that you have Rails installed, and then by
 creating a new application:
 
 ``` shell
 $ rails --version
-$ rails new list
-$ cd list
+$ rails new welcome
+$ cd welcome
 ```
 
 Now use your favorite editor to make a one line change to `config/routes.rb`:
 
 ``` diff
  Rails.application.routes.draw do
-   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
+  # Define your application routes per the DSL in
+  # https://guides.rubyonrails.org/routing.html
+
+  # Reveal health status on /up that returns 200 if the app boots
+  # with no exceptions, otherwise 500.
+  # Can be used by load balancers and uptime monitors to verify
+  # that the app is live.
+  get "up" => "rails/health#show", as: :rails_health_check
 
    # Defines the root path route ("/")
 -  # root "articles#index"
@@ -62,72 +67,33 @@ Now use your favorite editor to make a one line change to `config/routes.rb`:
  Now that we have an application that does something, albeit something trivial,
  let's deploy it.
 
-### Provision Rails and Postgres Servers
+### Launch
 
 To configure and launch the app, you can use `fly launch` and follow the
-wizard.  We are not going to use a database or redis yet, but say *yes* to both
-setting up a Postgresql database and to setting up Redis in order to prepare
-for the next step in this guide.
+wizard.  This demo does not need a database or redis.
 
 ```cmd
 fly launch
 ```
 ```output
-Creating app in ~/list
 Scanning source code
 Detected a Rails app
-? Choose an app name (leave blank to generate one): list
-? Select Organization: John Smith (personal)
-? Choose a region for deployment: Ashburn, Virginia (US) (iad)
-Created app list in organization personal
-Admin URL: https://fly.io/apps/list
-Hostname: list.fly.dev
-Set secrets on list: RAILS_MASTER_KEY
-? Would you like to set up a Postgresql database now? Yes
-For pricing information visit: https://fly.io/docs/about/pricing/#postgresql-clu
-? Select configuration: Development - Single node, 1x shared CPU, 256MB RAM, 1GB disk
-Creating postgres cluster in organization personal
-
-. . .
-
-Postgres cluster list-db is now attached to namelist
-? Would you like to set up an Upstash Redis database now? Yes
-? Select an Upstash Redis plan Free: 100 MB Max Data Size
-
-Your Upstash Redis database namelist-redis is ready.
-
-. . .
-
-      create  Dockerfile
-      create  .dockerignore
-      create  bin/docker-entrypoint
-      create  config/dockerfile.yml
-Wrote config file fly.toml
-
-Your Rails app is prepared for deployment.
-
-Before proceeding, please review the posted Rails FAQ:
-https://fly.io/docs/rails/getting-started/dockerfiles/.
-
-Once ready: run 'fly deploy' to deploy your Rails app.
+Creating app in ~/tmp/welcome
+We're about to launch your Rails app on Fly.io. Here's what you're getting:
+
+Organization: Jane Developer          (fly launch defaults to the personal org)
+Name:         welcome-proud-sun-3423  (generated)
+Region:       Ashburn, Virginia (US) (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+Tigris:       <none>                 (not requested)
+
+? Do you want to tweak these settings before proceeding? (y/N) 
 ```
 
-You can choose a name for your application or allow one to be assigned to you.
-You can choose where the application is run or a location near you will be
-picked.  You can pick machine sizes for your database machine and redis; for
-demo purposes you can let these default.  You can always change these later.
-
-It is worth heeding the advice at the end of this:
-Before proceeding, please review the posted Rails FAQ:
-[https://fly.io/docs/rails/getting-started/dockerfiles/](https://fly.io/docs/rails/getting-started/dockerfiles/).
-
-### Deploy your application
-
-Deploying your application is done with the following command:
-
-```cmd
-fly deploy
-```
+For demo purposes you can accept the defaults.  You can always change these later.
+So respond with "N" (or simply press enter).
 
 This will take a few seconds as it uploads your application, builds a machine image,
 deploys the images, and then monitors to ensure it starts successfully. Once complete
@@ -139,203 +105,12 @@ fly apps open
 
 That's it!  You are up and running!  Wasn't that easy?
 
-If you have seen enough and are eager to get started, feel free to
-skip ahead to the [Recap](#recap) where you will see some tips.
-
-For those that want to dig in deeper, let's make the application a bit more
-interesting.
-
-## Scaffold to Success
-
-Real Rails applications store data in databases, and Rails scaffolding makes it
-easy to get started. We are going to start with the simplest table possible,
-add a small bit of CSS to make the display a bit less ugly, and finally adjust
-our routes so that the main page is the index page for our new table.
-
-### Scaffold and style a list of names
-
-Since we are focusing on fly deployment rather than Rails features, we will keep it simple and create a single table with exactly one column:
-
-```cmd
-bin/rails generate scaffold Name name
-```
-
-Now add the following to the bottom of `app/assets/stylesheets/application.css`:
-
-``` css
-#names {
-  display: grid;
-  grid-template-columns: 1fr max-content;
-  margin: 1em;
-}
-
-#names strong {
-  display: none;
-}
-
-#names p {
-  margin: 0.2em;
-}
- ```
-
-And finally, as the splash screen served it purpose, edit `config/routes.rb` once again, and replace the welcome screen with the names index:
-
- ``` diff
- Rails.application.routes.draw do
-   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
-
-   # Defines the root path route ("/")
--  root "rails/welcome#index"
-+  root "names#index"
- end
- ```
-
-While certainly not fancy or extensive, we now have an application that makes use
-of a database.
-
-Let's deploy it.
-
-### Deployment
-
-Normally at this point you have database migrations to worry about, code to push,
-and server processes to restart. Fly.io takes care of all of this and more, so all
-you need to do is the following:
-
-``` shell
-$ fly deploy
-$ fly apps open
-```
-
-Subsequent deploys are quicker than the first one as substantial portions of you
-application will have already been built.
-
-Try it out!  Add a few names and once you are done, proceed onto the final step.
-
-## Make Index come Alive
-
-We now have a basic [CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) application where the index page shows a snapshot of
-the server state at the time it was displayed. Lets make the index page
-come alive using [Turbo Streams](https://turbo.hotwired.dev/handbook/streams).
-
-This will involve provisioning a [redis](https://redis.com/) cluster and a
-surprisingly small number of updates to your application.
-
-### Adding turbo streams to your application.
-
-There actually are five separate steps needed to make this work. Fortunately all but
-one require only a single line of code (or in one case, a single command). The third
-step actually requires two lines of code.
-
-Start by generating a channel:
-
-```cmd
-bin/rails generate channel names
-```
-
-Next, name the stream by modifying `app/channels/names_channel.rb`:
-
-```diff
-  class NamesChannel < ApplicationCable::Channel
-    def subscribed
--      # stream_from "some_channel"
-+      stream_from "names"
-    end
-
-    def unsubscribed
-      # Any cleanup needed when channel is unsubscribed
-    end
-  end
-```
-
-Then modify `app/views/names/index.html.erb` to stream from that channel:
-
-```diff
-  <p style="color: green"><%= notice %></p>
-
-  <h1>Names</h1>
-+
-+ <%= turbo_stream_from 'names' %>
-
-  <div id="names">
-    <% @names.each do |name| %>
-      <%= render name %>
-      <p>
-        <%= link_to "Show this name", name %>
-      </p>
-    <% end %>
-  </div>
-
-  <%= link_to "New name", new_name_path %>
-  </div>
-```
-
-And we complete the client changes by modifying `app/views/names/_name.html.erb` to
-identify the turbo frame:
-
-```diff
-- <div id="<%= dom_id name %>">
-+ <%= turbo_frame_tag(dom_id name) do %>
-    <p>
-      <strong>Name:</strong>
-      <%= name.name %>
-    </p>
-
-- </div>
-+ <% end %>
-```
-
-There is only one step left, and that is to modify `app/controllers/names_controller.rb` to broadcast changes as updates are made:
-
-```diff
-  # PATCH/PUT /names/1 or /names/1.json
-  def update
-    respond_to do |format|
-      if @name.update(name_params)
-        format.html { redirect_to name_url(http://github.com/@name), notice: "Name was successfully updated." }
-        format.json { render :show, status: :ok, location: @name }
-+
-+       @name.broadcast_replace_later_to 'names', partial: 'names/name'
-      else
-        format.html { render :edit, status: :unprocessable_entity }
-        format.json { render json: @name.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-```
-
-### Deployment and testing
-
-By now it should be no surprise that deployment is as easy as `fly deploy` and
-`fly apps open`. Once that is done, copy the browser URL, open a second browser
-window (it can even be a different browser or even on a different machine), and
-paste the URL into the new window.
-
-With one browser window open to the index page, use the other browser to change
-one of the names. Once you click "Update name" the index list in the original
-window will instantly update.
-
-Of course, if this were a real application, inserting and removing names would
-cause those changes to be broadcast. As they say, this is left as an exercise
-for the student.
-
 ## Arrived at Destination
 
 You have successfully built, deployed, and connected to your first Rails application on Fly.
 
-We've accomplished a lot with only just over a handful of lines of code and
-just over a dozen commands. When you are ready, proceed to a
-[recap](#recap).
-
-## Recap
-
-We started with an empty directory and in a matter of minutes had a running
-Rails application deployed to the web. A few things to note:
-
-  * From a Rails perspective, we demonstrated Action Cable, Action Pack,
-    Action View, Active Job, Active Model, Active Record, and Turbo
-    Streams.
-  * From a Fly.io perspective, we demonstrated deployment of a Rails app,
-    a Postgres DB, a Redis cluster, and the setting of secrets.
+We've accomplished a lot with only just one line of code and
+just one command.
 
 Now that you have seen it up and running, a few things are worth noting:
 
@@ -343,9 +118,10 @@ Now that you have seen it up and running, a few things are worth noting:
   * Your application is running on a VM, which starts out based on a
     docker image. To make things easy, `fly launch` generates a
     `Dockerfile` and a `bin/docker-entrypoint` for you which you are free to modify.
+  * As your application needs change, you can have us update your `Dockerfiles` for you by running: `bin/rails generate dockerfile`.
   * There is also a `config/dockerfile.yml` file which keeps track of your
-    dockerfile generation options.  This was covered by the
-    [FAQ](https://fly.io/docs/rails/getting-started/dockerfiles/) you read above.
+    dockerfile generation options.  This is covered by the
+    [FAQ](https://fly.io/docs/rails/getting-started/dockerfiles/).
   * Other files of note: `.dockerignore` and
     [`fly.toml`](https://fly.io/docs/reference/configuration/), both of which
     you can also modify.
@@ -353,7 +129,7 @@ Now that you have seen it up and running, a few things are worth noting:
   * `fly dashboard` can be used to monitor and adjust your application. Pretty
     much anything you can do from the browser window you can also do from the
     command line using `fly` commands. Try `fly help` to see what you can do.
-  * `fly ssh console` can be used to ssh into your VM. `fly ssh console --pty -C "/rails/bin/rails console"` can be used to open a rails console.
+  * `fly ssh console` can be used to ssh into your VM. `fly console` can be used to open a rails console.
 
 Now that you have seen how to deploy a trivial application, it is time
 to move on to [The Basics](../../rails/the-basics/).
diff --git a/rails/getting-started/migrate-from-heroku.html.md b/rails/getting-started/migrate-from-heroku.html.md
index 5eebda2f91..d91b7e899b 100644
--- a/rails/getting-started/migrate-from-heroku.html.md
+++ b/rails/getting-started/migrate-from-heroku.html.md
@@ -4,6 +4,10 @@ layout: framework_docs
 order: 2
 ---
 
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/migrate.png" alt="Illustration by Annie Ruygt of a bird carrying an app to a balloon who is welcoming the app to join his group" class="w-full max-w-lg mx-auto">
+</figure>
+
 This guide runs you through how to migrate a basic Rails application off of Heroku and onto Fly. It assumes you're running the following services on Heroku:
 
 * Puma web server
diff --git a/rails/the-basics/active-record.html.md b/rails/the-basics/active-record.html.md
new file mode 100644
index 0000000000..f25f4be393
--- /dev/null
+++ b/rails/the-basics/active-record.html.md
@@ -0,0 +1,111 @@
+---
+title: Active Record
+layout: framework_docs
+objective: Provision an application using a Postgres database
+order: 3
+---
+
+<div>
+  <img src="http://github.com/static/images/rails-intro.webp" srcset="http://github.com/service/http://github.com/static/images/rails-intro@2x.webp%202x " alt="">
+</div>
+
+In this guide we'll develop and deploy a Rails application that scaffolds a database table.
+
+## Create an application
+
+Start by verifying that you have Rails installed, and then by
+creating a new application:
+
+``` shell
+$ rails --version
+$ rails new list --database postgresql
+$ cd list
+```
+
+## Scaffold to Success
+
+Real Rails applications store data in databases, and Rails scaffolding makes it
+easy to get started. We are going to start with the simplest table possible,
+add a small bit of CSS to make the display a bit less ugly, and finally adjust
+our routes so that the main page is the index page for our new table.
+
+### Scaffold and style a list of names
+
+Since we are focusing on fly deployment rather than Rails features, we will keep it simple and create a single table with exactly one column:
+
+```cmd
+bin/rails generate scaffold Name name
+```
+
+Now add the following to the bottom of `app/assets/stylesheets/application.css`:
+
+``` css
+#names {
+  display: grid;
+  grid-template-columns: 1fr max-content;
+  margin: 1em;
+}
+
+#names strong {
+  display: none;
+}
+
+#names p {
+  margin: 0.2em;
+}
+ ```
+
+And finally, as the splash screen served it purpose, edit `config/routes.rb`, and connect the root with the names index:
+
+ ``` diff
+ Rails.application.routes.draw do
+   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
+
+   # Defines the root path route ("/")
+-  root "rails/welcome#index"
++  root "names#index"
+ end
+ ```
+
+While certainly not fancy or extensive, we now have an application that makes use
+of a database.
+
+Let's deploy it.
+
+### Launch
+
+To configure and launch the app, you can use `fly launch` and follow the
+wizard.  Fly.io will automatically detect that Postgres is required by
+your application.
+
+```cmd
+fly launch
+```
+```output
+Detected a Rails app
+Creating app in ~/tmp/list
+We're about to launch your Rails app on Fly.io. Here's what you're getting:
+
+Organization: Joe Developer                                             (fly launch defaults to the personal org)
+Name:         list-little-fire-1088                                     (generated)
+Region:       Ashburn, Virginia (US)                                    (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM                                    (most apps need about 1GB of RAM)
+Postgres:     (Fly Postgres) 1 Node, shared-cpu-1x, 256MB RAM, 1GB disk (determined from app source)
+Redis:        <none>                                                    (not requested)
+Tigris:       <none>                                                    (not requested)
+
+? Do you want to tweak these settings before proceeding? (y/N) 
+```
+
+For demo purposes you can accept the defaults.  You can always change these later.
+So respond with "N" (or simply press enter).
+
+This will take a few seconds as it uploads your application, builds a machine image,
+deploys the images, and then monitors to ensure it starts successfully. Once complete
+visit your app with the following command:
+
+```cmd
+fly apps open
+```
+
+That's it!  You are up and running!  Wasn't that easy?
diff --git a/rails/the-basics/active-storage.html.md b/rails/the-basics/active-storage.html.md
new file mode 100644
index 0000000000..9dd07f8fea
--- /dev/null
+++ b/rails/the-basics/active-storage.html.md
@@ -0,0 +1,86 @@
+---
+title: Active Storage
+layout: framework_docs
+objective: Provision a Tigris Bucket and configure Rails to run Active Storage.
+order: 4
+---
+
+Fly.io is a great place to deploy Rails applications that make use of [Active Storage](https://edgeguides.rubyonrails.org/active_storage_overview.html), and  Fly.io knows that Rails users prefer Convention over Configuration and their menus Omakase.
+
+## Launching a new Application?
+
+If any of the following are true, [`fly launch`](/docs/flyctl/launch/) will take care of all of the configuration:
+
+ * `aws-sdk-s3` in `Gemfile` or `Gemfile.lock`
+ * any migration containing `active_storage_attachments`
+ * an uncommented line in `config/storage.yml` containing `service: S3`
+
+Don't want Tigris for any reason?  Hey - we don't judge here.  Simply disable the extension in the web UI, and [setup](https://edgeguides.rubyonrails.org/active_storage_overview.html#setup) active storage for yourself.
+
+![Tigris Launch-UI](/docs/images/tigris-launch-ui.png)
+
+## Adding Tigris to an existing application?
+
+No problem!  It can be as easy as a two step process.  
+
+Step 1: Create a storage bucket:
+
+```cmd
+fly storage create
+```
+```output
+? Choose a name, use the default, or leave blank to generate one: 
+Your Tigris project (xxx) is ready. See details and next steps with: https://fly.io/docs/tigris/
+
+Setting the following secrets on xxx:
+AWS_ACCESS_KEY_ID: tid_xxx
+AWS_ENDPOINT_URL_S3: https://fly.storage.tigris.dev
+AWS_REGION: auto
+AWS_SECRET_ACCESS_KEY: tsec_xxxxx
+BUCKET_NAME: xxx
+
+Secrets are staged for the first deployment
+```
+
+Step 2: Let [`dockerfile-rails`](https://github.com/fly-apps/dockerfile-rails?tab=readme-ov-file#overview) do the configuring for you:
+
+```
+bin/rails generate dockerfile --tigris
+```
+
+Note: you don't need to accept changes to your `Dockerfile`, `.dockerignore`,
+`bin/docker-entrypoint` or other files.  The only files that need to be updated are:
+
+  * `config/storage.yml`
+  * `config/environments/production.rb`
+
+## Want a demo?
+
+Following is a quick and dirty demo that enables you to upload files containing images, audio, video, and other assorted files for viewing and/or downloading.
+
+First, some scaffolding:
+
+```
+rails new filelist --css tailwind
+cd filelist
+bin/rails active_storage:install
+bin/rails generate scaffold Item name:string contents:attachment
+bin/rails db:migrate
+```
+
+Next we need to modify three files to complete the application.
+
+  * [diffs](https://gist.github.com/rubys/20ea2562b9e7d23e3f01a6852f30d731)
+  * [full files](https://gist.github.com/rubys/c9f0e28727b58365477ce2b858f26355)
+
+With this in place, you are ready to launch:
+
+```bash
+fly launch
+```
+
+Watch the app deploy and then upload, view, and download a few files!
+
+## Find out more!
+
+Now that you are up and running, there is a lot more to explore on the [Tigris Global Object Storage](https://fly.io/docs/tigris/) page. Highlights include public buckets, migrating to Tigris with shadow butckets, Pricing, and AWS API compatibility.
\ No newline at end of file
diff --git a/rails/the-basics/configuration.html.md b/rails/the-basics/configuration.html.md
index adc300e69f..9126c069bf 100644
--- a/rails/the-basics/configuration.html.md
+++ b/rails/the-basics/configuration.html.md
@@ -2,7 +2,7 @@
 title: Environment Configuration
 layout: framework_docs
 objective: Add environment variables to your Rails applications, configure secrets, and use the encrypted `credentials.yml` file to manage your application's configuration on Fly.
-order: 4
+order: 1
 ---
 
 Rails applications are usually configured via the encrypted `credentials.yml` file or via environmental variables.
diff --git a/rails/the-basics/deployments.html.md b/rails/the-basics/deployments.html.md
index 82f4df2da9..0652d486b5 100644
--- a/rails/the-basics/deployments.html.md
+++ b/rails/the-basics/deployments.html.md
@@ -2,7 +2,7 @@
 title: Deployments
 layout: framework_docs
 objective: Understand what it means to deploy a Rails application to Fly along with some common tasks you may want to run after deployments, like a database migration or script.
-order: 0
+order: 2
 ---
 
 Deploying applications to Fly can be as simple as running:
@@ -44,13 +44,17 @@ You may need to open another terminal window and deploy again while running `fly
 
 ## Running migrations
 
-Migrations are configured to automatically run after each deployment via the following task in your application's `lib/tasks/fly.rake` file:
+For Postgresql, migrations are configured to automatically run after each
+deployment via the following task in your application's `fly.toml`:
 
-```ruby
-task :release => 'db:migrate'
+```toml
+[deploy]
+  release_command = './bin/rails db:prepare'
 ```
 
-To disable automatic migrations for deploys, remove the dependency from the `:release` task. Then, to manually run migrations after a deployment, run:
+Sqlite3 migrations are done by the `bin/docker-entrypoint` script.
+
+To disable automatic migrations for deploys, remove `db:prepare` lines from these files. Then, to manually run migrations after a deployment, run:
 
 ```cmd
 fly ssh console -C "/rails/bin/rails db:migrate"
@@ -67,13 +71,13 @@ fly ssh console
 Connecting to top1.nearest.of.my-rails-app.internal... complete
 ```
 ```cmd
-cd app
 ls
 ```
 ```output
-Aptfile       CHANGELOG.md  Dockerfile    LICENSE     README.md  app   config.ru  fly     package.json       pull_request_template.md  test    yarn.lock
-Brewfile      CODE_OF_CONDUCT.md  Gemfile       Procfile      Rakefile   bin   db     lib     postcss.config.js  resources           tmp
-Brewfile.lock.json  CONTRIBUTING.md Gemfile.lock  Procfile.dev  SECURITY.md  config  docs     node_modules  public       tailwind.config.js        vendor
+Dockerfile      README.md       config          lib             test
+Gemfile         Rakefile        config.ru       log             tmp
+Gemfile.lock    app             db              public          vendor
+Procfile.dev    bin             fly.toml        storage
 ```
 ```cmd
 bundle exec ruby my-hello-world-script.rb
@@ -81,13 +85,3 @@ bundle exec ruby my-hello-world-script.rb
 ```output
 hello world
 ```
-
-## Asset compilation and build commands
-
-The default Rails image is configured to run `assets:precompile` in your application's `lib/tasks/fly.rake` file:
-
-```ruby
-task :build => 'assets:precompile'
-```
-
-If you have additional build steps beyond the Rails asset precompiler, you may need to modify your application's `lib/tasks/fly.rake` file.
diff --git a/rails/the-basics/run-tasks-and-consoles.html.md b/rails/the-basics/run-tasks-and-consoles.html.md
index ea6c97d71c..6bd8353c8a 100644
--- a/rails/the-basics/run-tasks-and-consoles.html.md
+++ b/rails/the-basics/run-tasks-and-consoles.html.md
@@ -2,7 +2,7 @@
 title: Running Tasks & Consoles
 layout: framework_docs
 objective: Access the Rails console, run rake tasks, and access the SSH shell of a running Rails application with these one-liners.
-order: 3
+order: 7
 ---
 
 ## Rails console
diff --git a/rails/the-basics/sidekiq.html.md b/rails/the-basics/sidekiq.html.md
index fe9973aa6e..c0b81b5b83 100644
--- a/rails/the-basics/sidekiq.html.md
+++ b/rails/the-basics/sidekiq.html.md
@@ -2,14 +2,14 @@
 title: Sidekiq Background Workers
 layout: framework_docs
 objective: Deploy Rails applications that run in multiple processes to one Fly application, like Sidekiq background jobs.
-order: 1
+order: 6
 ---
 
 Rails applications commonly defer complex tasks that take a long to complete to a background worker to make web responses seem fast. This guide shows how to use [Sidekiq](https://github.com/mperham/sidekiq), a popular open-source Rails background job framework, to set up background workers, but it could be done with other great libraries like [Good Job](https://github.com/bensheldon/good_job), [Resque](https://github.com/resque/resque), [etc](https://www.ruby-toolbox.com/categories/Background_Jobs).
 
 ## Provision a Redis server
 
-Sidekiq depends on Redis to communicate between the Rails server process and the background workers. Follow the [Redis setup guide](/docs/reference/redis) to provision a Redis server and set a `REDIS_URL` within the Rails app. Be sure to set the `REDIS_URL` via a secret as demonstrated [here](/docs/rails/the-basics/configuration/#secret-variables).
+Sidekiq depends on Redis to communicate between the Rails server process and the background workers. Follow the [Redis setup guide](/docs/upstash/redis/) to provision a Redis server and set a `REDIS_URL` within the Rails app. Be sure to set the `REDIS_URL` via a secret as demonstrated [here](/docs/rails/the-basics/configuration/#secret-variables).
 
 Verify the `REDIS_URL` is available to your Rails application before you continue by running:
 
diff --git a/rails/the-basics/turbo-streams-and-action-cable.html.md b/rails/the-basics/turbo-streams-and-action-cable.html.md
index 1ea48f3603..44aa8df7ec 100644
--- a/rails/the-basics/turbo-streams-and-action-cable.html.md
+++ b/rails/the-basics/turbo-streams-and-action-cable.html.md
@@ -2,7 +2,7 @@
 title: Turbo Streams & Action Cable
 layout: framework_docs
 objective: Provision a Redis Server and configure Rails to run Turbo Streams.
-order: 5
+order: 4
 status: beta
 ---
 
@@ -31,7 +31,7 @@ fly redis create
 ? Optionally, choose one or more replica regions (can be changed later):
 
 Upstash Redis can evict objects when memory is full. This is useful when caching in Redis. This setting can be changed later.
-Learn more at https://fly.io/docs/reference/redis/#memory-limits-and-object-eviction-policies
+Learn more at https://fly.io/docs/upstash/redis/#memory-limits-and-object-eviction-policies
 ? Would you like to enable eviction? No
 ? Select an Upstash Redis plan Free: 100 MB Max Data Size
 
@@ -46,7 +46,7 @@ a number of replica regions, enable eviction, and select a plan.
 The most important line in this output is the second to the last one which will contain
 a URL starting with `redis:`. The URL you see will be considerably longer than the one
 you see above. You will need to provide this URL to Rails, and with Fly.io this is done
-via [secrets](https://fly.io/docs/reference/secrets/). Run the following command replacing the url with the one from the output above:
+via [secrets](/docs/apps/secrets/). Run the following command replacing the url with the one from the output above:
 
 ```cmd
 fly secrets set REDIS_URL=redis://default:<redacted>.upstash.io
diff --git a/reference/apps.html.markerb b/reference/apps.html.markerb
deleted file mode 100644
index 00f824b5bd..0000000000
--- a/reference/apps.html.markerb
+++ /dev/null
@@ -1,16 +0,0 @@
----
-title: "Fly Apps"
-layout: docs
-toc: false
-nav: firecracker
----
-
-A Fly App is an abstraction for a group of Machines running your code on Fly.io, along with the configuration, provisioned resources, and data we need to keep track of to run and route to your Machines. 
-
-Every Machine on Fly.io lives in a Fly App. Anycast IPs, certificates, Fly Volumes, and custom domains belong to apps as well.
-
-Fly Launch commands, `fly launch` and `fly deploy`, create and update an app's Machines as a unit with a single [configuration](/docs/reference/configuration/) and code base. Learn more about [Fly Launch](/docs/apps/).
-
-You can also create and configure [Machines](/docs/machines/) independently of other Machines in the same app, using `fly machine run` or the [Machines API](/docs/machines/working-with-machines/). See [Run a new Machine](/docs/machines/run/) for details about using `fly machine run`.
-
-Fly Apps run on flyd. Learn more about how flyd works and how it came to be in the blog post: [Carving the Scheduler Out of Our Orchestrator](https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/).
diff --git a/reference/architecture.html.md b/reference/architecture.html.md
index 673f6525b9..e6d15cacab 100644
--- a/reference/architecture.html.md
+++ b/reference/architecture.html.md
@@ -1,7 +1,6 @@
 ---
 title: The Fly.io Architecture
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
@@ -21,9 +20,9 @@ The virtualized applications run on dedicated physical servers with 8-32 physica
 
 We broadcast and accept traffic from ranges of IP addresses (both IPv4 and IPv6) in all our datacenters. When we receive a connection on one of those IPs, we match it back to an active customer application, and then proxy the TCP connection to the closest available microVM.
 
-### Proxy
+### Fly Proxy
 
-Every server in our infrastructure runs a Rust-based proxy named `fly-proxy`. The proxy is responsible for accepting client connections, matching them to customer applications, applying [handlers](/docs/reference/services/#connection-handlers) (eg: TLS termination), and [backhaul](#backhaul) between servers.
+Every server in our infrastructure runs a Rust-based proxy named `fly-proxy`. The proxy is responsible for accepting client connections, matching them to customer applications, applying [handlers](/docs/networking/services/#connection-handlers) (eg: TLS termination), and [backhaul](#backhaul) between servers. For more information, see [Fly Proxy](/docs/reference/fly-proxy).
 
 ### Backhaul
 
diff --git a/reference/autoscaling.html.md b/reference/autoscaling.html.md
new file mode 100644
index 0000000000..fa5d7f6f9c
--- /dev/null
+++ b/reference/autoscaling.html.md
@@ -0,0 +1,27 @@
+---
+title: Autoscaling
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/autoscaling.png" alt="Illustration by Annie Ruygt of several machines running" class="w-full max-w-lg mx-auto">
+</figure>
+
+Autoscaling adjusts the number of running or created Fly Machines dynamically. We support two forms of autoscaling:
+
+- Autostop/autostart Machines
+- Metrics-based autoscaling
+
+## Autostop/autostart Machines
+
+Fly Proxy autostop/autostart starts and stops Machines based on load; Machines are never created or deleted. You create a "pool" of Machines in one or more regions and Fly Proxy starts and stops them as needed.
+
+For details about how it works, see [Fly Proxy autostop/autostart](/docs/launch/autostop-autostart/). To configure autostop/autostart for your app, see [Autostop/autostart Machines](/docs/launch/autostop-autostart/).
+
+
+## Metrics-based autoscaling
+
+The metrics-based autoscaler scales your application based on any metric. You deploy the autoscaler as an app in your organization. It polls collected metrics and computes the number of machines needed based on the metric you define. The autoscaler can create and delete machines or stop and start existing Machines. 
+
+To learn how to deploy and configure the autoscaler, see [Autoscale based on metrics](/docs/launch/autoscale-by-metric/).
diff --git a/reference/aws-to-fly-guide.html.md b/reference/aws-to-fly-guide.html.md
new file mode 100644
index 0000000000..a076b0dc60
--- /dev/null
+++ b/reference/aws-to-fly-guide.html.md
@@ -0,0 +1,71 @@
+---
+title: Migrating from AWS to Fly.io Overview
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-06-09
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/migrating-from-aws.png" alt="Illustration by Annie Ruygt of a figure jumping from one mountain to another" class="w-full max-w-lg mx-auto">
+</figure>
+
+<div class="callout">
+**Fly.io runs apps close to your users, by giving you fast-starting VMs ("Fly Machines") in regions worldwide.** This guide is for folks moving apps from AWS. It walks through the major architectural differences you'll hit and how to adjust your deployment model.
+</div>
+
+
+Migrating from AWS to Fly.io means rethinking a few assumptions. The two platforms run apps differently, wire networks differently, and give you different tools to scale and persist data. This is a whirlwind tour of what changes when you leave the AWS cloud mothership.
+
+### Compute
+
+First up: compute. Fly.io runs apps as virtual machines, but it doesn't use AMIs or EC2. Instead, you give us a Docker image, we unpack it, and that becomes the root filesystem for a VM we spin up for you. We call these [Fly Machines](/docs/machines/overview/). They're fast. And they're small. And they boot fast because there's no hypervisor cold-start time and no shared kernel games like you'd find in ECS or EKS.
+
+But here's the catch: unless you mount a volume, the root filesystem is ephemeral. It disappears on restart. Any data written there is toast unless you store it somewhere else. If your app currently depends on an EBS volume or even just writes temp files it expects to survive a restart, you'll need to rethink that.
+
+### Storage
+
+[Fly Volumes](/docs/volumes/overview/) are our answer to persistent storage. They're slices of NVMe mounted directly on the physical host. They're not network-attached. This means they're fast and simple, but they're tied to a specific host. If your machine dies, you can boot another and reattach the volume. Think EBS, minus the network indirection and regional abstraction. You can also store large static assets like ML models in volumes, which keeps your Docker images lean and your deploys snappy.
+
+For object storage, we offer [Tigris](/docs/tigris/). It's S3-compatible and runs on Fly.io itself. If you're migrating from AWS S3, there's a handy [shadow bucket](/docs/tigris/#migrating-to-tigris-with-shadow-buckets) mode: Tigris can fall back to fetching from your existing S3 bucket if a file isn't yet copied over. First request pulls from S3; future requests hit local. Writes are synced, too, which makes a gradual migration painless.
+
+### Networking
+
+Talking to AWS-hosted services, like RDS, takes a bit of finessing. There's no direct WireGuard bridge into your AWS VPC. If you want to connect to RDS securely, the simplest approach is to run PgBouncer as a Fly Machine with a static egress IP. Allowlist that IP in your RDS security group. Then your app machines connect to PgBouncer over Fly's private network, and it forwards to RDS.
+
+Speaking of [networks](/docs/networking/): Fly.io apps live on an isolated private network per org, connected over WireGuard. Machines talk to each other via `.internal` hostnames (direct) or `.flycast` (load-balanced via our proxy). This setup is pretty close to private subnets and security groups in AWS. You usually only expose your edge-facing apps to the public internet.
+
+Instead of regional load balancers, we use [Anycast](/docs/networking/services/#anycast-ip-addresses). Your DNS points to one global IP. The Fly Proxy routes requests to the nearest edge server, which forwards traffic to a healthy app instance based on load and latency. That means no more manually balancing between `us-east-1` and `us-west-2`.
+
+### Scaling
+
+Scaling works differently too. Machines are not created on-demand based on request traffic. You provision them up front, and we start/stop them as needed. That means your max spend is predictable. Want [autoscaling](/docs/reference/autoscaling/)? Monitor metrics via Prometheus, and scale using flyctl or an API client. You own the automation.
+
+### Deployments and Secrets
+
+Which brings us to Infrastructure-as-code (IaC). Most users glue things together with Bash scripts and `flyctl`, and manage state by convention. It's low-friction but low-abstraction. And it’s still less of a headache than CloudFormation. More infrastructure automation ideas are [available here](/docs/blueprints/infra-automation-without-terraform/).
+
+On the plus side, deployments can be [zero-downtime](/docs/blueprints/seamless-deployments/) if you use [health checks](/docs/reference/health-checks/) and run multiple machines. Define those health checks in `fly.toml`, and the proxy will route around unhealthy nodes. You can even run DB migrations with a `release_command` before a deploy, and roll back by pushing a previous image tag.
+
+Secrets? Use [Fly Secrets](/docs/apps/secrets/). They get mounted as env vars at runtime and stay encrypted at rest. Similar to AWS Secrets Manager or Parameter Store, but simpler. We also have a new Secrets API that works like AWS KMS to allow apps to encrypt/decrypt data with centrally-managed keys.
+
+### Databases
+
+Databases? We offer [Managed Postgres](/docs/mpg/), our fully-managed database service that handles all aspects of running production PostgreSQL databases, similar to RDS. We take care of automatic backups/recovery, high availability with automatic failover, performance monitoring and metrics, resource scaling, 24/7 support, and automatic data encryption. 
+ 
+Other database options include managed Redis from our partner Upstash, running your own Redis or Valkey, distributed SQLite via LiteFS, or vector DBs like LanceDB with Tigris.
+
+### Monitoring
+
+For [monitoring](/docs/monitoring/metrics/), you get Prometheus metrics and Grafana dashboards. There's no native alerting yet, but many folks run their own Prometheus with Alertmanager, or use Grafana to set up alerts. This involves more user setup compared to AWS CloudWatch alarms, but you gain a wealth of resources from the Grafana and Prometheus communities.
+
+### In a nutshell
+
+AWS is a sprawling platform with deep abstractions. Fly.io strips a lot of that away. You get rawer access to your infra and better latency for your users, but you might trade some convenience. Migration is generally less about translating concepts and more about rethinking how your app is built and deployed.
+
+###  Related Reading
+
+- [Fly Apps](/docs/apps/overview/)
+- [Fly Volumes](/docs/volumes/overview/)
+- [Managed Postgres](/docs/mpg/)
+- [Going to Production Checklist](/docs/apps/going-to-production/)
\ No newline at end of file
diff --git a/reference/builders.html.md b/reference/builders.html.md
index d6ff16f071..c77d056aa0 100644
--- a/reference/builders.html.md
+++ b/reference/builders.html.md
@@ -1,11 +1,10 @@
 ---
-title: Builders and Fly
+title: Builders and Fly.io
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
-When you deploy an app on Fly, the app has to be assembled into a deployable image. That's the job that builders take on. There are three kinds of Fly builders - **dockerfile**, **buildpacks**, and **image**.
+When you deploy an app on Fly.io, the app has to be assembled into a deployable image. That's the job that builders take on. There are three kinds of Fly builders - **dockerfile**, **buildpacks**, and **image**.
 
 ## Dockerfile
 
@@ -15,10 +14,9 @@ This is the most flexible of the options, but with that flexibility comes the ne
 
 ## Buildpacks
 
-Platforms like Heroku and Cloud Foundry have the idea of a buildpack, a building process that's run entirely in its own container, to construct their deployable images. These buildpacks are then bundled into a "builder" stack with an operating system and can be called upon to build an app. The buildpack idea has been standardized with [Cloud Native Buildpacks](https://buildpacks.io/). Buildpacks use several tests to detect if they can build the application and if they can, then proceed to run the scripts needed to create an image.
+Platforms like Heroku and Cloud Foundry have the idea of a buildpack, a building process that's run entirely in its own container, to construct their deployable images. These buildpacks are then bundled into a "builder" stack with an operating system and can be called upon to build an app. The buildpack idea has been standardized with [Cloud Native Buildpacks](https://buildpacks.io/+external). Buildpacks use several tests to detect if they can build the application and if they can, then proceed to run the scripts needed to create an image.
 
-A library of standardized buildpacks is available from [Paketo Buildpacks](https://paketo.io/) and it's from this library, Heroku's Heroku20 buildpack, and Fly's own buildpack (for Deno), that you can select from in Flyctl. If you want to use an unlisted buildpack, you can specify it by name using the
-`buildpacks` setting in `fly.toml`.
+A library of standardized buildpacks is available from [Paketo Buildpacks](https://paketo.io/+external) and it's from this library, Heroku's Heroku20 buildpack, and Fly's own buildpack (for Deno), that you can select from in flyctl. If you want to use an unlisted buildpack, you can specify it by name using the `buildpacks` setting in `fly.toml`.
 
 Buildpack configuration options - such as `YARN_PRODUCTION` in the [Heroku Nodejs Buildpack](https://devcenter.heroku.com/articles/nodejs-support#using-npm-install) - can be set via [Docker build arguments](https://fly.io/docs/reference/configuration/#specify-docker-build-arguments).
 
diff --git a/reference/configuration.html.markerb b/reference/configuration.html.markerb
index a63e386a20..07e16d582d 100644
--- a/reference/configuration.html.markerb
+++ b/reference/configuration.html.markerb
@@ -1,17 +1,32 @@
 ---
-title: Fly Launch configuration (fly.toml)
+title: App configuration (fly.toml)
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
-You can configure an app for deployment on Fly.io using a `fly.toml` file. Configuration of builds, environment variables, internet-exposed services, disk mounts and release commands go here.
+You can configure an app for deployment on Fly.io using a `fly.toml` file. Configuration of builds, environment variables, internet-exposed services, disk mounts, and release commands go here. `fly.toml` configuration applies for apps managed by [Fly Launch commands](/docs/launch/).
 
-TOML is a [simple configuration file format](https://github.com/toml-lang/toml). Here's a [useful introduction](https://npf.io/2014/08/intro-to-toml/) on its syntax.
+## App configuration files
 
-You don't need to create a `fly.toml` file by hand. Running [flyctl launch](/docs/flyctl/launch/) will create one for you. You can also generate one from an existing app by running [flyctl config save](/docs/flyctl/config-save/).
+Most of the time you'll use the `fly.toml` file that you get automatically when you run `fly launch` to create an app. There are also ways to re-use config files and to generate them in different formats.
 
-*VSCode users*: Install the [Even Better TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml) extension for automatic `fly.toml` validation and hints drawn from this documentation.
+### Ways to get a config file
+
+ - Run [`flyctl launch`](/docs/flyctl/launch/) in your project source directory to create a new app and `fly.toml` file automatically.
+ - Run [`flyctl config save -a <existing-app-name>`](/docs/flyctl/config-save/) to download a `fly.toml` file from an existing app.
+ - Create one by hand with help from this reference, or copy and modify an example file.
+
+### Config file formats
+
+The default configuration file generated by Fly Launch is called `fly.toml`.
+
+TOML is a simple [configuration file format](https://github.com/toml-lang/toml+external). If you're a VSCode user, then you can install the [Even Better TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml+external) extension for automatic `fly.toml` validation and hints drawn from this documentation.
+
+If you want your config file in JSON or YAML format, use the `--json` and `--yaml` options in flyctl commands:
+
+- Add the `--yaml` or `--json` options to `fly launch`.
+- For existing apps, run `fly config save -a <existing-app-name` and specify `--yaml` or `--json`. Remove your `fly.toml` file when done as it takes precedence.
+- Run `fly config show --local` to preview different formats in your terminal. `fly config show` defaults to JSON, but you can also specify `--toml` or `--yaml` options.
 
 ## The `app` name
 
@@ -23,7 +38,7 @@ app = "restless-fire-6276"
 
 Whenever `flyctl` is run, it will look for a `fly.toml` file in the current directory and use the application name in that file. This behavior can be overridden by using the `-a` flag to set the application name, or on some commands (such as `deploy`) by using a `-c` flag to point to a different `fly.toml` file.
 
-## Primary Region
+## Primary region
 
 `fly deploy` uses the `primary_region` option to determine where to create new Machines, as well as to set the `PRIMARY_REGION` environment variable within the Machines it deploys. Replace `ord` with the three-letter code for your [Fly Region](/docs/reference/regions/) of choice.
 
@@ -37,7 +52,9 @@ The following options are available to control the lifecycle of a running applic
 
 ### `kill_signal` option
 
-When shutting down a Fly app instance, by default, Fly sends a `SIGINT` signal to the running process. Typically this triggers a hard shutdown option on most applications. The `kill_signal` option allows you to change what signal is sent so that you can trigger a softer, less disruptive shutdown. Options are `SIGINT` (The default), `SIGTERM`, `SIGQUIT`, `SIGUSR1`, `SIGUSR2`, `SIGKILL`, or `SIGSTOP`. For example, to set the kill signal to SIGTERM, you would add:
+When shutting down a Fly Machine, Fly.io sends a `SIGINT` signal to the running process by default. Typically this triggers a hard shutdown option on most applications. The `kill_signal` option lets you override that with a different signal so that you can trigger a softer, less disruptive shutdown: `SIGTERM`, `SIGQUIT`, `SIGUSR1`, `SIGUSR2`, `SIGKILL`, or `SIGSTOP`. 
+
+For example, to set the kill signal to SIGTERM, you would add:
 
 ```toml
 kill_signal = "SIGTERM"
@@ -45,7 +62,9 @@ kill_signal = "SIGTERM"
 
 ### `kill_timeout` option
 
-The time to wait, in seconds, before stopping a Machine after sending the `SIGINT` signal or the signal set by `kill_signal`. Set `kill_timeout` to a value that gives your app enough time to exit gracefully. The default setting is 5 seconds. The maximum `kill_timeout` is 300 seconds (five minutes). 
+<section class="warning">Note: `kill_timeout` settings should be considered best-effort, and your app needs to be prepared to handle shorter stopping times</section>
+
+This sets how long Fly.io waits (in seconds) after sending the `kill_signal` before moving on to a forced shutdown. Set `kill_timeout` to a value that gives your app enough time to exit gracefully. The default is 5 seconds. You can set it up to a maximum of 300 seconds (5 minutes).
 
 For example, to set the timeout to two minutes:
 
@@ -53,6 +72,28 @@ For example, to set the timeout to two minutes:
 kill_timeout = 120
 ```
 
+### How the shutdown sequence works
+
+These options come into play during controlled shutdowns such as:
+
+* When using `fly deploy`
+* When using `fly machine stop`
+* When a machine stops due to `auto_stop_machines`
+
+The sequence looks like this:
+
+1. Fly sends the `kill_signal` to the main process (defined by your Dockerfile’s `ENTRYPOINT` or `CMD`, or overridden via `--entrypoint`).
+
+1. It waits for up to `kill_timeout` seconds.
+
+1. Then it sends `SIGTERM` unconditionally.
+
+This gives your app a chance to shut down cleanly: finish requests, close connections, stop taking new work. It's designed for apps that can wrap up in under five minutes.
+
+Many workers will re-queue unfinished jobs so another machine can pick them up. If your app doesn't support that, or needs longer to shut down, you'll want to plan around that.
+
+You can watch shutdown behavior by watching `fly logs` during a deploy or idle stop.
+
 ## Console command
 
 The command to run when you run the [`fly console` command](/docs/flyctl/console/). Configure the `console_command` field with the command that opens your framework's console, and then `fly console` will run that command automatically in a new, dedicated Machine. The new Machine is configured with the image and environment from your app’s latest release, but your app isn’t started, and no traffic will be routed to it. The Machine gets destroyed when you exit the console.
@@ -157,27 +198,54 @@ This section configures deployment-related settings such as the release command
 
 ### Run one-off commands before releasing a deployment
 
-To run a command in a temporary VM&mdash;using the app's successfully built Docker image&mdash;*before* the release is deployed, define a `release_command`:
+The `release_command` lets you run a one-off task, like a database migration, before any of your deployed Machines are created or updated. It runs in a temporary Machine using the newly built image, once per deploy attempt. This is a common pattern for frameworks like Rails or Phoenix, but it's not limited to them. You can use it for any setup task that needs to run once, not on every app boot.
+
+If the command fails, the deploy will stop. The goal is to make deployment safer: do the risky part first, and only continue if it succeeds.
+
+To run a command in a temporary Machine *before* the release is deployed, define a `release_command`:
 
 ```toml
 [deploy]
   release_command = "bin/rails db:prepare"
 ```
 
-The `release_command` value replaces `CMD` in the temporary VM. This is useful for running database migrations before app VMs are created or updated with the new release. Note that the Docker image's `ENTRYPOINT` is not overridden by the `release_command`; `ENTRYPOINT` always runs.
+The `release_command` value replaces `CMD` in the temporary Machine. This is most commonly used for database migrations, but can be any task that prepares your app for the new release. Note that the Docker image's `ENTRYPOINT` is not overridden by the `release_command`; `ENTRYPOINT` always runs.
+
+By default, the temporary Machine has full access to the network, environment variables and secrets, but *not* to persistent volumes. Changes made to the file system on the temporary Machine will not persist. It has no volumes attached, and the Machine is destroyed after the command completes. The building/compiling of your project should be done in your Dockerfile. If you need to modify persistent volumes or configure your application, consider making use of `CMD` or `ENTRYPOINT` in your Dockerfile, or of a [process group command](#the-processes-section).
+
+The temporary Machine inherits the size from the largest Machine in the default process group of the app as of flyctl v0.0.508 (they also default larger on empty/new apps, using the Machine `shared-cpu-2x` preset). The default process group is defined as either the `app` process, or the first process group in alphabetical order (if an `app` process is not present).
+
+It is also possible to explicitly define the Machine size by setting `[deploy.release_command_vm]`, for example:
 
-The temporary VM has full access to the network, environment variables and secrets, but *not* to persistent volumes. Changes made to the file system on the temporary VM will not be retained or deployed. The building/compiling of your project should be done in your Dockerfile. If you need to modify persistent volumes or configure your application, consider making use of `CMD` or `ENTRYPOINT` in your Dockerfile, or of a [process group command](#the-processes-section).
+```toml
+[deploy]
+  release_command = "bin/rails db:prepare"
 
-The temporary VM inherits the size from the largest Machine in the default process group of the app as of flyctl v0.0.508 (they also default larger on empty/new apps, using the Machine `shared-cpu-2x` preset).
+  [deploy.release_command_vm]
+    size = "performance-1x"
+    memory = "8gb"
+```
 
 A non-zero exit status from this command will stop the deployment. `fly deploy` will display logs from the command. Logs are available via `fly logs` as well.
 
 To ensure the command runs in a specific region, such as `dfw`, set `PRIMARY_REGION = 'dfw'` in your application environment in `fly.toml` or with `fly deploy -e PRIMARY_REGION=dfw`. Setting `PRIMARY_REGION` is important if you're running [database replicas in multiple regions](/docs/postgres/high-availability-and-global-replication).
 
-The environment variable `RELEASE_COMMAND=1` is set within the temporary release VM. You can use this to define behavior in your Dockerfile's `ENTRYPOINT`  that's conditional on being run on a release VM.
+The environment variable `RELEASE_COMMAND=1` is set within the temporary release Machine. You can use this to define behavior in your Dockerfile's `ENTRYPOINT`  that's conditional on being run on a release Machine.
 
 By default, the release command has 5 minutes to complete before it is killed. It is possible to increase or decrease the timeout with `fly deploy --release-command-timeout=10m` or by setting `release_command_timeout = "10m"` in `[deploy]` section of `fly.toml`.
 
+For more context, see our [Seamless Deployments guide](/docs/blueprints/seamless-deployments/#one-off-tasks-with-release_command).
+
+<div class="callout">
+**Things to know about `release_command`:**
+- Replaces `CMD`, but not `ENTRYPOINT`
+- Runs in a temporary Machine with no volumes
+- Inherits environment, secrets, and network config
+- Fails the deploy on a non-zero exit code
+- Times out after 5 minutes by default (configurable)
+- Logs are streamed to `fly deploy` and `fly logs`
+</div>
+
 ### Picking a deployment strategy
 
 ```toml
@@ -195,11 +263,13 @@ The available strategies are:
 
 **immediate**: Replace all Machines with new releases immediately without waiting for health checks to pass. This is useful in emergency situations where you're confident about release health and can't wait for health checks.
 
-**canary**: Boots a single, new Machine with the new release, verifies its health, and then proceeds with a `rolling` restart strategy.
+**canary**: Boots a single, new Machine with the new release, verifies its health, and then proceeds with a `rolling` restart strategy. The `canary` strategy cannot be used for Machines with attached volumes.
 
-**bluegreen**: For every running Machine, a new one is booted alongside it in the same region. Once all of the new Machines pass health checks, traffic gets migrated to the new Machines and the old Machines are destroyed. If your app is scaled to 2 or more Machines, this strategy can reduce deploy time by running tasks in parallel. You need to configure at least one health check to use the `bluegreen` strategy. The `bluegreen` strategy doesn't work if Machines have volumes attached.
+**bluegreen**: For every running Machine, a new one is booted alongside it in the same region. Once all of the new Machines pass health checks, traffic gets migrated to the new Machines and the old Machines are destroyed. If your app is scaled to 2 or more Machines, this strategy can reduce deploy time by running tasks in parallel. You need to configure at least one health check to use the `bluegreen` strategy. The `bluegreen` strategy cannot be used for Machines with attached volumes.
 
-Note: If `max-per-region` is set to 1, then the default strategy is set to `rolling`. This happens because `canary` needs to temporarily run more than one VM to work correctly. The `bluegreen` strategy will behave similarly with `max-per-region` set to 1.
+<div class="note icon">
+**Note:** If `max-per-region` is set to 1, then the default strategy is set to `rolling`. This happens because `canary` needs to temporarily run more than one Machine to work correctly. The `bluegreen` strategy will behave similarly with `max-per-region` set to 1.
+</div>
 
 #### Rolling deploy configuration
 
@@ -217,7 +287,7 @@ Fractional values, between zero and one, provide a percentage of Machines that c
 
 ### Dealing with timeout errors while deploying a new version
 
-Every time `fly deploy` runs, it builds a new docker image, pushes it to an internal registry, and then updates or creates Machines for the app. Sometimes the image is too large, or the platform is slower than usual pulling the new image layers, triggering the default 5 minute timeout waiting for the Machine to be in a started state.
+Every time `fly deploy` runs, it builds a new Docker image, pushes it to an internal registry, and then updates or creates Machines for the app. Sometimes the image is too large, or the platform is slower than usual pulling the new image layers, triggering the default 5 minute timeout waiting for the Machine to be in a started state.
 
 The good thing is that this timeout can be controlled in two ways, with the `--wait-timeout` option, for example `fly deploy --wait-timeout=10m`, or as a more permanent `fly.toml` setting:
 
@@ -235,11 +305,11 @@ wait_timeout = "10m"
   S3_BUCKET = "my-app-production"
 ```
 
-This optional section allows setting non-sensitive information as environment variables in the application's [runtime environment](/docs/reference/runtime-environment/).
+This optional section allows setting non-sensitive information as environment variables in the application's [runtime environment](/docs/machines/runtime-environment/).
 
 For sensitive information, such as credentials or passwords, use the [secrets CLI command](/docs/reference/secrets).
 
-Env variable names are strictly case-sensitive and cannot begin with `FLY_` (as this could clash with the [runtime environment](/docs/reference/runtime-environment)). Env values can only be strings.
+Env variable names are strictly case-sensitive and cannot begin with `FLY_` (as this could clash with the [runtime environment](/docs/machines/runtime-environment)). Env values can only be strings.
 
 Secrets take precedence over env variables with the same name.
 
@@ -258,7 +328,7 @@ As with the more verbose [`[[services]]`](#the-services-sections), you can speci
 [http_service]
   internal_port = 8080
   force_https = true
-  auto_stop_machines = true
+  auto_stop_machines = "stop"
   auto_start_machines = true
   min_machines_running = 0
   [http_service.concurrency]
@@ -270,26 +340,51 @@ As with the more verbose [`[[services]]`](#the-services-sections), you can speci
 * `processes`: For apps with multiple processes. The process group that this service belongs to. Define process groups in the [processes](#the-processes-section) section.
 * `internal_port`: The port this service (and application) will use to communicate with clients. The default is 8080. We recommend applications use the default.
 * `force_https`: A Boolean which determines whether to enforce HTTP to HTTPS redirects.
-* `auto_stop_machines`: Whether to automatically stop an application's Machines when there's excess capacity, per region. If there's only one Machine in a region, then the Machine is stopped if it has no traffic. The Fly Proxy runs a process to automatically stop Machines every few minutes. The default is `true`.
-* `auto_start_machines`: Whether to automatically start an application's Machines when a new request is made to the application and there's no excess capacity, per region. If there's only one Machine in a region, then it's started whenever a request is made to the application. The default is `true`.
-* `min_machines_running`: The number of Machines to keep running, in the primary region only, when `auto_stop_machines = true`.
+* `auto_stop_machines`: The action, if any, that Fly Proxy should take when the app is idle for several minutes. Options are `"off"`, `"stop"`, or `"suspend"`. If `"off"`, Fly Proxy will never stop Machines. If `"stop"`, Fly Proxy stops Machines when the app has excess capacity. If `"suspend"`, Fly Proxy suspends Machines (if possible) when the app has excess capacity. Starting a Machine from a `suspended` state is faster than starting a Machine from a `stopped` state, but there are [some caveats](https://community.fly.io/t/autosuspend-is-here-machine-suspension-is-enabled-everywhere/20942). If there's only one Machine in a region, then the Machine is stopped or suspended if it has no traffic. The Fly Proxy runs a process to automatically stop Machines every few minutes. The default if not set is `"off"`.
+* `auto_start_machines`: Whether to automatically start an application's Machines when a new request is made to the application and there's no excess capacity, per region. If there's only one Machine in a region, then it's started whenever a request is made to the application. The default if not set is `true`.
+* `min_machines_running`: The number of Machines to keep running, in the primary region only, when `auto_stop_machines` is `"stop"` or `"suspend"`. The default if not set is `0`.
 
-<div class="callout">
-We recommend setting `auto_stop_machines` and `auto_start_machines` to the same value to avoid having Machines that either never start or never stop. Learn more about [automatically starting and stopping Machines](/docs/apps/autostart-stop/), including how Fly Proxy determines excess capacity in a region using the `soft_limit` setting.
+<div class="important icon">
+We recommend configuring `auto_stop_machines` and `auto_start_machines` so that they are both enabled or both disabled, to avoid having Machines that either never start or never stop. Learn more about [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/), including how Fly Proxy determines excess capacity in a region using the `soft_limit` setting.
 </div>
 
 ### `http_service.concurrency`
 
-The `http_service` concurrency section configures how to measure load for an application to inform [load balancing](/docs/reference/load-balancing) and [auto start and stop](/docs/apps/autostart-stop/). The `[http_service.concurrency]` section has the same settings as `[services.concurrency]`, which are:
+The `http_service` concurrency section configures how to measure load for an application to inform Fly Proxy [load balancing](/docs/reference/load-balancing) and [autostop/autostart](/docs/launch/autostop-autostart/). The `[http_service.concurrency]` section has the same settings as `[services.concurrency]`, which are:
+
+* `type` specifies what metric is used to determine when to auto start or stop, or when a given Machine should receive more or less traffic (load balancing). The two supported values are `connections` and `requests`.
 
-* `type` specifies what metric is used to determine when to scale up and down, or when a given instance should receive more or less traffic (load balancing). The two supported values are `connections` and `requests`.
+**connections**: Load balance and scale based on the number of concurrent TCP connections. This is the default when unspecified. This is also the default when `fly.toml` is created with `fly launch`. A new connection is established for each HTTP request; consider the `requests` type for HTTP apps.
 
-**connections**: Load balance and scale based on the number of concurrent TCP connections. This is the default when unspecified. This is also the default when fly.toml is created with `fly launch`.
+**requests**: Load balance and scale based on the number of HTTP requests. This is recommended for web services, because the Fly Proxy can pool and reuse connections for requests.
 
-**requests**: Load balance and scale based on the number of HTTP requests. This is recommended for web services, since multiple requests can be sent over a single TCP connection.
+* `hard_limit` : When a Fly Machine is at or over this number of concurrent connections or requests, the system will stop sending new traffic to that Machine. If unset, no `hard_limit` is enforced.
+* `soft_limit` : When a Fly Machine is at or over this number of concurrent connections or requests, the system will deprioritize sending new traffic to that Machine and only send it to that Machine if all other Machines are also at or above their `soft_limit`. This setting is also used to determine excess capacity for the [autostop/autostart feature](/docs/launch/autostop-autostart/). If unset, the default is 20.
 
-* `hard_limit` : When an application instance is at or over this number of concurrent connections or requests, the system will stop sending new traffic to that application instance. The system will bring up another instance if the auto scaling policy supports doing so.
-* `soft_limit` : When an application instance is at or over this number of concurrent connections or requests, the system will deprioritize sending new traffic to that application instance and only send it to that application instance if all other instances are also at or above their soft_limit. The system will likely bring up another instance if the auto scaling policy for the application supports doing so.
+For more information about concurrency settings, see [Guidelines for concurrency settings](/docs/reference/concurrency/).
+
+### `http_service.http_options.idle_timeout`
+
+Configure an idle-timeout for connections to your app.
+ ```toml
+  [http_service.http_options]
+    idle_timeout = 600
+```
+
+### `http_service.http_options.response.pristine`
+
+Configures Fly Proxy to not add any Fly headers to HTTP responses. The following response headers won't be added and won't be modified if returned by the app:
+ - `Server`
+ - `Via`
+ - `Fly-Request-Id`
+ - `Fly-Cache-Status`
+
+This is useful if you are building a platform on top of Fly and have your own load balancer that already adds similar response headers.
+
+```toml
+  [http_service.http_options.response]
+    pristine = true
+```
 
 ### `http_service.http_options.response.headers`
 
@@ -315,6 +410,49 @@ In the following example, `h2_backend` is set to `true`, which allows the app to
     h2_backend = true
 ```
 
+### `http_service.http_options.replay_cache`
+
+Configures session-based replay caching. When your app issues a `fly-replay` response, Fly Proxy can cache that replay decision based on cookie or header values, automatically applying it to subsequent requests with the same identifier.
+
+Each `http_options.replay_cache` entry configures a caching rule:
+
+```toml
+[[http_service.http_options.replay_cache]]
+  path_prefix = "/"
+  ttl_seconds = 300
+  type = "cookie"
+  name = "session_id"
+  allow_bypass = false
+```
+
+For documentation on replays, and further explanation on caching, see [Session-based Replay Caching](/docs/networking/dynamic-request-routing/#session-based-replay-caching).
+
+#### `http_service.http_options.replay_cache.path_prefix`
+
+Path pattern where this caching rule applies. 
+
+This can be a path like `/api` (applies to any hostname) or include a hostname like `example.com/api`. When multiple rules match a request, the longest matching path takes precedence. 
+
+If including a hostname, do not include the protocol or the port. If no hostname is provided, the cache rule applies to all hostnames, but each hostname retains a separate cache.
+
+Implicitly ends with `/*`, meaning that `example.com/api`, `example.com/api/`, and `example.com/api/*` are all equivalent.
+
+#### `http_service.http_options.replay_cache.ttl_seconds`
+
+How many seconds to cache the replay decision. Minimum value is 10 seconds.
+
+#### `http_service.http_options.replay_cache.type`
+
+Either `"cookie"` or `"header"`. Specifies whether to key the cache on a cookie or request header.
+
+#### `http_service.http_options.replay_cache.name`
+
+Name of the cookie or header to use as the cache key.
+
+#### `http_service.http_options.replay_cache.allow_bypass`
+
+Optional boolean. When `true`, allows clients to bypass the cache by setting the `fly-replay-cache-control: skip` request header. Default is `false`.
+
 ### `http_service.tls_options`
 
 Configure the TLS versions and ALPN protocols that Fly's edge will use to terminate TLS for your application with:
@@ -349,19 +487,34 @@ Roughly translated, this section says every thirty seconds, perform an HTTP GET
 
 Times are in milliseconds unless units are specified.
 
-* `grace_period`: The time to wait after a VM starts before checking its health. Make sure this is long enough for your app to start up. For example, if your app takes 2 seconds to start up, give it some runway by setting `grace_period` to at least 3 seconds.
-* `interval`: The time between connectivity checks. There should be a balance between the interval and the grace period. If it's long and your grace_period shorter than your app's startup time, health check will take too long adding you your deployment time.
+* `grace_period`: The time to wait after a Machine starts before checking its health. Make sure this is long enough for your app to start up. For example, if your app takes 2 seconds to start up, give it some runway by setting `grace_period` to at least 3 seconds.
+* `interval`: The time between connectivity checks. There should be a balance between the interval and the grace period. If interval is long and grace_period is shorter than your app's startup time, the health check will take too long, adding to your deployment time.
 * `timeout`: The maximum time a connection can take before being reported as failing its health check.
-* `method`: The HTTP method to be used for the check.
+* `method`: The HTTP method to be used for the check. If omitted, the default is `get`.
 * `path`: The path of the URL to be requested.
-* `protocol`: The protocol to be used (`http` or `https`).
+* `protocol`: The protocol to be used (`http` or `https`). If omitted, the default is `http`.
 * `tls_server_name`: If the protocol is `https`, the hostname to use for TLS certificate validation.
 * `tls_skip_verify`: When `true` (and using HTTPS protocol) skip verifying the certificates sent by the server.
 * `http_service.checks.headers`: This is a sub-section of `http_service.checks`. It uses the key/value pairs as a specification of header and header values that will get passed with the check call.
 
+<section class="warning"> The health check will not automatically follow any `HTTP 301` or `302` redirect, so it will fail if it receives anything other than a `200 OK` response. This may be an issue if your heath check specifies `protocol = http` (the default) but your app forces `https`. You may be able to avoid this redirect and continue using `http` for your health check by adding `X-Forwarded-Proto = "https"` to the `[http_service.checks.headers]` sub-section. </section>
+
+### The `http_service.machine_checks` section
+
+You can use the same `machine_checks` section for HTTP services as for [`services`](#services-machine_checks). The `machine_checks` section defines parameters for checking the health of a service.
+
+```toml
+[[http_service.machine_checks]]
+  image = "curlimages/curl"
+  entrypoint = ["/bin/sh", "-c"]
+  command = ["curl http://[$FLY_TEST_MACHINE_IP] | grep 'Hello, World!'"]
+  kill_signal = "SIGKILL"
+  kill_timeout = "5s"
+```
+
 ## The `services` sections
 
-The `services` sections define how Fly Proxy connects requests that hit an app's public [Anycast](/docs/reference/services/) or private [Flycast](/docs/reference/private-networking/#flycast-private-load-balancing) address to services running within Machines, and configure other Fly Proxy behavior for a service. If a service only needs HTTP and HTTPS on standard ports, you can use the less verbose [`http_service`](#the-http_service-section).
+The `services` sections define how Fly Proxy connects requests that hit an app's public [Anycast](/docs/networking/services/) or private [Flycast](/docs/networking/flycast) address to services running within Machines, and configure other Fly Proxy behavior for a service. If a service only needs HTTP and HTTPS on standard ports, you can use the less verbose [`http_service`](#the-http_service-section).
 
 A `services` section itself is a table of tables in TOML, so it is delimited with double square brackets. Tables within `[[services]]` configure additional features and behaviors for the service, and are described in subsequent sections. 
 
@@ -369,7 +522,7 @@ A `services` section itself is a table of tables in TOML, so it is delimited wit
 
 An app can have:
 
-* No `services` section (and no [`http_service` section](#the-http_service-section)): The application cannot be reached from the public internet, nor by a [Flycast](/docs/reference/private-networking/#flycast-private-load-balancing) address; this is typical of apps that talk only over [6PN private networking](/docs/reference/private-networking/) to other apps on the same network.
+* No `services` section (and no [`http_service` section](#the-http_service-section)): The application cannot be reached from the public internet, nor by a [Flycast](/docs/networking/flycast/) address; this is typical of apps that talk only over [6PN private networking](/docs/networking/private-networking/) to other apps on the same network.
 * One `services` section (or an [`http_service` section](#the-http_service-section)): One internal port mapped to one or more external ports.
 * Multiple `services` sections (or an [`http_service` section](#the-http_service-section) and one or more `services` sections): Mapping multiple internal ports to multiple external ports.
   
@@ -380,7 +533,7 @@ Example (note the double square brackets):
 [[services]]
   internal_port = 8080
   protocol = "tcp"
-  auto_stop_machines = true
+  auto_stop_machines = "stop"
   auto_start_machines = true
   min_machines_running = 0
 ```
@@ -390,12 +543,12 @@ Settings:
 * `processes`: For apps with multiple process groups, the process group or groups that this service belongs to. Define process groups in the [processes](#the-processes-section) section.
 * `internal_port` : The port this service (and application) will use to communicate with clients. The default is 8080. We recommend applications use the default.
 * `protocol` : The protocol that this service will use to communicate. Typically `tcp` for most applications, but can also be `udp`.
-* `auto_stop_machines`: Whether to automatically stop an application's Machines when there's excess capacity, per region. If there's only one Machine in a region, then the Machine is stopped if it has no traffic. The Fly Proxy runs the checks to automatically stop Machines every few minutes. The default is `true`.
-* `auto_start_machines`: Whether to automatically start an application's Machines when a new request is made to the application and there's no excess capacity, per region. If there's only one Machine in a region, then it's started whenever a request is made to the application. The default is `true`.
-* `min_machines_running`: The number of Machines to keep running, in the primary region only, when `auto_stop_machines = true`.
+* `auto_stop_machines`: The action, if any, that Fly Proxy should take when the app is idle for several minutes. Options are `"off"`, `"stop"`, or `"suspend"`. If `"off"`, Fly Proxy will never stop Machines. If `"stop"`, Fly Proxy stops Machines when the app has excess capacity. If `"suspend"`, Fly Proxy suspends Machines (if possible) when the app has excess capacity. Starting a Machine from a `suspended` state is faster than starting a Machine from a `stopped` state, but there are [some caveats](https://community.fly.io/t/autosuspend-is-here-machine-suspension-is-enabled-everywhere/20942). If there's only one Machine in a region, then the Machine is stopped or suspended if it has no traffic. The Fly Proxy runs a process to automatically stop Machines every few minutes. The default if not set is `"off"`.
+* `auto_start_machines`: Whether to automatically start an application's Machines when a new request is made to the application and there's no excess capacity, per region. If there's only one Machine in a region, then it's started whenever a request is made to the application. The default if not set is `true`.
+* `min_machines_running`: The number of Machines to keep running, in the primary region only, when `auto_stop_machines` is `"stop"` or `"suspend"`. The default if not set is `0`.
 
 <div class="callout">
-We recommend setting `auto_stop_machines` and `auto_start_machines` to the same value to avoid having Machines that either never start or never stop. Learn more about [automatically starting and stopping Machines](/docs/apps/autostart-stop/), including how Fly Proxy determines excess capacity in a region using the `soft_limit` setting.
+We recommend configuring `auto_stop_machines` and `auto_start_machines` so that they are both enabled or both disabled, to avoid having Machines that either never start or never stop. Learn more about [how Fly Proxy autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/), including how Fly Proxy determines excess capacity in a region using the `soft_limit` setting.
 </div>
 
 ### `services.ports`
@@ -412,7 +565,7 @@ For each `services` section in your `fly.toml`, i.e. for each external port you
 This example defines an HTTP handler on port 80.
 
 * `handlers` : An array of strings, each string selecting a handler process to terminate the connection with at the edge. Here, the `http` handler will accept HTTP traffic and pass it on to the `internal_port` of the application, which we defined in the `services` section above.
-  For the list of available handlers, and how they manage network traffic, see the [Public Network Services documentation](/docs/reference/services/).
+  For the list of available handlers, and how they manage network traffic, see the [Public Network Services documentation](/docs/networking/services/).
 * `port` : An integer representing the external port to listen on (ports 1-65535).
 * `start_port` : For a port range, the first port to listen on.
 * `end_port` : For a port range, the last port to listen on.
@@ -445,6 +598,29 @@ Instead of using multiple port definitions, you can specify a range of ports. Fo
   end_port = 8085
 ```
 
+### `services.ports.http_options.idle_timeout`
+
+Configure an idle-timeout for connections to your app.
+ ```toml
+  [services.ports.http_options]
+    idle_timeout = 600
+```
+
+### `services.ports.http_options.response.pristine`
+
+Configures Fly Proxy to not add any Fly headers to HTTP responses. The following response headers won't be added and won't be modified if returned by the app:
+ - `Server`
+ - `Via`
+ - `Fly-Request-Id`
+ - `Fly-Cache-Status`
+
+This is useful if you are building a platform on top of Fly and have your own load balancer that already adds similar response headers.
+
+```toml
+  [services.ports.http_options.response]
+    pristine = true
+```
+
 #### `services.ports.http_options.response.headers`
 
 Add or remove HTTP response headers.
@@ -469,6 +645,49 @@ In the following example, `h2_backend` is set to `true`, which allows the app to
     h2_backend = true
 ```
 
+### `services.ports.http_options.replay_cache`
+
+Configures session-based replay caching. When your app issues a `fly-replay` response, Fly Proxy can cache that replay decision based on cookie or header values, automatically applying it to subsequent requests with the same identifier.
+
+Each `http_options.replay_cache` entry configures a caching rule:
+
+```toml
+  [[services.ports.http_options.replay_cache]]
+    path_prefix = "/"
+    ttl_seconds = 300
+    type = "cookie"
+    name = "session_id"
+    allow_bypass = false
+```
+
+For documentation on replays, and further explanation on caching, see [Session-based Replay Caching](/docs/networking/dynamic-request-routing/#session-based-replay-caching).
+
+#### `services.ports.http_options.replay_cache.path_prefix`
+
+Path pattern where this caching rule applies. 
+
+This can be a path like `/api` (applies to any hostname) or include a hostname like `example.com/api`. When multiple rules match a request, the longest matching path takes precedence. 
+
+If including a hostname, do not include the protocol or the port. If no hostname is provided, the cache rule applies to all hostnames, but each hostname retains a separate cache.
+
+Implicitly ends with `/*`, meaning that `example.com/api`, `example.com/api/`, and `example.com/api/*` are all equivalent.
+
+#### `services.ports.http_options.replay_cache.ttl_seconds`
+
+How many seconds to cache the replay decision. Minimum value is 10 seconds.
+
+#### `services.ports.http_options.replay_cache.type`
+
+Either `"cookie"` or `"header"`. Specifies whether to key the cache on a cookie or request header.
+
+#### `services.ports.http_options.replay_cache.name`
+
+Name of the cookie or header to use as the cache key.
+
+#### `services.ports.http_options.replay_cache.allow_bypass`
+
+Optional boolean. When `true`, allows clients to bypass the cache by setting the `fly-replay-cache-control: skip` request header. Default is `false`.
+
 #### `services.ports.proxy_proto_options`
 
 Configure the version of the PROXY protocol that your app accepts. Version 1 is the default.
@@ -511,7 +730,7 @@ One use case is applications using HTTP/2, like gRPC. Fly's edge terminates TLS
 
 ### `services.concurrency`
 
-The services concurrency sub-section configures how to measure load for an application to inform [load balancing](/docs/reference/load-balancing) and [auto start and stop](/docs/apps/autostart-stop/).
+The services concurrency sub-section configures how to measure load for an application to inform Fly Proxy [load balancing](/docs/reference/load-balancing) and [autostop/autostart](/docs/launch/autostop-autostart/).
 
 This section is a simple list of key/values, so the section is denoted with single square brackets like so:
 
@@ -522,14 +741,16 @@ This section is a simple list of key/values, so the section is denoted with sing
     soft_limit = 20
 ```
 
-`type` specifies what metric is used to determine when a given instance has reached a concurrency limit. The two supported values are `connections` and `requests`.
+`type` specifies what metric is used to determine when a given Machine has reached a concurrency limit. The two supported values are `connections` and `requests`.
 
-**connections**: Load balance based on the number of concurrent TCP connections. This is the default when unspecified. This is also the default when fly.toml is created with `fly launch`.
+**connections**: Load balance and scale based on the number of concurrent TCP connections. This is the default when unspecified. This is also the default when `fly.toml` is created with `fly launch`. A new connection is established for each HTTP request; consider the `requests` type for HTTP apps.
 
-**requests**: Load balance based on the number of HTTP requests. This is recommended for web services, since multiple requests can be sent over a single TCP connection.
+**requests**: Load balance and scale based on the number of HTTP requests. This is recommended for web services, because the Fly Proxy can pool and reuse connections for requests.
 
-* `hard_limit` : When an application instance is at or over this number of concurrent connections or requests, the system will stop sending new traffic to that application instance. For Nomad apps only, the system will bring up another instance if the autoscaling policy supports doing so.
-* `soft_limit` : When an application instance is at or over this number of concurrent connections or requests, the system will deprioritize sending new traffic to that application instance and only send it to that application instance if all other instances are also at or above their soft_limit. For Nomad apps only, the system will likely bring up another instance if the auto scaling policy for the application supports doing so.
+* `hard_limit` : When a Fly Machine is at or over this number of concurrent connections or requests, the system will stop sending new traffic to that Machine. If unset, no `hard_limit` is enforced.
+* `soft_limit` : When a Fly Machine is at or over this number of concurrent connections or requests, the system will deprioritize sending new traffic to that Machine and only send it to that Machine if all other Machines are also at or above their `soft_limit`. This setting is also used to determine excess capacity for the [autostop/autostart feature](/docs/launch/autostop-autostart/). If unset, the default is 20.
+
+For more information about concurrency settings, see [Guidelines for concurrency settings](/docs/reference/concurrency/).
 
 ### `services.tcp_checks`
 
@@ -539,12 +760,11 @@ When a service is running, Fly Proxy can check up on it by connecting to a port.
   [[services.tcp_checks]]
     grace_period = "1s"
     interval = "15s"
-    restart_limit = 0
     timeout = "2s"
 ```
 Times are in milliseconds unless units are specified.
 
-* `grace_period`: The time to wait after a VM starts before checking its health. Make sure this is long enough for your application to start up. For example if your app takes 2 seconds to start up, give it some runway by setting this to at least 3 seconds.
+* `grace_period`: The time to wait after a Machine starts before checking its health. Make sure this is long enough for your application to start up. For example if your app takes 2 seconds to start up, give it some runway by setting this to at least 3 seconds.
 * `interval`: The time between connectivity checks. If the interval is long, and the `grace_period` is shorter than your app's startup time, then the health check will take longer and will add to your deployment time.
 * `timeout`: The maximum time a connection can take before being reported as failing its health check.
 
@@ -568,7 +788,7 @@ Roughly translated, this section says every ten seconds, perform an HTTP GET on
 
 Times are in milliseconds unless units are specified.
 
-* `grace_period`: The time to wait after a VM starts before checking its health. Make sure this is long enough for your app to start up. For example, if your app takes 2 seconds to start up, give it some runway by setting `grace_period` to at least 3 seconds.
+* `grace_period`: The time to wait after a Machine starts before checking its health. Make sure this is long enough for your app to start up. For example, if your app takes 2 seconds to start up, give it some runway by setting `grace_period` to at least 3 seconds.
 * `interval`: The time between connectivity checks. There should be a balance between the interval and the grace period. If it's long and your grace_period shorter than your app's startup time, health check will take too long adding you your deployment time.
 * `timeout`: The maximum time a connection can take before being reported as failing its health check.
 * `method`: The HTTP method to be used for the check.
@@ -580,6 +800,31 @@ Times are in milliseconds unless units are specified.
 
 **Note**: The `services.http_checks` section is optional and not generated in the default `fly.toml` file.
 
+### `services.machine_checks`
+
+Machine checks work a bit differently than the other checks. They run on each deploy, and if they fail, the deploy is stopped. A new Machine is spawned with the environment variable `FLY_TEST_MACHINE_IP` set to the [6PN IPv6 address](/docs/networking/private-networking/#6pn-addresses-in-detail) of the Machine being tested. This is useful for running integration tests on Machines before a deployment. Here's an example:
+
+```toml
+  [[services.machine_checks]]
+    image = "curlimages/curl"
+    entrypoint = ["/bin/sh", "-c"]
+    command = ["curl http://[$FLY_TEST_MACHINE_IP] | grep 'Hello, World!'"]
+    kill_signal = "SIGKILL"
+    kill_timeout = "5s"
+```
+
+This example uses the `curl` image to run a test. It checks that the Machine is serving a page with the text "Hello, World!".
+
+* `image`: The Docker image to use for the test. We default to the one used for the process group the Machine is in.
+* `entrypoint`: The entrypoint for the test. Defaults to the entrypoint of the Machine being tested if not set
+* `command`: The command to run for the test.
+* `kill_signal`: The signal to send to the test process if it runs too long. Defaults to the signal of the image, if a custom image is set.
+* `kill_timeout`: The time to wait before sending the kill signal. Defaults to the timeout of the image, if a custom image is set.
+
+Machine checks are especially useful for `canary` deploys. `flyctl` will spawn a new Machine, ensure all machine capabilities are functional, and then deploy the rest of the Machines in your app.
+
+Machine checks are supported for apps using the `rolling` and `canary` deployment strategies.
+
 ## The `mounts` section
 
 This section supports the Volumes feature for persistent storage. The section has two required entries: `source` and `destination`.
@@ -598,11 +843,11 @@ The `source` is a volume name that this app should mount. Any volume with this n
 
 ### `destination`
 
-The `destination` is the directory where the `source` volume should be mounted on the running app.
+The `destination` is the directory where the `source` volume should be mounted on the running app. This cannot be `/` since that's where the root file system is mounted.
 
 ### `processes`
 
-Optionally, you can specify a list of [processes](#the-processes-section) to limit volume mounts by process group. You can even specify two different `[[mounts]]` sections to mount different source volumes to VMs in different process groups. Note the need to use double brackets if there are multiple `[[mounts]]` defined.
+Optionally, you can specify a list of [processes](#the-processes-section) to limit volume mounts by process group. You can even specify two different `[[mounts]]` sections to mount different source volumes to Machines in different process groups. Note the need to use double brackets if there are multiple `[[mounts]]` defined.
 
 ### `initial_size`
 
@@ -612,23 +857,57 @@ This value is only used by `fly launch` and `fly deploy` commands in case they n
 
 The value can be a string with units, like `initial_size = "30GB"` for example. The value can also be an integer, like `initial_size = 30` for example, with GB as the default unit.
 
+### `snapshot_retention`
+
+Optionally, you can specify the number of days snapshots of the volumes in this app are retained.
+
+The default is 5 days when unset. The minimum is 1 day. The maximum is 60 days.
+
+For example, the following config retains snapshots of volumes for 14 days:
+
+```toml
+[mounts]
+  source = "myapp_data"
+  destination = "/data"
+  snapshot_retention = 14
+```
+
+### `scheduled_snapshots`
+
+Optional. Enable or disable automatic daily snapshots for a volume.
+
+The default is true (enabled) when unset.
+
+For example, the following config disables automatic daily snapshots:
+```toml
+[mounts]
+  source = "myapp_cache"
+  destination = "/cache"
+  scheduled_snapshots = false
+```
+
 ### `auto_extend_size_threshold`
 
-Optional. The threshold of storage used on a volume, by percentage, that triggers extending the volume's size by the value of `auto_extend_size_increment`.
+Optional. The threshold of storage used on a volume, by percentage, that triggers extending the volume's size by the value of `auto_extend_size_increment`,
+unless the resulting size would exceed `auto_extend_size_limit`.
 
 ### `auto_extend_size_increment`
 
-The increment, in GB, by which to extend the volume after reaching the `auto_extend_size_threshold`. Required with `auto_extend_size_threshold`.
+The increment, in GB, by which to extend the volume after reaching the `auto_extend_size_threshold`.
 
 ### `auto_extend_size_limit`
 
-The total amount, in GB, to extend a volume. Optional with `auto_extend_size_increment`.
+Maximum size, in GB, of a volume after an extension is completed.
+
+<div class="important">
+When using the auto-extension feature for volumes, both `auto_extend_size_increment` and `auto_extend_size_limit` are required. Without these values, the volume won't resize automatically, even if the usage threshold is reached.
+</div>
 
 ### Auto extend volume size configuration
 
 You can optionally configure volumes to automatically extend when they reach a usage threshold.
 
-For example, the following config extends the size of the volume by 1GB when it reaches 80% capacity. The volume extensions are limited to 5GB in total. `auto_extend_size_limit` is optional.
+For example, the following config extends the size of the volume by 1GB when it reaches 80% capacity. The volume extensions are limited to 5GB in total.
 
 ```toml
 [[mounts]]
@@ -645,18 +924,25 @@ This section defines the compute requirements for the Machines used for the appl
 
 The default Machine size is `shared-cpu-1x` but it is not enforced if not specified in `fly.toml`. It means commands like `fly deploy` won't attempt to update the compute requirements (or size) for a Machine. `fly scale` commands will use existing Machines to infer new Machine sizes, and in the event that there are no Machines, they will use `shared-cpu-1x`.
 
-If you care about a predictable _scaling up from zero_ case, or if you have different compute requirements for different process groups, then it is highly recommended to add this section to `fly.toml`. Once compute requirements are set, `fly deploy` and `fly scale count` commands will enforce them. If you change the size of the Machines using `fly scale vm` (or its sibling `fly scale memory`) then it will be reset on next `fly deploy` unless `fly.toml` is updated accordingly.
+If you care about a predictable _scaling up from zero_ case, or if you have different compute requirements for different process groups, then it is highly recommended to add this section to `fly.toml`. Once compute requirements are set, `fly deploy` and `fly scale count` commands will enforce them. If you change the size of the Machines using `fly scale vm` (or its sibling `fly scale memory`) then it will be reset on next `fly deploy` unless `fly.toml` is updated accordingly. Learn more about [Machine size configuration precedence](/docs/apps/scale-machine/#machine-size-configuration-precedence).
+
+<div class="callout">
+If you update your Machine size using `fly scale vm` or `fly scale memory` but you still have a `[[vm]]` section in your `fly.toml` file, the next `fly deploy` will reset your Machines to the configuration in the file.  If you want to manually scale your Machines and keep those settings, remove the `[[vm]]` section from your `fly.toml` file.
+</div>
 
 All keys are optional and `size` has lower precedence than all other keys.
 
 ```toml
 [[vm]]
   size = "shared-cpu-2x"
-  memory = "2gb"
-  cpus = 4
-  cpu_kind = "performance"
+  memory = "1gb"
+  cpus = 2
+  cpu_kind = "shared"
+  gpus = 1
   gpu_kind = "a100-pcie-40gb"
+  kernel_args = "no-hlt=true"
   host_dedication_id = "customer-id"
+  persist_rootfs = "never"
   processes = ["app"]
 ```
 
@@ -672,20 +958,40 @@ The memory to request. It can be expressed with units, like `memory = "2GB"` or
 
 ### `cpus`
 
-The number of vCPUs to request. Valid values are `1`, `2`, `4`, `8`, or `16`, but depends on `gpu_kind`. 
+The number of vCPUs to request. Valid values are `1`, `2`, `4`, `8`, or `16`, but depends on `cpu_kind`. 
 
 ### `cpu_kind`
 
 The kind of CPU to request. Valid values are `shared` and `performance`.
 
+### `gpus`
+
+The number of GPUs to request. Valid values are `1`, `2`, `4`, `8`, but depends on `gpu_kind`. 
+
+Setting this value requires also setting `gpu_kind`.
+
 ### `gpu_kind`
 
-The kind of GPU to request. Valid values are `a100-pcie-40gb`, `a100-sxm4-80gb` and `l40s`.
+The kind of GPU to request. Valid values are `a10`, `l40s`, `a100-pcie-40gb` and `a100-sxm4-80gb`.
+
+Setting this value assumes `gpus = 1` if not present.
+
+### `kernel_args`
+
+Additional kernel parameters provided to the kernel when booting the VM.
 
 ### `host_dedication_id`
 
 In the case of having a dedicated host, this is the value to set so Machines are launched on dedicated hardware.
 
+### persist_rootfs
+
+The persistence of the root filesystem across restarts and updates. Valid values are `never` (default), `restart`, and `always`.
+
+- `never`: The root filesystem is ephemeral and will not be persisted across restarts or updates.
+- `restart`: The root filesystem is persisted across restarts, but not across updates.
+- `always`: The root filesystem is persisted across restarts and updates.
+
 ### `processes`
 
 Optionally, you can specify a list of [processes](#the-processes-section) to limit by process group. You can even specify two different `[[vm]]` sections to have different compute requirements per process group. Note the need to use double brackets if there are multiple `[[vm]]` sections defined.
@@ -706,6 +1012,23 @@ size = "performance-1x"
 processes = ["worker"]
 ```
 
+## The `restart` section
+
+```toml
+[[restart]]
+  policy = "never"
+  retries = 10
+  processes = ["app"]
+```
+
+When a machine unexpectedly exits, our scheduling machinery follows a machine’s restart policy to restart it without your intervention. These policies are quite similar to Docker’s container restart policies:
+
+- always: we’ll attempt to restart the machine no matter the exit code.
+- never: we won’t restart the machine even if it exits with a non-zero exit code.
+- on-failure: we’ll only restart the machine if it exited with a non-zero exit code (due to a failure or crash). This is the default policy if one is not explicitly set. 
+
+A restart policy can be targeted to a specific process group. If a group is not specified, all machines in an app will have the same default restart policy. You can also specify the number of times we should retry restarting the machine before giving up.
+
 ## The `checks` section
 
 If your app doesn't have public-facing services, or you want independent health checks that don't affect request routing,
@@ -742,7 +1065,7 @@ Fields are very similar to `[[services.checks]]`:
 
 * `port`: Internal port to connect to. Needs to be available on `0.0.0.0`. Required.
 * `type`: Either `tcp` or `http`. Required.
-* `grace_period`: The time to wait after a VM starts before checking its health. Make sure you give your app enough time to start up. For example if your app takes 2 seconds to start up, give it some runway by setting this to at least 3 seconds.
+* `grace_period`: The time to wait after a Machine starts before checking its health. Make sure you give your app enough time to start up. For example if your app takes 2 seconds to start up, give it some runway by setting this to at least 3 seconds.
 * `interval`: The time between check runs. If your `grace_period` is shorter than your app's startup time, and `interval` is too long, checks will increase deployment times.
 * `processes`: For apps with multiple processes. The process group to apply the health checks to. Define process groups in the [processes](#the-processes-section) section.
 
@@ -757,7 +1080,7 @@ Again, times are in milliseconds unless units are specified.
 
 ## The `processes` section
 
-The `processes` section allows you to define process groups to be run on separate VMs within a single app. Learn more about [running multiple process groups in an app](/docs/apps/processes/).
+The `processes` section allows you to define process groups to be run on separate Machines within a single app. Learn more about [running multiple process groups in an app](/docs/apps/processes/).
 
 **Each Machine can run a different command on start**, allowing you to re-use your code base for different tasks (web server, queue worker, etc).
 
@@ -778,7 +1101,7 @@ Furthermore, you can "match" a specific process (or processes) to an [`[http_ser
   force_https = true
 ```
 
-Volumes can also be assigned to specific processes; use double brackets to include more than one [`[[mounts]]`](#the-mounts-section) section, and mount differently named volumes to VMs in different process groups:
+Volumes can also be assigned to specific processes; use double brackets to include more than one [`[[mounts]]`](#the-mounts-section) section, and mount differently named volumes to Machines in different process groups:
 
 ```toml
 [[mounts]]
@@ -814,34 +1137,79 @@ Check out [Metrics on Fly.io](/docs/reference/metrics/) for more information abo
 
 ## The `statics` sections
 
-When `statics` are set, requests under `url_prefix` that are present as files in `guest_path` will be delivered directly to clients, bypassing your web server. These assets are extracted from your Docker image and delivered directly from our proxy on worker hosts.
+You can use the `[[statics]]` section in your `fly.toml` to serve static files such as images, CSS, or JavaScript for your application. There are two ways to serve statics: 
+- From a running Fly Machine
+- From a Tigris object storage bucket.
+
+### Serving statics from a Fly Machine
+
+When you add a `[[statics]]` section to `fly.toml`, the Fly Proxy intercepts requests matching your `url_prefix`. If the requested file exists in your `guest_path`, the request is routed to a static file server running inside your machine. This bypasses your main web server process. Your machine must be running for static files to be served.
+
+If your machine is stopped, static files will not be served. If `autostart` is enabled, the machine will be started during statics requests as well as during normal requests to the app. Static assets are always served directly from your VM, not from the Fly edge or proxy host.
 
 ```toml
 [[statics]]
   guest_path = "/app/public"
   url_prefix = "/public"
 ```
-Each `[[statics]]` block maps a URL prefix to a path inside your container. You can have up to 10 mappings in an application.
 
-The "guest path" --- the path inside your container where the files to serve are located --- can overlap with other static mappings; the URL prefix should not (so, two mappings to `/public/foo` and `/public/bar` are fine, but two mappings to `/public` are not).
+In this example, a request to `/public/image.png` is served from `/app/public/image.png` inside your running machine. You can define up to 10 `[[statics]]` mappings per application.
 
-### Caveats
+The `guest_path` is the directory in your Docker image to serve files from. It may overlap across mappings, but `url_prefix` values must not overlap. Only one static mapping is honored for a given prefix. For example, two mappings to `/public/foo` and `/public/bar` are allowed, but two mappings to `/public` are not.
 
-This feature should not be compared directly with a CDN, for the following reasons:
+### Serving statics from Tigris object storage
+
+You can serve static files directly from a Tigris object storage bucket. This lets you host assets or full static sites from a bucket instead of baking them into your Docker image. 
+
+Static files in Tigris buckets are always delivered through your application’s running VM, not directly from the Fly edge. If no machine is running, requests for Tigris statics will not be served.
+However, if `autostart` is enabled for your app, incoming requests for static assets will automatically start a machine as needed, the same as for normal application traffic.
+
+```toml
+[[statics]]
+  guest_path = "/app/public"
+  url_prefix = "/public"
+  tigris_bucket = "my-bucket"
+```
+
+In this configuration, requests under `/public` are served from files stored in `my-bucket` under the `/app/public` path. Your machine must be running for these files to be served. If your machine scales to zero, static assets will not be accessible.
 
-* This feature does not exempt you from having to run a web service in your VM.
+When handling trailing slashes, requests to a directory path such as `/public/dir/` look for an `index.html` file, if you specify one. Requests without a trailing slash such as `/public/dir` may not serve as expected. Consider using redirects or documenting this for your users. Tigris statics support the `index_document` key, which allows you to serve a default file for a directory path.
+
+```toml
+[[statics]]
+  guest_path = "/app/public"
+  url_prefix = "/public"
+  tigris_bucket = "my-bucket"
+  index_document = "index.html"
+```
 
-* Statics will not find `index.html` at the root. The full path must be requested.
+In this configuration, a request to `https://example.com/public/` serves `/app/public/index.html` from the bucket. Similarly, `https://example.com/public/assets/` serves `/app/public/assets/index.html`.
 
-* You can't set `Cache-Control` or any other headers on assets. If you need those, you'll need to deliver them from your application and set the relevant headers.
+Tigris statics are billed at Tigris pricing. Data egress from Tigris may incur both Tigris and Fly Proxy egress charges. 
 
-* Assets are not delivered, by default, from all edge Fly.io regions. Rather, assets are delivered from the regions the application is deployed in.
+Do not overlap `url_prefix` values; only one static mapping will be honored for a given prefix.
+
+
+### Caveats
+
+This feature should not be compared directly with a CDN, for the following reasons:
+
+- This feature does not exempt you from having to run a web service in your Machine.
+- You must have a running machine for statics to be served. If your machine is stopped, static assets will not be served. If `auto_start_machines` is enabled, the machine will be started automatically in response to statics requests, the same as with normal application requests.
+- The Fly Proxy routes matching requests directly to the statics file server running inside your machine. Static requests do not go through your main application process, but are handled by the file server within the same VM.
+- Serving an index document is only supported for statics served directly from Tigris. The index document must have the same name in all the relevant locations in your Tigris bucket.
+- For statics served from your container, it will not find `index.html` at the root. The full path must be requested.
+- You cannot set `Cache-Control` or any other headers on assets. If you need those, deliver them from your application and set the relevant headers.
+- `statics` does not honor symlinks. For example, if `/app/public` in your container is a symlink, such as `/app-39403/public`, use the absolute original path in your statics configuration.
 
-* `statics` does not honor symlinks. So, if `/app/public` in your container is actually a symlink to something like `/app-39403/public`, you'll want to use the absolute original path in your statics configuration.
 
 ## The `files` section
 
-When `files` are set, the contents from one of `raw_value`, `local_path`, or `secret_name` will be written to the Machine at the provided `guest_path`. The contents of both `raw_value` and `secret_name` must be base64 encoded.
+When a `files` section is set, the contents from one of `raw_value`, `local_path`, or `secret_name` will be written to the Machine at the provided `guest_path`.
+
+* `raw_value`: The raw file content to be written. Must be base64 encoded.
+* `local_path`: The path to a local file in your system that should be used. Does not need to be base64 encoded.
+* `secret_name`: The name of an app secret that's been set with `fly secrets set`. The value of the secret will be written to the file. The referenced secret's value must be base64 encoded.
 
 Examples:
 
@@ -850,6 +1218,10 @@ Examples:
   guest_path = "/path/to/hello.txt"
   raw_value = "aGVsbG8gd29ybGQK"
 
+[[files]]
+  guest_path = "/path/to/config.yaml"
+  local_path = "/local/path/config.yaml"
+
 [[files]]
   guest_path = "/path/to/secret.txt"
   secret_name = "SUPER_SECRET"
diff --git a/reference/content-encoding.html.md b/reference/content-encoding.html.md
new file mode 100644
index 0000000000..0273f6fcff
--- /dev/null
+++ b/reference/content-encoding.html.md
@@ -0,0 +1,107 @@
+---
+title: Content Encoding with the Fly Proxy
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-06-17
+---
+
+<div class="callout">
+This page explains how our proxy handles HTTP response compression, so you get better performance out of the box.
+</div>
+
+Fly.io apps often serve a lot of text: HTML, CSS, JavaScript, JSON. Compressing those responses reduces bandwidth and speeds up delivery. Our edge proxy takes care of this automatically. Unless your app explicitly sets a `Content-Encoding` header, we negotiate compression on your behalf based on the client's `Accept-Encoding` header.
+
+This behavior usually Just Works. But there are edge cases you might care about. Here's how it works, what we support, and how to override it if needed.
+
+### What is Content Encoding?
+
+Content encoding compresses HTTP response bodies (the data or content being sent  by the server to the client). Clients include an `Accept-Encoding` header listing the algorithms they support. If the server supports any of them, it compresses the response and sets the `Content-Encoding` header to indicate the algorithm used. The client then decompresses the body before rendering it.
+
+Common encodings include:
+
+- `br` (Brotli)
+- `gzip`
+- `zstd` (Zstandard)
+- `deflate`
+
+All of these are lossless. They're not encryption, and they're not the same as chunked transfer encoding—they just make payloads smaller.
+
+### What the Fly.io Proxy Supports
+
+The Fly.io proxy handles compression at the edge, automatically selecting the most efficient algorithm supported by both the client and the proxy. It prefers:
+
+1. **Zstandard (zstd)** — Best all-around for performance and size. Supported in Chrome and Firefox.
+1. **Brotli** — Still excellent, especially for text. Smaller files than gzip in many cases.
+1. **gzip** — The fallback. Widely supported.
+1. **deflate** — Rarely used, but still supported.
+
+The proxy only compresses responses that don’t already include a `Content-Encoding` header. If your app sets one, the proxy passes the response through unmodified. You can also explicitly disable compression by setting `Content-Encoding: none`.
+
+### Configuration
+
+Configure the HTTP handler to enable proxy-level compression:
+
+The http handler must be used in your `fly.toml` file for the service. There are two ways to do this (choose only one!):
+
+- [http_service](/docs/reference/configuration/#the-http_service-section) preconfigures the most common options for a service speaking HTTP. It will use the http handler implicitly for both ports 80 and 443 (and additionally, of course, the tls handler for port 443).
+
+```
+[http_service]
+  internal_port = 8080
+  force_https = true
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 0
+  [http_service.concurrency]
+    type = "requests"
+    soft_limit = 200
+    hard_limit = 250
+```
+
+- A [service](/docs/reference/configuration/#the-services-sections) block explicitly using the http handler. This example serves http only (no https) on external port 80:
+
+```
+[[services]]
+  internal_port = 8080
+  protocol = "tcp"
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 0
+[[services.ports]]
+    handlers = ["http"]  # This is the important part
+    port = 80
+```
+
+If you want to also serve external port 443 with https, add this to the above:
+
+```
+[[services.ports]]
+    handlers = ["tls", "http"]
+    port = 443
+```
+
+
+### When You Might Want to Customize Behavior
+
+Most apps can rely on the defaults, but if you're doing something more specific like streaming HTML, here is something to consider:
+
+#### Streaming HTML
+
+The proxy buffers responses before compressing them. That can break HTML streaming—e.g., progressive server-side rendering. To avoid buffering, disable compression by setting `Content-Encoding: none` for those responses:
+
+```http
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Content-Encoding: none
+```
+
+### Summary
+
+Fly.io’s proxy gives you fast, automatic compression without config. You can let it handle things, or take control if you need to. If you're troubleshooting compression knowing how the proxy behaves can help you get the results you want.
+
+More in the docs:
+
+- [fly.toml reference](/docs/reference/configuration/)
+- [How Fly.io handles HTTP](/docs/reference/services/)
+- [Troubleshooting app performance](/docs/apps/performance/)
diff --git a/reference/deploy-tokens.html.md b/reference/deploy-tokens.html.md
deleted file mode 100644
index 5e2894ceb3..0000000000
--- a/reference/deploy-tokens.html.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: Deploy Tokens
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-<div class="border border-violet-600 bg-violet-50 rounded-l p-4 my-4 text-base text-navy">
-Deploy tokens are an experimental feature. They may be less reliable than traditional API tokens. Use them with caution and visit our <a href="https://community.fly.io/">community forum</a> for help.
-</div>
-
-Whether you're [deploying your app with GitHub Actions](/docs/app-guides/continuous-deployment-with-github-actions/) or running your own CD service, it's best to avoid configuring deployment infrastructure with all-powerful tokens. Deploy tokens can be used with `flyctl` to manage a single application and its resources.
-
-To get started, generate a deploy token on the Tokens tab of your app dashboard. Alternatively, run `flyctl tokens create deploy` to generate an app deploy token from the command line. Instruct `flyctl` to use your new token by setting it in the `FLY_API_TOKEN` environment variable.
-
-```cmd
-FLY_API_TOKEN=$(flyctl tokens create deploy) flyctl deploy
-```
-
-Whereas API tokens (`fly auth token`) can manage all of your organizations' apps, deploy tokens are limited to a single application. Some organization-wide features like managing WireGuard tunnels are integral to deployments and are also accessible to deploy tokens.
\ No newline at end of file
diff --git a/reference/dynamic-request-routing.html.md b/reference/dynamic-request-routing.html.md
deleted file mode 100644
index 12dba9d39f..0000000000
--- a/reference/dynamic-request-routing.html.md
+++ /dev/null
@@ -1,107 +0,0 @@
----
-title: Dynamic Request Routing
-layout: docs
-sitemap: false
-nav: firecracker
-redirect_from:
-  - /docs/reference/fly-replay/
-  - /docs/reference/regional-request-routing/
----
-
-Traffic sent to multi-region Fly.io apps is automatically routed to the region nearest to the client, thanks to Anycast-enabled IP addresses. [Read more about Anycast on Wikipedia](https://en.wikipedia.org/wiki/Anycast).
-
-Sometimes it's useful, or necessary, to route requests to other regions, other apps, or both. You can use custom request and response HTTP headers to achieve this.
-
-## The `fly-replay` response header
-
-Apps may append a `fly-replay` header to responses. This instructs the Fly proxy to redeliver (replay) the original request in another region, or to replay it to another app in the same Fly organization.
-
-The content of the `fly-replay` header fields tells our proxy which magic to perform, and the proxy takes it from there. If the target region doesn't host any healthy instances for the target app, the proxy throws an error.
-
-|Field |Description |
-|---|---|
-|`region` | The 3-letter code for a region to which the request should be routed. |
-|`instance` | ID of a specific instance to which the request should be routed. |
-|`app` | The name of an app within the same organization, to which the request should be routed.<br>fly-proxy will choose the nearest instance if no region is specified.|
-|`state` | Optional arbitrary string to include in the `fly-replay-src` header appended to the request being replayed. |
-|`elsewhere` | Boolean. If `true`, the responding instance will be excluded from the next round of load-balancing. |
-
-### Limitations
-
-Attempting to replay requests larger than 1MB will throw an error. If you need certain requests - like file uploads - to be handled by a specific region, consider the following workarounds.
-
-If your service is simply proxying uploads to object storage, some services like S3 allow [uploading directly from the browser](https://aws.amazon.com/blogs/compute/uploading-to-amazon-s3-directly-from-a-web-or-mobile-application/). Rails supports this [out of the box](https://guides.rubyonrails.org/active_storage_overview.html#direct-uploads).
-
-If you can perform uploads via `XMLHTTPRequest` (aja Ajax), you can prepend the [fly-prefer-region](#the-fly-prefer-region-request-header) header to send the request directly to that region.
-
-
-## `fly-replay` use cases
-
-Here are a few example use cases for the `fly-replay` response header.
-
-### Replaying writes in secondary regions
-
-Fly.io Postgres supports [global read replicas](/docs/postgres/high-availability-and-global-replication) for speeding up reads in regions close to users.
-
-Replay a request to the region where the HA database leader lives:
-```
-fly-replay: region=sjc
-```
-
-The proxy will get the request to an instance in that region and let the instances in the cluster take care of getting it to the writeable leader.
-
-### Replay requests to other apps
-
-`fly-replay` can replay requests across apps in the same organization. Think of a router app for a FaaS that wants to spin up a customer [VM](/docs/reference/machines/) on demand.
-
-To send the request to an instance of a different app in the same organization, in the nearest region that has one:
-```
-fly-replay: app=app-in-same-org
-```
-
-### Replay requests to specific VMs
-
-Replay the request to a specific VM by ID:
-```
-fly-replay: instance=00bb33ff
-```
-
-### Pass state to replay targets
-
-The request replay target may need to know why the request was routed to it.
-```
-fly-replay: region=sjc;state=captured_write
-```
-
-Fields can be stacked; for instance, to send the request on to an instance of the app "app-in-same-org" in the sjc region:
-```
-fly-replay: region=sjc;app=app-in-same-org
-```
-
-Some combinations of fields can conflict: e.g. don't specify an app name and an instance ID that doesn't belong to that app.
-
-Related: [Multi-region PostgreSQL](/docs/postgres/high-availability-and-global-replication); [Run Ordinary Rails Apps Globally](/blog/run-ordinary-rails-apps-globally/)
-
-## The `fly-replay-src` request header
-
-When replaying an HTTP request, our proxy appends the `fly-replay-src` header with information about the instance that sent the `fly-replay`.
-
-|Field |Description |
-|---|---|
-|`instance` | The ID of the instance emitting `fly-replay`. |
-|`region` | The region `fly-replay` was sent from. |
-|`t` | A timestamp: microseconds since the Unix epoch. |
-|`state` | The contents of the `state` supplied by the `fly-replay` header, if any. |
-
-[See how the official Fly.io Ruby client](https://github.com/superfly/fly-ruby/blob/main/lib/fly-ruby/regional_database.rb#L74-L76) uses the `state` and `t` fields to prevent [read-your-own-write](https://jepsen.io/consistency/models/read-your-writes) inconsistency.
-
-## The `fly-prefer-region` request header
-
-Clients accessing Fly.io apps may append the `fly-prefer-region` header to attempt sending the request directly to a desired target region. This is useful for cases where `fly-replay` isn't practical, such as large file uploads which can't be replayed once buffered by the proxy.
-
-If the target regions hosts no healthy instances, the nearest region with healthy instances will field the request.
-
-Example:
-```
-fly-prefer-region: ams
-```
diff --git a/reference/extensions_api.html.md b/reference/extensions_api.html.md
index 82d3ea3d34..1f6dd5113b 100644
--- a/reference/extensions_api.html.md
+++ b/reference/extensions_api.html.md
@@ -76,9 +76,9 @@ POST https://logjam.io/flyio/extensions
   id: "test",
   organization_id: "04La2mblTaz",
   organization_name: "High Flyers",
-  organization_email: "04La2mblTaz@customer.fly.io",
   user_email: "v9WvKokd@customer.fly.io",
   user_id: "NeBO2G0l0yJ6",
+  user_role: "admin",
   primary_region: "mad",
   ip_address: "fdaa:0:47fb:0:1::1d",
   read_regions: ["syd", "scl"],
@@ -99,9 +99,9 @@ These parameters are sent with every provisioning request.
 | **id** | string | Unique ID representing the extension | `30bqn49y2jh` |
 | **organization_id** | string | Unique ID representing an organization | `M03FclA4m` |
 | **organization_name** | string | Display name for an organization | `Supercollider Inc` |
-| **organization_email** | string | Obfuscated email that routes to all organization admins (does not change) | `n1l330mao@customer.fly.io` |
-| **user_id** | string | Unique ID representing an organization | `M03FclA4m` |
-| **user_email** | string | Obfuscated email that routes to the provisioning user (does not change) | `n1l330mao@customer.fly.io` |
+| **user_id** | string | Unique ID representing the provisioning user | `M03FclA4m` |
+| **user_email** | string | Obfuscated email that routes to the **provisioning** user (does not change) | `n1l330mao@customer.fly.io` |
+| **user_role** | string | Provisioning user's role | `admin, member` |
 
 **Optional parameters**
 
@@ -121,35 +121,45 @@ If your service is deployed on Fly, the response should also contain details abo
 
 **Provisioning Response**
 
-| Name | Type | Description | Example |
-| --- | --- | --- | --- |
-| **id** | string | A unique identifier for the resource on the provider platform | `432cb1c9-4d06-4a91-95dc-bc7aa27b896d` |
-| **fly_app_name** | string | The target Fly application for internal traffic | `432cb1c9-4d06-4a91-95dc-bc7aa27b896d` |
-
-
 ```javascript
 {
+  "id": "432cb1c9-4d06-4a91-95dc-bc7aa27b896d",
   "config": {
     "LOGJAM_URL": "https://user:password@test.logjam.io/"
   },
-  "fly_app_name": "logjam-production",
-  "id": "432cb1c9-4d06-4a91-95dc-bc7aa27b896d"
+  "name": "logjam-1bd03ba",
+  "fly_app_name": "logjam-production"
 }
 
 ```
+
+Your response must return a unique ID, which could be yours or the same the one we sent you. We'll always use this ID to make requests to your API. You must also return a `config` object containing the environment variables that the provisioning should set.
+
+Optionally, you can send:
+
+* a `fly_app_name` as the target for Flycast traffic on the IP address provisioned to your extension.
+* an updated `name` for the extension resource, should you need to change the name we supplied due to uniqueness constraints or other reasons
+
+| Name | Type | Description | Example |
+| --- | --- | --- | --- |
+| **id** | string | A unique identifier for the resource on the provider platform | `432cb1c9-4d06-4a91-95dc-bc7aa27b896d` |
+| **fly_app_name** | string | Fly.io application name target for internal traffic | `logjam-production` |
+| **name** | string | Fly.io application name target for internal traffic | `logjam-1bd03ba` |
+
+
 ### Giving customers private access to your service
 
-If you're deploying on Fly.io, your service should be accessible to customers without exposing it to the public internet.
+If you're deploying on Fly.io, your service should be accessible to customers without exposing it to the public internet. In cases where this isn't possible or desirable, your service allow setting network restrictions to prevent internet access by default.
 
 ### Routing private traffic with Flycast
 
-Our [Flycast](https://fly.io/docs/reference/private-networking/#flycast-private-load-balancing) internal load balancing feature allow you to route traffic from an IPv6 address on a customer network to one of your Fly.io applications.
+Our [Flycast](/docs/networking/flycast/) internal load balancing feature allow you to route traffic from an IPv6 address on a customer network to one of your Fly.io applications.
 
 The `ip_address` field above refers to this feature. At provisioning time, we'll allocate an address on the customer network for you. Then, your reply should include the target Fly.io application where you wish that IP's traffic to be routed to.
 
-By default, no traffic is routed to your app until it has services configured. See the [Machines API](https://fly.io/docs/machines/working-with-machines/#create-a-machine) and [fly.toml docs](https://fly.io/docs/reference/configuration/#the-services-sections) for details.
+By default, no traffic is routed to your app until it has services configured. See the [Machines API](/docs/machines/api-machines-resource/#create-a-machine) and [fly.toml docs](https://fly.io/docs/reference/configuration/#the-services-sections) for details.
 
-Optionally, you can add the [proxy protocol handler](https://fly.io/docs/reference/services/#connection-handlers) to a service. We co-opt the [proxy protocol](https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt) as a way to give your service knowledge of the IP address assigned on the customer network, at client connection time. This IP is useful for performing an additional security check beyond user/password credentials or tokens.
+Optionally, you can add the [proxy protocol handler](https://fly.io/docs/networking/services/#connection-handlers) to a service. We co-opt the [proxy protocol](https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt) as a way to give your service knowledge of the IP address assigned on the customer network, at client connection time. This IP is useful for performing an additional security check beyond user/password credentials or tokens.
 
 ### DNS records
 
@@ -167,13 +177,12 @@ For a good developer experience, you should create a public DNS record for your
 
 ```
 
-### Providing extension status after provisioning
+### Fetching extension status
 
-Im some cases, we'll want to be able to fetch data about your extension. For example, when displaying credentials to users directly via the CLI, we won't store these credentials in our database. We'll pass this request directly to your API.
+In most cases, we'll need to fetch information about a specific extension resource. For example, to get its current `status`, display usage information, etc.
 
-Also, if your resource cannot be provisioned synchronously, we'll need such an endpoint to poll readiness status.
+Also, if your resource cannot be provisioned synchronously, we'll need such this endpoint to poll readiness status.
 
-This endpoint should be discussed on a case-by-base basis.
 
 ### Updating Extensions
 
@@ -266,7 +275,7 @@ The JSON response:
 }
 ```
 
-## Webhooks: Notify Fly.io about changes to extension resources
+## Incoming Webhooks: Notify Fly.io about changes to extension resources
 
 Providers should send webhooks to Fly.io when changes happen to resources, such as:
 
@@ -288,7 +297,7 @@ Webhook requests should be signed the same way as we [sign provisioning requests
 
 ### The webhook request body
 
-The request must include a UNIX `timestamp`, `action` string  and `resource` objevt. Here's an example:
+The request must include a UNIX `timestamp`, `action` string  and `resource` object. Here's an example:
 
 ```
 {
@@ -307,9 +316,57 @@ Supported actions are:
 ```
 resource.updated
 resource.deleted
+resource.created
+```
+
+For `resource.created`, the request body should include the Fly.io `organization_id` and `user_id` that provisioned the resource.
+
+```
+{
+  "timestamp": "1693513586",
+  "action": "resource.created",
+  "resource": {
+    "plan": "scaler_pro",
+    "name": "myprod-db"
+    "organization_id": "kg032ljbmqs0j",
+    "user_id": "nh0kweyt23jyhl",
+    "id": "5lgmabb3y30",
+    "status": "ready"
+  }
+}
 ```
 
-Note: the shape of `resource` should be the same as that provided by any `GET` endpoints for invidividual resources.
+Note: `resource` should contain the same parameters provided by `GET` endpoints for invdividual resources.
+
+## Outbound Webhooks: Get notified about changes to provisioned accounts and resources
+
+We intend to inform your service about system changes such as:
+* Addition or removal of provisioned users from an organization
+* Provisioned user role changes
+* Issues with hosts that affect your deployment
+* Individual machine events (stops, starts, crashes, etc)
+
+**Currently, we only send machine events from a single Fly.io organization.**
+
+If your service deploys on Fly.io, we can send you webhooks for machine events, such as stops and starts, with some details about the source and cause of each.
+
+These webhooks conform to the [CloudEvents spec](https://github.com/cloudevents/spec). The spec encodes common attributes like `ID`, `source`, `type` and `timestamp` in HTTP headers. Find your [SDK of choice here](https://github.com/cloudevents/).
+
+*Type* will be encoded in this format: `io.fly.machine.starting`. The contents of `data` varies depending on the event. These types and data will be documented, eventually. For now, consult us on a case-by-case basis if the contents are not self-explanatory.
+
+Here's a sample payload, minus the fields mentioned above.
+
+```
+POST https://logjam.io/flyio/extensions/events
+{
+  "machine_id": "5683977ad31768",
+  "status": "failed",
+  "data": {
+    "Error": "image not found",
+    "Transition": "prepareImage"
+  }
+}
+```
 
 ## Email communication with customers
 
@@ -325,7 +382,7 @@ Providers should mostly send transactional messages about the resource itself, o
 
 Providers should take care that developers do not receive duplicate emails. For example, if a user is placed on an opt-out email campaign, you should ensure the following:
 
-The same user should not receive multiple, indentical emails because they happen to provision resources on more than one Fly.io organization. This is quite common, as organizations are used for separating production and staging environments, for example.
+The same user should not receive multiple, identical emails because they happen to provision resources on more than one Fly.io organization. This is quite common, as organizations are used for separating production and staging environments, for example.
 
 Once a single user in an organization has been placed on an email campaign, other users in the same organization should not be placed on a similar campaign merely for having used SSO sign-in.
 
diff --git a/reference/fly-launch.html.md b/reference/fly-launch.html.md
index dda3fed7bf..1833884f8c 100644
--- a/reference/fly-launch.html.md
+++ b/reference/fly-launch.html.md
@@ -1,14 +1,13 @@
 ---
 title: Fly Launch overview
 layout: docs
-sitemap: false
 nav: firecracker
 toc: false
 redirect_from:
   - /docs/getting-started/launch-app/
 ---
 
-Fly Launch is a bundle of features that take a lot of the work out of deploying and managing your Fly App. Two commands that you'll use often are [`fly launch`](/docs/flyctl/launch/) and [`fly deploy`](/docs/apps/deploy/). 
+Fly Launch is a bundle of features that take a lot of the work out of deploying and managing your Fly App. Two commands that you'll use often are [`fly launch`](/docs/flyctl/launch/) and [`fly deploy`](/docs/launch/deploy/). 
 
 The usual way to create a new Fly App is to write your project and then run `fly launch`. The `fly launch` command automates as much as possible between writing the code and deploying on Fly.io, setting you up with a running app with good defaults.
 
@@ -37,7 +36,7 @@ Build information is in the `build` section of `fly.toml`. `fly launch` will f
 
 Reference: [Builders and Fly.io](/docs/reference/builders/)
 
-## Fly Launch configuration
+## Fly App configuration
 
 On creation, an app gets a default configuration that will work for most basic web apps.
 
@@ -47,17 +46,17 @@ You can make configuration changes by editing an app's `fly.toml` and then runni
 
 The flyctl language-specific scanners make changes to app configuration as part of their work.
 
-Reference: [Fly Launch configuration (fly.toml)](/docs/reference/configuration/)
+Reference: [App configuration (fly.toml)](/docs/reference/configuration/)
 
 ## Platform resource provisioning
 
-Before deployment, you might want to create and configure a [Fly Volume](/docs/volumes/) or [Postgres database](/docs/reference/postgres/), or [set app secrets](/docs/reference/secrets/).
+Before deployment, you might want to create and configure a [Fly Volume](/docs/volumes/) or [Postgres database](/docs/reference/postgres/), or [set app secrets](/docs/apps/secrets/).
 
 Some flyctl scanners will do some or all of this using the API.
 
 ## Deployment
 
-The `fly launch` command might deploy your new app for the first time if you accept the defaults or after you tweak the app's settings. You can stop `fly launch` from deploying the new app right away with `fly launch --no deploy`.
+The `fly launch` command might deploy your new app for the first time if you accept the defaults or after you tweak the app's settings. You can stop `fly launch` from deploying the new app right away with `fly launch --no-deploy`.
 
 Whenever you want to update your app, you'll run [`fly deploy`](/docs/flyctl/deploy/). `fly deploy` creates a new release of the app with the updated configuration, and builds and deposits the image in the Fly.io registry, if needed. Public IP addresses are provisioned if the app listens on public ports and doesn't already have them. Finally, some hardware is allocated and at least one Machine is booted up.
 
@@ -99,7 +98,7 @@ Fly Launch uses the config specified in that `fly.toml` instead of the default c
 
 You can customize `fly launch` to better suit your project. The example that follows illustrates how this can work.
 
-For more information about ways to customize your launch, refer to [Custom launch](/docs/apps/launch/#custom-launch) and check out all the [options](/docs/flyctl/launch/) available for use with `fly launch`.
+For more information about ways to customize your launch, refer to [Custom launch](/docs/launch/create/#custom-launch) and check out all the [options](/docs/flyctl/launch/) available for use with `fly launch`.
 
 ### An example of a custom launch
 
@@ -200,7 +199,7 @@ Provisioning ips for hello-gunicorn-flask
   Add a dedicated ipv4 with: fly ips allocate-v4
 ```
 
-Because I had an HTTP service configured, and no [public IP addresses](/docs/reference/services/), Fly Launch [provisioned the IPs on deployment](/docs/apps/deploy/#ip-addresses).
+Because I had an HTTP service configured, and no [public IP addresses](/docs/networking/services/), Fly Launch [provisioned the IPs on deployment](/docs/launch/deploy/#ip-addresses).
 
 ```
 This deployment will:
@@ -239,7 +238,7 @@ app    	e28697ce6d3986	1      	ewr   	stopped	    	      	2023-11-29T20:55:33Z
 ```
 
 <div class="note icon">
-**Note:** Both Machines are in a stopped state, because they were idle for a few minutes and we enable the [auto start and stop feature](/docs/apps/autostart-stop/) by default.
+**Note:** Both Machines are in a stopped state, because they were idle for a few minutes and we enable the [autostop/autostart feature](/docs/launch/autostop-autostart/) by default.
 </div>
 
 I can [scale out](/docs/apps/scale-count/) by adding Machines in other regions if I want to get close to users in more corners of the world.
diff --git a/reference/fly-proxy-autostop-autostart.html.markerb b/reference/fly-proxy-autostop-autostart.html.markerb
new file mode 100644
index 0000000000..915ee43890
--- /dev/null
+++ b/reference/fly-proxy-autostop-autostart.html.markerb
@@ -0,0 +1,68 @@
+---
+title: Fly Proxy autostop/autostart
+layout: docs
+nav: firecracker
+---
+
+<figure>
+  <img src="http://github.com/static/images/docs-stop-start.webp" alt="">
+</figure>
+
+With Fly Proxy autostop/autostart, you can scale your app for peak loads and run those Machines only when needed to save on resource costs; you [don't pay for Machine CPU and RAM](/docs/about/pricing/#stopped-fly-machines) when they're in a `stopped` or `suspended` state. Fly Proxy automatically stops (or suspends) and starts existing Machines based on incoming requests to your app, and you have the option to keep a minimum number of machines running at all times in your primary region.
+
+Autostop/autostart works for Fly Apps with a service configured in the `fly.toml` file, which generally covers publicly available apps that accept requests from the internet. But you can also use autostart/autostart for private apps by setting up services and using a Flycast private IPv6 address. See [Flycast - Private Fly Proxy Services](/docs/networking/flycast/) and [Autostop/autostart private apps](/docs/blueprints/autostart-internal-apps/).
+
+For apps that [shut down automatically when idle](/docs/launch/autostop-autostart/#apps-that-shut-down-when-idle) and don't need autostop, the Fly Proxy can still restart your app's Machines when there's traffic.
+
+Learn how to [configure autostop/autostart](/docs/launch/autostop-autostart/).
+
+## How Fly Proxy autostop/autostart works
+
+Fly Proxy runs a process to determine whether an app has excess capacity every few minutes.
+
+<div class="callout">
+Autostop/autostart only works on existing Machines and never creates or destroys Machines for you. The maximum number of running Machines is the number of Machines you've created for your app using `fly scale count` or `fly machine clone`. Learn more about [scaling the number of Machines](/docs/apps/scale-count/). 
+</div>
+
+### Fly Proxy process to stop or suspend Machines
+
+When `auto_stop_machines` is set to `"stop"` or `"suspend"` in your `fly.toml`, the proxy looks at Machines running in a single region and uses the concurrency [`soft_limit` setting](/docs/reference/configuration/#the-http_service-section) for each Machine to determine if there's excess capacity. If the proxy decides there's excess capacity, it stops or suspends exactly one Machine. The proxy repeats this process every few minutes, stopping or suspending only one Machine per region, if needed, each time.
+
+If you have the [`kill_signal` and `kill_timeout` options](/docs/reference/configuration/#runtime-options) configured in your `fly.toml` file, then Fly Proxy uses those settings when it stops a Machine.
+
+Fly Proxy determines excess capacity per region as follows:
+
+* If there's more than one Machine in the region:
+  * the proxy determines how many running Machines are over their `soft_limit` setting and then calculates excess capacity: `excess capacity = num of machines - (num machines over soft limit + 1)`
+  * if excess capacity is 1 or greater, then the proxy stops or suspends one Machine
+* If there's only one Machine in the region:
+  * the proxy checks if the Machine has any traffic
+  * if the Machine has no traffic (a load of 0), then the proxy stops or suspends the Machine
+
+### Fly Proxy process to start Machines
+
+When `auto_start_machines = true` in your `fly.toml`, the Fly Proxy restarts a Machine in the nearest region when required.
+
+Fly Proxy determines when to start a Machine as follows:
+
+* The proxy waits for a request to your app.
+* If all the running Machines are above their `soft_limit` setting, then the proxy starts a stopped or suspended Machine in the nearest region (if there are any stopped or suspended Machines).
+* The proxy routes the request to the newly started Machine.
+
+### How Fly Proxy behaves without autostart/autostop
+
+Fly Proxy still routes requests to your app’s Machines even when `auto_stop_machines` is not set, or when `auto_start_machines` is explicitly set to `false` in your `fly.toml` file.
+
+- Machines stay running unless they exit on their own or are stopped during a deploy or scaling operation.
+- Fly Proxy does not check for excess capacity or stop Machines automatically, even if they are idle.
+- If `auto_start_machines` is explicitly set to `false`, the proxy only routes traffic to Machines that are already running. If no Machines are running, the proxy does not start one and the request will fail.
+- After a Machine starts, there may be a short delay before all proxy nodes recognize that it is running. During this time, requests sent to the Machine might fail if the proxy tries to route traffic too early.
+- If a Machine becomes unreachable, such as failing repeated internal pings over Fly’s private IPv6 network, it may be marked as unhealthy and stopped. Any requests already routed to that Machine will fail, since it’s no longer considered valid for the app.
+
+We recommend setting `auto_start_machines = true` and `auto_stop_machines = "stop"` or `"suspend"` in your `fly.toml` file to reduce idle resource usage and improve availability for apps that need to scale based on demand.
+
+## Related topics
+
+- [Configure autostop/autostart for Fly Launch apps](/docs/launch/autostop-autostart/)
+- [Autostop/autostart private apps](/docs/blueprints/autostart-internal-apps/)
+- [Fly Proxy features](/docs/reference/fly-proxy)
diff --git a/reference/fly-proxy.html.markerb b/reference/fly-proxy.html.markerb
new file mode 100644
index 0000000000..d7eb3cb6a1
--- /dev/null
+++ b/reference/fly-proxy.html.markerb
@@ -0,0 +1,60 @@
+---
+title: Fly Proxy
+layout: docs
+nav: firecracker
+---
+
+Fly Proxy is the omnipresent routing layer between the public Internet and the Fly.io platform and within the global WireGuard mesh that encompasses everything that runs on Fly.io. Every Fly.io edge and worker runs Fly Proxy to do the heavy lifting of moving data around our infrastructure: managing traffic and load balancing, applying protocol handlers, and connecting to services.
+
+A summary of things Fly Proxy does:
+
+- accept client connections and match them to your app's Machines in the closest region
+- handle backhaul between Fly.io servers over WireGuard tunnels
+- route requests to private Flycast addresses in your 6PN (private network)
+- load balance requests to your app's Machines
+- handle connections for different protocols:
+  - terminate TLS by default for most public apps
+  - terminate TLS for Postgres connections
+  - write PROXY protocol headers on TCP connections
+- autostop/autostart Machines based on traffic to your app
+- dynamic request routing with the `fly-replay` response header
+
+## How Fly Proxy routes incoming public requests
+
+When one of your app's users makes a request to your app on Fly.io, the request lands on our closest edge server. Fly Proxy (on the edge server) checks out the details of the request, adds the appropriate headers, redirects HTTP traffic to HTTPS, and routes the request through the WireGuard tunnel backhaul to the nearest healthy worker server that hosts your app's Machines. Fly Proxy (on the worker this time) sends the request to a Machine running your app over a local virtual interface, so your app can do its thing. Fly Proxy handles the response back from the Machine to the worker, from the worker to the edge server, and back to the user.
+
+Fly Proxy gets all its information about apps and Machines and services from corrosion, our service catalog that stores the state of pretty much everything on the Fly.io platform. Corrosion provides gossip-based service discovery that's highly-distributed, covering all our edges and regions.
+
+## How Fly Proxy routes requests over your private network (6PN)
+
+Apps can communicate with each other by default on your [private network](/docs/networking/private-networking/) without Fly Proxy's help, but if you want to use Fly Proxy features, then you can do that with [Flycast](/docs/networking/flycast/).
+
+When you assign a Flycast address to your app, the traffic gets routed through Fly Proxy while remaining entirely in your private network. When App 1 makes a request to App 2 in the same private network, Fly Proxy on the worker hosting App 1's Machines checks out the details of the request, adds the appropriate headers, and routes the request through the same WireGuard tunnel backhaul to the nearest healthy worker that hosts Machines for App 2. Fly Proxy on that server sends the request to a Machine running App 2.
+
+## Load balancing
+
+Fly Proxy routes requests to individual Machines in your app using a combination of concurrency settings in your app config, current load, and closeness.
+
+For more information and an example describing how Fly Proxy balances load, see [Load balancing](/docs/reference/load-balancing/).
+
+## Connection handlers
+
+Connection handler settings tell Fly Proxy how to convert TCP requests for specific protocols before they reach your app. Most standard web services use both `http` and `tls` handlers by default and there's an optional handler for apps that use PROXY protocol. Postgres connections get their own `pg_tls` handler.
+
+Handlers aren't mandatory; if you don't use them, then Fly Proxy just forwards TCP to your app with no changes.
+
+Learn more about [connection handlers](/docs/networking/services/#connection-handlers).
+
+## Autostart and autostop Machines
+
+Fly Proxy can start and stop existing Machines based on incoming requests, so that your app can accommodate bursts in demand without keeping extra Machines running constantly.
+
+Fly Proxy uses the same concurrency settings for autostop/autostart as for load balancing to determine when Machines have excess capacity and can be stopped.
+
+Learn more about [how autostop/autostart works](/docs/reference/fly-proxy-autostop-autostart/) and [how to configure it](/docs/apps/autostop-autostart/).
+
+## Dynamic request routing with `fly-replay`
+
+The `fly-replay` response header instructs Fly Proxy to redeliver (replay) the original request to another region or Machine in your app, or even another app in your organization. Your app needs to send a response with the `fly-replay` header specifying the region, Machine, or app and Fly Proxy replays the whole request as instructed.
+
+Learn more about [dynamic request routing](/docs/networking/dynamic-request-routing/).
diff --git a/reference/health-checks.html.markerb b/reference/health-checks.html.markerb
new file mode 100644
index 0000000000..0c733bbe84
--- /dev/null
+++ b/reference/health-checks.html.markerb
@@ -0,0 +1,71 @@
+---
+title: Health Checks
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/health-checks.png" alt="Illustration by Annie Ruygt of a balloon doctor examining a machine" class="w-full max-w-lg mx-auto">
+</figure>
+
+Health checks are a useful way to monitor the state of your app on Fly.io. When configured, they help the platform make decisions about routing traffic and managing deployments. For example, health checks can:
+
+- Confirm that Machines are ready before receiving traffic
+- Route around unhealthy Machines to maintain availability
+- Halt or roll back deployments when a new version isn't responding correctly
+
+Fly.io supports several types of health checks for different use cases. These are configured in your fly.toml file, in the relevant section depending on the type of check.
+
+## Monitoring your health checks
+
+You can view your app's current health check status using the `fly checks list` command. While checks run periodically, the Last Updated column shows when the check's status last changed, not when it was last executed.
+
+<div class="important icon">
+**Important:** A failing health check can prevent request routing to your Machine. However your Machines won't automatically restart or stop due to failing their health checks, this needs to be done manually.
+</div>
+
+
+## Top-level checks
+
+Top-level health checks, defined in the `[checks]` section of your fly.toml file, are designed for monitoring the overall health of your application, especially for non-public-facing services. Unlike service-level health checks (e.g., `services.http_checks` or `services.tcp_checks`), which can be used to direct traffic away from unhealthy Machines, top-level checks do not affect request routing. This makes them suitable for internal monitoring and alerting purposes without impacting how traffic is distributed across your Machines.
+
+### Custom Service Checks
+
+Use custom checks when you need specific configurations or headers, such as checking authenticated or private endpoints. You can configure custom checks for both TCP and HTTP service checks.
+
+For more information on custom checks, check out the [checks section](/docs/reference/configuration/#the-checks-section).
+
+## Service-level checks 
+
+Service-level checks let you define how the proxy determines if a Machine is ready to serve traffic. These checks run at the proxy level and prevent traffic from being sent to unhealthy or slow-starting Machines. TCP checks confirm that your app is listening on the expected port. HTTP checks go further by making a request to a specific path and expecting a 2xx HTTP response. This helps catch cases where the app has started but isn't ready to serve real traffic yet. Using both types of checks can help catch different kinds of issues: TCP for basic reachability, HTTP for readiness.
+
+The proxy uses service-level checks to determine whether a given Machine should be routed to. If a Machine fails its service check, it will be marked as unhealthy by the proxy, and it won't be routed to until its checks start passing. 
+
+While service-level checks affect routing availability, a failing check won't cause the Machine to restart or stop.
+
+Service-level checks are configured using the [`[[services.tcp_checks]]`](/docs/reference/configuration/#services-tcp_checks), [`[[services.http_checks]]`](/docs/reference/configuration/#services-http_checks) and [`[[http_service.checks]]`](/docs/reference/configuration/#http_service-checks) sections.
+
+## Health checks for apps with no services
+
+Some apps don’t run long-lived services. Job runners, queue workers, and similar workloads might start up, do their work, and shut down, or run continuously without exposing a network service. These apps can't use Fly’s built-in service-level health checks, but you can still monitor them using indirect signals.
+
+One common approach is to alert on queue depth. If messages pile up, your workers might be down or in a stuck state. You can also poll the Machines API to check whether instances are up, or run a periodic watchdog job and verify it executes as expected. Tools like [Dead Man’s Snitch](https://deadmanssnitch.com/) can help here. 
+
+Some worker stacks, such as [Flower](https://flower.readthedocs.io/en/latest/) for Celery, Sidekiq with a [Prometheus exporter](https://github.com/Strech/sidekiq-prometheus-exporter), or BullMQ with [Prometheus metrics](https://docs.bullmq.io/guide/metrics/prometheus), expose internal health signals you can alert on. These don’t act as health checks in the Fly routing sense, but they give you observability into your worker fleet.
+
+## Machine checks 
+
+Machine health checks run only during deploys and are supported for apps using the `rolling` and `canary` deployment strategies. They run a custom command inside an ephemeral Machine and can be used to verify app behavior beyond port or endpoint availability. They're useful for validating app readiness in more complex scenarios, such as confirming database connectivity or verifying that a key background service is up. These checks don't impact routing, but if a Machine check fails, the deployment will be stopped.
+
+Machine checks are configured using the [`[[services.machine_checks]]`](/docs/reference/configuration/#services-machine_checks) and [`[[http_service.machine_checks]]`](/docs/reference/configuration/#the-http_service-machine_checks-section) sections.
+
+## Bluegreen checks
+
+Bluegreen checks are an internal check used as part of bluegreen deployments. These run automatically when using a bluegreen deployment strategy, and you may see them listed in the output of `fly checks list` as `bg_deployment`.  
+
+You don't need to configure them yourself, and they don't impact routing after the deployment has completed.
+
+## Related topics
+
+- [App configuration (fly.toml)](/docs/reference/configuration/)
+- [Seamless/Zero-downtime deployments](/docs/blueprints/seamless-deployments/)
diff --git a/reference/index.html.md b/reference/index.html.md
index bbc44b68a7..65468553a1 100644
--- a/reference/index.html.md
+++ b/reference/index.html.md
@@ -1,88 +1,49 @@
 ---
-title: "Fly.io Reference Guide"
+title: "Fly.io reference"
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
-In the Fly.io Reference Section, you will find the definitive documentation for Fly.io features and tools.
+Quick references for often-used resources like flyctl and `fly.toml`. Or dig a little deeper into Fly.io capabilities and how they work.
 
 ## About Fly.io
 
-* [**Architecture**](/docs/reference/architecture/):
-The details about our implementation of Firecracker VMs, Anycast networking, Fly Proxy, and the backhaul network, all of which come together to create Fly.io's infrastructure.
+* **[Architecture](/docs/reference/architecture/):** A brief overview of how Firecracker VMs, Anycast networking, Fly Proxy, and the backhaul network come together to create Fly.io's infrastructure.
 
-* [**Regions**](/docs/reference/regions/):
-The regions around the world where we run servers so your apps can run close to your users.
+* **[Regions](/docs/reference/regions/):** The regions around the world where we run servers so your apps can run close to your users.
 
-## Creating and deploying applications
+* **[Machine migration](/docs/reference/machine-migration/):** How Fly.io automatically migrates your app's Machines from problematic hosts to healthy hosts.
 
-* [**Fly Launch Configuration (fly.toml)**](/docs/reference/configuration/):
-The settings for configuring your App in the `fly.toml` configuration file. The Fly Launch configuration includes how the App is built, how its networking is configured, how it scales, and more.
-
-* [**App Availability and Resiliency**](/docs/reference/app-availability):
-An overview of the features that can make your app more resistant to events like hardware failures or outages.
-
-* [**Builders**](/docs/reference/builders/):
-The different ways you can assemble applications into deployable images for Fly.io.
-
-* [**fly launch**](/docs/reference/fly-launch/):
-The command that creates an app and does a lot of the work for you.
-
-* [**flyctl**](/docs/flyctl/):
-The Fly CLI reference documentation.
-
-* [**Load Balancing**](/docs/reference/load-balancing/):
-An explanation of how Fly.io's proxy distributes traffic to your application instances based on load, closeness, and concurrency settings.
-
-* [**Monorepo and Multi-Environment Deployments**](/docs/reference/monorepo/):
-The command options you can use with flyctl to build and deploy multiple apps from a monorepo or deploy an app to multiple targets.
-
-* [**Runtime Environment**](/docs/reference/runtime-environment/):
-The environment variables that are set when an App runs on Fly.io and the request headers which provide Apps with information about incoming connections.
-
-* [**Secrets - Build time**](/docs/reference/build-secrets/):
-How to set and use Docker secrets to make secrets available at build time.
-
-* [**Secrets - Runtime**](/docs/reference/secrets/):
-How to set and use secrets, which are exported to the running App through environment variables, and find out how they work with deployments to help secure your App.
+---
 
-## Learning about the Fly Platform
+## Reference docs
 
-* [**Fly Apps**](/docs/reference/apps):
-The difference between V1 (Nomad) Apps and V2 Apps.
+* **[flyctl](/docs/flyctl/):** The flyctl CLI reference documentation.
 
-* [**Machines**](/docs/machines):
-A brief overview of Fly Machines, the building blocks of the Fly Platform, as well as the Machines API reference, examples, and guides.
+* **[App Configuration (fly.toml)](/docs/reference/configuration/):** The settings for configuring your app in the `fly.toml` configuration file. The app configuration includes how the app is built, its volume mounts, network services, and more.
 
-* [**Metrics**](/docs/reference/metrics):
-The fully-managed metrics that you can access for your app on Fly.io.
+* **[Fly Launch](/docs/reference/fly-launch/):** A deeper dive into how Fly Launch creates and configures new apps.
 
-* [**Volumes**](/docs/reference/volumes):
-The Fly.io implementation of volumes for persistent storage attached to Machines, and the things to consider before using them.
+* **[Fly Proxy](/docs/reference/fly-proxy/):** Learn about how Fly Proxy routes requests, handles connections, and does load balancing.
 
-## Network services
+* **[Fly Proxy autostop/autostart](/docs/reference/fly-proxy-autostop-autostart/):** Learn how Fly Proxy determines excess capacity for an app to shut down or suspend Machines when they're not needed and start them back up when there's traffic.
 
-* [**Dynamic request routing**](/docs/reference/dynamic-request-routing/):
-The different response headers you can use to dynamically route requests to other regions or apps.
+* **[Fly Proxy Content Encoding](/docs/reference/content-encoding/):** Learn how our proxy handles HTTP response compression, so you get better performance out of the box.
 
-* [**Public Networking**](/docs/reference/services/):
-Learn about Fly.io networking and its support for IPv4 and IPv6 addresses via Anycast, automated TLS and HTTP middleware, proxies, and TCP passthrough.
+* **[Machine Suspend/Resume](/docs/reference/suspend-resume/):** How to pause a Fly Machine in place and resume it in milliseconds.
 
-* [**Private Networking**](/docs/reference/private-networking/):
-How Fly.io Private Networking provides secure connections between your applications and a VPN option that allows you to connect into your Fly organization and do the same from your desktop or mobile device. It uses WireGuard and DNS to provide connectivity and discoverability. Find out how to use it in your applications, and how to install and configure the VPN.
+* **[Health Checks](/docs/reference/health-checks/):** Learn how Fly monitors your apps health through HTTP, TCP, and custom checks to verify availability and trigger automatic restarts when needed.
 
-* [**Upstash for Redis**](/docs/reference/redis/):
-The fully-managed, Redis-compatible database service that offers global read replicas for reduced latency in distant regions.
+---
 
-## Security
+## Working with Fly.io
 
-For more general information about security, refer to [Security at Fly.io](/docs/about/security/).
+* **[Autoscaling](/docs/reference/autoscaling/):** Adjust the number of running or created Fly Machines dynamically.
 
-* [**Deploy Tokens**](/docs/reference/deploy-tokens/):
-An experimental feature to use in place of standard API tokens.
+* **[Builders](/docs/reference/builders/):** The different ways you can assemble applications into deployable images for Fly.io.
 
-* [**TLS support**](/docs/reference/tls/):
-A list of supported cipher suites.
+* **[Load Balancing](/docs/reference/load-balancing/):** How Fly Proxy distributes traffic to your application instances based on load, closeness, and concurrency settings.
 
+* **[Migrating from AWS to Fly.io overview](/docs/reference/aws-to-fly-guide/):** A guide with considerations for moving from AWS to Fly.io.
 
+* **[Multiple processes inside a Fly.io app](/docs/app-guides/multiple-processes/):** The different ways to run multiple processes inside a Fly App.
diff --git a/reference/load-balancing.html.md b/reference/load-balancing.html.md
index 4e6876eac1..033d7fced0 100644
--- a/reference/load-balancing.html.md
+++ b/reference/load-balancing.html.md
@@ -1,44 +1,43 @@
 ---
 title: Load Balancing
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
-Fly.io routes requests to individual instances of your applications using a combination of concurrency settings specified on your application, current load, and closeness. This page describes the details of load balancing traffic to your applications on Fly.io.
+[Fly Proxy](/docs/reference/fly-proxy) routes requests to individual Machines in your apps using a combination of concurrency settings specified on your app, current load, and closeness. This page describes the details of load balancing traffic to your apps on Fly.io.
 
-## Load Balancing Strategy
+## Load balancing strategy
 
-Our load balancing strategy is:
-* Send traffic to the least loaded, closest instance
-* If multiple instances have identical load and closeness, randomly choose one
+The basic load balancing strategy is:
 
+* Send traffic to the least loaded, closest Machine
+* If multiple Machines have identical load and closeness, randomly choose one
 
 ### Load
 
-Load is determined by the [concurrency limits](/docs/reference/configuration#services-concurrency) configured for an application and the current traffic relative to those configured limits.
+Fly Proxy determines load using the [concurrency settings](/docs/reference/configuration#services-concurrency) configured for an app and the current traffic relative to those settings.
 
-The table below describes how traffic may or may not be routed to an instance based on configured `soft_limit` and `hard_limit` values.
+The table below describes how traffic may or may not be routed to a Machine based on configured `soft_limit` and `hard_limit` values.
 
-| Instance load | What happens |
+| Machine load | What happens |
 |---|---|
-| Above `hard_limit` | No new traffic will be sent to instance |
-| At or above `soft_limit`, below `hard_limit` | Traffic will only be sent to this instance if all other instances are also above their `soft_limit` |
-| Below `soft_limit` | Traffic will be sent to instance when it is closest instance that is under `soft_limit` |
+| Above `hard_limit` | No new traffic will be sent to the Machine |
+| At or above `soft_limit`, below `hard_limit` | Traffic will only be sent to this Machine if all other Machines are also above their `soft_limit` |
+| Below `soft_limit` | Traffic will be sent to the Machine when it is the closest Machine that is under `soft_limit` |
 
-### Closeness
-
-Closeness is determined by RTT (round-trip time) between the Fly.io edge node receiving a connection or request, and the worker node where your instance runs. Even within the same region, we use different datacenters with different RTTs. These RTTs are measured constantly between all servers.
+<div class="callout">
+Cross-region routing only happens when all Machines in the local region are unhealthy or at their `hard_limit`.
+</div>
 
-*Note:* These values are not visible to Fly.io users. We share this information here to help clarify how load balancing decisions are made.
+### Closeness
 
-## Examples
+Closeness is determined by RTT (round-trip time) between the Fly.io edge server receiving a connection or request, and the worker server where your Machine runs. Even within the same region, we use different datacenters with different RTTs. These RTTs are measured constantly between all servers.
 
-To help clarify how the Fly.io platform makes load balancing decisions, we provide some example configuration and scenarios:
+You can observe live RTT values between Fly.io regions using our [RTT app](https://rtt.fly.dev/).
 
-### Web service
+## Example of load balancing for a web service
 
-We have a web service that we know can handle 25 concurrent requests with the currently configured cpu and memory settings. So, we set the following values in our fly.toml:
+We have a hypothetical web service that we know can handle 25 concurrent requests with the configured CPU and memory settings. We set the following values in our fly.toml:
 
 ```toml
   [services.concurrency]
@@ -47,20 +46,17 @@ We have a web service that we know can handle 25 concurrent requests with the cu
     soft_limit = 20
 ```
 
-We set `type = "requests"` so Fly.io will use concurrent http requests to determine when to adjust load. We prefer this to `type = "connections"`, because our web service does work for each request and our users may make multiple requests over a single connection (e.g., with HTTP/2).
-
-We choose to set our `soft_limit` to 20, so we have a little room for Fly.io to shift load to other instances before a single instance becomes overwhelmed.
-
-We deployed 10 VMs in four regions: `ams`, `bom`, `sea`, and `sin`, with three of those in `ams`.
-
-In this contrived example, all of the users are currently in Amsterdam (ams region) so their traffic is arriving at one of the Fly.io edges in Amsterdam. There are currently 3 instances of our web service running in Amsterdam.
+We set `type = "requests"` so Fly.io will use concurrent HTTP requests to determine when to adjust load. We prefer this to `type = "connections"`, because our web service does work for each request and our users may make multiple requests over a single connection (e.g., with HTTP/2). Fly Proxy will also pool connections to a Machine for a short time (about 4 seconds) when using `type = "requests"` to avoid frequent opening and closing of connections to your app.
 
-When users in Amsterdam generate up to 60 concurrent http requests, those requests are divided evenly between the three application instances in the ams region. Closeness of the worker and edge will determine which of the 3 instances each request goes to.
+We set the `soft_limit` to 20, so Fly Proxy has some headroom to prefer less-loaded Machines within the same region before distributing traffic more evenly. Soft limits only affect routing within a region. They do not cause the proxy to shift traffic to other regions.
 
-When users generate 61+ concurrent requests from Amsterdam, 60 of those requests will be sent to the 3 instances in the ams region and then the rest will be sent to instances in other regions based on which ones are closest.
+We deploy 10 Machines in four regions: `ams` (Amsterdam), `bom` (Mumbai), `sea` (Seattle), and `sin` (Singapore), with three of those in `ams`.
 
-That keeps going until we get to 200+ concurrent requests. At 200 concurrent requests all application instances are at their `soft_limit`, so Fly.io will start routing requests to the ams instances again. E.g., the 201st concurrent request will go to an application instance in the ams region that is currently at its `soft_limit`.
+In this contrived example, all of the users are currently in Amsterdam, so the traffic is arriving at one of the Fly.io edges in Amsterdam. Here's what happens as the number of concurrent HTTP requests from users in Amsterdam increases:
 
-When users generate 250 concurrent requests, all instances will be at their `hard_limit`. The 251st concurrent request will get delayed by the Fly Proxy until an instance is below its `hard_limit`.
+- 60 concurrent requests: Requests are divided evenly between the 3 Machines in the `ams` region. Closeness of the worker and edge will determine which of the 3 Machines each request goes to.
+- 61+ concurrent requests: If all three Machines in `ams` are above their `soft_limit`, but still below their `hard_limit`, Fly Proxy continues routing to them. It does not route traffic to other regions based on soft limits alone.
+- 200+ concurrent requests: All Machines are at their `soft_limit`, so Fly Proxy will start routing requests to the `ams` Machines again. For example, the 201st concurrent request will go to a Machine in the `ams` region that is currently at its `soft_limit`.
+- 250 concurrent requests: All Machines are at their `hard_limit`. The 251st concurrent request will get queued by Fly Proxy until a Machine is below its `hard_limit`.
 
-If traffic is far above the `hard_limit` for a long period of time, Fly.io may start returning 503 Service Unavailable responses for requests that are not able to be routed to an instance.
+If traffic is far above the `hard_limit` for a long period of time, Fly Proxy might start returning 503 Service Unavailable responses for requests that are not able to be routed to a Machine.
diff --git a/reference/machine-migration.html.markerb b/reference/machine-migration.html.markerb
new file mode 100644
index 0000000000..429e63e2db
--- /dev/null
+++ b/reference/machine-migration.html.markerb
@@ -0,0 +1,80 @@
+---
+title: Machine migration
+layout: docs
+nav: firecracker
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/migrating-from-aws.png" alt="Illustration by Annie Ruygt of a figure jumping from one mountian to another" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly.io will migrate your Machines from problematic hosts to healthy hosts as required. Some of the reasons for migrating Machines include host overcrowding, deprecation, or scheduled maintenance. The migration process helps your applications run efficiently on the Fly.io platform. You don't need to take any action to migrate your Machines to another host and, if your app has [multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/), migration shouldn't result in any downtime for your app.
+
+## Machine migration process
+
+We migrate Machines using the following process:
+
+1. Acquire an internal lock to coordinate multiple Machine migrations in the Fly.io platform globally.
+1. Stop a Machine.
+1. Fork the Machine's volume to the destination host (if the Machine has an attached volume).
+1. Start a new Machine on the destination host.
+1. Release the internal lock.
+
+The following sections describe the migration process in more detail.
+
+### 1. Acquire an internal lock
+
+We set the internal lock for migration using your network ID. All the apps in your organization are on a [private network](/docs/networking/private-networking/) by default. There's no way around it, a Machine will be stopped prior to migration. When we lock by network ID, we ensure that we don't migrate other Machines from the same app or, in fact, any other apps in your network, at the same time. This can prevent clustering or quorum issues for databases and avoid downtime for apps with multiple Machines.
+
+### 2. Stop a Machine
+
+We send the Machine the signal configured as its `kill_signal` in `fly.toml` or the `stop_config` settings in the Machine config and then shut down. This should initiate a graceful shutdown of a running app Machine.
+
+### 3. Fork the Machine's volume
+
+If the Machine has an attached volume, we create an exact copy of that volume, including its data, on the destination host. The new volume will have a different volume ID than the original volume.
+
+### 4. Start a new machine
+
+We start a new Machine on the destination host and, if applicable, attach the volume we copied in step 3. The new Machine will have the same Machine ID as the original Machine. 
+
+The 6PN address will be different from the original machine. Most apps communicating on Fly.io private networks use [our internal DNS](/docs/networking/private-networking/#fly-io-internal-dns) to query for 6PN addresses and that feature will continue to work as usual. Note that apps should never rely on 6PN addresses remaining static.
+
+### 5. Release the internal lock
+
+We release the internal lock on your private network. The process repeats if any of your apps have more Machines on the affected host.
+
+## Check whether your machine was migrated
+
+Even though you usually don't need to take any action after we migrate a Machine, you can use the `fly machine status` command to check Event Logs for migration events. For example, the following Machine was migrated, as indicated the `migrated=true` info in the `launch` Event Log:
+
+```cmd
+fly machine status --app epic-stack-691c
+? Select a machine: d8dd625fed5568 crimson-grass-559 (started, region ord, process group 'app')
+Machine ID: d8dd625fed5568
+Instance ID: 01J08P60K8NK33K9P5MQ5M4QN8
+State: started
+
+VM
+  ID            = d8dd625fed5568
+  Instance ID   = 01J08P60K8NK33K9P5MQ5M4QN8
+  State         = started
+  Image         = epic-stack-691c:deployment-01HW81ZEKCE8GB6GV7506VCS7T
+  Name          = crimson-grass-559
+  Private IP    = fdaa:5:a89e:a7b:152:c79c:e922:2
+  Region        = ord
+  Process Group = app
+  CPU Kind      = shared
+  vCPUs         = 1
+  Memory        = 1024
+  Created       = 2024-06-13T11:36:59Z
+  Updated       = 2024-06-13T11:37:01Z
+  Entrypoint    =
+  Command       =
+  Volume        = vol_r6gzo1p3yq83yxjv
+
+Event Logs
+STATE   EVENT   SOURCE  TIMESTAMP                       INFO
+started start   flyd    2024-06-13T13:37:01.36+02:00
+created launch  flyd    2024-06-13T13:36:59.864+02:00   migrated=true
+```
diff --git a/reference/machines.html.markerb b/reference/machines.html.markerb
deleted file mode 100644
index f8acde57c5..0000000000
--- a/reference/machines.html.markerb
+++ /dev/null
@@ -1,286 +0,0 @@
----
-title: Working With the Machines API
-layout: docs
-cover: https://fly.io/blog/2022-05-24/machine-whack-a-mole.webp
-sitemap: false
-description: Fly Machines are VMs with a fast REST API that can boot in about 300ms globally. Learn how to use the API to start, stop, configure and query machines.
-nav: firecracker
----
-
-Fly Machines are [Firecracker VMs](https://firecracker-microvm.github.io/) with a fast REST API that can boot instances in about 300ms, in any region supported by [Fly.io](https://fly.io/docs/reference/regions/).
-
-The Machines API gives you efficient, low-level control over VM provisioning, supported by Fly.io infrastructure and networking features.
-
-Machines are also the spawning ground for new platform features like *wake-on-request* (also known as *scale-to-zero*). You can
-stop a running machine to save on compute costs. It then may be started automatically when a request arrives at the Fly proxy.
-
-This document covers usage of the Machines REST API to start, stop, update and interact with machines. For the impatient, [flyctl also provides commands](https://fly.io/docs/flyctl/machine/) for experimenting with the API.
-
-See all possible machine states [in the table below](#machine-states).
-
-## Connecting to the API
-
-The Machines API endpoint requires a connection to your Fly private network - either by running on a VM inside the network, or via a WireGuard VPN, or using `fly proxy`.
-
-This guide assumes that you have flyctl and cURL installed, and have authenticated to the Fly.io platform.
-
-### Connecting via WireGuard
-
-This method requires more setup but gives you direct access to machines over the WireGuard VPN.
-
-First, follow the [instructions](/docs/reference/private-networking/#private-network-vpn) to set up a permanent WireGuard connection to your Fly network. We recommend WireGuard because you can directly test your machines from your local machine.
-
-Once you're connected, Fly internal DNS should expose the Machines API endpoint at: `http://_api.internal:4280`
-
-### Connecting via `fly proxy`
-
-For quick testing of this API, you can proxy a local port to the internal API endpoint. Pick any organization when asked.
-
-```cmd
-fly machines api-proxy
-```
-
-With the above command running, in a separate terminal, try this to confirm you can access the API:
-
-```cmd
-curl http://127.0.0.1:4280
-```
-
-If you successfully reach the API, it should respond with a `404 page not found` error. That's because this was not a defined endpoint.
-
-### Setting up the environment
-
-If you are using a WireGuard VPN or `fly proxy`,
-set these environment variables to make the following commands easier to use.
-
-```bash
-$ export FLY_API_HOSTNAME="_api.internal:4280" # or set to `127.0.0.1:4280` when using 'fly proxy'
-$ export FLY_API_TOKEN=$(fly auth token)
-```
-
-In order to access this API from a Fly Machine, make the token available as a secret:
-
-```cmd
-fly secrets set FLY_API_TOKEN=$(fly auth token)
-```
-
-A convenient way to set the FLY_API_HOSTNAME is to add it to your `Dockerfile`:
-
-```
-ENV FLY_API_HOSTNAME="_api.internal:4280
-```
-
-
-You'll still need to replace the application name and machine ID for commands to work.
-
-### Authentication
-
-All requests must include the Fly API Token in the HTTP Headers as follows:
-
-```
-Authorization: Bearer <fly_api_token>
-```
-
-### Create a Fly App
-
-Machines must be associated with an app. App names must be unique.
-
-<%= partial "machines/create_app_req" %>
-
-### Allocate an IP address for global request routing
-
-If you intend for machines to be accessible to the internet, you'll need to allocate an IP address to the application. Currently
-this is done using flyctl or the [Fly.io GraphQL API](https://api.fly.io/graphql). This offers your app automatic, global routing via [Anycast](https://fly.io/docs/reference/services/#anycast). Read more about this in [the Networking section](https://fly.io/docs/reference/services/#notes-on-networking).
-
-Example:
-
-```cmd
-fly ips allocate-v4 -a my-app-name
-```
-```out
-TYPE ADDRESS    REGION CREATED AT
-v4   37.16.9.52 global 7s ago
-```
-
-The app will answer on this IP address, and after a small delay, at `my-app-name.fly.dev`.
-
-### Get application details
-
-Get details about an application, like its organization slug and name. Also, to check if the app exists!
-<%= partial "machines/get_app_req" %>
-<%= partial "machines/get_app_resp" %>
-
-### Set application secrets
-
-For sensitive environment variables, such as credentials, you can set [secrets](https://fly.io/docs/reference/secrets/) as you would for standard Fly apps using flyctl:
-
-<%= partial "docs/partials/set_secrets", locals: { app_name: "my-app-name" } %>
-
-Machines inherit secrets from the app. Existing machines must be [updated](#update-a-machine) to pick up secrets set after the machine was created.
-
-For non-sensitive information, you _can_ set different environment variables per machine at creation time.
-
-### Create a machine
-
-Create machine, which starts running immediately. This is where you configure the machine characteristics, like its CPU and memory. You can also allow connections from the internet through the Fly proxy. Learn more about this behavior in the [networking section](#networking).
-
-Following this call, you can make a [blocking API request](#wait-for-a-machine-to-start) to wait for a machine to start.
-
-The only required parameter is `image` in the `config` object. Other parameters:
-
-`name`: Unique name for this machine. If omitted, one is generated for you.
-
-`region`: The target region. Omitting this param launches in the same region as your WireGuard peer connection (somewhere near you).
-
-`config`: An object defining the machine configuration. Options
-
-* `image`: The Docker image to run
-* `guest`: An object with the following options:
-  - `cpus`: Number of vCPUs (default 1)
-  - `memory_mb`: Memory in megabytes as multiples of 256 (default 256)
-  - `kernel_args`: Optional array of strings. Arguments passed to the kernel
-
-* `env`: An object filled with key/value pairs to be set as environment variables
-* `services`: An array of objects that define a single network service. Check the [machines networking section](#networking) for more information. Options:
-
-  - `protocol`: `tcp` or `udp`. [Learn more about running raw TCP/UDP services](https://fly.io/docs/app-guides/udp-and-tcp/).
-  - `concurrency`: load balancing concurrency settings
-      + `type`: `connections` (TCP) or `requests` (HTTP). Defaults to connections.
-      + `soft_limit`: "ideal" service concurrency. We will attempt to spread load to keep services at or below this limit
-      + `hard_limit`: maximum allowed concurrency. We will queue or reject when a service is at this limit
-  - `internal_port`: Port the machine VM listens on
-  - `ports`: An array of objects defining the service's ports and associated handlers. Options:
-      + `port`: Public-facing port number
-      + `handlers`: Array of [connection handlers](https://fly.io/docs/reference/services/#connection-handlers) for TCP-based services.
-* `processes`: An optional array of objects defining multiple processes to run within a VM
-  - `name`: Process name
-  - `entrypoint`: An array of strings. The process that will run
-  - `cmd`: An array of strings. The arguments passed to the entrypoint
-  - `env`: An object filled with key/value pairs to be set as environment variables
-  - `user`: An optional user that the process runs under
-* `schedule`: Optionally one of `hourly`, `daily`, `weekly`, `monthly`. Runs machine at the given interval. Interval starts at time of machine creation
-
-* `mounts`: An array of objects that reference previously created [persistent volumes](https://fly.io/docs/volumes/). Currently, you may only mount *one volume* per VM.
-  - `volume`: The volume ID, visible in `fly volumes list`, i.e. `vol_2n0l3vl60qpv635d`
-  - `path`: Absolute path on the VM where the volume should be mounted. i.e. `/data`
-
-<%= partial "machines/launch_req" %>
-<%= partial "machines/launch_resp" %>
-
-### Wait for a machine to reach a Specified State
-
-Wait for a machine to reach a specific state. Specify the desired state with the `state` parameter.  See the [table below](#machine-states) for a list of possible states.  The default for this parameter is `started`.
-
-This request will block for up to 60 seconds. Set a longer timeout with the `timeout` parameter.
-
-
-<%= partial "machines/wait_req" %>
-<%= partial "machines/wait_resp" %>
-
-### Get a Machine
-
-Given a machine ID, fetch details about it.
-
-<%= partial "machines/get_req" %>
-<%= partial "machines/get_resp" %>
-
-### Update a Machine
-
-`region` and `name` are immutable and cannot be updated. Updating the `config` requires specifying the complete config.
-
-<%= partial "machines/update_req" %>
-<%= partial "machines/update_resp" %>
-
-### Stop a Machine
-
-Stopping a machine will shut down the VM, but not destroy it. The VM may be started again with `machines/start`.
-
-<%= partial "machines/stop_req" %>
-<%= partial "machines/stop_resp" %>
-
-### Start a Machine
-
-Start a previously stopped machine.  Machines that are restarted are completely
-reset to their original state so that they start clean on the next run.
-
-<%= partial "machines/start_req" %>
-<%= partial "machines/start_resp" %>
-
-### Delete a Machine permanently
-
-Delete a machine, never to be seen again. This action cannot be undone!
-
-<%= partial "machines/delete_req" %>
-<%= partial "machines/delete_resp" %>
-
-### List machines for an app
-
-<%= partial "machines/list_req" %>
-<%= partial "machines/list_resp" %>
-
-### Delete a Fly application
-
-Machines should be stopped before attempting deletion. Pass `force=true` to stop and delete immediately.
-
-<%= partial "machines/delete_app" %>
-
-### Lease a machine
-
-Machine leases can be used to obtain an exclusive lock on modifying a machine.
-
-<%= partial "machines/lease_req" %>
-<%= partial "machines/lease_resp" %>
-<%= partial "machines/lease" %>
-
-## Notes on Networking
-
-Machines are closed to the public internet by default. To make them accessible via the associated application, you need to:
-
-* Allocate an IP address to the application
-* Adding one or more `services` to the machine config with ports and handlers, as seen in the launch example here
-
-For an application with a single machine, all requests will be routed to that machine. A machine in the `stopped` state will be started up
-automatically when a request arrives.
-
-For an application with multiple machines with the same configuration, requests will be distributed across them. Warm-start behavior in this situation
-is not well-defined now, so should not be relied upon for apps with multiple machines.
-
-## Machine States
-
-This table explains the possible machine states. A machine may only be in one state at a time.
-
-<table class="table-stripe table-stretch table-pad text-lg whitespace-nowrap m-0">
-  <tbody>
-    <tr>
-      <td class="font-bold">created</td>
-      <td>Initial status</td>
-    </tr>
-    <tr>
-      <td class="font-bold">started</td>
-      <td>Running and network-accessible</td>
-    </tr>
-    <tr>
-      <td class="font-bold">stopping</td>
-      <td>Transitioning from `started` to `stopped`</td>
-    </tr>
-    <tr>
-      <td class="font-bold">stopped</td>
-      <td>Exited, either on its own or explicitly stopped</td>
-    </tr>
-    <tr>
-      <td class="font-bold">replacing</td>
-      <td>User-initiated configuration change (image, VM size, etc.) in progress</td>
-    </tr>
-    <tr>
-      <td class="font-bold">destroying</td>
-      <td>User asked for the machine to be completely removed</td>
-    </tr>
-    <tr>
-      <td class="font-bold">destroyed</td>
-      <td>No longer exists</td>
-    </tr>
-    </tbody>
-  </table>
-
-
-Internal note: the replaced state is only possible when requesting a specific instance_id.
diff --git a/reference/machines/_machines_cordon_req.erb b/reference/machines/_machines_cordon_req.erb
new file mode 100644
index 0000000000..8578f13ab3
--- /dev/null
+++ b/reference/machines/_machines_cordon_req.erb
@@ -0,0 +1,3 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/cordon"
\ No newline at end of file
diff --git a/reference/machines/_machines_create_req.erb b/reference/machines/_machines_create_req.erb
new file mode 100644
index 0000000000..34f8c3a461
--- /dev/null
+++ b/reference/machines/_machines_create_req.erb
@@ -0,0 +1,23 @@
+curl -i -X POST \\
+  -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+  "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines" \\
+  -d '{
+    "config": {
+      "init": {
+        "exec": [
+          "/bin/sleep",
+          "inf"
+        ]
+      },
+      "image": "registry-1.docker.io/library/ubuntu:latest",
+      "auto_destroy": true,
+      "restart": {
+        "policy": "always"
+      },
+      "guest": {
+        "cpu_kind": "shared",
+        "cpus": 1,
+        "memory_mb": 256
+      }
+    }
+  }'
\ No newline at end of file
diff --git a/reference/machines/_machines_create_resp.erb b/reference/machines/_machines_create_resp.erb
new file mode 100644
index 0000000000..6734bff344
--- /dev/null
+++ b/reference/machines/_machines_create_resp.erb
@@ -0,0 +1,47 @@
+{
+  "id": "1857156b526dd8",
+  "name": "aged-thunder-7371",
+  "state": "created",
+  "region": "ord",
+  "image_ref": {
+    "registry": "registry-1.docker.io",
+    "repository": "library/ubuntu",
+    "tag": "latest",
+    "digest": "sha256:c9cf959fd83770dfdefd8fb42cfef0761432af36a764c077aed54bbc5bb25368",
+    "labels": {
+      "org.opencontainers.image.ref.name": "ubuntu",
+      "org.opencontainers.image.version": "22.04"
+    }
+  },
+  "instance_id": "01HEPA330HZ37A78TK080NAK1M",
+  "private_ip": "fdaa:ff:ff:a7b:195:e229:8038:2",
+  "created_at": "2023-11-08T01:52:30Z",
+  "updated_at": "2023-11-08T01:52:30Z",
+  "config": {
+    "init": {
+      "exec": [
+        "/bin/sleep",
+        "inf"
+      ]
+    },
+    "image": "registry-1.docker.io/library/ubuntu:latest",
+    "auto_destroy": true,
+    "restart": {
+      "policy": "always"
+    },
+    "guest": {
+      "cpu_kind": "shared",
+      "cpus": 1,
+      "memory_mb": 256
+    },
+    "dns": {}
+  },
+  "events": [
+    {
+      "type": "launch",
+      "status": "created",
+      "source": "user",
+      "timestamp": 1699408350300
+    }
+  ]
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_create_serv_req.erb b/reference/machines/_machines_create_serv_req.erb
new file mode 100644
index 0000000000..cf0f3bd128
--- /dev/null
+++ b/reference/machines/_machines_create_serv_req.erb
@@ -0,0 +1,43 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines" \\
+  -d '{
+      "name": "my-app-name",
+      "config": {
+        "image": "flyio/fastify-functions",
+        "env": {
+          "APP_ENV": "production"
+        "services": [
+          {
+            "ports": [
+              {
+                "port": 443,
+                "handlers": [
+                  "tls",
+                  "http"
+                ]
+              },
+              {
+                "port": 80,
+                "handlers": [
+                  "http"
+                ]
+              }
+            ],
+            "protocol": "tcp",
+            "internal_port": 8080
+          }
+        ],
+        "checks": {
+            "httpget": {
+                "type": "http",
+                "port": 8080,
+                "method": "GET",
+                "path": "/",
+                "interval": "15s",
+                "timeout": "10s"
+                }
+            }
+        }
+    }
+}'
diff --git a/reference/machines/_machines_create_serv_resp.erb b/reference/machines/_machines_create_serv_resp.erb
new file mode 100644
index 0000000000..b99e2629b3
--- /dev/null
+++ b/reference/machines/_machines_create_serv_resp.erb
@@ -0,0 +1,69 @@
+{
+  "id": "73d8d46dbee589",
+  "name": "my-app-name",
+  "state": "starting",
+  "region": "cdg",
+  "instance_id": "01G3SHPT434MNW8TS4ENX11RQY",
+  "private_ip": "fdaa:0:3ec2:a7b:5adc:6068:5b85:2",
+  "config": {
+    "env": {
+      "APP_ENV": "production"
+    },
+    "init": {
+      "exec": null,
+      "entrypoint": null,
+      "cmd": null,
+      "tty": false
+    },
+    "image": "flyio/fastify-functions",
+    "metadata": null,
+    "restart": {
+      "policy": ""
+    },
+    "services": [
+      {
+        "internal_port": 8080,
+        "ports": [
+          {
+            "handlers": [
+              "tls",
+              "http"
+            ],
+            "port": 443
+          },
+          {
+            "handlers": [
+              "http"
+            ],
+            "port": 80
+          }
+        ],
+        "protocol": "tcp"
+      }
+    ],
+    "guest": {
+      "cpu_kind": "shared",
+      "cpus": 1,
+      "memory_mb": 256
+    },
+    "checks": {
+      "httpget": {
+        "type": "http",
+        "port": 8080,
+        "interval": "15s",
+        "timeout": "10s",
+        "method": "GET",
+        "path": "/"
+      }
+  },
+  "image_ref": {
+    "registry": "registry-1.docker.io",
+    "repository": "flyio/fastify-functions",
+    "tag": "latest",
+    "digest": "sha256:e15c11a07e1abbc50e252ac392a908140b199190ab08963b3b5dffc2e813d1e8",
+    "labels": {
+    }
+  },
+  "created_at": "2022-05-23T22:48:21Z"
+ }
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_delete_req.erb b/reference/machines/_machines_delete_req.erb
new file mode 100644
index 0000000000..f9f6c3d102
--- /dev/null
+++ b/reference/machines/_machines_delete_req.erb
@@ -0,0 +1,3 @@
+curl -i -X DELETE \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/24d896dec64879?force=true"
\ No newline at end of file
diff --git a/reference/machines/_machines_get_req.erb b/reference/machines/_machines_get_req.erb
new file mode 100644
index 0000000000..041036e554
--- /dev/null
+++ b/reference/machines/_machines_get_req.erb
@@ -0,0 +1,3 @@
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589"
\ No newline at end of file
diff --git a/reference/machines/_machines_get_resp.erb b/reference/machines/_machines_get_resp.erb
new file mode 100644
index 0000000000..739349a498
--- /dev/null
+++ b/reference/machines/_machines_get_resp.erb
@@ -0,0 +1,31 @@
+{
+    "id": "a5c5de9ce64ca12",
+    "name": "aged-wind-2649",
+    "state": "started",
+    "region": "ord",
+    "image_ref": {
+      "registry": "registry-1.docker.io",
+      "repository": "rebelthor/sleep",
+      "tag": "latest",
+      "digest": "sha256:597c3e12f830132be2aa69b4c0deccb0657ea4253e6d59c6f38e41e9f69a0add"
+    },
+    "instance_id": "1RREBN3T5K95DK9IVP4XHTTPEY2",
+    "private_ip": "fdaa:0:18:a7b:196:e274:9ce1:2",
+    "created_at": "2023-10-31T02:30:10Z",
+    "updated_at": "2023-10-31T02:35:26Z",
+    "config": { /* Fly Machine Config */ },
+    "events": [
+      {
+        "type": "start",
+        "status": "started",
+        "source": "flyd",
+        "timestamp": 1698719726615
+      },
+      {
+        "type": "launch",
+        "status": "created",
+        "source": "user",
+        "timestamp": 1698719723203
+      }
+    ]
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_lease_create_req.erb b/reference/machines/_machines_lease_create_req.erb
new file mode 100644
index 0000000000..80771af194
--- /dev/null
+++ b/reference/machines/_machines_lease_create_req.erb
@@ -0,0 +1,7 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/3d8d413b29d089/lease" \\
+    -d '{
+        "description": "",
+        "ttl": 500
+    }'
diff --git a/reference/machines/_machines_lease_create_resp.erb b/reference/machines/_machines_lease_create_resp.erb
new file mode 100644
index 0000000000..40a4abdfd9
--- /dev/null
+++ b/reference/machines/_machines_lease_create_resp.erb
@@ -0,0 +1,10 @@
+{
+  "status": "success",
+  "data": {
+    "nonce": "5c35f65c9f95",
+    "expires_at": 1708569778,
+    "owner": "hello@fly.io",
+    "description": "",
+    "version": "01HQ73A7BFFDF1B6WMGHFZZ4E7"
+    }
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_lease_get_req.erb b/reference/machines/_machines_lease_get_req.erb
new file mode 100644
index 0000000000..3ea1d8e464
--- /dev/null
+++ b/reference/machines/_machines_lease_get_req.erb
@@ -0,0 +1,3 @@
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/3d8d413b29d089/lease"
diff --git a/reference/machines/_machines_lease_get_resp.erb b/reference/machines/_machines_lease_get_resp.erb
new file mode 100644
index 0000000000..40a4abdfd9
--- /dev/null
+++ b/reference/machines/_machines_lease_get_resp.erb
@@ -0,0 +1,10 @@
+{
+  "status": "success",
+  "data": {
+    "nonce": "5c35f65c9f95",
+    "expires_at": 1708569778,
+    "owner": "hello@fly.io",
+    "description": "",
+    "version": "01HQ73A7BFFDF1B6WMGHFZZ4E7"
+    }
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_lease_release_req.erb b/reference/machines/_machines_lease_release_req.erb
new file mode 100644
index 0000000000..473dbb759f
--- /dev/null
+++ b/reference/machines/_machines_lease_release_req.erb
@@ -0,0 +1,3 @@
+curl -i -X DELETE \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" -H "fly-machine-lease-nonce: fed368b018e9" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/3d8d413b29d089/lease" 
\ No newline at end of file
diff --git a/reference/machines/_machines_lease_release_resp.erb b/reference/machines/_machines_lease_release_resp.erb
new file mode 100644
index 0000000000..246f5a97c0
--- /dev/null
+++ b/reference/machines/_machines_lease_release_resp.erb
@@ -0,0 +1,6 @@
+{
+    "status": "success",
+    "data": {
+                "ok": true
+    }
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_list_req.erb b/reference/machines/_machines_list_req.erb
new file mode 100644
index 0000000000..45f89e26bb
--- /dev/null
+++ b/reference/machines/_machines_list_req.erb
@@ -0,0 +1,3 @@
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines" 
diff --git a/reference/machines/_machines_list_resp.erb b/reference/machines/_machines_list_resp.erb
new file mode 100644
index 0000000000..7421a4a6af
--- /dev/null
+++ b/reference/machines/_machines_list_resp.erb
@@ -0,0 +1,47 @@
+[
+  {
+    "id": "a5c5de9ce64ca12",
+    "name": "aged-wind-2649",
+    "state": "started",
+    "region": "ord",
+    "image_ref": {
+      "registry": "registry-1.docker.io",
+      "repository": "rebelthor/sleep",
+      "tag": "latest",
+      "digest": "sha256:597c3e12f830132be2aa69b4c0deccb0657ea4253e6d59c6f38e41e9f69a0add"
+    },
+    "instance_id": "1RREBN3T5K95DK9IVP4XHTTPEY2",
+    "private_ip": "fdaa:0:18:a7b:196:e274:9ce1:2",
+    "created_at": "2023-10-31T02:30:10Z",
+    "updated_at": "2023-10-31T02:35:26Z",
+    "config": { /* Fly Machine Config */ },
+    "events": [
+      {
+        "type": "start",
+        "status": "started",
+        "source": "flyd",
+        "timestamp": 1698719726615
+      },
+      {
+        "type": "launch",
+        "status": "created",
+        "source": "user",
+        "timestamp": 1698719723203
+      }
+    ]
+  },
+  {
+    "id": "9c487adb2596113",
+    "name": "summer-sun-916",
+    "state": "started",
+    "region": "ord",
+    "image_ref": {
+      "registry": "registry.fly.io",
+      "repository": "teamcoco",
+      "digest": "sha256:5615ef423504d56ae345ccff9db54796d589965da953297f5785042df0628452"
+    },
+
+    ...
+
+  }
+]
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_delete_req.erb b/reference/machines/_machines_metadata_delete_req.erb
new file mode 100644
index 0000000000..d224daaa33
--- /dev/null
+++ b/reference/machines/_machines_metadata_delete_req.erb
@@ -0,0 +1,3 @@
+curl -i -X DELETE \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/9080e339b57798/metadata/foo-key" 
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_delete_resp.erb b/reference/machines/_machines_metadata_delete_resp.erb
new file mode 100644
index 0000000000..9117a881b9
--- /dev/null
+++ b/reference/machines/_machines_metadata_delete_resp.erb
@@ -0,0 +1 @@
+no body
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_get_req.erb b/reference/machines/_machines_metadata_get_req.erb
new file mode 100644
index 0000000000..ac74737e99
--- /dev/null
+++ b/reference/machines/_machines_metadata_get_req.erb
@@ -0,0 +1,3 @@
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/9080e339b57798/metadata"
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_get_resp.erb b/reference/machines/_machines_metadata_get_resp.erb
new file mode 100644
index 0000000000..a56275f70c
--- /dev/null
+++ b/reference/machines/_machines_metadata_get_resp.erb
@@ -0,0 +1,7 @@
+{
+  "fly_flyctl_version":"0.2.8",
+  "fly_platform_version":"v2",
+  "fly_process_group":"app",
+  "fly_release_id":"Nj7oGMlVVpZ7JToybJoXLLjMl",
+  "fly_release_version":"63"
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_update_req.erb b/reference/machines/_machines_metadata_update_req.erb
new file mode 100644
index 0000000000..82990160c4
--- /dev/null
+++ b/reference/machines/_machines_metadata_update_req.erb
@@ -0,0 +1,6 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/9080e339b57798/metadata/foo-key" \\
+    -d '{
+        "value":"bar"
+        }'
\ No newline at end of file
diff --git a/reference/machines/_machines_metadata_update_resp.erb b/reference/machines/_machines_metadata_update_resp.erb
new file mode 100644
index 0000000000..9117a881b9
--- /dev/null
+++ b/reference/machines/_machines_metadata_update_resp.erb
@@ -0,0 +1 @@
+no body
\ No newline at end of file
diff --git a/reference/machines/_machines_ok_true_resp.erb b/reference/machines/_machines_ok_true_resp.erb
new file mode 100644
index 0000000000..47971aa3cb
--- /dev/null
+++ b/reference/machines/_machines_ok_true_resp.erb
@@ -0,0 +1,3 @@
+{
+  "ok": true
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_start_req.erb b/reference/machines/_machines_start_req.erb
new file mode 100644
index 0000000000..5bd04dbc22
--- /dev/null
+++ b/reference/machines/_machines_start_req.erb
@@ -0,0 +1,3 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/start" 
\ No newline at end of file
diff --git a/reference/machines/_machines_start_resp.erb b/reference/machines/_machines_start_resp.erb
new file mode 100644
index 0000000000..e8731b9754
--- /dev/null
+++ b/reference/machines/_machines_start_resp.erb
@@ -0,0 +1,5 @@
+{
+    "previous_state": "stopped",
+    "migrated": false,
+    "new_host": ""
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_stop_req.erb b/reference/machines/_machines_stop_req.erb
new file mode 100644
index 0000000000..8126435730
--- /dev/null
+++ b/reference/machines/_machines_stop_req.erb
@@ -0,0 +1,3 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/stop"
\ No newline at end of file
diff --git a/reference/machines/_machines_suspend_req.erb b/reference/machines/_machines_suspend_req.erb
new file mode 100644
index 0000000000..f83edf71d5
--- /dev/null
+++ b/reference/machines/_machines_suspend_req.erb
@@ -0,0 +1,3 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/suspend"
\ No newline at end of file
diff --git a/reference/machines/_machines_uncordon_req.erb b/reference/machines/_machines_uncordon_req.erb
new file mode 100644
index 0000000000..9b53d68aca
--- /dev/null
+++ b/reference/machines/_machines_uncordon_req.erb
@@ -0,0 +1,3 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/uncordon"
diff --git a/reference/machines/_machines_update_req.erb b/reference/machines/_machines_update_req.erb
new file mode 100644
index 0000000000..45bad2ffad
--- /dev/null
+++ b/reference/machines/_machines_update_req.erb
@@ -0,0 +1,37 @@
+curl -i -X POST \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589" \\
+  -d '{
+      "config": {
+        "image": "flyio/fastify-functions",
+        "guest": {
+          "memory_mb": 512,
+          "cpus": 2,
+          "cpu_kind": "shared"
+        },
+        "env": {
+          "APP_ENV": "production"
+        },
+        "services": [
+          {
+            "ports": [
+              {
+                "port": 443,
+                "handlers": [
+                  "tls",
+                  "http"
+                ]
+              },
+              {
+                "port": 80,
+                "handlers": [
+                  "http"
+                ]
+              }
+            ],
+            "protocol": "tcp",
+            "internal_port": 8080
+          }
+        ]
+      }
+    }'
\ No newline at end of file
diff --git a/reference/machines/_machines_update_resp.erb b/reference/machines/_machines_update_resp.erb
new file mode 100644
index 0000000000..05be276767
--- /dev/null
+++ b/reference/machines/_machines_update_resp.erb
@@ -0,0 +1,37 @@
+
+{
+  "id": "73d8d46dbee589",
+  "name": "lingering-moon-48",
+  "state": "starting",
+  "region": "cdg",
+  "instance_id": "01G3SHPYE8XZ58GD4XRRF9CCKC",
+  "private_ip": "fdaa:0:3ec2:a7b:5adc:6068:5b85:2",
+  "config": {
+    "env": null,
+    "init": {
+      "exec": null,
+      "entrypoint": null,
+      "cmd": null,
+      "tty": false
+    },
+    "image": "flyio/fastify-functions",
+    "metadata": null,
+    "restart": {
+      "policy": ""
+    },
+    "guest": {
+      "cpu_kind": "",
+      "cpus": 2,
+      "memory_mb": 512
+    }
+  },
+  "image_ref": {
+    "registry": "registry-1.docker.io",
+    "repository": "flyio/fastify-functions",
+    "tag": "latest",
+    "digest": "sha256:e15c11a07e1abbc50e252ac392a908140b199190ab08963b3b5dffc2e813d1e8",
+    "labels": {
+    }
+  },
+  "created_at": "2022-05-23T22:48:21Z"
+}
\ No newline at end of file
diff --git a/reference/machines/_machines_wait_req.erb b/reference/machines/_machines_wait_req.erb
new file mode 100644
index 0000000000..145c7b0499
--- /dev/null
+++ b/reference/machines/_machines_wait_req.erb
@@ -0,0 +1,3 @@
+curl -i -X GET \\
+    -H "Authorization: Bearer ${FLY_API_TOKEN}" -H "Content-Type: application/json" \\
+    "${FLY_API_HOSTNAME}/v1/apps/my-app-name/machines/73d8d46dbee589/wait?state=stopped&instance_id=01HMVXC16ED6SHK9452AF029Y7"
\ No newline at end of file
diff --git a/reference/metrics.html.md b/reference/metrics.html.md
deleted file mode 100644
index a5298d8e6b..0000000000
--- a/reference/metrics.html.md
+++ /dev/null
@@ -1,387 +0,0 @@
----
-title: Metrics on Fly.io
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-The Fly platform includes a fully-managed metrics solution to help you easily monitor your Fly apps.
-It includes the following components:
-
-- [**Prometheus on Fly.io**](#prometheus-on-fly-io): Managed, Prometheus-compatible time series storage
-- [**Dashboards**](#dashboards): Managed Grafana with detailed visualizations of all built-in metrics
-- [**Built-in Metrics**](#built-in-metrics): Metrics automatically sent from every Fly app you deploy
-- [**Custom Metrics**](#custom-metrics): Expose additional metrics from Fly apps for further customization
-
-## Prometheus on Fly.io
-
-[Prometheus](https://prometheus.io/) is a popular open source monitoring system used to store and query metrics efficiently,
-with a stable [HTTP querying API](https://prometheus.io/docs/prometheus/latest/querying/api/) compatible with a range of systems.
-
-**Prometheus on Fly.io** is a fully-managed service based on [VictoriaMetrics](https://victoriametrics.com/).
-It [supports](https://docs.victoriametrics.com/#prometheus-querying-api-usage) most common Prometheus querying API endpoints:
-- [`/api/v1/query`](https://prometheus.io/docs/prometheus/latest/querying/api/#instant-queries)
-- [`/api/v1/query_range`](https://prometheus.io/docs/prometheus/latest/querying/api/#range-queries)
-- [`/api/v1/series`](https://prometheus.io/docs/prometheus/latest/querying/api/#finding-series-by-label-matchers)
-- [`/api/v1/labels`](https://prometheus.io/docs/prometheus/latest/querying/api/#getting-label-names)
-- [`/api/v1/label/<label_name>/values`](https://prometheus.io/docs/prometheus/latest/querying/api/#querying-label-values)
-- [`/api/v1/status/tsdb`](https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-stats)
-- [`/api/v1/targets`](https://prometheus.io/docs/prometheus/latest/querying/api/#targets)
-- [`/federate`](https://prometheus.io/docs/prometheus/latest/federation/)
-
-Note that [remote read](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) (`/api/v1/read`) [remote storage integration](https://prometheus.io/docs/prometheus/latest/storage/#remote-storage-integrations)
-is [not supported](https://docs.victoriametrics.com/FAQ.html#why-doesnt-victoriametrics-support-the-prometheus-remote-read-api).
-
-### MetricsQL
-
-Prometheus queries are typically based on the [PromQL](https://prometheus.io/docs/prometheus/latest/querying/basics/) query language.
-Prometheus on Fly.io queries use VictoriaMetrics [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html),
-a backwards-compatible query language that fixes user experience issues and adds
-useful features and functions on top of PromQL.
-
-Key features:
-
-- [Better `rate()` and `increase()`](https://medium.com/@romanhavronenko/victoriametrics-promql-compliance-d4318203f51e#cade)
-functions that just work. No need for [`irate` workarounds](https://www.percona.com/blog/2020/02/28/better-prometheus-rate-function-with-victoriametrics/)
-or appending Grafana's [magical `$__rate_interval`](https://grafana.com/blog/2020/09/28/new-in-grafana-7.2-__rate_interval-for-prometheus-rate-queries-that-just-work/) selector to every query.
-In fact, you can even omit the square brackets entirely and MetricsQL will do the right thing.
-- Many more [label manipulation functions](https://docs.victoriametrics.com/MetricsQL.html#label-manipulation-functions)
-such as `drop_common_labels`, `label_set`, etc.
-- [`topk_avg`](https://docs.victoriametrics.com/MetricsQL.html#topk_avg), which returns the top `k` time series averaged
-across the entire series range (not just individual points), plus the sum of all remaining series in an "other" label.
-Useful for giving a small, filtered view across a potentially large number of series.
-
-### Querying
-
-Queries can be sent to the following endpoint:
-```
-https://api.fly.io/prometheus/<org-slug>/
-```
-
-You'll need to authenticate with a Fly Access Token sent in the [standard](https://www.rfc-editor.org/rfc/rfc6750.html) Bearer Token format (e.g., an HTTP request header `Authorization: Bearer <TOKEN>`), and you may only query series scoped to your organizations.
-
-#### Manually
-
-**Find your Organization slug**
-
-```cmd
-flyctl orgs list
-ORG_SLUG=[org-slug]
-```
-
-**Get an access token**
-
-```cmd
-TOKEN=$(flyctl auth token)
-```
-
-**Test it out!**
-
-```shell
-curl https://api.fly.io/prometheus/$ORG_SLUG/api/v1/query \
-  --data-urlencode 'query=sum(increase(fly_edge_http_responses_count)) by (app, status)' \
-  -H "Authorization: Bearer $TOKEN"
-```
-
-## Dashboards
-
-For more advanced metrics monitoring, you can use dashboards to organize and visualize complex Prometheus
-queries.
-
-The Metrics tab on the [Fly.io Dashboard](https://fly.io/dashboard) provides an overview
-of your Fly apps using the built-in metrics stored in Prometheus.
-
-### Managed Grafana [Preview]
-
-[Grafana](https://grafana.com/) is a popular open source data visualization web application, that allows you to
-compose queries against data sources into dynamic, reusable dashboards.
-
-We provide a managed Grafana instance at [fly-metrics.net](https://fly-metrics.net), preconfigured with your
-Prometheus data source and detailed dashboards covering the full set of built-in metrics.
-
-You can also use the Explore panel to run ad-hoc queries against the preconfigured Prometheus datasource,
-or create/import additional dashboards for further customization or to visualize custom metrics.
-
-Switch between your Fly.io Organizations by clicking the "Switch organization" link beneath
-the user icon in the lower-left of the screen.
-
-Note: Managed Grafana is still an early preview release.
-
-### External or self-hosted Grafana
-
-You can also configure your Prometheus endpoint with an existing Grafana installation, or [host one on Fly.io](https://github.com/fly-apps/grafana). Either way, you set it up thusly:
-
-1. [Add](https://grafana.com/docs/grafana/latest/datasources/add-a-data-source/) a [Prometheus data source](https://grafana.com/docs/grafana/latest/datasources/prometheus/) (Settings -> Data Sources -> Add data source -> Prometheus)
-2. Fill the form with the following:
-- HTTP -> URL: `https://api.fly.io/prometheus/<org-slug>/`
-- Custom HTTP Headers -> + Add Header:
-   - Header: `Authorization`, Value: `Bearer <token>`
-
-You're all set.
-
-We publish our [Fly.io Dashboards](https://grafana.com/grafana/dashboards/14741) to Grafana.com for use with external Grafana instances.
-To install, just [import the dashboard](https://grafana.com/docs/grafana/latest/dashboards/export-import/#import-dashboard) using the listed IDs.
-If you'd like to contribute changes to the dashboards, we have created a [repository](https://github.com/superfly/dashboards) for them.
-
-## Built-in metrics
-
-Fly apps automatically publish a number of built-in metrics.
-
-[Metric types](https://prometheus.io/docs/concepts/metric_types/) are all [Gauges](https://prometheus.io/docs/concepts/metric_types/#gauge)
-unless otherwise marked.
-
-Metrics with names ending in `_count` are all [Counters](https://prometheus.io/docs/concepts/metric_types/#counter).
-
-[Histogram](https://prometheus.io/docs/concepts/metric_types/#histogram) metrics with a base name of `<name>` expose multiple series:
-- `<name>_bucket{le}`
-- `<name>_sum`
-- `<name>_count`
-
-### Standard Labels
-
-All published series include the following labels:
-
-- `app`: App name
-- `region`: [Fly.io Region](https://fly.io/docs/reference/regions/#fly-io-regions)
-- `host`: 4-character host ID (lowercase hexadecimal)
-- `instance`: App instance ID (for all series except `fly_edge_` and `fly_volume_`)
-
-If your app exposes custom metrics with the same labels, they will be overwritten.
-
-### Proxy series
-
-Any app using a TCP-based handler (HTTP, TLS or straight TCP) publishes `edge` and `app` proxy metrics:
-
-Labels:
-- `proxy_id`: "blue" or "green" (flips when the proxy is restarted/updated)
-
-#### Edge - `fly_edge_`
-
-```
-fly_edge_http_responses_count{status}
-fly_edge_http_response_time_seconds{status} (Histogram)
-fly_edge_tcp_connects_count
-fly_edge_tcp_disconnects_count
-fly_edge_data_out (Counter, bytes)
-fly_edge_data_in (Counter, bytes)
-fly_edge_tls_handshake_errors{servername} (Counter)
-fly_edge_tls_handshake_time_seconds{version} (Histogram)
-```
-
-#### App - `fly_app_`
-```
-fly_app_concurrency
-fly_app_http_responses_count{status}
-fly_app_http_response_time_seconds{status} (Histogram)
-fly_app_connect_time_seconds (Histogram)
-fly_app_tcp_connects_count
-fly_app_tcp_disconnects_count
-```
-
-### Instance series - `fly_instance_`
-
-Derived from the [`/proc` filesystem](https://www.kernel.org/doc/html/latest/filesystems/proc.html) of your app VMs.
-
-`fly_instance_up = 1` shows the VM is reporting correctly.
-
-#### Instance memory - `fly_instance_memory_`
-
-Derived from [`/proc/meminfo`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#meminfo). All units are in *bytes*.
-
-```
-fly_instance_memory_mem_total
-fly_instance_memory_mem_free
-fly_instance_memory_mem_available
-fly_instance_memory_buffers
-fly_instance_memory_cached
-fly_instance_memory_swap_cached
-fly_instance_memory_active
-fly_instance_memory_inactive
-fly_instance_memory_swap_total
-fly_instance_memory_swap_free
-fly_instance_memory_dirty
-fly_instance_memory_writeback
-fly_instance_memory_slab
-fly_instance_memory_shmem
-fly_instance_memory_vmalloc_total
-fly_instance_memory_vmalloc_used
-fly_instance_memory_vmalloc_chunk
-```
-#### Instance Load and CPU
-
-- `load_average` is derived from [`/proc/loadavg`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#id11) ([`getloadavg`](https://man7.org/linux/man-pages/man3/getloadavg.3.html)). It's a ["system load average"](https://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html) measuring the number of processes in the system run queue, with samples representing averages over 1, 5, and 15 `minutes`.
-
-- `cpu` is derived from [`/proc/stat`](https://www.kernel.org/doc/html/latest/filesystems/proc.html#miscellaneous-kernel-statistics-in-proc-stat),
-and counts the amount of time each CPU (`cpu_id`) has spent performing different kinds of work (`mode`, which may be one of `user`, `nice`, `system`, `idle`, `iowait`, `irq`, `softirq`, `steal`, `guest`, `guest_nice`).  
-The time unit is 'clock ticks' of centiseconds (0.01 seconds).
-
-```
-fly_instance_load_average{minutes}
-fly_instance_cpu{cpu_id, mode} (Counter, centiseconds)
-```
-#### Instance Disks - `fly_instance_disk_`
-
-Counters derived from fields 1-11 of [`/proc/diskstats`](https://www.kernel.org/doc/html/latest/admin-guide/iostats.html). The unit for `time_` series is **milliseconds**, and the unit for `sectors_` is 512-byte sectors.
-
-Labels:
-- `device`: Published for the ephemeral VM root disk (`vdb`) and any mounted Volume (`vdc`).
-
-```
-fly_instance_disk_reads_completed
-fly_instance_disk_reads_merged
-fly_instance_disk_sectors_read
-fly_instance_disk_time_reading
-fly_instance_disk_writes_completed
-fly_instance_disk_writes_merged
-fly_instance_disk_sectors_written
-fly_instance_disk_time_writing
-fly_instance_disk_io_in_progress
-fly_instance_disk_time_io
-fly_instance_disk_time_io_weighted
-```
-
-#### Instance Networking - `fly_instance_net_`
-
-Counters derived from [`/proc/net/dev`](https://www.kernel.org/doc/html/latest/networking/statistics.html#procfs).
-
-Labels:
-- `device`: interface name, either `eth0` or `dummy0` (ignore).
-
-```
-fly_instance_net_recv_bytes
-fly_instance_net_recv_packets
-fly_instance_net_recv_errs
-fly_instance_net_recv_drop
-fly_instance_net_recv_fifo
-fly_instance_net_recv_frame
-fly_instance_net_recv_compressed
-fly_instance_net_recv_multicast
-fly_instance_net_sent_bytes
-fly_instance_net_sent_packets
-fly_instance_net_sent_errs
-fly_instance_net_sent_drop
-fly_instance_net_sent_fifo
-fly_instance_net_sent_colls
-fly_instance_net_sent_carrier
-fly_instance_net_sent_compressed
-```
-
-#### Instance File Descriptors - `fly_instance_filefd_`
-
-Information about allocated, and maximum allowed allocated file descriptors derived from [`/proc/sys/fs/file-nr`](https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#file-max-file-nr).
-
-```
-fly_instance_filefd_allocated
-fly_instance_filefd_maximum
-```
-
-#### Instance Filesystem - `fly_instance_filesystem_`
-
-Filesystem metrics derived from [VFS File System Information](https://man7.org/linux/man-pages/man0/sys_statvfs.h.0p.html).
-
-Labels:
-- `mount`: mountpoint name(s), `/` and if using [Volumes](https://fly.io/docs/reference/volumes/), the destination name in fly.toml.
-
-```
-fly_instance_filesystem_blocks
-fly_instance_filesystem_block_size
-fly_instance_filesystem_blocks_free
-fly_instance_filesystem_blocks_avail
-```
-
-### Volumes - `fly_volume_`
-
-Labels:
-- `id`: Volume ID
-
-If you're using [Volumes](https://fly.io/docs/volumes/) for any of your organization's apps, you'll be able to query these series,
-derived from the `LSize` and `Data%` of the volume's [thin LV](https://man7.org/linux/man-pages/man7/lvmthin.7.html).
-
-```
-fly_volume_size_bytes
-fly_volume_used_pct (0-100)
-```
-
-### Postgres - `pg_`
-
-If you have a [Postgres](https://fly.io/docs/reference/postgres/) database hosted on Fly.io, you'll automatically get the following series,
-published via [`postgres_exporter`](https://github.com/prometheus-community/postgres_exporter):
-
-```
-pg_stat_activity_count
-pg_stat_activity_max_tx_duration
-pg_stat_archiver_archived_count
-pg_stat_archiver_failed_count
-pg_stat_bgwriter_buffers_alloc
-pg_stat_bgwriter_buffers_backend_fsync
-pg_stat_bgwriter_buffers_backend
-pg_stat_bgwriter_buffers_checkpoint
-pg_stat_bgwriter_buffers_clean
-pg_stat_bgwriter_checkpoint_sync_time
-pg_stat_bgwriter_checkpoint_write_time
-pg_stat_bgwriter_checkpoints_req
-pg_stat_bgwriter_checkpoints_timed
-pg_stat_bgwriter_maxwritten_clean
-pg_stat_bgwriter_stats_reset
-pg_stat_database_blk_read_time
-pg_stat_database_blk_write_time
-pg_stat_database_blks_hit
-pg_stat_database_blks_read
-pg_stat_database_conflicts_confl_bufferpin
-pg_stat_database_conflicts_confl_deadlock
-pg_stat_database_conflicts_confl_lock
-pg_stat_database_conflicts_confl_snapshot
-pg_stat_database_conflicts_confl_tablespace
-pg_stat_database_conflicts
-pg_stat_database_deadlocks
-pg_stat_database_numbackends
-pg_stat_database_stats_reset
-pg_stat_database_tup_deleted
-pg_stat_database_tup_fetched
-pg_stat_database_tup_inserted
-pg_stat_database_tup_returned
-pg_stat_database_tup_updated
-pg_stat_database_xact_commit
-pg_stat_database_xact_rollback
-pg_stat_replication_pg_current_wal_lsn_bytes
-pg_stat_replication_pg_wal_lsn_diff
-pg_stat_replication_reply_time
-pg_replication_lag
-pg_database_size_bytes
-```
-
-## Custom Metrics
-
-For further customization beyond built-in metrics,
-Fly apps can expose a metrics endpoint we'll automatically scrape every 15 seconds and
-send the results to Prometheus.
-
-### Configuration
-
-Add a `[metrics]` section to your application's `fly.toml`:
-
-```toml
-[metrics]
-port = 9091
-path = "/metrics" # default for most prometheus exporters
-```
-
-If your app uses [multiple processes](/docs/apps/processes/), you can add multiple `[[metrics]]` sections, each with its own set of `processes`:
-
-```toml
-[[metrics]]
-port = 9394
-path = "/metrics"
-processes = ["web"]
-
-[[metrics]]
-port = 9113
-path = "/metrics"
-processes = ["proxy"]
-```
-
-### Instrumentation
-
-Instrument your app and expose your metrics on `0.0.0.0`.
-
-There are many supported [client libraries](https://prometheus.io/docs/instrumenting/clientlibs/) as well as off-the-shelf [exporters](https://prometheus.io/docs/instrumenting/exporters/) able to return Prometheus-formatted metrics.
diff --git a/reference/monorepo.html.md b/reference/monorepo.html.md
deleted file mode 100644
index f1f78c13d8..0000000000
--- a/reference/monorepo.html.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: Monorepo and Multi-Environment Deployments
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-By default, `flyctl deploy` builds and deploys a `fly.toml` file, a `Dockerfile`, and source code from the current working directory. This is sufficient for deploying a single app, but you can also configure `flyctl` to build and deploy multiple apps from a monorepo or deploy an app to multiple targets.
-
-## _Paths_
-
-### Working Directory
-
-The first argument to `flyctl deploy` is the path to the working directory for your app's source code. For Dockerfile and Buildpack builds, this is the [build context](https://docs.docker.com/engine/reference/commandline/build/#usage) sent to the Docker daemon. It defaults to the current working directory. 
-
-You can override this by providing a path:
-
-```cmd
-flyctl deploy ./path/to/app
-```
-
-### `fly.toml` path   
-
-By default, `flyctl deploy` will look for a `fly.toml` in the working directory. You can override this using the `--config` flag. 
-
-```cmd
-flyctl deploy --config ./path/to/fly.toml
-```
-
-### `Dockerfile` path
-
-By default, `flyctl deploy` will look for a `Dockerfile` in the working directory. You can override this using the `--dockerfile` flag. 
-
-```cmd
-flyctl deploy --dockerfile ./path/to/Dockerfile
-```
-
-## _Multi-stage Build Target_
-
-By default, the final stage of a [multi-stage dockerfile](https://docs.docker.com/develop/develop-images/multistage-build) is exported as the deployed image. You can stop at a specific stage by using the `--build-target` flag
-
-```
-flyctl deploy --build-target web
-flyctl deploy --build-target api
-flyctl deploy --build-target worker
-```
-
-## _Examples_
-
-**Use a different fly.toml file per environment**
-
-```
-flyctl deploy --config ./fly.production.toml
-flyctl deploy --config ./fly.staging.toml
-```
-
-**Use a different Dockerfile per environment**
-
-```
-flyctl deploy --dockerfile ./Dockerfile.production
-flyctl deploy --dockerfile ./Dockerfile.staging
-```
-
-**Deploy a subdirectory**
-
-```cmd
-flyctl deploy ./apps/api
-```
-
-**Share a multi-stage Dockerfile with several fly apps**
-
-```cmd
-flyctl deploy --config fly.api.toml --build-target api
-```
diff --git a/reference/postgres-whats-next.html.md b/reference/postgres-whats-next.html.md
index cd69b366a4..d6f64104f4 100644
--- a/reference/postgres-whats-next.html.md
+++ b/reference/postgres-whats-next.html.md
@@ -11,7 +11,7 @@ Congrats! Your Postgres app is up and running on Fly.io. Now there are a few thi
 
 Fly Postgres is a Fly app with flyctl sugar on top to help you bootstrap your much-needed database. It comes with most commonly used functionality (replication, failover, metrics, monitoring and daily snapshots), but you can extend it anytime if needed.
 
-The app template is fully open source. Just fork [fly-apps/postgres-ha](https://github.com/fly-apps/postgres-ha) and add whatever meets your needs. Feel free to contribute it back too. One caveat, though, is that once you fork you won't be able to use `fly pg create` to bootstrap a cluster from your image. You can update your app with your new image using `fly deploy --image` right after, though.
+The app template is fully open source. Just fork [fly-apps/postgres-ha](https://github.com/fly-apps/postgres-flex) and add whatever meets your needs. Feel free to contribute it back too. One caveat, though, is that once you fork you won't be able to use `fly pg create` to bootstrap a cluster from your image. You can update your app with your new image using `fly deploy --image` right after, though.
 
 Usual reasons to fork the fly app:
 
diff --git a/reference/private-networking.html.md b/reference/private-networking.html.md
deleted file mode 100644
index 2d2ed97f3e..0000000000
--- a/reference/private-networking.html.md
+++ /dev/null
@@ -1,292 +0,0 @@
----
-title: "Private Networking"
-layout: docs
-sitemap: false
-nav: firecracker
-redirect_from: /docs/reference/privatenetwork/
----
-
-Fly apps are connected by a mesh of WireGuard tunnels using IPV6.
-
-Applications within the same organization are assigned special addresses ("6PN addresses") tied to the organization. Those applications can talk to each other because of those 6PN addresses, but applications from other organizations can't; the Fly platform won't forward between different 6PN networks.
-
-This connectivity is always available to applications; you don't have to do anything special to get it.
-
-You can connect applications running outside of Fly.io to your 6PN network using WireGuard; for that matter, you can connect your dev laptop to your 6PN network. To do that, you'll use flyctl, the Fly.io CLI, to generate a WireGuard configuration that is addressed with a 6PN address.
-
-## Discovering Apps through DNS on an instance
-
-Instances are configured with their DNS server pointing to `fdaa::3`. The DNS server on this address can resolve arbitrary DNS queries, so you can look up "google.com" with it. But it's also aware of 6PN addresses, and, when queried from an instance, will let you look up the addresses of other applications in your organization. Those addresses live under the synthetic top-level domain `.internal`.
-
-Since this is the default configuration we set up for instances on Fly, you probably don't need to do anything special to make this work; if your instance shares an organization with an application called `random-potato-45`, then you should be able to `ping6 random-potato-45.internal`.
-
-If you want to get fancy, you can install `dig` and query the DNS directly.
-
-```bash
-$ root@f066b83b:/# dig +short aaaa paulgra-ham.internal @fdaa::3
-```
-```output
-fdaa:0:18:a7b:7d:f066:b83b:2
-```
-
-## Discovering Apps through DNS on a WireGuard connection
-
-**The DNS server address is different on WireGuard connections than on instances**. That's because you can run multiple WireGuard connections; your dev laptop could be WireGuard-connected to multiple organizations, but an instance can't be. So DNS is just a little more complicated over WireGuard.
-
-Your DNS server address for a WireGuard connection is a part of the WireGuard connection flyctl generates. Your platform WireGuard tools might read and automatically configure DNS from that configuration, or it might not. Here's how to find it:
-
-```
-[Interface]
-PrivateKey = [redacted]
-Address = fdaa:0:18:a7b:d6b:0:a:2/120
-DNS = fdaa:0:18::3
-```
-
-You guessed it; it's the `DNS` line.
-
-If you look carefully, you'll notice something about the DNS address: it shares the first couple parts with the WireGuard IP address. That's because 6PN addresses are prefixed by the organization's network ID; that's the part of the address that locks it to your organization. All our WireGuard DNS addresses follow this pattern: take the organization prefix, and tack `::3` onto the end:
-
-```
-fdaa:0:18:a7b:d6b:0:a:2
-^^^^ ^ ^^
-6PN prefix; the first 3 :-separated parts
-
-fdaa:0:18::3
-```
-
-To use `dig` to probe DNS on a WireGuard connection, supply the DNS server address to it. Note that `dig`'s syntax is silly, and that you have to put a `@` at the beginning of the address; this trips us up all the time.
-
-```bash
-$ root@f066b83b:/# dig +short aaaa paulgra-ham.internal @fdaa:0:18::3
-```
-```output
-fdaa:0:18:a7b:7d:f066:b83b:2
-```
-
-## Connecting to a running service via its 6PN address
-In the `/etc/hosts` of a deployed Fly App, we alias the 6PN address of the app to `fly-local-6pn`.  
-For a service to be accessible via its 6PN address, it needs to bind to/listen on `fly-local-6pn`. For example, if you have a service running on port 8080, you need to bind it to `fly-local-6pn:8080` for it to be accessible at "[6PN_Address:8080]".  
-(`fly-local-6pn` is to 6pn-addresses  as `localhost` is to 127.0.0.1, so you can also bind directly to the 6PN address itself, that's also fine)
-
-## Fly.io `.internal` addresses
-
-A typical .internal address is composed of a region qualifier, followed by the app name followed by `.internal`.
-
-The simplest regional qualifier is a region name. `iad.appname.internal`. This would return the IPv6 internal address (or addresses) of the instances of app `appname` in the `iad` region.
-
-Applications can use this form of `.internal` address to look up address of a host. Rather than returning a list of addresses, it will return the first address.
-
-The regional qualifier `global` will return the IPv6 internal addresses for all instances of the app in every region.
-
-As well, as being able to query and lookup addresses, there's a TXT record associated with `regions.appname.internal` which will list the regions that `appname` is deployed in.
-
-Finally, you can discover all the apps in the organization by requesting the TXT records associated with `_apps.internal`. This will contain a comma-separated list of the application names.
-
-| Name | AAAA | TXT |
-| -- | --- | -- |
-|`top<number>.nearest.of.<appname>.internal`| top _number_ closest app instances|none
-|`<alloc_id>.vm.<appname>.internal`|specific app instance<br/>|none
-|`vms.<appname>.internal`|none|comma-separated alloc-ids<br/> of app instances|none
-|`<region>.<appname>.internal`|app instances<br/> in region|none
-|`<process_group>.process.<appname>.internal`|app instances<br/> in process group|none
-|`global.<appname>.internal`|app instances<br/> in all regions|none
-|`regions.<appname>.internal`|none|region names<br/> where app is deployed|
-|`<appname>.internal`|app instances<br/> in any region|none
-|`_apps.internal`|none|names of all 6PN<br/> private networking apps<br/> in the same organization|
-|`_peer.internal`|none|names of all WireGuard peers|
-|`<peername>._peer.internal`|IPv6 of peer|none|
-|`_instances.internal`|none|IDs, apps, addresses, and regions<br>of all running instances<br>comma separated|
-|`<value>.<key>.kv._metadata.<appname>.internal`|IPv6 of Machines with matching [metadata](https://community.fly.io/t/dynamic-machine-metadata/13115)|none|
-
-Examples of retrieving this information are in the [fly-examples/privatenet](https://github.com/fly-apps/privatenet) repository.
-
-## Flycast - Private Load Balancing
-
-Flycast offers the same [geographically-aware load balancing](/docs/reference/load-balancing/) as the public Fly proxy while restricting traffic to private networks.
-
-Use this feature under the following circumstances:
-
-* Your app can't use DNS
-* You're using 3rd party software, like a database, that doesn't support round-robin DNS entries
-* You want to limit access to specific ports/services in your app from other Fly organizations
-* You private service needs advanced proxy features like TLS termination or proxy protocol support
-
-The general flow for setting this up is:
-
-1. Allocate a private IPv6 address on one of your Fly organization networks
-2. Expose services in your app's `fly.toml` `[services]` or `[http_service]` block; **do not use `force_https` as Flycast is HTTP-only** 
-3. Deploy your app
-4. Access the services on the private IP from the target organization network
-
-**Note: If you have a public IP address assigned to your app, services in fly.toml will be exposed to the public internet. Verify this with `fly ips list`.**
-
-### Assigning a Flycast address
-
-By default, the Flycast IP is allocated on app's parent organization network.
-
-```cmd
- fly ips allocate-v6 --private
- ```
- ```output
-VERSION	IP                	TYPE   	REGION	CREATED AT
-v6     	fdaa:0:22b7:0:1::3	private	global	just now
-```
-
-If you want to expose services to another Fly organization you have access to, use the `--org` flag.
-
-```cmd
- fly ips allocate-v6 --private --org my-other-org
- ```
- ```output
-VERSION	IP                	TYPE   	REGION	CREATED AT
-v6     	fdaa:0:22b7:0:1::3	private	global	just now
-```
-
-### DNS
-
-You can use `appname.flycast` domains. They behave like `appname.internal` domains except they only return Flycast addresses (if you have any) of the app.
-
-The original motivation for this is accommodating PostgreSQL clients that don’t like raw IPv6 addresses in the connection string. The eagle-eyed and elephant-memoried of you might remember that we introduced Flycast for PostgreSQL to get away from DNS! Why are we going back? The problem we were trying to get away from with DNS is avoiding the case where there is a lag between a PostgreSQL instance becoming unhealthy or dying and it getting removed from DNS. Flycast IPs don’t change so we don’t have to worry about that issue in this case.
-
-## Private Network VPN
-
-You can use the [WireGuard](https://wireguard.com/) VPN to connect to our [6PN private network](/docs/reference/private-networking/). This is a flexible and secure way to plug into each one of your Fly organizations and connect to any and all apps within that organization.
-
-
-### TL:DR;
-
-The flyctl command line  can generate you a tunnel configuration file with private keys already embedded. You can load that file into your local WireGuard application to create a tunnel. Activate the tunnel and you'll be using the internal Fly.io DNS service which resolves `.internal` addresses - and passes on other requests to Google's DNS for resolution.
-
-### Step by Step
-
-#### Install your WireGuard App
-
-Visit the [WireGuard](https://www.wireguard.com/install/) site for installation options. Install the software that is appropriate for your system. Windows and macOS have apps available to install. Linux systems have packages, typically named wireguard and wireguard-tools, you should install both.
-
-#### Creating your tunnel configuration
-
-To create your tunnel, run:
-
-```cmd
-fly wireguard create
-```
-
-You'll be asked to select which organization you want the WireGuard tunnel to work with:
-
-```output
-? Select organization:  [Use arrows to move, type to filter]
-> Dj (personal)
-  Demo Sandbox (demo-sandbox)
-```
-
-As well as configuring the WireGuard service, the create command also generates a tunnel configuration file, complete with private keys which cannot be recovered. This configuration file will be used in the next step. First it has to be saved:
-
-```output
-!!!! WARNING: Output includes private key. Private keys cannot be recovered !!!!
-!!!! after creating the peer; if you lose the key, you’ll need to remove    !!!!
-!!!! and re-add the peering connection.                                     !!!!
-? Filename to store WireGuard configuration in, or 'stdout':  basic.conf
-Wrote WireGuard configuration to 'basic.conf'; load in your WireGuard client
-```
-
-We suggest you name your saved configuration with the same name as the peer you have created. Add the extension `.conf` to ensure it will be recognized by the various WireGuard apps as a configuration file for a tunnel. Note that the name (excluding the `.conf` extension) shouldn't exceed 15 characters since this is the maximum length for an interface name on Linux.
-
-##### Dealing with Defaults
-
-A default `region` and `name` will be used if they are not provided to the create command. In most cases, this is fine. However, the default generated name will start with `interactive-*` which are filtered out of DNS (because of the sheer volume of them) and subsequently can't be queried with `_peer.internal` or `<peername>._peer.internal`. If you want to interact with your peer via it's name, then you need to specify a name when you create the tunnel.
-
-First, look up available regions by running `fly platform regions`. Select a region with a check mark in the Gateway column.
-
-Then run:
-```cmd
-fly wireguard create [your-org] [region] [peer-name]
-```
-
-After that you'll be able to `dig` to your heart's desire:
-
-```cmd
-dig +short txt _peer.internal @fdaa:0:18::3
-```
-```output
-"my-peer"
-```
-
-```cmd
-dig +short aaaa my-peer._peer.internal @fdaa:0:18::3
-```
-```output
-fdaa:0:18:a7b:7d:f066:b83b:102
-```
-
-#### Importing your tunnel
-
-##### Windows
-
-Run the WireGuard app. Click the `Import tunnel(s) from file` button. Select your configuration file. The WireGuard app will display the details of your tunnel. Click `Activate` to bring the tunnel online.
-
-##### macOS
-
-Run the WireGuard app. Click the `Import tunnel(s) from file` button. Select your configuration file and click Ok. You will be prompted by the OS that WireGuard would like to add VPN configurations; click `Allow`. The WireGuard app will display the details of your tunnel. Click `Activate` to bring the tunnel online.
-
-##### Ubuntu Linux
-
-Ensure you have `wg-quick` installed, if not, run the below command.
-From Ubuntu 18 onwards, `openresolv` is also required.
-
-```
-sudo apt install wireguard-tools openresolv
-```
-
-Copy the configuration file to `/etc/wireguard`; you'll need root/sudo permissions:
-
-```
-sudo cp basic.conf /etc/wireguard
-```
-
-Run `wg-quick` to bring `up` the connection by name (i.e. less the `.conf` extension):
-
-```cmd
-wg-quick up basic
-```
-```output
-[#] ip link add basic type wireguard
-[#] wg setconf basic /dev/fd/63
-[#] ip -6 address add fdaa:0:4:a7b:ab6:0:a:102/120 dev basic
-[#] ip link set mtu 1420 up dev basic
-[#] resolvconf -a tun.basic -m 0 -x
-[#] ip -6 route add fdaa:0:4::/48 dev basic
-```
-
-### Testing the tunnel
-
-If you have the `dig` tool installed, a TXT query to `_apps.internal` will show all the application names available in the organization you are connected to.
-
-```cmd
-dig +noall +answer _apps.internal txt
-```
-```output
-_apps.internal.		5	IN	TXT	"datasette-apache-proxy-demo,datasette-demo"
-```
-
-### Managing WireGuard on Fly.io
-
-#### Listing the tunnels
-
-To list all the tunnels set up for an organization, run `fly wireguard list`. You can provide an organization on the command line or you'll be prompted for one.
-
-#### Removing a tunnel
-
-To remove a tunnel, run `fly wireguard remove`. You can specify the organization and tunnel name on the command line or be prompted for both.
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/reference/redis.html.md b/reference/redis.html.md
deleted file mode 100644
index 87a39dd126..0000000000
--- a/reference/redis.html.md
+++ /dev/null
@@ -1,135 +0,0 @@
----
-title: Upstash for Redis®*
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-<aside class="callout">
-  &#42;Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Fly.io is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and Fly.io.
-</aside>
-
-[Upstash for Redis](https://docs.upstash.com/redis) is a fully-managed, Redis-compatible database service offering global read replicas for reduced latency in distant regions. Upstash databases are provisioned inside your Fly organization, ensuring private, low-latency connections to your Fly applications.
-
-See the [What you Should Know](#what-you-should-know) section for more details about this service.
-
-## Pricing
-
-Upstash offers one free, resource-limited database per Fly organization. After that, all databases are billed by request count on a pay-as-you-go basis. Check the official [Upstash Pricing](https://upstash.com/pricing) page for details.
-
-Note that empty responses are not counted towards your bill. This prevents billing for standard polling behavior of tools like [Sidekiq](https://sidekiq.org/) or [BullMQ](https://bullmq.io/).
-
-Your database charges will show up on your monthly Fly.io bill. You can track database usage details in the [Upstash web console](#the-upstash-web-console).
-
-
-## Create and manage a Redis database
-
-Creating and managing databases happens exclusively via the [Fly CLI](/docs/hands-on/install-flyctl/). Install it, then [signup for a Fly account](https://fly.io/docs/getting-started/log-in-to-fly/).
-
-### Create and get status of a Redis database
-
-```cmd
-flyctl redis create
-```
-```output
-? Select Organization: fly-apps (fly-apps)
-? Choose a primary region (can't be changed later) Madrid, Spain (mad)
-? Optionally, choose one or more replica regions (can be changed later): Amsterdam, Netherlands (ams)
-? Select an Upstash Redis plan:
-> Pay-as-you-go
-  Free
-```
-
-### The Upstash web console
-
-To view more details about database usage, connection strings, and more, use:
-
-```cmd
-flyctl redis dashboard <org_name>
-```
-
-### List your databases and view status
-Get a list of all of your Redis databases.
-
-```cmd
-flyctl redis list
-```
-```output
-ID             	NAME               	ORG          	PLAN	PRIMARY REGION	READ REGIONS
-aaV829vaMVQGbi5	late-waterfall-1133	fly-apps     	Free	mad           	ams
-```
-
-Note the database name, then fetch its status.
-
-```cmd
-fly redis status late-waterfall-1133
-```
-```output
-Redis
-  ID             = aaV829vaMVDGbi5
-  Name           = late-waterfall-1133
-  Plan           = Free
-  Primary Region = mad
-  Read Regions   = ams
-  Private URL     = redis://password@fly-late-waterfall-1133.upstash.io
-```
-
-### Connect to a Redis database
-
-If you have `redis-cli` installed, you can connect directly to your Redis database and run commands.
-
-```cmd
-fly redis connect
-? Select a database to connect to empty-water-3291 (sjc) 200M
-Proxying local port 16379 to remote [fdaa:0:6d6b:0:1::3]:6379
-127.0.0.1:16379> set foo bar
-OK
-127.0.0.1:16379> get foo
-"bar"
-127.0.0.1:16379>
-```
-
-### Update a Redis database
-
-Upstash Redis instances can't change their primary region or name, but the following may change:
-
-* Read regions
-* Pricing plan
-* Eviction settings
-
-Use `flyctl redis update` and follow the prompts. Changing region settings doesn't cause downtime.
-
-### Delete a Redis database
-
-Deleting a Redis database can't be undone. Be careful!
-
-```cmd
-fly redis destroy my-redis-db
-```
-```output
-Your Redis database my-redis-db was deleted
-```
-
-## What you should know
-
-Once provisioned, the database primary region cannot be changed.
-
-### Traffic routing
-
-Upstash Redis is available in all Fly regions via a [private IPv6 address](/docs/reference/private-networking/#flycast-private-load-balancing) restricted to your Fly organization. Traffic is automatically routed to the nearest replica, or in the absence of nearby replicas, to the primary instance.
-
-**If you plan to deploy in a single region, ensure that your database is deployed in the same region as your application.**
-
-### Writing to replica regions
-
-**Replicas forward writes to the primary**. Replicas can't be written to. Writes are synchronous, and synchronous writes over geographical distance experience latency. Plan for this latency in your application design.
-
-If you're using Redis as region-local cache and don't require a shared cache, setup separate databases per-region and enable object eviction.
-
-### Memory limits and object eviction policies
-
-By default, Upstash Redis will disallow writes when the max data size limit has been reached. If you enable **eviction** during creation on update, Upstash Redis will evict keys to free up space.
-
-First, keys marked with a TTL will be evicted at random. In the absence of volatile keys, keys will be chosen randomly for eviction. This is roughly the combination of the `volatile-random` and `allkeys-random` [eviction policies available in standard Redis](https://redis.io/docs/manual/eviction/).
-
-Note that items marked with an explicit TTL will expire accurately, regardless of whether eviction is enabled.
\ No newline at end of file
diff --git a/reference/regions.html.markerb b/reference/regions.html.markerb
index f576f16bea..da0c6c33d8 100644
--- a/reference/regions.html.markerb
+++ b/reference/regions.html.markerb
@@ -1,68 +1,62 @@
 ---
 title: Regions
 layout: docs
-sitemap: false
 nav: firecracker
 ---
 
-Fly.io runs applications physically close to users: in datacenters around the world, on servers we run ourselves. You can currently deploy your apps in 35 regions, connected to a global Anycast network that makes sure your users hit our nearest server, whether they’re in Tokyo, São Paolo, or Amsterdam.
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/regions-new.png" alt="Illustration by Annie Ruygt of servers in different regions with map markers" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly.io runs applications physically close to users: in datacenters around the world, on servers we run ourselves. You can deploy apps in regions worldwide, so your users in Tokyo, São Paulo, or Amsterdam connect to the nearest server through our global Anycast network.
 
 <div class="callout">
 Run <code>fly platform regions</code> to get a list of regions.
 </div>
 
-<img style="border-radius: 0.75rem;" src="http://github.com/docs/images/fly-region-map.webp" alt="Map showing the Fly.io balloon in 34 locations across a world map"/>
-
 ## Fly.io Regions
 
-|Region ID| Region Location | Gateway&#42; | [Launch Plan or Higher](https://fly.io/plans) Only&#42;&#42; |
-|---------|-----------------|---------|---------|
-ams |    Amsterdam, Netherlands         | ✓
-arn |    Stockholm, Sweden              |
-atl |    Atlanta, Georgia (US)          |
-bog |    Bogotá, Colombia               |
-bom |    Mumbai, India                  | ✓ | ✓ |
-bos |    Boston, Massachusetts (US)     |
-cdg |    Paris, France                  | ✓
-den |    Denver, Colorado (US)          |
-dfw |    Dallas, Texas (US)             | ✓
-ewr |    Secaucus, NJ (US)              |
-eze |    Ezeiza, Argentina              |
-fra |    Frankfurt, Germany             | ✓ | ✓ |
-gdl |    Guadalajara, Mexico            |
-gig |    Rio de Janeiro, Brazil         |
-gru |    Sao Paulo, Brazil              |
-hkg |    Hong Kong, Hong Kong           | ✓
-iad |    Ashburn, Virginia (US)         | ✓
-jnb |    Johannesburg, South Africa     |
-lax |    Los Angeles, California (US)   | ✓
-lhr |    London, United Kingdom         | ✓
-mad |    Madrid, Spain                  |
-mia |    Miami, Florida (US)            |
-nrt |    Tokyo, Japan                   | ✓
-ord |    Chicago, Illinois (US)         | ✓
-otp |    Bucharest, Romania             |
-phx |    Phoenix, Arizona (US)          |
-qro |    Querétaro, Mexico              |
-scl |    Santiago, Chile                | ✓
-sea |    Seattle, Washington (US)       | ✓
-sin |    Singapore, Singapore           | ✓
-sjc |    San Jose, California (US)      | ✓
-syd |    Sydney, Australia              | ✓
-waw |    Warsaw, Poland                 |
-yul |    Montreal, Canada               |
-yyz |    Toronto, Canada                | ✓
-
-&#42; You can host your apps in any region; "Gateway" regions also have WireGuard gateways, through which you connect to your organization's private network.
+You can host your apps in any of the following regions.
+
+| Region ID | Region Location               | Gateway     |
+|-----------|-------------------------------|-------------|
+| ams       | Amsterdam, Netherlands        | ✓           |
+| arn       | Stockholm, Sweden             | ✓           |
+| bom       | Mumbai, India                 | ✓           |
+| cdg       | Paris, France                 | ✓           |
+| dfw       | Dallas, Texas (US)            | ✓           |
+| ewr       | Secaucus, NJ (US)             | ✓           |
+| fra       | Frankfurt, Germany            | ✓           |
+| gru       | Sao Paulo, Brazil             |             |
+| iad       | Ashburn, Virginia (US)        | ✓           |
+| jnb       | Johannesburg, South Africa    |             |
+| lax       | Los Angeles, California (US)  | ✓           |
+| lhr       | London, United Kingdom        | ✓           |
+| nrt       | Tokyo, Japan                  | ✓           |
+| ord       | Chicago, Illinois (US)        | ✓           |
+| sin       | Singapore, Singapore          | ✓           |
+| sjc       | San Jose, California (US)     | ✓           |
+| syd       | Sydney, Australia             | ✓           |
+| yyz       | Toronto, Canada               | ✓           |
+
+- **Gateway regions:** "Gateway" regions also have WireGuard gateways, through which you connect to your organization's private network.
+
+## Discovering your app's region
+
+View the list of Fly.io regions with [`fly platform regions`](/docs/flyctl/platform-regions).
+
+You can see which regions your app is running in with [`fly status`](/docs/flyctl/status/).
 
-&#42;&#42; For some higher-demand regions we restrict scaling up Machines to organizations with the [Launch, Scale, or Enterprise plans](https://fly.io/plans).
-
-## _Discovering your Application's Region_
+[Fly Volumes](/docs/volumes/) and [Fly Machines](/docs/machines/) are tied to the region they're created in.
 
-You can see the list of Fly.io regions any time with [`fly platform regions`](https://fly.io/docs/flyctl/platform-regions).
+Learn more about Machine placement and regional capacity in this [guide](/docs/machines/guides-examples/machine-placement/).
 
-You can see which regions your app is running in with [`fly status`](https://fly.io/docs/flyctl/status/).
+When an application instance is started, the three-letter name for the region it's running in is stored in the Machine's `FLY_REGION`  environment variable. This, along with other [Runtime Environment](/docs/machines/runtime-environment/) information, is visible to your app running on that instance.
 
-[Fly Volumes](/docs/volumes/) and [Fly Machines](/docs/machines/) are tied to the region they're created in.
+## Related reading
 
-When an application instance is started, the three-letter name for the region it's running in is stored in the Machine's `FLY_REGION`  environment variable. This, along with other [Runtime Environment](/docs/reference/runtime-environment/) information, is visible to your app running on that instance.
+- [Scaling to multiple regions](/docs/blueprints/resilient-apps-multiple-machines/#scaling-to-multiple-regions) Read our guide for making your app resilient and globally distributed.
+- [Cost Management](/docs/about/cost-management/) Find out how region choice, scaling strategy, and app architecture affect your Fly.io bill.
+- [Machine Placement and Regional Capacity](/docs/machines/guides-examples/machine-placement/) Learn more about how the choice of region (and region capacity) affects where your Machines land.
+- [Dynamic Request Routing with fly‑replay](/docs/networking/dynamic-request-routing/) Check out our guide to routing requests to specific regions or fallbacks using region codes.
+ 
diff --git a/reference/runtime-environment.html.md b/reference/runtime-environment.html.md
deleted file mode 100644
index c1e7208825..0000000000
--- a/reference/runtime-environment.html.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: The Fly Runtime Environment
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-When a Fly application is running, various information about the runtime environment is made available to it. Environment variables carry information that is generally applicable to the instance. These values come from three sources.
-
-* [Secrets](/docs/reference/secrets)
-* The application's [env variable settings](/docs/reference/configuration/#the-env-variables-section) in fly.toml
-* The Fly infrastructure, as detailed below.
-
-Request headers carry information that is specific to the incoming request and its path taken to the application. Request headers are added by the HTTP handler service.
-
-## _Environment Variables_
-
-### `FLY_APP_NAME`
-**Application Name**: Each application running on Fly has a unique Application Name. This identifies the application for the user and can also identify instances of the application running on Fly's 6PN networking. For example, `syd.$FLY_APP_NAME.internal` can refer to an instance of the app running. Read more about [6PN Naming](/docs/reference/services/#private-network-services) in the [Network Services](/docs/reference/services/) section.
-
-### `FLY_ALLOC_ID`
-**Allocation ID**: Each instance of an application running on Fly has a unique Allocation ID. This can be used, for example, to distinguish between instances running in the same region. `b996131a-5bae-215b-d0f1-2d75d1a8812b` is an example of the Allocation ID's format.
-
-### `FLY_REGION`
-**Region name**: The three-letter name of the region the application instance is running in. Details of current regions are listed in the [Regions](/docs/regions/) page. As an example, "ams" is the region name for Amsterdam.
-
-Not to be confused with the [HTTP header](/docs/reference/runtime-environment/#fly-region) `Fly-Region`, which is where the connection was accepted from.
-
-### `FLY_PUBLIC_IP`
-**IPV6 Public IP**: The full public IPV6 for this instance. Read more in the [Network Services](/docs/reference/services/) section.
-
-### `FLY_IMAGE_REF`
-**Docker Image Reference**: The name of the Docker image running this container. Useful if your application needs to launch Machine instances of itself to scale up-or-down. Read about how [a Rails app runs Machines for scale-to-zero background workers](https://fly.io/ruby-dispatch/rails-background-jobs-with-fly-machines/). `registry.fly.io/my-app-name:deployment-01H9RK9EYO9PGNBYAKGXSHV0PH` is an example of the Docker Image Reference's format.
-
-### `FLY_MACHINE_ID`
-**Machine ID**: The unique ID that flyctl commands and the Machines API use to identify a Machine. You can find it in the [logs](/docs/flyctl/logs/).
-
-### `FLY_MACHINE_VERSION`
-**Machine Configuration Version**: The version associated to a specific Machine configuration. When you update a Machine's configuration (including when you update its Docker image), it gets a new `FLY_MACHINE_VERSION`. You can also find this value under the name `Instance ID` in the output of `fly machine status`. Changing the Machine's metadata however doesn't trigger a new version.
-
-### `FLY_PRIVATE_IP`
-**Private IPv6 Address**: The IPv6 address of the Machine on its [6PN private network](/docs/reference/private-networking/).
-
-### `FLY_PROCESS_GROUP`
-**Process Group**: The [process group](/docs/apps/processes) associated with the Machine. 
-
-### `FLY_VM_MEMORY_MB`
-**Machine Memory**: The memory allocated to the Machine, in MB. It's the same value you'll find under https://fly.io/dashboard/personal/machines and VM Memory in the output of `fly machine status`. Learn more about [Machine sizing](/docs/machines/guides-examples/machine-sizing/).
-
-### `PRIMARY_REGION`
-**Primary Region**: This is set in your `fly.toml` or with the `--region` flag during deploys. Learn more about [configuring the primary region](/docs/reference/configuration/#primary-region).
- 
-## _Request Headers_
-
-### `Fly-Client-IP`
-**Client IP Address**: The IP address Fly accepted a connection from. This will be the client making the initial request and as such, will also appear at the start of the `X-Forwarded-For` addresses. 
-
-### `Fly-Forwarded-Port`
-**Original connection port**: This header is always set by Fly and denotes the actual port that the client connected to the Fly edge node which is then forwarded to the application instance.
-
-### `Fly-Region`
-**Edge Node Region**: This header is a three letter region code which represents the region that the connection was accepted in and routed from. 
-
-Not to be confused with the [environment variable](/docs/reference/runtime-environment/#fly_region) `FLY_REGION`, which is where the application is running.
-
-### `X-Forwarded-For`
-**Client and Proxy List**: This is a comma separated list comprising of the client that originated the request and the proxy servers the request passed through. For example, "77.97.0.98, 77.83.142.33" contains the client and the one proxy it passed through.
-
-MDN has [full documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) for this header.
-
-### `X-Forwarded-Proto`
-**Original client protocol**: The protocol which the client used to make the request. Either `http` or `https`.
-
-### `X-Forwarded-Port`
-**Original connection port**: This header may be set by the client and should denote the port that the client set out to connect to.
-
-### `X-Forwarded-SSL`
-**SSL Status**: This indicates if the client connected over SSL. Its value can be either `on` or `off`. 
-
-## _Request and Response Headers_
-
-### `Via`
-**Proxy Route**: This header, added by proxies, shows the path taken, and protocols used, by the connection. MDN has [full documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Via) for this header. For example, a connection through the Fly edge may show `2 fly.io` in the field, denoting that version 2 of HTTP was used by the connection as it passed through the Fly Proxy.
-
-
-
-
-
-
-
diff --git a/reference/secrets.html.markerb b/reference/secrets.html.markerb
deleted file mode 100644
index 2213728ecd..0000000000
--- a/reference/secrets.html.markerb
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Secrets and Fly Apps
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-Secrets allow sensitive values, such as credentials, to be passed securely to your Fly App. The secret is encrypted and stored in a vault. An app's secrets are available as environment variables on every Machine belonging to that Fly App, whether the Machine is part of Fly Launch (deployed with `fly  deploy`) or not.
-
-Specify secrets for your Fly App using the `fly secrets` command.
-
-## Architecture
-
-Secrets are stored in an encrypted vault. When you set a secret through flyctl, it sends the secret value through our API, which writes to the vault for your specific Fly App. The API servers can only encrypt; they cannot decrypt secret values. Secret values are never logged.
-
-When we launch a Machine for your app, we issue a temporary auth token to the host it runs on. The Fly.io agent on the host uses this token to decrypt your app secrets and inject them into your Machine as environment variables at boot time. When you destroy your Machines, the host environment no longer has access to your app secrets.
-
-<section class="warning icon">
-**Warning:** `flyctl` and our API servers are designed to prevent user secrets from being extracted. However, secrets are available to your application code as environment variables. People with deploy access _can_ deploy code that reads secret values and prints them to logs, or writes them to unencrypted data stores.
-</section>
-
-## Set secrets
-
-The `fly secrets set` command sets one or more app secrets, then updates each Machine belonging to that Fly App. This involves a restart of the Machine and a consequent reset of its ephemeral file system.
-
-The following example sets a secret that's available as the `DATABASE_URL` environment variable within your application processes:
-
-<%= partial "docs/partials/set_secrets" %>
-
-To set, or update, a secret in the app's vault, but defer updating the Machines to later, use the `--stage` option. For example:
-
-```cmd
-fly secrets set DATABASE_URL=postgres://example.com/mydb --stage
-```
-
-In the preceding example, the staged secret will be available only on Machines that are started or updated after the `fly secrets set` command was run.
-
-The `secrets` command can also take secrets from STDIN. For commands and options, see the [`fly secrets` docs](/docs/flyctl/secrets/) or run `fly secrets --help`.
-
-<section class="note icon">
-**Note:** You can update a machine by triggering a new release with `fly deploy`. Alternatively, the `fly secrets deploy` command will redeploy the current release with the staged secrets. This is helpful if you want to skip rebuilding the image from source code.</section>
-
-## List secrets
-
-List secrets that are set for your app. The list shows only the secret name; the value is not shown as it is a secret.
-
-For example:
-
-```cmd
-fly secrets list
-```
-```output
-      NAME     |              DIGEST              |  DATE
-+--------------+----------------------------------+---------+
-  MY_SECRET    | b9e37b7b239ee4aefc75352fe3fa6dc6 | 17s ago
-  DATABASE_URL | cdbe3268a82bfe993921b9cae2a526af | 17s ago
-```
-
-For security reasons, we do not allow read access to the plain-text values of secrets.
-
-## Remove secrets
-
-Remove one or more secret values from your app by name.
-
-The following example removes two secrets from the app:
-
-```cmd
-fly secrets unset MY_SECRET DATABASE_URL
-```
diff --git a/reference/security.html.md b/reference/security.html.md
deleted file mode 100644
index bbc2eeb619..0000000000
--- a/reference/security.html.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Security of Fly related services
-layout: docs
-nav: firecracker
----
-
-Fly is committed to keeping customer data safe and secure. If you discover a potential security issue with a Fly service, we want to know!
-
-## _How to report a security problem_
-
-If you feel the issue is urgent or includes sensitive information, please send your report directly to <a href="/service/mailto:security@fly.io">security@fly.io</a>. This will give us a structured way to track and respond to your concerns, usually within 24 hours.
-
-## _How we manage security issues_
-
-We work with security researchers to triage and investigate potential security issues in our products and services. If you have discovered a potential security flaw in Fly infrastructure or code, please let us know. When we receive a report we will:
-
-### Acknowledge your submission
-
-We will reply to your report, usually within 24 hours, and issue you a ticket ID number for future tracking.
-
-### Investigate the report
-
-We will attempt to reproduce the issue and determine its impact on our customers. Although we won't disclose issues until our investigation is complete, we will work with you to make sure we fully understand the issue.
-
-### Resolve or mitigate the issue
-
-Once our investigation is complete, we will determine how best to resolve the security issue. This might include mitigation, reports to upstream software providers, or patches/configuration changes without our infrastructure.
diff --git a/reference/sentry.html.md b/reference/sentry.html.md
deleted file mode 100644
index b2584d07f9..0000000000
--- a/reference/sentry.html.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Application Monitoring by Sentry
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-[Sentry](https://sentry.io) is a developer-first application monitoring platform that helps you identify and fix software problems before they impact your users. Get real time alerts on production errors and performance issues, capture video-like reproductions of user interactions, and avoid regressions with test coverage insights in your stack trace. 
-
-We partnered with Sentry to give your Fly.io organization a year's worth of [Team Plan](https://sentry.io/pricing) credits. This plan includes, monthly:
-
-* 50k errors
-* 100k [performance units](https://docs.sentry.io/product/performance/transaction-summary/?original_referrer=https%3A%2F%2Fduckduckgo.com%2F#what-is-a-transaction)
-* 500 [session replays](https://docs.sentry.io/product/session-replay)
-* 1GB [attachments](https://docs.sentry.io/platforms/native/guides/minidumps/enriching-events/attachments/)
-
-If you need more than this, sign in to your account and review upgrade options in the [billing section](https://flyio.sentry.io/settings/billing/overview/).
-
-## Account and project provisioning
-
-
-Newly-deployed applications provision a new Sentry project automatically. You can also provision Sentry projects for existing apps.
-
-The first time a Sentry project is provisioned in your Fly.io organization, we will:
-
-* Create a Sentry account using your Fly.io email address
-* Create a Sentry organization mapped to your Fly.io organization
-
-Finally, `SENTRY_DSN` will be set as a secret available in your application runtime environment. This value should be picked up automatically by the Sentry SDK.
-
-## Instrumenting your application with the Sentry SDK
-
-For the following frameworks/runtimes, we'll auto-instrument your app at launch time. Auto-instrumentation is helpful to catch boot errors right out of the gate, when you first deploy your application.
-
-### Ruby on Rails
-
-If `flyctl launch` detects your app as a Rails app, we will:
-
-* Install the [Ruby Sentry SDK](https://github.com/getsentry/sentry-ruby) rubygem
-* Add an initializer for automatic exception handling and performance tracing
-
-
-Sentry can also instrument specific libraries like Sidekiq, Delayed Job, Resque, and more. Check the [Sentry Ruby documentation](https://docs.sentry.io/platforms/ruby/) for more information.
-
-### Other runtimes and frameworks
-
-Learn how to set up your application with the Sentry SDK for your runtime in their extensive [documentation](https://docs.sentry.io/).
-
-## Open the Sentry project dashboard for an application
-
-Use this command to open the dashboard for the Sentry project associated with the current application.
-
-```cmd
-flyctl apps errors
-```
-
-## Create a Sentry project for an existing app
-
-For applications that don't have a Sentry project setup, use the following command to create one manually.
-
-```cmd
-flyctl ext sentry create
-```
-
-
diff --git a/reference/services.html.markerb b/reference/services.html.markerb
deleted file mode 100644
index 6cf085788c..0000000000
--- a/reference/services.html.markerb
+++ /dev/null
@@ -1,141 +0,0 @@
----
-title: "Public Network Services"
-layout: docs
-sitemap: false
-nav: firecracker
----
-
-Fly.io has public and private network services available. The public network services connect applications to the wider public internet, while the [private network services](/docs/reference/private-networking) allow application instances to communicate with other application instances within the Fly.io private network.
-
-## IP addresses
-
-### Anycast
-
-We announce global IP blocks from all of our datacenters over BGP, otherwise known as anycast. Anycast is a core internet routing mechanism that connects clients to the "nearest" server advertising a block of IPs. [You can read all about it on Wikipedia](https://en.wikipedia.org/wiki/Anycast).
-
-### IPv6
-
-A new Fly App running a [public service](/docs/reference/configuration/#the-services-sections) automatically gets a dedicated anycast IPv6 address when it's first deployed.
-
-### Shared IPv4
-
-Along with the dedicated IPv6, apps [configured](/docs/reference/configuration/#the-services-sections) to handle either
-
-* HTTP on port 80, or
-* TLS & HTTP on port 443
-
-(or both) are automatically given a shared anycast IPv4 address on the first deployment.
-
-Shared IPs are recommended unless you have an explicit need for your own IP.
-These IPs are shared across many apps and organizations.
-Routing is based on your app's domain.
-One reason to use a dedicated IP is if your app needs to do something over UDP.
-
-If you want to allocate a shared IPv4 to an app without a public IPv4 address, this is possible (with flyctl v0.0.439 and newer) using
-
-```cmd
-fly ips allocate-v4 --shared
-```
-
-This command will fail if the app has a dedicated IPv4 address. You can release an IP with `fly ips release <address>`.
-
-### Dedicated IPv4
-
-Allocating a dedicated IPv4 anycast address is now opt-in only, but can still be done manually with
-
-```cmd
-fly ips allocate-v4
-```
-
-when needed; for example, if you want your app to handle TCP directly.
-
-
-IPv6 addresses are free. Global IPv4 addresses are [billed](/docs/about/pricing/#anycast-ip-addresses) monthly.
-
-## Connection handlers
-
-Set the `handlers` config setting in the `services.ports` section of [`fly.toml`](/docs/reference/configuration/) to specify which middleware applies to incoming TCP connections for each port you accept external connections on. Use these to convert TCP connections into something your application can handle.
-
-Valid handler strings:
-* [`"http"`:](#http) Convert TCP connection to HTTP
-* [`"tls"`](#tls): Convert TLS connection to unencrypted TCP
-* [`"pg_tls"`](#postgres-connections): Handle TLS for PostgreSQL connections
-* [`"proxy_proto"`](#proxy-protocol): Wrap TCP connection in PROXY protocol
-
-### TCP pass through
-
-If you don't specify handlers, we just forward TCP to your application as-is. This is useful if you want to handle TLS termination yourself, for example.
-
-### HTTP
-
-Many applications have limited HTTP support, the `HTTP` middleware normalizes HTTP connections and sends HTTP 1.1 requests to the application process. This is roughly how `nginx` and other reverse proxies work, and allows your application to globally accept modern HTTP protocols (like HTTP/2) without extra complexity.
-
-If your application stack has good HTTP/2 support (like Go), you will get better performance accepting TCP connections directly, and using the TLS handler to terminate SSL. Your application _does_ need to understand `h2c` for this to work, however.
-
-The HTTP handler adds a number of standard HTTP headers to requests, and a few Fly.io-specific headers for convenience:
-
-| Header | Description
-| -- | -- |
-| `Fly-Client-IP` | The IP address Fly.io accepted a connection from |
-| `X-Forwarded-For` | A comma separated list of proxy servers the request passed through. MDN has [full documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) for this header |
-| `X-Forwarded-Proto` | Original client protocol, either `http` or `https` |
-| `X-Forwarded-SSL` | Indicates if client connected over SSL, either `on` or `off` |
-| `X-Forwarded-Port` | Original connection port, header may be set by client |
-| `Fly-Forwarded-Port` | Original connection port, always set by Fly.io |
-| `Fly-Region` | Original incoming connection region |
-
-You can set a preference on HTTP requests for which region you would like to connect to:
-
-```
-Fly-Prefer-Region: region-code
-```
-
-### TLS
-
-The `TLS` middleware terminates TLS using Fly.io-managed application certificates, then forwards a plaintext connection to the application process. This is useful for running TCP services and offloading `TLS` to the Fly Proxy.
-
-For performance purposes, the Fly Proxy will terminate TLS on the host a client connects to, and then forward the connection to the nearest available application instance.
-
-_Note:_ the `TLS` handler includes ALPN negotiation for HTTP/2. When possible, applications will connect to these kinds of Fly.io services using HTTP/2, and we will forward an unencrypted HTTP/2 connection (`h2c`) to the application process.
-
-### Postgres connections
-
-The `pg_tls` handler manages Postgres connections, so that you can expose your Postgres databases over the proxy securely. Some interesting notes by @glebarez on why standard TLS termination won't work for Postgres: https://github.com/glebarez/pgssl#readme
-
-### PROXY protocol
-
-The `proxy_proto` handler adds information about the original connection, including client IP + port and server IP + port (from the client's perspective). Most applications need additional logic to accept the proxy protocol, either using a prebuilt library or implementing the [proxy protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) directly. 
-
-Fly.io supports version 1 (human-readable header format) of the PROXY protocol by default with the `proxy_proto` handler. You can configure the `proxy_proto` handler to use version 2 (binary header format) in the [`services.ports.proxy_proto_options`](/docs/reference/configuration/#services-ports-proxy_proto_options) section of your `fly.toml` file.
-
-## HTTP to HTTPS redirects
-
-The `force_https` configuration option automatically redirects HTTP to HTTPS. When enabled, all HTTP requests return a redirect response with a `301` status code. This option can only be set on HTTP handlers - deployments will fail if set on other handlers.
-
-## Outbound IP addresses
-
-VMs have IPv6 addresses from which they make requests to the wider Internet without going through the Fly Proxy.
-
-We don’t offer static IPs or regional IP ranges, and we discourage the use of our outbound IPs to bypass firewalls. A VM's outbound IP is liable to change without notice. This shouldn't be a daily occurrence, but it will happen if a VM is moved for whatever reason, whether it's Nomad moving an allocation or load-balancing of Fly Machines between servers in one region.
-
-If you depend on knowing this address for some reason, it's up to you to monitor it for changes.
-
-### Find your VM's outbound IP
-
-Use `fly ssh console -s` to get an interactive shell on the VM of your choice, and call out to an external service that'll tell you your IP. For example:
-
-```
-/ # curl text.ipv6.wtfismyip.com
-2605:4c40:92:520a:0:8c93:3d8a:1
-```
-
-or
-
-```
-/ # dig +short txt o-o.myaddr.l.google.com @ns1.google.com
-"2605:4c40:92:520a:0:8c93:3d8a:1"
-```
-
-So this VM's outbound IPv6 address is `2605:4c40:92:520a:0:8c93:3d8a:1`.
-
-You may have to install software on the VM to use `dig` or `curl`. On Debian, `dig` belongs to the `dnsutils` package.
diff --git a/reference/supabase.html.md b/reference/supabase.html.md
deleted file mode 100644
index 302a8c962b..0000000000
--- a/reference/supabase.html.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Supabase Postgres
-layout: docs
-sitemap: false
-status: beta
-nav: firecracker
----
-
-[Supabase](https://supabase.com) partnered with Fly.io to offer fully managed Postgres databases hosted on Fly.io infrastructure. Using Supabase Postgres ensures low latency database access in all Fly.io regions.
-
-## Pricing and Billing
-
-Supabase offers one free, resource-limited database per Fly.io organization. After that, all databases are billed on pay-as-you-go basis under the [Supabase Pro plan](https://supabase.com/pricing#compare-plans). Check the official [Supabase Pricing](https://supabase.com/pricing) page for details.
-
-Your database usage charges and plan fees will show up on your monthly Fly.io bill. You can track database usage details in the [Supabase web console](#the-supabase-web-console).
-
-## Create and manage a Supabase Postgres database
-
-Creating and managing databases happens exclusively via the [Fly CLI](/docs/hands-on/install-flyctl/). Install it, then [signup for a Fly account](https://fly.io/docs/getting-started/log-in-to-fly/).
-
-Once provisioned, the database primary region cannot be changed.
-
-```cmd
-flyctl ext supabase create
-```
-```output
-? Select Organization: soupedup (soupedup)
-? Choose a name, use the default, or leave blank to generate one:
-? Choose the primary region (can't be changed later) Miami, Florida (US) (mia)
-Your Supabase database (icy-wind-1879) in mia is ready. See details and next steps with:
-
-Set one or more of the following secrets on your target app.
-POSTGRES_URL: postgres://postgres:password@db.kworhjwenfroqhegh.supabase.co:5432/postgres?sslmode=disable
-```
-
-### The Supabase web console
-
-To view more details about database usage, connection strings, and more, use:
-
-```cmd
-flyctl ext supabase dashboard <database_name>
-```
-
-Or, visit your organization-level overview for billing and organization settings:
-
-```cmd
-flyctl ext supabase dashboard --org <org_name>
-```
-
-### List your databases and view status
-Get a list of all of your Supabase databases.
-
-```cmd
-flyctl ext supabase list
-```
-```output
-NAME                  	ORG          	PRIMARY REGION
-js-supabase-staging-db	fly-ephemeral	mad
-late-surf-5384        	fly-ephemeral mad
-```
-
-Note the database name, then fetch its status.
-
-```cmd
-fly ext supabase status late-waterfall-1133
-```
-```output
-Redis
-  ID             = aaV829vaMVDGbi5
-  Name           = late-waterfall-1133
-  App            = myapp
-```
-
-### Delete a Supabase database
-
-Deleting can't be undone. Be careful!
-
-```cmd
-fly ext supabase destroy wispy-resonance-270
-```
-```output
-Destroying a Supabase database is not reversible.
-? Destroy Supabase database wispy-resonance-270? Yes
-Your Supabase database wispy-resonance-270 was destroyed
-```
\ No newline at end of file
diff --git a/reference/suspend-resume.html.md b/reference/suspend-resume.html.md
new file mode 100644
index 0000000000..54dab5eb3f
--- /dev/null
+++ b/reference/suspend-resume.html.md
@@ -0,0 +1,209 @@
+---
+title: Machine Suspend and Resume
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-08-15
+---
+
+**Machine suspend** lets you pause a running Fly Machine and save its complete state, including memory, to persistent storage. When resumed, the machine picks up exactly where it left off, without rebooting the OS or restarting your app. That can make startup take just **hundreds of milliseconds** instead of multiple seconds.
+
+You can think of suspend as what a laptop does when you close the lid, except your “laptop” is a microVM running in, say, `dfw` or `fra` or `syd`.
+
+## How it works
+
+Suspend uses [Firecracker snapshots](https://firecracker-microvm.github.io/) to capture the entire VM state: CPU registers, memory contents, open file handles. When you start a suspended machine, Fly restores from this snapshot instead of cold booting.
+
+**Typical performance:**
+
+- Resume from suspend: a few hundred ms
+- Cold start: ~2+ seconds for common apps
+- TCP connections may survive if the remote side keeps them open
+
+---
+
+## Using Suspend
+
+### Manually
+
+```bash
+# Suspend a machine
+fly machine suspend <machine-id>
+
+# Check status (running, suspending, suspended, etc.)
+fly machine status <machine-id>
+
+# Resume from snapshot
+fly machine start <machine-id>
+
+# Force a cold start (discard snapshot)
+fly machine stop <machine-id>
+fly machine start <machine-id>
+```
+
+### Automatically via Fly Proxy
+
+Configure in `fly.toml`:
+
+```
+[http_service]
+  auto_stop_machines = "suspend"  # or "stop"
+  auto_start_machines = true
+  
+  [[http_service.concurrency]]
+    type = "requests"
+    soft_limit = 25
+```
+
+The proxy will automatically suspend machines during low traffic, checking for idle periods every few minutes, and resume them when requests arrive.
+
+### Machines API
+
+```
+# Suspend
+POST /v1/apps/{app_name}/machines/{machine_id}/suspend
+
+# Wait for suspension to complete
+GET /v1/apps/{app_name}/machines/{machine_id}/wait?state=suspended
+
+# Resume (standard start endpoint)
+POST /v1/apps/{app_name}/machines/{machine_id}/start
+```
+
+Generally, you need an API token to use the Machines API. But if you're just suspending _your own_ machine, you can skip the token and hit the `/.fly/api` Unix socket directly:
+
+```bash
+$ curl --unix-socket /.fly/api -X POST \
+  http://flaps/v1/apps/$FLY_APP_NAME/machines/$FLY_MACHINE_ID/suspend
+```
+
+---
+
+## Requirements
+
+A machine can use suspend if it has:
+
+- **≤ 2 GB** memory (For larger memory sizes, suspend is discouraged due to increased suspend times)
+- **No** [**swap**](https://fly.io/docs/reference/configuration/#swap_size_mb-option) **configured**
+- **No** [**schedule**](https://fly.io/docs/machines/flyctl/fly-machine-run/#start-a-machine-on-a-schedule) **configured** 
+- **No GPU configured**
+- Been updated since **June 20, 2024 20:00 UTC**
+
+If you have an older machine, or you’re not sure when it was last updated, you can bring it up to date with:
+
+```bash
+fly machine update <machine-id> --yes 
+```
+
+This updates the machine in place to the latest supported configuration for suspend, without changing your app code or image.
+
+---
+
+## Limitations and considerations
+
+- Suspend is not currently recommended for large machine memory sizes (> 2 GB)
+- Suspending many machines at once is not recommended
+- Some logs may be lost after resume
+- Unlike stop, suspend **does not** reset the machine's `rootfs` 
+- On resume, the clock can lag a few seconds until NTP syncs
+
+<div class="callout">
+Always design for both resume and cold start paths.
+</div>
+
+---
+
+## Snapshot behavior with suspend
+
+<div class="warning icon">
+Snapshots are tied to the exact code and state of the machine they were taken from. If you deploy new code, the old snapshot can’t be resumed safely and will be discarded.
+</div>
+
+**Snapshots** **aren’t guaranteed to persist.** Cold starts may happen if:
+
+- **You deploy a new version of your app** — deployments rebuild the machine image, which invalidates the old snapshot. Since a snapshot is a literal memory dump of the _old_ process, resuming it after you’ve swapped in new code or dependencies would be unsafe and unpredictable.
+- The machine is migrated to a different host
+- The snapshot file is lost or corrupted — Hardware failures, space reclamation, or corruption can cause them to be deleted
+- We perform system maintenance or updates
+
+---
+
+## Handling Network Connections After Resume
+
+On resume, the machine thinks its network connections are still live. External systems (databases, APIs) may disagree.
+
+Common symptoms:
+
+- `ECONNRESET`
+- "Connection closed"
+- Timeouts on first request
+- Database pool errors
+
+**Fix:** Reconnect on failure.
+
+Example (Python + DB):
+
+```python
+try:
+    result = db.execute(query)
+except (ConnectionError, OperationalError):
+    db.reconnect()
+    result = db.execute(query)
+```
+
+Tips:
+
+- Use connection pools with disconnect handling (see this excellent [SQLAlchemy guide](https://docs.sqlalchemy.org/en/20/core/pooling.html#dealing-with-disconnects))
+- Shorten connection timeouts to fail fast
+- Use retry/backoff for HTTP clients
+- Test after long suspensions
+
+---
+
+## Billing
+
+Suspended machines cost the same as stopped machines: storage only. There are no CPU/RAM charges.
+
+---
+
+## Monitoring & Debugging
+
+```bash
+fly machine status <machine-id>
+```
+
+States:
+
+- `running`
+- `suspending`
+- `suspended`
+- `starting` (resume or cold start)
+- `stopped`
+
+If machines cold start unexpectedly:
+
+- Check requirements
+- Confirm no migrations or deployments occurred
+- Check logs for suspend/resume events
+
+Test cold start:
+
+```bash
+fly machine stop <machine-id>
+fly machine start <machine-id>
+```
+
+---
+
+## Availability
+
+Suspend works in **all Fly.io regions** as of July 2024.
+
+---
+
+**Related reading:**
+
+- [Autostop & Autostart](/docs/launch/autostop-autostart/)
+- [Fly Proxy Config](/docs/reference/fly-proxy-autostop-autostart/)
+- [Scaling Machines](/docs/apps/scale-count/)
+- [Machines API](https://docs.machines.dev/)
diff --git a/reference/tls.html.md b/reference/tls.html.md
deleted file mode 100644
index 604752a1b5..0000000000
--- a/reference/tls.html.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: TLS Support
-layout: docs
-nav: firecracker
----
-
-The Fly proxy only supports TLSv1.2 and TLSv1.3 with strong ciphers.
-
-## Supported Cipher Suites
-
-These suites give us broad, secure coverage. We do not support very old browsers.
-
-```
-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-TLS_CHACHA20_POLY1305_SHA256
-TLS_AES_128_GCM_SHA256
-TLS_AES_256_GCM_SHA384
-```
-
-You can always get an updated list of supported ciphers from [these test results](https://www.ssllabs.com/ssltest/analyze.html?d=fly.io&s=2a09%3a8280%3a1%3a0%3a0%3a0%3aa%3a791&hideResults=on&latest).
diff --git a/reference/volumes.html.markerb b/reference/volumes.html.markerb
deleted file mode 100644
index 7cceeb3462..0000000000
--- a/reference/volumes.html.markerb
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Fly Volumes overview
-layout: docs
-nav: firecracker
-order: 20
----
-
-Apps can store only ephemeral data on the root file systems of their Machines, because a Machine’s file system gets rebuilt from scratch each time you deploy your app, or when the Machine is restarted. 
-
-Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). You can access and write to a volume on a Machine just like a regular directory. Use volumes to store your database files, to save your app's state, such as configuration and session or user data, or for any information that needs to persist after deploy or restart.
-
-A Fly Volume is a slice of an NVMe drive on the physical server your Fly App runs on. It's tied to that hardware. Fly Volumes are a lot like the disk inside your laptop, with the speed and simplicity advantage of being attached to your motherboard and accessible from a mount point in your file system. And the disadvantages that come with being tied to that hardware, too.
-
-## Volume considerations
-
-* **A volume belongs to one app**: Every Fly Volume belongs to a [Fly App](/docs/reference/apps/) and you can't share a volume between apps.
-* **A volume exists in one region**: A volume exists in only one region. Only a Machine running in the same region can access it.
-* **A volume can attach to one Machine**: You need to run as many volumes as there are Machines. There's a one-to-one mapping between Machines and volumes. A Machine can only mount one volume at a time and a volume can be attached to only one Machine.
-* **Develop your app to handle replication**: Volumes are independent of one another; Fly.io does not automatically replicate data among the volumes on an app, so if you need the volumes to sync up, then your app has to make that happen.
-* **Create redundancy in your primary region**: If your app needs a volume to function, and the NVMe drive hosting your volume fails, then that instance of your app goes down. There's no way around that. You can run multiple Machines with volumes in your app's primary region to mitigate hardware failures.
-* **Create and store backups**: If you only have a single copy of your data on a single volume, and that drive fails, then the data is lost. Fly.io takes daily snapshots and retains them for 5 days, but the snapshots shouldn't be your primary backup method.
-
-Explore other options for data storage in [Databases & Storage](/docs/database-storage-guides/).
-
-## Volume redundancy
-
-<div class="important icon">
-<b>Important: Always run at least two volumes per app.</b> We usually recommend running at least two Machines per app to increase availability, and if you're using volumes, then each machine should have an attached volume. If you only have one Machine and volume, then you'll have downtime if there's a host or network failure, and whenever you deploy your app. Also remember that volumes don't have built-in replication between them.
-</div>
-
-In a few cases, you can run a single Machine with an attached volume. For example, if you're running an app with a standard SQLite database, or your app is in development and you're not yet worried about downtime.
-
-Many developers use volumes for databases, so if possible, each volume you create for your app is placed in a separate hardware zone by default. Note that having each volume in a separate hardware zone limits the number of volumes your app can have in a region. You can configure this setting with the `--require-unique-zone` option when you run [`fly volumes create`](/docs/flyctl/volumes-create/).
-
-## Volumes and regions
-
-Volumes exist in a single [region](/docs/reference/regions/). For redundancy within a region, you can run multiple Machines with attached volumes by creating multiple volumes with the same name. For example, creating three volumes named `myapp_data` would let up to three instances of the app start up and run. Every volume has a unique ID to allow for multiple volumes with the same name. Remember that volumes don't automatically replicate data between them.
-
-## Volume encryption
-
-Volumes are, by default, created with encryption-at-rest enabled for additional protection of the data on the volume. Use `--no-encryption` to instead create an unencrypted volume for improved performance at deployment and runtime.
-
-## Volume size
-
-The default volume size is 3GB when you create a volume with the `fly volumes create` command, and when you use the `fly launch` command to [launch an app with a volume](/docs/apps/volume-storage/#launch-a-new-app-with-a-fly-volume). The maximum volume size is 500GB.
-
-You can extend a volume's size&mdash;either [manually](/docs/apps/volume-manage/#extend-a-volume) or [automatically](/docs/reference/configuration/#the-mounts-section)&mdash;to make it larger, but you can't shrink a volume.
-
-## Volume forks
-
-When you [fork a volume](/docs/apps/volume-manage/#create-a-copy-of-a-volume-fork-a-volume), you create a new volume with an exact copy of the data from the source volume to use for testing, backups, or whatever you like. The new volume is in the same region, but on a different physical host, and is not attached to a Machine. The new volume and the source volume are independent, and changes to their contents are not synchronized.
-
-## Volume snapshots
-
-Fly.io takes daily block-level snapshots of volumes. We keep snapshots for five days. You can [restore a volume snapshot](/docs/apps/volume-manage/#restore-a-volume-from-a-snapshot) into a new volume of equal or greater size. Snapshots may not have your latest data. You should still implement your own backup plan for important data.
-
-## Related topics
-
-- [Add volume storage](/docs/apps/volume-storage/)
-- [Manage volume storage](/docs/apps/volume-manage/)
-- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/retired-launcher.html.md b/retired-launcher.html.md
index c27067b173..ac15c38a96 100644
--- a/retired-launcher.html.md
+++ b/retired-launcher.html.md
@@ -7,7 +7,7 @@ toc: false
 
 We've retired our web-based launchers for individual apps like Jupyter and code-server. You can launch these apps yourself, with the `fly launch` command. Apps that have their own official Docker images are especially convenient. Here are a couple of places to start:
 
-[Speedrun: Launch on Fly.io](/docs/speedrun/)
+[Speedrun: Launch on Fly.io](/docs/getting-started/launch/)
 
 [Deploy via Dockerfile](/docs/languages-and-frameworks/dockerfile/)
 
diff --git a/rust/frameworks.html.markerb b/rust/frameworks.html.markerb
new file mode 100644
index 0000000000..436c5dbdcb
--- /dev/null
+++ b/rust/frameworks.html.markerb
@@ -0,0 +1,11 @@
+---
+title: Rust Framework Guides
+layout: framework_docs_overview
+toc: false
+order: 4
+---
+
+
+<p>Each one of the language guides will take you through creating and deploying a simple application.</p>
+
+<p>If you don't see a framework supported here that you'd like to run on Fly.io, <%=link_to "tell us in the Community", "https://community.fly.io/" %>.</p>
diff --git a/rust/frameworks/actix-web.html.markerb b/rust/frameworks/actix-web.html.markerb
new file mode 100644
index 0000000000..817eee1994
--- /dev/null
+++ b/rust/frameworks/actix-web.html.markerb
@@ -0,0 +1,62 @@
+---
+title: "Run an Actix Web App"
+layout: framework_docs
+objective: Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust
+redirect_from:
+ - /docs/languages-and-frameworks/actix-web/
+ - /docs/getting-started/actix-web/
+order: 2
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Actix Web", link: "https://actix.rs/" } %>
+
+Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust
+
+Deploying an Actix Web app on Fly.io is easy-peasy! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "actix-web" }  %>
+
+
+## _Deploy an Actix Web App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "actix-web" }  %>
+
+Then we have to add the `actix-web` dependency to the project:
+
+```cmd
+cargo add actix-web
+```
+
+Now, let's create a simple app in `src/main.rs`:
+
+```rust
+use actix_web::{get, App, HttpServer, Responder};
+
+#[get("/")]
+async fn hello() -> impl Responder {
+    format!("Hello from fly.io!")
+}
+
+#[actix_web::main] // or #[tokio::main]
+async fn main() -> std::io::Result<()> {
+    HttpServer::new(|| {
+        App::new().service(hello)
+    })
+    .bind(("0.0.0.0", 8080))?
+    .run()
+    .await
+}
+```
+
+This will display a "Hello from fly.io!" message when you visit the root URL.
+Take note that we serve the app on port `8080`.
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8080`.
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "actix-web" }  %>
diff --git a/rust/frameworks/axum.html.markerb b/rust/frameworks/axum.html.markerb
new file mode 100644
index 0000000000..dcbd036952
--- /dev/null
+++ b/rust/frameworks/axum.html.markerb
@@ -0,0 +1,56 @@
+---
+title: "Run an Axum App"
+layout: framework_docs
+objective: Axum is a web application framework that focuses on ergonomics and modularity.
+redirect_from:
+ - /docs/languages-and-frameworks/axum/
+ - /docs/getting-started/axum/
+order: 1
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Axum", link: "https://docs.rs/axum/latest/axum/" } %>
+
+Axum is a web application framework that focuses on ergonomics and modularity.
+
+Deploying an Axum app on Fly.io is really straightforward! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "axum" }  %>
+
+## _Deploy an Axum App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "axum" }  %>
+
+
+Then we have to add some dependencies to the project:
+
+```cmd
+cargo add axum
+cargo add tokio -F macros -F rt-multi-thread
+```
+
+Now, let's create a simple Axum app in `src/main.rs`:
+
+```rust
+use axum::{routing::get, Router};
+
+#[tokio::main]
+async fn main() {
+    let app = Router::new().route("/", get(|| async { "Hello from fly.io!" }));
+    let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap();
+    axum::serve(listener, app).await.unwrap();
+}
+```
+
+This will display a "Hello from fly.io!" message when you visit the root URL.
+Take note that we serve the app on port `8080`.
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8080`.
+
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "axum" }  %>
diff --git a/rust/frameworks/dioxus-liveview.html.markerb b/rust/frameworks/dioxus-liveview.html.markerb
new file mode 100644
index 0000000000..c2e2b3118b
--- /dev/null
+++ b/rust/frameworks/dioxus-liveview.html.markerb
@@ -0,0 +1,76 @@
+---
+title: "Run a Dioxus Liveview App"
+layout: framework_docs
+objective: Dioxus Liveview allows apps to run on the server and render in the browser. It uses WebSockets to communicate between the server and the browser.
+redirect_from:
+ - /docs/languages-and-frameworks/dioxus-liveview/
+ - /docs/getting-started/dioxus-liveview/
+order: 6
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Dioxus Liveview", link: "https://dioxuslabs.com/learn/0.6/getting_started/" } %>
+
+Dioxus Liveview allows apps to run on the server and render in the browser. It uses WebSockets to communicate between the server and the browser.
+
+Bring Liveview app to life on Fly.io is a breeze! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "dioxus-liveview" }  %>
+
+## _Deploy a Dioxus Liveview App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "dioxus-liveview" }  %>
+
+
+Then we have to add some dependencies to the project:
+
+```cmd
+cargo add dioxus axum
+cargo add dioxus-liveview
+cargo add tokio -F full
+```
+
+Now, let's create a simple count incrementing app in `src/main.rs`:
+
+```rust
+use axum::Router;
+use dioxus::prelude::*;
+use dioxus_liveview::LiveviewRouter;
+
+fn app() -> Element {
+    let mut num = use_signal(|| 0);
+
+    rsx! {
+        div {
+            "hello axum! {num}"
+            button { onclick: move |_| num += 1, "Increment" }
+        }
+    }
+}
+
+#[tokio::main]
+async fn main() {
+    let addr: std::net::SocketAddr = ([0, 0, 0 ,0], 8080).into();
+
+    let app = Router::new().with_app("/", app);
+
+    println!("Listening on http://{addr}");
+
+    let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
+    axum::serve(listener, app.into_make_service())
+        .await
+        .unwrap();
+}
+```
+
+This will display a counter that can be incremented using a button. The value will be updated over a websocket. 
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8080`.
+
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "dioxus-liveview" }  %>
diff --git a/rust/frameworks/poem.html.markerb b/rust/frameworks/poem.html.markerb
new file mode 100644
index 0000000000..9686e56598
--- /dev/null
+++ b/rust/frameworks/poem.html.markerb
@@ -0,0 +1,61 @@
+---
+title: "Run a Poem App"
+layout: framework_docs
+objective: Poem is a full-featured and easy-to-use web framework with the Rust programming language.
+redirect_from:
+ - /docs/languages-and-frameworks/poem/
+ - /docs/getting-started/poem/
+order: 5
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Poem", link: "https://docs.rs/poem/latest/poem/" } %>
+
+Poem is a full-featured and easy-to-use web framework with the Rust programming language.
+
+Deploying a Poem app on Fly.io is simple! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "poem" }  %>
+
+
+## _Deploy a Poem App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "poem" }  %>
+
+Then we have to add some dependencies to the project:
+
+```cmd
+cargo add poem
+cargo add tokio -F macros -F rt-multi-thread
+```
+
+Now, let's create a simple app in `src/main.rs`:
+
+```rust
+use poem::{get, handler, listener::TcpListener, Route, Server};
+
+#[handler]
+fn hello() -> String {
+    format!("hello from fly.io!")
+}
+
+#[tokio::main]
+async fn main() -> Result<(), std::io::Error> {
+    let app = Route::new().at("/", get(hello));
+    Server::new(TcpListener::bind("0.0.0.0:8080"))
+        .run(app)
+        .await
+}
+```
+
+This will display a "Hello from fly.io!" message when you visit the root URL.
+Take note that we serve the app on port `8080`.
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8080`.
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "poem" }  %>
diff --git a/rust/frameworks/rocket.html.markerb b/rust/frameworks/rocket.html.markerb
new file mode 100644
index 0000000000..7458778726
--- /dev/null
+++ b/rust/frameworks/rocket.html.markerb
@@ -0,0 +1,57 @@
+---
+title: "Run a Rocket App"
+layout: framework_docs
+objective: Rocket is a web framework for Rust that makes it simple to write fast, type-safe, secure web applications with incredible usability, productivity and performance.
+redirect_from:
+ - /docs/languages-and-frameworks/rocket/
+ - /docs/getting-started/rocket/
+order: 4
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Rocket", link: "https://rocket.rs/" } %>
+
+Rocket is a web framework for Rust that makes it simple to write fast, type-safe, secure web applications with incredible usability, productivity and performance.
+
+Launching a Rocket app on Fly.io is painless! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "rocket" }  %>
+
+
+## _Deploy a Rocket App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "rocket" }  %>
+
+Then we have to add the `rocket` dependency to the project:
+
+```cmd
+cargo add rocket
+```
+
+Now, let's create a simple app in `src/main.rs`:
+
+```rust
+#[macro_use] extern crate rocket;
+
+#[get("/")]
+fn index() -> &'static str {
+    "Hello from fly.io!"
+}
+
+#[launch]
+fn rocket() -> _ {
+    rocket::build().mount("/", routes![index])
+}
+```
+
+This will display a "Hello from fly.io!" message when you visit the root URL.
+Take note that we serve the app on host `127.0.0.1` and port `8000`, these are the defaults for `rocket`. When deploying the app these defaults will be overridden using environment variables which you can find in the `fly.toml`.
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8000`.
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "rocket" }  %>
diff --git a/rust/frameworks/warp.html.markerb b/rust/frameworks/warp.html.markerb
new file mode 100644
index 0000000000..054848acf1
--- /dev/null
+++ b/rust/frameworks/warp.html.markerb
@@ -0,0 +1,57 @@
+---
+title: "Run a Warp App"
+layout: framework_docs
+objective: Warp is a super-easy, composable, web server framework for warp speeds.
+redirect_from:
+ - /docs/languages-and-frameworks/warp/
+ - /docs/getting-started/warp/
+order: 3
+---
+
+
+<%= partial "/docs/languages-and-frameworks/partials/intro", locals: { runtime: "Warp", link: "https://docs.rs/warp/latest/warp/" } %>
+
+Warp is a super-easy, composable, web server framework for warp speeds.
+
+Deploying a Warp app on Fly.io happens at the speed of light! With the help of the [cargo chef](https://github.com/LukeMathWalker/cargo-chef), we get great build times and small images.
+
+## _Speedrun_
+
+<%= partial "/docs/languages-and-frameworks/partials/flyctl" %>
+
+<%= partial "/docs/rust/partials/speedrun", locals: { runtime: "warp" }  %>
+
+
+## _Deploy a Warp App from scratch_
+
+<%= partial "/docs/rust/partials/cargo-new", locals: { runtime: "warp" }  %>
+
+Then we have to add some dependencies to the project:
+
+```cmd
+cargo add warp
+cargo add tokio -F full
+```
+
+Now, let's create a simple Warp app in `src/main.rs`:
+
+```rust
+use warp::Filter;
+
+#[tokio::main]
+async fn main() {
+    let hello = warp::path::end().map(|| "Hello from fly.io");
+
+    warp::serve(hello)
+        .run(([0, 0, 0, 0], 8080))
+        .await;
+}
+```
+
+This will display a "Hello from fly.io!" message when you visit the root URL.
+Take note that we serve the app on port `8080`.
+
+We can confirm everything works fine by running `cargo run` and checking out `http://localhost:8080`.
+
+
+<%= partial "/docs/rust/partials/deploy", locals: { runtime: "warp" }  %>
diff --git a/rust/index.html.md b/rust/index.html.md
new file mode 100644
index 0000000000..5c62bfe8bd
--- /dev/null
+++ b/rust/index.html.md
@@ -0,0 +1,24 @@
+---
+title: Rust on Fly.io
+layout: framework_docs
+toc: false
+redirect_from: 
+  - /docs/languages-and-frameworks/rust/
+  - /docs/getting-started/rust/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/rust.png" alt="Illustration by Annie Ruygt of a crab sitting on a rock" class="w-full max-w-lg mx-auto">
+</figure>
+
+Fly is a great place to launch your Rust applications, especially if you plan on running them on multiple servers around the world so your users have a fast, snappy, low-latency experience.
+
+If you have questions or comments about running Rust applications on Fly.io, create a new topic in our [community forum](https://community.fly.io/) and tag it with "rust" so the right people can give you the support you need. 
+
+## Getting Started
+
+Run through the [Axum Speedrun](/docs/rust/frameworks/axum) to get a feel for what it's like to deploy to Fly.io.
+
+## The Basics
+
+[The Basics](/docs/rust/the-basics/) covers everything you need to set up, run, and manage production Rust apps on Fly.io. These documents also identify some common problems you may encounter and provide some pointers on how to resolve them.
diff --git a/rust/partials/_cargo-new.html.erb b/rust/partials/_cargo-new.html.erb
new file mode 100644
index 0000000000..19e46b172d
--- /dev/null
+++ b/rust/partials/_cargo-new.html.erb
@@ -0,0 +1,6 @@
+If you don't already have an existing Axum application, you can create one with `cargo`:
+
+```cmd
+cargo new <%= runtime %>-on-fly
+cd <%= runtime %>-on-fly
+```
\ No newline at end of file
diff --git a/rust/partials/_deploy.html.erb b/rust/partials/_deploy.html.erb
new file mode 100644
index 0000000000..7424228984
--- /dev/null
+++ b/rust/partials/_deploy.html.erb
@@ -0,0 +1,40 @@
+And with that you can deploy the app!
+
+```cmd
+fly launch
+```
+
+```output
+Scanning source code
+Detected a <%= runtime.titleize %> app
+Warning: This organization has no payment method, turning off high availability
+Creating app in [redacted]/<%= runtime %>-on-fly
+We're about to launch your app on Fly.io. Here's what you're getting:
+
+Organization: Your Name              (fly launch defaults to the personal org)
+Name:         [app-name]             (derived from your directory name)
+Region:       Amsterdam, Netherlands (this is the fastest region for you)
+App Machines: shared-cpu-1x, 1GB RAM (most apps need about 1GB of RAM)
+Postgres:     <none>                 (not requested)
+Redis:        <none>                 (not requested)
+Sentry:       false                  (not requested)
+
+...
+
+==> Building image
+...
+==> Building image with Docker
+...
+
+Watch your deployment at https://fly.io/apps/[app-name]/monitoring
+...
+
+Visit your newly deployed app at https://[app-name].fly.dev/
+```
+
+This will generate a `fly.toml` file with the configuration for your app and a Dockerfile that uses [cargo chef](/docs/rust/the-basics/cargo-chef).
+Refer to the [fly.toml docs](https://fly.io/docs/reference/configuration/) for more configuration options.
+
+To deploy a new version of your app, simply run `fly deploy` in the project directory.
+
+You can check out the full (yet minimal) example in [this GitHub repository](https://github.com/superfly/rust-templates/tree/<%= runtime %>) for a reference.
\ No newline at end of file
diff --git a/rust/partials/_speedrun.html.erb b/rust/partials/_speedrun.html.erb
new file mode 100644
index 0000000000..ed9f2fd836
--- /dev/null
+++ b/rust/partials/_speedrun.html.erb
@@ -0,0 +1,7 @@
+The fastest way to get a basic <%= runtime.titleize %> server on Fly.io is to use our <%= runtime %> template:
+
+```cmd
+git clone --single-branch --branch <%= runtime %> git@github.com:superfly/rust-templates.git <%= runtime %>-app
+cd <%= runtime %>-app
+fly launch --generate-name
+```
\ No newline at end of file
diff --git a/rust/the-basics.html.md b/rust/the-basics.html.md
new file mode 100644
index 0000000000..6a0afa1dac
--- /dev/null
+++ b/rust/the-basics.html.md
@@ -0,0 +1,22 @@
+---
+title: The Basics
+layout: framework_docs_overview
+toc: false
+order: 2
+---
+
+
+These guides will help you get through the basics of setting up your Rust application with pieces of infrastructure commonly found in the wild. Most Rust frameworks follow the same flow in terms of setup and vary only in their application code. For frameworks that also have a frontend component additional steps will be required.
+
+To develop Rust applications, you will need to setup the rust toolchain. We recommend using [rustup](https://rustup.rs/+external) to install these tools. 
+
+## Install flyctl and log in
+
+In order to start working with Fly.io, you will need `flyctl`, our CLI app for managing apps. If you've already installed it, carry on. If not, hop over to [our installation guide](/docs/flyctl/install/). Once that's installed you'll want to [log in to Fly](/docs/getting-started/sign-up-sign-in/).
+
+For most popular frameworks you can deploy your app with just one command: 
+
+```cmd
+fly launch
+```
+
diff --git a/rust/the-basics/cargo-chef.html.md b/rust/the-basics/cargo-chef.html.md
new file mode 100644
index 0000000000..981d8479d1
--- /dev/null
+++ b/rust/the-basics/cargo-chef.html.md
@@ -0,0 +1,35 @@
+---
+title: Cargo Chef
+layout: framework_docs
+objective: Cargo Chef is a cargo extension that is commonly used in Dockerfiles for Rust apps. 
+order: 1
+---
+
+We model the Dockerfile for Rust projects after the cargo chef project. The reason for that is that the build images are very small and the builds are quick after the initial build.
+
+The image template looks something like this:
+
+```dockerfile
+FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
+WORKDIR /app
+
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM chef AS builder 
+COPY --from=planner /app/recipe.json recipe.json
+# Build dependencies - this is the caching Docker layer!
+RUN cargo chef cook --release --recipe-path recipe.json
+# Build application
+COPY . .
+RUN cargo build --release --bin [rust-app]
+
+# We do not need the Rust toolchain to run the binary!
+FROM debian:bookworm-slim AS runtime
+WORKDIR /app
+COPY --from=builder /app/target/release/[rust-app] /usr/local/bin
+ENTRYPOINT ["/usr/local/bin/[rust-app]"] 
+```
+
+You can read more about cargo chef on the [GitHub Repository](https://github.com/LukeMathWalker/cargo-chef+external).
\ No newline at end of file
diff --git a/security/arcjet.html.md b/security/arcjet.html.md
new file mode 100644
index 0000000000..9470f7893b
--- /dev/null
+++ b/security/arcjet.html.md
@@ -0,0 +1,172 @@
+---
+title: Application Security by Arcjet
+layout: docs
+sitemap: true
+nav: firecracker
+redirect_from: /docs/reference/arcjet/
+---
+
+[Arcjet](https://arcjet.com) is a security layer that allows developers to protect their apps with just a few lines of code. Implement rate limiting, bot protection, email validation, and defense against common attacks.
+
+Arcjet is installed as a dependency in your application and doesn't require an agent or any additional infrastructure. The SDK is currently available for JS applications, with support for other languages coming soon.
+
+<aside class="callout">
+This service is in **beta**. We consider it ready for production, but we may make breaking changes to the SDK. These will be announced in the [GitHub changelog](https://github.com/arcjet/arcjet-js/releases).
+</aside>
+
+## Get started
+
+A quick way to see what Arcjet can do is to deploy [the example app](https://github.com/arcjet/arcjet-example-nextjs-fly). It's also available at [example.arcjet.com](https://example.arcjet.com).
+
+Clone the GitHub repository:
+
+```cmd
+git clone git@github.com:arcjet/arcjet-example-nextjs-fly.git
+```
+
+Set up a new Fly app:
+
+```cmd
+fly launch --no-deploy
+```
+
+This command will generate a `Dockerfile` and a `fly.toml` for you.
+
+Create an Arcjet account and link it to your Fly app:
+
+```cmd
+fly ext arcjet create
+```
+
+This will:
+
+* Create an Arcjet account linked to your Fly account.
+* Create an Arcjet team mapped to your Fly organization.
+* Create an Arcjet site for your Fly application.
+* Set `ARCJET_KEY` as a secret on your Fly application.
+
+Deploy to Fly:
+
+```cmd
+fly deploy
+```
+
+Open your app in your browser and try the features.
+
+Review the request details in your Arcjet dashboard:
+
+```cmd
+fly ext arcjet dashboard
+```
+
+## Run locally
+
+Arcjet protections run locally as well as when deployed to Fly. This makes it easy to test and debug security rules.
+
+Assuming you have already cloned [the example](https://github.com/arcjet/arcjet-example-nextjs-fly) and linked Arcjet to your Fly app (see above):
+
+Log into your Arcjet dashboard to get the `ARCJET_KEY` for your app.
+
+```cmd
+fly ext arcjet dashboard
+```
+
+Install dependencies:
+
+```cmd
+npm ci
+```
+
+Rename `.env.local.example` to `.env.local` and add your Arcjet key. If you
+want to test the rate limiting authentication, you will also need to add an
+Auth.js secret and [create a GitHub OAuth
+app](https://authjs.dev/guides/configuring-github).
+
+Start the dev server
+
+```cmd
+npm run dev
+```
+
+Open [http://localhost:3000](http://localhost:3000) in your browser.
+
+## Protecting your application with Arcjet
+
+Once you have set your `ARCJET_KEY` secret, you can start using Arcjet to protect your application:
+
+* [Bun](https://docs.arcjet.com/get-started/bun)
+* [Next.js](https://docs.arcjet.com/get-started/nextjs)
+* [Node.js](https://docs.arcjet.com/get-started/nodejs)
+* [SvelteKit](https://docs.arcjet.com/get-started/sveltekit)
+
+### Node.js example
+
+You can also find this example [on GitHub](https://github.com/arcjet/arcjet-js/tree/main/examples/nodejs-rl).
+
+1. Install the Arcjet SDK:
+
+    ```cmd
+    npm i @arcjet/node
+    ```
+
+1. Add a rate limit to a route in `index.ts`:
+
+    ```ts
+    import arcjet, { tokenBucket } from "@arcjet/node";
+    import http from "node:http";
+
+    const aj = arcjet({
+      key: process.env.ARCJET_KEY!, // Set as a secret on your Fly app
+      rules: [
+        // Create a token bucket rate limit. Other algorithms are supported.
+        tokenBucket({
+          mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+          characteristics: ["userId"], // track requests by a custom user ID
+          refillRate: 5, // refill 5 tokens per interval
+          interval: 10, // refill every 10 seconds
+          capacity: 10, // bucket maximum capacity of 10 tokens
+        }),
+      ],
+    });
+
+    const server = http.createServer(async function (
+      req: http.IncomingMessage,
+      res: http.ServerResponse,
+    ) {
+      const userId = "user123"; // Replace with your authenticated user ID
+      const decision = await aj.protect(req, { userId, requested: 5 }); // Deduct 5 tokens from the bucket
+      console.log("Arcjet decision", decision);
+
+      if (decision.isDenied()) {
+        res.writeHead(429, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({ error: "Too Many Requests", reason: decision.reason }),
+        );
+      } else {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ message: "Hello world" }));
+      }
+    });
+
+    server.listen(8000);
+    ```
+
+1. Run your application:
+
+    ```cmd
+    npx tsx --env-file .env.local index.ts
+    ```
+
+Load the application and refresh the page a few times to see the rate limit in action.
+
+## Pricing
+
+See [the Arcjet pricing page](https://arcjet.com/pricing).
+
+## Support
+
+Email: <support@arcjet.com>
+
+Discord: [Join](https://arcjet.com/discord).
+
+See the Arcjet docs for the [full support policy](https://docs.arcjet.com/support).
diff --git a/security/index.html.markerb b/security/index.html.markerb
new file mode 100644
index 0000000000..20a163c50c
--- /dev/null
+++ b/security/index.html.markerb
@@ -0,0 +1,51 @@
+---
+title: Security
+layout: docs
+nav: firecracker
+toc: false
+---
+
+Securing a public cloud platform like Fly.io is a hard problem, and we take it seriously. The Fly.io platform comes with built-in security like hardware isolation, [private networking](/docs/networking/private-networking/) over WireGuard, and [TLS termination](/docs/networking/services/#tls-handler).
+
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/security.png" alt="Illustration by Annie Ruygt of a phoenix jumping with a motor bike" class="max-w-lg">
+</figure>
+
+## Organization and app security
+
+_Security for customer organizations and apps._
+
+- **[Organization Roles and Permissions](/docs/security/org-roles-permissions/):** Understand what Members and Admins can do in a Fly.io organization, and how to manage access safely.
+- **[Use SSO for organizations](/docs/security/sso/):** Set up org-wide Single Sign-on with Google or GitHub.
+- **[Remove a member from an organization](/docs/security/remove-org-member/):** Remove a user from an organization and take steps to help keep the organization secure.
+- **[Built-in TLS termination](/docs/security/tls-termination/):** You get TLS termination by default for your web apps.
+
+#### Security extensions
+
+_Security add-ons from our extension partners._
+
+- **[Application Security by Arcjet](/docs/security/arcjet/):** Use the Arcjet security layer to protect your JavaScript app with just a few lines of code.
+
+#### Tokens
+
+_Control access to your Fly.io organizations, apps, and Machines with tokens._
+
+- **[Access tokens](/docs/security/tokens/):** Use tokens to manage access to organizations and apps.
+- **[OpenID Connect](/docs/security/openid-connect/):** Use OpenID Connect (OIDC) to manage access to 3rd party services.
+
+---
+
+## Fly.io platform security
+
+_Fly.io corporate security, compliance, and shared responsibility._
+
+- **[Shared responsibility model](/docs/security/shared-responsibility/):** An overview of the separation of responsibilities for security on Fly.io.
+- **[Fly.io security practices and compliance overview](/docs/security/security-at-fly-io/):** Learn about our security practices for the Fly.io platform.
+
+---
+
+## Talk to the security team
+
+If you have a security question, concern, or believe you’ve found a vulnerability in any part of our infrastructure, please contact us. You can reach us at [**security@fly.io**](mailto:security@fly.io), and we can provide you with a Signal number if needed to convey sensitive information.
diff --git a/security/openid-connect.html.markerb b/security/openid-connect.html.markerb
new file mode 100644
index 0000000000..1666c5c7dd
--- /dev/null
+++ b/security/openid-connect.html.markerb
@@ -0,0 +1,126 @@
+---
+title: OpenID Connect
+layout: docs
+nav: firecracker
+redirect_from: /docs/reference/openid-connect/
+---
+
+<figure>
+  <img src="http://github.com/static/images/key-hole.png" alt="Illustration by Annie Ruygt of a key hole revealing a pink sky" class="max-w-lg">
+</figure>
+
+Fly Machines sometimes need to access 3rd-party services or cloud providers like AWS, Azure, or GCP. To authenticate against these 3rd parties, your Machines need to supply credentials such as a password or token to the cloud provider; usually these are stored as `fly secrets` and then passed into your Machine's environment variables.
+
+However this approach involves creating hardcoded long-lived credentials on the 3rd party platform and involves either managing a lot of tokens or sharing the same token across multiple apps.
+
+Using OpenID Connect (OIDC) allows for a more secure approach by using short-lived access tokens directly from 3rd party platforms. The only caveat is that the 3rd party platform  needs to support OIDC tokens and you need to establish a trust between Fly.io and the 3rd party. Providers which currently support OIDC include Amazon Web Services, Azure, Google Cloud Platform, and HashiCorp Vault, among others.
+
+## Benefits of OpenID Connect (OIDC)
+
+Adopting OIDC to manage access to 3rd party services allows your apps to easily use good security practices like:
+* No hardcoded credentials, these are often shared across Machines and apps. OIDC allows for every Machine to have its own credential.
+* Granular control over Machines access to 3rd party resources through leveraging the authentication (authN) and authorization (authZ) tools of the 3rd party.
+* Rotating credentials: credentials issued from 3rd parties are only valid for 15 minutes before they expire.
+
+## Understanding OpenID Connect
+
+Every request to the token endpoint generates a unique Json Web Token (JWT). When you give this JWT to a 3rd party they validate the token against the OIDC configuration hosted at the endpoint in the issuer (`iss`) claim. Below is an example of an issued OIDC token. A useful feature here is that the subject (`sub`) claim references the Machine's org name, app name and Machine name. This allows for regex checks to be built against the claim which can restrict accepted tokens to a specific app or Machine.
+
+```json
+{
+    "app_id": "11111111",
+    "app_name": "example-app",
+    "aud": "https://fly.io/exmaple-org",
+    "exp": 1712099653,
+    "iat": 1712099053,
+    "image": "docker-hub-mirror.fly.io/you/image:latest",
+    "image_digest": "sha256:2c1cdaded1b3820020c9dc9fdd1d6e798d6f6ca36861bb6ae64019fad6be9ee3",
+    "iss": "https://oidc.fly.io/exmaple-org",
+    "jti": "93ca09e1-70e0-477b-a260-1d8fcd4ef4f4",
+    "machine_id": "148e21ea7e46e8",
+    "machine_name": "example-machine",
+    "machine_version": "01HTGGC1TZ2JHK83J4AC0R3VET",
+    "nbf": 1712099053,
+    "org_id": "11111111",
+    "org_name": "example-org",
+    "region": "sea",
+    "sub": "example-org:example-app:example-machine"
+}
+```
+
+## Customizing OIDC token claims
+
+Customizing tokens allows for powerful authorization clauses in the platform you're authenticating against. For example, with AWS, you can require that a role can only be assumed by tokens which match certain `aud` and `sub` claims. This allows you to lock down and provide credentials only to a specific Fly.io app or Machine.
+
+You can customize the audience (aud) claim of your tokens by providing a value for aud in the body of the POST request. This lets you specify the recipient of the token. This is what it looks like in a curl request with the `aud` claim set to `sts.amazonaws.com`.
+
+```cmd
+curl --unix-socket /.fly/api -X POST "http://localhost/v1/tokens/oidc" --data '{"aud":"sts.amazonaws.com"}'
+```
+
+## OpenID Connect Trust Policies in AWS
+
+You can leverage the trust policy of an IAM role to restrict which Machines in your organisation can assume a role in AWS. For example the following policy would only allow Machines in the app `foo-bar` within your org to assume the role it’s attached to.
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::123456123456:oidc-provider/oidc.fly.io/<org-name>"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+              "StringEquals": {
+                "oidc.fly.io/<org-name>:aud": "sts.amazonaws.com",
+              },
+                "StringLike": {
+                "oidc.fly.io/<org-name>:sub": "org-name:foo-bar:*"
+              }
+            }
+        }
+    ]
+}
+```
+
+## Reading from an S3 Bucket on a Fly Machine
+
+To read from an S3 bucket using a Fly Machine you'll first need to set up a trust between AWS and Fly.io by creating an OIDC provider in AWS and then attaching a trust policy to the role policy your Machine will assume. If you've already packaged up your app in a Dockerfile, then you can follow these steps to read from an S3 bucket:
+
+1. Create a Fly.io app by running `fly launch` in the same directory as your Dockerfile.
+1. Find the slug for the organisation you want to launch your app in.
+
+    ```cmd
+    fly orgs list
+    ```
+
+1. Create an [OpenID Connect Identity provider](https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/identity_providers/create) in your AWS account with your org slug and the following settings:
+
+    ```
+    Provider URL: https://oidc.fly.io/<org-slug>
+    Audience: sts.amazonaws.com
+    ```
+
+1. Create an [IAM Role](https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/roles/create) with the following settings:
+ * Trusted Identity: `Web Identity -> Identity Provider -> oidc.fly.io`
+ * Select the `AmazonS3ReadOnlyAccess` policy.
+
+1. Set the `AWS_ROLE_ARN` as an environment variable in your `fly.toml`.
+
+    ```toml
+    [env]
+      AWS_ROLE_ARN = "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
+    ```
+
+1. Deploy your app and let the AWS SDK will do the rest.
+
+    ```cmd
+    fly deploy
+    ```
+
+  <div class = "note icon">
+  **Notes**:
+  If you’re setting this up for your personal org the slug is a little harder to find but you can find it in the url when you click on “Apps” on the [dashboard](https://fly.io/dashboard)
+  </div>
diff --git a/security/org-roles-permissions.html.md b/security/org-roles-permissions.html.md
new file mode 100644
index 0000000000..34d2eeb6c6
--- /dev/null
+++ b/security/org-roles-permissions.html.md
@@ -0,0 +1,81 @@
+---
+title: Organization Roles and Permissions
+layout: docs
+nav: firecracker
+author: kcmartin
+date: 2025-08-04
+---
+
+## Organization Role Types
+
+Fly.io organizations (orgs) have two roles: **Member** and **Admin**. These roles determine what users can do within your org, from deploying apps to managing billing.
+
+### Member
+
+Most people on your team will be Members. They can do everything you'd expect a developer or engineer to need:
+
+- Create and destroy apps
+- Deploy new versions
+- Manage secrets, volumes, and machines
+- View logs and metrics
+- Access the org's private network
+
+What they _can’t_ do: change anything about the org itself. No inviting or removing users, no billing access, no deleting the org.
+
+### Admin
+
+Admins have all the permissions of Members, plus a few critical ones:
+
+- Invite and remove users
+- View and update billing info
+- Permanently delete the organization
+
+Use the admin role sparingly. Admins can burn the place down—on purpose or by accident.
+
+**Note**: For billing and user permission details for our extension partners (e.g. Tigris, Sentry, etc.) please check with the vendor directly.
+
+### Quick Comparison
+
+| Capability | Member | Admin |
+| --- | --- | --- |
+| Deploy & manage apps | ✓ | ✓ |
+| Invite/remove users | X | ✓ |
+| Manage billing | X | ✓ |
+| Delete the org | X | ✓ |
+
+## Strategies for Safer Access Control
+
+Fly.io keeps roles simple on purpose: you get Admins and Members. But that doesn’t mean you’re stuck with a binary choice between “can delete the org” and “can’t deploy apps.” Here are a couple of ways teams carve out safer access patterns using the tools we already support.
+
+### 1. Split Environments into Separate Organizations
+
+Fly.io organizations are free to create, and there's no technical limit to how many you can have. One thing to note, each organization needs a payment method or a linked billing organization.  You can read more about linked organizations and billing [here](/docs/about/billing/#unified-billing).
+
+Let’s say you run a multiplayer game platform. You might set up:
+
+- `arcadia-dev` where every engineer is an Admin, free to deploy test builds, tweak game servers, and experiment with new features.
+- `arcadia-prod` where only ops and senior engineers have Admin rights, and everyone else is a Member.
+
+This setup avoids the classic “accidental prod deploy” scenario. Admins still get full control where it matters, but you’re not handing out the keys to production just so someone can push a staging build.
+
+### 2. Use Read-Only Tokens for Observability-Only Roles
+
+Sometimes people need to see things without touching them. Maybe your support team wants to look at logs to troubleshoot customer issues. Maybe your SREs want to hook into Grafana or another dashboard tool.
+
+You don’t need to make those people Members. Instead, generate a read-only API token:
+
+`flyctl tokens create readonly`
+
+This token can authenticate to Fly.io, but not make any changes. To use it properly, the user should be **logged out** (`fly auth logout`) and run commands with the token set via `FLY_API_TOKEN`. For maximum safety, don’t make these users Members of the org at all. If they are, they could still run `fly auth login` and get full access through their user account, bypassing the token’s restrictions. It’s a great way to integrate observability tools or give your team visibility without risk. You can read more about uses for `fly tokens create` on the [reference page](/docs/flyctl/tokens-create/).
+
+## Summing up
+
+Fly.io keeps roles simple on purpose, but you still have the tools to shape access around how your team actually works. Keep the number of Admins small, make sure Members have only the access they need, and lock down everything else by default.
+
+## Related Reading
+
+- [Moving an application between orgs](/docs/apps/move-app-org/)
+- [Handing over an application](/docs/apps/app-handover-guide/)
+- [Read-only tokens reference](/docs/flyctl/tokens-create-readonly/)
+- [Staging and production isolation](/docs/blueprints/staging-prod-isolation/)
+
diff --git a/security/remove-org-member.html.markerb b/security/remove-org-member.html.markerb
new file mode 100644
index 0000000000..9e0bf7a647
--- /dev/null
+++ b/security/remove-org-member.html.markerb
@@ -0,0 +1,71 @@
+---
+title: Remove a member from your organization
+layout: docs
+nav: firecracker
+---
+
+You can remove a user from your organization through the dashboard. This guide provides further steps to help keep your organization secure.
+
+1. **Remove the user from the organization.**
+    
+    Go to **Teams** and select **Remove** from the **Options** dropdown for the user.**
+
+    After you remove a user, it's a good idea to go through the following steps to remove any lingering VPN tunnels, tokens, and secrets set by the user. You can also see these steps in your dashboard under **Offboarding**.
+
+2. **Delete all WireGuard peer connections that belong to the user.**
+
+    When you remove a user from an organization, all of their automatically-generated WireGuard peers get deleted. You might still need to remove WireGuard peers they created manually.
+
+    List all the WireGuard peers for your org and copy the peer name to remove:
+
+    ```
+    fly wireguard list <org name>
+    ```
+
+    Remove the peer:
+
+    ```
+    fly wireguard remove <org name> <peer name>
+    ```
+
+    Repeat for each peer to remove.
+
+3. **Revoke all tokens generated by the user.**
+
+    List the tokens for your organization and copy the token IDs:
+
+    ```
+    fly tokens list --scope org
+    ```
+
+    List the tokens for individual apps and copy the token IDs:
+
+    ```
+    fly tokens list --app <app name>
+    ```
+
+    Revoke all the user's tokens:
+
+    ```
+    fly tokens revoke <token id> <token id> ...
+    ```
+
+4. **Remove the secrets (environment variables) set by the user.**
+
+    List the secrets in an app:
+
+    ```
+    fly secrets list --app <app name>
+    ```
+
+    Unset all the secrets set by the user:
+
+    ```
+    fly secrets unset --app <app name> <secret name> <secret name> ...
+    ```
+
+    Repeat for each application the user had access to.
+
+5. **Rotate all passwords that the user had access to that could cause a security breach.**
+
+6. **Remove the user from any other tools, such as GitHub, Slack, Jira, Trello, or Asana.**
diff --git a/security/security-at-fly-io.html.md b/security/security-at-fly-io.html.md
new file mode 100644
index 0000000000..9750cc6404
--- /dev/null
+++ b/security/security-at-fly-io.html.md
@@ -0,0 +1,64 @@
+---
+title: Fly.io security practices and compliance
+layout: docs
+nav: firecracker
+---
+
+<figure>
+  <img src="http://github.com/static/images/dark-arts.png" alt="Illustration by Annie Ruygt of a dark magic book with headline Fly Security" class="max-w-lg">
+</figure>
+
+<div class="important icon">
+**Report an issue**: If you have a security concern, or believe you’ve found a vulnerability in any part of our infrastructure, please contact us. You can reach us at [**security@fly.io**](mailto:security@fly.io), and we can provide you with a Signal number if needed to convey sensitive information.
+</div>
+
+## Corporate Security (“CorpSec”)
+
+CorpSec is the practice of making sure Fly.io team members have secure access to Fly.io company infrastructure, and that secured channels are the only exposed channels to Fly.io. CorpSec controls are the primary concern of standards like SOC2.
+
+- Access to our services and applications is gated on an SSO Identity Provider.
+- We require strong, phishing-resistant 2FA in all enrolled IdP accounts.
+- We rely on IdP-backed WireGuard with strict, default-deny, role-based access controls to access internal applications.
+- We have centralized repositories of policy and audit controls, including team onboard and offboarding and access requests; we regularly audit access to internal systems.
+
+## Process Controls: Network/Infrastructure Security (“InfraSec”)
+
+InfraSec is the practice of ensuring a hardened, minimal attack surface for components we deploy on our network. Conventionally, modern InfraSec centers on “cloud security”; of course, we are ourselves a cloud provider, which makes the job more interesting.
+
+- We run on our own hardware deployed in secure data centers like Equinix.
+- Our platform networking runs over a WireGuard mesh with further BPF-based access controls. Everything is encrypted in transit, at multiple layers.
+- Remote management is largely automated, and fully audited; remote access is done through an IdP-backed cert-based SSH system with transcript-level audit trails.
+- Fly.io operates a large logging and metrics cluster (it’s a feature of our platform!).
+- Our internal client/server services are locked down further with Mutual TLS.
+- We work with upstream traffic providers to perform automated and manual DDoS mitigation.
+- Compute jobs at Fly.io are virtualized using Firecracker, the virtualization engine developed at AWS as the engine for Lambda and Fargate.
+- Customer information on databases and volumes at Fly.io is encrypted with the Linux LUKS block storage encryption secrets.
+
+## Application Security (“AppSec”)
+
+AppSec is the practice of ensuring software is secure by design, secured during development, secured with testing and review, and securely deployed.
+
+- Our software is built in memory-safe programming languages, including Rust (for our Anycast forwarding path) and Golang (for our deployment and control plane). 
+- We make decisions that minimize our attack surface. Most interactions with Fly.io are well-described in a GraphQL API, and occur through flyctl, our open-source command-line tool.
+- We perform internal code reviews with a modern, PR-based development workflow, and engage external testing firms to assess our software security.
+
+## Vulnerability Remediation
+
+Vulnerabilities that directly affect Fly.io's systems and services will be patched or otherwise remediated within a timeframe appropriate for the severity of the vulnerability, subject to the public availability of a patch or other remediation instructions.
+
+**Severity: Timeframe**
+* Critical:	24 hours
+* High:	1 week
+* Medium:		1 month
+* Low: 3 months
+* Informational:	As necessary
+
+If there's a severity rating that accompanies a vulnerability disclosure, we'll generally rely on that as a starting point, but may upgrade or downgrade the severity in our best judgement.
+
+## SOC2 and HIPAA
+
+[We have our SOC2 Type 2](/blog/soc2-the-screenshots-will-continue-until-security-improves/) where we've documented a bunch of these controls. Additionally, we've detailed a number of controls for folks exploring [running HIPAA-compliant applications on our platform](/docs/about/healthcare).
+
+## Questions?
+
+[Email us!](mailto:security@fly.io)
diff --git a/security/shared-responsibility.html.markerb b/security/shared-responsibility.html.markerb
new file mode 100644
index 0000000000..c6efba2ef8
--- /dev/null
+++ b/security/shared-responsibility.html.markerb
@@ -0,0 +1,64 @@
+---
+title: Shared responsibility model
+layout: docs
+nav: firecracker
+---
+
+Here at Fly.io, we want your apps to be secure. As part of that, we take a large helping of things off your plate and worry about them for you. Here is a high-level, non-exhaustive overview of the things we take responsibility for on our platform, and the parts that you, the customer, are responsible for yourself.
+
+## Brief infrastructure overview
+
+The three main types of systems that are involved in delivering your service are workers, edges, and gateways. A worker hosts Fly Machines, an edge proxies incoming network traffic and delivers it to a worker, a gateway terminates WireGuard connections that provide access to your private network, or 6PN.
+
+There's also a lot of software involved, but the important ones are flyd which manages Fly Machines on a worker, [Fly Proxy](https://fly.io/docs/reference/fly-proxy/) which is the frontend proxy service that runs on edges, and flyctl which runs on your client devices.
+
+## Fly.io's responsibilities
+
+### Hardening and protection of infrastructure systems
+
+Fly.io is solely responsible for the security of our infrastructure systems, including workers, edges and gateways. This includes managing access, applying security patches to the operating system, other 3rd-party software (e.g. firecracker), and mitigating hardware vulnerabilities where appropriate. Fly.io monitors these systems in both an operational and security capacity.
+
+### Using secure software development processes
+
+Fly.io ensures that any software we are responsible for developing meets an appropriate level of security. This includes ensuring the security of the software's supply chain, conducting regular audits and testing, as well as developing and maintaining a positive security culture within engineering teams.
+
+### Security of the underlying platform features involved in delivering your service
+
+Where Fly.io exposes a feature for your applications to use, we are responsible for the security of that features implementation. Two clear examples are:
+
+- We provide HTTP Proxy termination as a platform feature, therefore we are responsible for the security of the HTTP and TLS protocols. e.g. we are responsible for fixing protocol-level vulnerabilities such as HTTP response splitting, and H2 Rapid Reset.
+- We provide encrypted private networking to your applications, we are responsible for the security of that layer. For example, if Wireguard had a confidentiality issue, it would be our responsibility to address that in our infrastructure.
+
+### Provision and security of platform controls
+
+Fly.io provides features that you can use to secure your account and its assets, including authentication (e.g. tokens, SSO) and authorization (macaroons, roles). Fly.io is responsible for providing and ensuring the effectiveness of these controls, as well as provisioning secure default configurations.
+
+Fly.io was built with security front and centre. Visit our [Security](https://fly.io/security) page to learn more.
+
+## Your responsibilities
+
+### Everything within your Docker image and therefore Fly Machines
+
+We generally consider our demarcation point the virtualization boundary between our worker (virtualization host) and the Fly Machine (virtualization guest). The Fly Machine is constructed from your instructions, and therefore its contents are your responsibility. This includes: the system userspace and libraries, your application code, your application environment, and the services you run.
+
+That being said, Fly.io is in a unique place to help you stay on top of things here, and we are committed to shipping features, such as container scanning, to make this painless for you.
+
+### Configuration of security features of Fly.io
+
+Fly.io commits to providing secure defaults for platform features and configurations, and to thoroughly document and warn about any footguns that may lurk within.
+
+Ultimately, however, you are responsible for correct configuration of Fly.io's security features to restrict access as appropriate to Fly.io hosted resources. For example, membership of a Fly organization, and network services exposed by a Fly application.
+
+### Security of client devices and authentication material
+
+You are responsible for the security of the devices from which you use flyctl, the Machines API, or any other method to access Fly.io. You are also responsible for securing any authentication material used for accessing the Fly.io platform and services, including access tokens, Macaroons, WireGuard peer keys, and SSH keys.
+
+### Security of your identity provider
+
+Where Fly.io is configured to perform single sign-on (SSO) against your identity provider (and we strongly recommend that you do so), it is your responsibility to correctly configure and maintain that provider to ensure that only authorized users can access your Fly.io resources.
+
+### Application-layer network security of your services
+
+Two specific callouts: the Fly Proxy and the 6PN (private network). Fly.io is responsible for ensuring Fly Proxy is a secure server to your users, and a secure client to your service. You must ensure your service is a secure server to Fly Proxy, and that any sensitive application functionality is properly protected.
+
+Fly.io is responsible for the isolated network-layer for your applications, which protects confidentiality. You are responsible for the security of your applications on that network. For example, [protection from SSRF attacks](https://portswigger.net/web-security/ssrf+external) from other applications that may share that network segment.
diff --git a/security/sso.html.markerb b/security/sso.html.markerb
new file mode 100644
index 0000000000..a3b0dbe9f4
--- /dev/null
+++ b/security/sso.html.markerb
@@ -0,0 +1,25 @@
+---
+title: Single sign-on for organizations
+layout: docs
+nav: firecracker
+---
+
+Organizations are administrative entities on Fly.io that let you to manage billing, control access by adding and removing members, and share app development environments. You can, and usually should, require members of your organizations to use SSO. Fly.io supports Google and GitHub as Identity Providers, and you can use one or both. If you already use Google or GitHub, enabling SSO takes advantage of their built-in security, like 2FA/MFA and passkeys.
+
+## Authenticating user accounts vs. organizations
+
+An individual Fly.io user account can belong to multiple organizations, each with different access requirements. Users continue log in to Fly.io with their usual username/password or SSO. When you set up SSO as a requirement for an organization, users will need to re-authenticate to access org-specific resources and information.
+
+## Set up SSO using Google workspace access
+
+From the Fly.io [dashboard](https://fly.io/dashboard/), select an organization from the dropdown. Go to **Settings > Single Sign On > Google SSO Requirement**. Enter the Google Hosted Domain for SSO, check **Enable**, and click Save.
+
+## Set up SSO using GitHub organization access
+
+Install the [Fly.io GitHub app](https://fly.io/app/auth/github_app+external) on the GitHub organization you want to use for SSO.
+
+From the Fly.io [dashboard](https://fly.io/dashboard/), select an organization from the dropdown. Go to **Settings > Single Sign On > GitHub SSO Requirement**. Enter the GitHub organization ID for SSO, check **Enable**, and click Save.
+
+## Related topics
+
+- [Use organizations for staging and production isolation](/docs/blueprints/staging-prod-isolation/)
diff --git a/security/tls-termination.html.markerb b/security/tls-termination.html.markerb
new file mode 100644
index 0000000000..26f641ca0a
--- /dev/null
+++ b/security/tls-termination.html.markerb
@@ -0,0 +1,13 @@
+---
+title: TLS termination by Fly Proxy
+layout: docs
+nav: firecracker
+---
+
+FLy Proxy provides TLS termination by default for web apps (services accepting traffic over HTTPS on port 443). With the built-in TLS handler, the Fly Proxy verifies your app with Fly.io-managed certificates authorized through Let's Encrypt, converts your TLS connection to unencrypted TCP, and forwards traffic to your app through our secure WireGuard mesh network.
+
+You can [configure a specific TLS version and ALPN protocols](/docs/reference/configuration/#services-ports-tls_options) for your app in the `fly.toml` config file.
+
+For supported versions and cipher suites, see [TLS support](/docs/networking/tls/).
+
+If you want to terminate TLS yourself, then you only need to remove the handlers from your services in `fly.toml` or in your Machine config and we'll forward TCP directly to your app.
diff --git a/security/tokens.html.markerb b/security/tokens.html.markerb
new file mode 100644
index 0000000000..5f80710453
--- /dev/null
+++ b/security/tokens.html.markerb
@@ -0,0 +1,152 @@
+---
+title: Access tokens
+layout: docs
+nav: firecracker
+redirect_from: 
+  - /docs/reference/deploy-tokens/
+  - /docs/security/deploy-tokens/
+---
+
+Whether you're deploying your app with GitHub Actions or running your own CD service, it's best to avoid configuring deployment infrastructure with all-powerful tokens. Our access tokens use macaroons, which come with predefined scopes to reduce access from org-wide all the way down to running a specific command on a single app's Machines. If you want all the details, you can read about our decision to use macaroons in our [API Tokens: A Tedious Survey](https://fly.io/blog/api-tokens-a-tedious-survey/#macaroons) and [Macaroons escalated quickly](https://fly.io/blog/macaroons-escalated-quickly/) blog posts.
+
+<div class="important icon">
+**Important:** We've previously suggested in docs and community that you should use the output of the `fly auth token` command as your API token for everything; this is no longer true. The auth token, sometimes called the "personal access token" or the "all-powerful auth token", is a very short-lived token that is automatically created each time you log in with `fly auth login`. It's used by flyctl to create, manage, configure, and deploy all the apps in any organization in your account. You should use tokens created with `fly tokens deploy` or `fly tokens org` instead. It's always a good idea to use the token with the narrowest access that will work for your purpose.
+</div>
+
+You can create Fly.io access tokens with different predefined scopes using flyctl.
+
+## App-scoped tokens
+
+Use an app-scoped token, sometimes just called a "deploy token", to limit access to a single app. App-scoped tokens are useful for CI/CD pipelines where you need to share a token with a 3rd party.
+
+You can create a standard app-scoped deploy token, a token to SSH into an app's Machines, or a token to execute commands on an app's Machines.
+
+## Org-scoped tokens
+
+Use an org-scoped token for access to manage all the apps within a single organization. An org-scoped token is the middle ground between the auth token and the more restricted app-scoped token, and is useful when you want to automate a single org.
+
+You can create a standard org-scoped token or a read-only org-scoped token.
+
+## Create and manage tokens
+
+Create and manage tokens using flyctl. `fly tokens create` commands have some useful options for customizing your token:
+
+- **token names:** If you're managing multiple tokens, then give the tokens custom names with the `--name` option to make them easier to find when you list them with flyctl or view them in your dashboard.
+
+- **token expiry:** When you create a token, include the duration that the token is valid for with the `--expiry` option. You should specify the shortest possible duration for your use case so that you limit access by time as well as scope. Tokens are valid for 20 years (175200h0m0s) by default.
+
+For all options and commands, refer to the [`fly tokens` command docs](/docs/flyctl/tokens/).
+
+### Create app-scoped tokens
+
+App-scoped tokens are limited to managing a single app and its resources. Some organization-wide features like managing WireGuard tunnels are integral to deployments and are also accessible to deploy tokens.
+
+If you don't specify a name with the `--name` option, then the default name is `flyctl deploy token`.
+
+Create an app-scoped deploy token with a custom name and expiry:
+
+```
+fly tokens create deploy --name <"my token name"> --expiry <duration>
+```
+
+This example creates an app-scoped deploy token called `staging one` that's valid for 48 hours:
+
+```
+fly tokens create deploy --name "staging one" --expiry 48h
+```
+
+#### Create an app-scoped token for SSH only
+
+Create a token to SSH into a single app. The SSH token is scoped to only allow SSH access to a specific app and nothing else. To be able to SSH to an app, this token is also allowed to connect to the org’s WireGuard network.
+
+For example:
+
+```
+flyctl tokens create ssh -a my-app > my-app.token.ssh
+```
+
+Use the token to SSH into the app:
+
+```
+FLY_API_TOKEN=$(cat my-app.token.ssh) flyctl ssh console -a my-app
+```
+
+#### Create an app-scoped token to execute commands on Machines
+
+A machine-exec token can execute a restricted set of commands on an app's Machines. You can specify commands on the command line or with the `--command` and `--command-prefix` options. If no command is provided, all commands are allowed.
+
+Create a machine exec token:
+
+```
+fly tokens create machine-exec --command "<exact command and arguments to run>"
+```
+
+### Create org-scoped tokens
+
+Org-scoped tokens are limited to managing a single org and its resources, including apps.
+
+If you don't specify a name with the `--name` option, then the default name is `Org deploy token`.
+
+Create an org-scoped deploy token with a custom name and duration:
+
+```
+fly tokens create org --name <"my token name"> --expiry <duration>
+```
+
+This example creates an org-scoped deploy token called `prod` that's valid for one week:
+
+```
+fly tokens create org --name "prod" --expiry 168h
+```
+
+#### Create an org-scoped read-only token
+
+You can further limit an org-scoped deploy token by making it read-only, which limits the token access to reading a single org and its resources. 
+
+If you don't specify a name with the --name option, then the default name is Read-only org token.
+
+Create a read-only org-scoped deploy token with a custom name and expiry:
+
+```
+fly tokens create readonly --name <"my token name"> --expiry <duration>
+```
+
+Create a read-only token based on an existing token:
+
+```
+fly tokens create readonly --name <"my token name"> --expiry <duration> --from-existing -t <existing token starting with fm2_>
+```
+
+### List or view tokens
+
+List all the tokens for current app, or use the `--app` option to specify an app:
+
+```
+fly tokens list
+```
+
+List all the tokens in an org, including org-scoped tokens:
+
+```
+fly tokens list --scope org
+```
+
+### Revoke tokens
+
+1. List the tokens and copy the ID of the token to revoke. Include the `--scope org` to list org-scoped tokens.
+
+    ```
+    fly tokens list
+    ```
+
+1. Revoke the token:
+
+    ```
+    fly tokens revoke <token ID>
+    ```
+
+### Manage tokens in the dashboard
+
+To manage app-scoped tokens, click an app, then click **Tokens**. From here you can revoke tokens or create new tokens.
+
+To manage org-scoped tokens, choose an organization from the dropdown, then click **Tokens**. From here you can revoke tokens or create new tokens.
diff --git a/signup-welcome.html.md b/signup-welcome.html.md
index ae0b506364..f72fa04617 100644
--- a/signup-welcome.html.md
+++ b/signup-welcome.html.md
@@ -13,6 +13,6 @@ Thanks for signing up for Fly.io!
 
 ## Where to start
 
-* **[Speedrun](/docs/speedrun/):** You have a project or a Dockerfile and you just want to launch. 
+* **[Launch on Fly.io](/docs/getting-started/launch/):** You have a project or a Dockerfile and you just want to launch. 
 * **[Hands-on with Fly.io](/docs/hands-on/start/):** A step-by-step approach to learning.
 * **[Languages & Framework guides](/docs/languages-and-frameworks/):** Choose your framework or language and get started.
\ No newline at end of file
diff --git a/speedrun.html.markerb b/speedrun.html.markerb
deleted file mode 100644
index b55b195025..0000000000
--- a/speedrun.html.markerb
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: "Speedrun: Launch on Fly.io"
-layout: docs
-sitemap: false
-nav: firecracker
-toc: false
----
-
-<figure class="w:full mt:6">
-  <img src="http://github.com/static/images/speedrun.webp" srcset="http://github.com/service/http://github.com/static/images/speedrun@2x.webp%202x " alt="">
-</figure>
-
-You have an application you want to deploy on Fly.io? You're in the right place. 
-
-Welcome to Fly Launch. For many languages and frameworks, you can deploy your app from zero, with the following three steps.
-
-1. [Install flyctl](/docs/hands-on/install-flyctl/) - you'll need it.
-2. Create an account with `fly auth signup` or login with `fly auth login`.
-3. Run `fly launch` from inside your project source directory - create, configure, and deploy a new application.
-
-`fly launch` can configure and deploy the following kinds of apps automatically:
-
-<%= partial "/docs/languages-and-frameworks/partials/scanner_guides" %>
-
-You're not limited to these kinds of projects, though! `fly launch` also knows what to do [with a Dockerfile](/docs/languages-and-frameworks/dockerfile/), so you can use the tech _you_ love.
-
-Refer to [Launch a new app](/docs/apps/launch/) to learn more about what `fly launch` does.
-
-## Next steps
-
-1. Run `fly status` - show the status of the application instances.
-2. Run `fly apps open` - open your browser and direct it to your app.
-
-
-If things don't go as smoothly as you'd like, visit our [community forum](https://community.fly.io) and get help.
-
-Would you like to know more?
-
-* **Apps can store only ephemeral data in their root file systems.** Learn about [persistent storage options](/docs/database-storage-guides/).
-* **You have control over how your app deploys and what resources it uses.** Learn about [Fly Apps](/docs/apps/).
-* **Beyond just launching your app; go deeper with our most comprehensive framework guides.** Learn about [Elixir on Fly.io](/docs/elixir), [Rails on Fly.io](/docs/rails/), [Laravel on Fly.io](/docs/laravel/), and [Django on Fly.io](/docs/django). 
\ No newline at end of file
diff --git a/styles/Fly/WordList.yml b/styles/Fly/WordList.yml
index de8a4faf85..7f618286d8 100644
--- a/styles/Fly/WordList.yml
+++ b/styles/Fly/WordList.yml
@@ -20,7 +20,8 @@ swap:
   click on: click|click in
   data are: data is
   datatype: data type
-  filesystem: file system
+  datastore: data store
+  # filesystem: file system
   firewalls: firewall rules
   free tier: free allowances
   functionality: capability|feature
@@ -30,6 +31,7 @@ swap:
   in order to: to
   # instance: Machine
   k8s: Kubernetes
+  leverage: use
   Nodejs: Node.js
   open-source: open source
   SHA1: SHA-1|HAS-SHA1
diff --git a/styles/Vocab/Fly-terms/accept.txt b/styles/Vocab/Fly-terms/accept.txt
deleted file mode 100644
index f931bd1013..0000000000
--- a/styles/Vocab/Fly-terms/accept.txt
+++ /dev/null
@@ -1,155 +0,0 @@
-APIs?\b
-Anycast
-autogenerated?\b
-automagically
-autosav\w+
-backhaul
-bluegreen
-bool
-buildpacks?\b
-bursty
-callouts?\b
-cleartext
-cron
-datacenters?\b
-datasource
-datatypes?\b
-discoverability
-Debian
-dev
-(?i)Dockerfile
-Dyno
-(?i)env
-Escript
-failover
-Fastify
-Fly.io
-Flycast
-flyctl
-flyd
-fly.toml
-Gemfile
-GPUs?\b
-Grafana
-Gunicorn
-Hallpass
-HAProxy
-Hashicorp
-Hasura
-heredoc
-hostname
-Hotwire
-idempotently
-IEx
-incentivizes?\b
-initializer
-IPs
-IPSec
-Laravel
-libs
-LiteFS
-Livebook
-Logtail
-microVMs?\b
-middleware
-Minecraft
-navbar
-nginx
-Nixpack
-NodeSource
-Nomad
-npm
-Nuxt
-NVIDIA
-NVMe
-OAuth
-orgs?\b
-Paketo
-param
-passthrough
-PCIe
-performant
-Phusion
-plaintext
-PostgreSQL
-(?i)preauthorizations?\b
-precompile
-preconfigured?\b
-Prisma
-(?i)procfiles?\b
-Prometheus
-proxying
-psql
-repo
-Resque
-rootfs
-RTT
-runtimes?\b
-Ruygt
-(?i)sequelize
-(?i)serverless
-Sidekiq
-(?i)speedrun
-SSH
-stdin
-stdout
-subcommands?\b
-subfolders?\b
-subsecond
-Supabase
-swapfile
-Symfony
-toolkits?\b
-tracebacks?\b
-Turboku
-uncomment
-unencrypted
-unmount
-Upstash
-vCPUs?\b
-virtualized
-Vite
-VSCode
-Vue
-(?i)webpack
-websockets?\b
-WireGuard
-
-ams
-iad
-atl
-bog
-otp
-maa
-ord
-dfw
-den
-eze
-fra
-gdl
-hkg
-jnb
-lhr
-lax
-mad
-mia
-yul
-bom
-cdg
-phx
-qro
-gig
-sjc
-scl
-gru
-sea
-ewr
-sin
-arn
-syd
-nrt
-yyz
-waw
-
-Ashburn
-Secaucus
diff --git a/styles/config/vocabularies/fly-terms/accept.txt b/styles/config/vocabularies/fly-terms/accept.txt
new file mode 100644
index 0000000000..f7aeee2ef9
--- /dev/null
+++ b/styles/config/vocabularies/fly-terms/accept.txt
@@ -0,0 +1,227 @@
+Alertmanager
+(?i)allowlist
+AMIs?\b
+Anycast
+APIs?\b
+(?i)Arcjet
+Astro
+[Aa]sync
+auditable
+autogenerated?\b
+automagically
+autosav\w+
+(?i)autostart\b
+(?i)autostop\b
+(?i)autosuspend\b
+backhaul
+bluegreen
+bool
+(?i)boolean
+[Bb]uildpacks?\b
+bursty
+callouts?\b
+centiseconds
+cgroup
+cgroups
+cleartext
+containerd
+[Cc]ron(jobs?|job)?\b
+[Cc]rontabs?\b
+datacenters?\b
+datasource
+datatypes?\b
+declaratively
+(?i)dbs?\b
+discoverability
+Debian
+dev
+devs
+(?i)Dockerfile
+Dyno
+easycron
+[Ee]nqueues?\b
+enum
+(?i)env
+Escript
+Expr
+facto
+failover
+Fastify
+[Ff]ly.io
+Flycast
+flyctl
+flyd
+Flysystem
+fly.toml
+Gemfile
+geospatial
+GPUs?\b
+Grafana
+Gunicorn
+Hallpass
+HAProxy
+Hashicorp
+Hasura
+hellofly
+heredoc
+hostnames?\b
+Hotwire
+idempotently
+IEx
+incentivizes?\b
+initializer
+IPs
+IPSec
+ISPs?\b
+json
+JSON
+kcmartin
+kubeconfig
+kubectl
+Laravel
+libs
+LiteFS
+Litestream
+Livebook
+Logtail
+lsvd
+LSVD
+microVMs?\b
+middleware
+Midjourney
+Minecraft
+monorepo
+mothership
+MTUs?\b
+nameservers?\b
+namespaces?\b
+navbar
+nginx
+Nixpack
+NodeSource
+Nomad
+npm
+Nuxt
+NVIDIA
+NVMe
+OAuth
+Oban
+Ollama
+orgs?\b
+Paketo
+(?i)param(eter)?s?\b
+passthrough
+Paulo
+PCIe
+performant
+PGBouncer
+Phusion
+plaintext
+(?i)pooler
+PostgreSQL
+(?i)preauthorizations?\b
+precompile
+preconfigured?\b
+preload(ed)?\b
+(?i)prepend(ing)?
+Prisma
+(?i)procfiles?\b
+Prometheus
+proxying
+psql
+repmgr
+repo
+Resque
+Rio de Janeiro
+rollout
+rootfs
+RTT
+[Rr]untimes?\b
+Ruygt
+SDKs?\b
+(?i)sequelize
+(?i)serverless
+Sidekiq
+signup
+SLAs?\b
+(?i)speedrun
+SQLAlchemy
+SSH
+stdin
+stdout
+subcommands?\b
+subfolders?\b
+subnets?\b
+subsecond
+Supabase
+Supercronic
+swapfile
+Symfony
+templated
+Terraform('s)?\b
+Tigris
+toolkits?\b
+tracebacks?\b
+Turboku
+uncomment
+unencrypted
+unlinked
+unlinking
+unmanaged
+unmount
+Upstash
+Valkey
+vCPUs?\b
+virtualized
+Vite
+VSCode
+Vue
+(?i)webpack
+websockets?\b
+WireGuard
+
+ams
+iad
+atl
+bhs
+bog
+bos
+otp
+maa
+ord
+dfw
+den
+eze
+fra
+gdl
+dev
+hkg
+jnb
+lhr
+lax
+mad
+mia
+yul
+bom
+cdg
+phx
+qro
+gig
+sjc
+scl
+gru
+sea
+ewr
+sin
+arn
+syd
+nrt
+yyz
+vin
+waw
+
+Ashburn
+Rio de Janeiro
+[Ss][ãa]o\b
+[Ss][ãa]o Paulo
+Secaucus
diff --git a/styles/Vocab/Fly-terms/reject.txt b/styles/config/vocabularies/fly-terms/reject.txt
similarity index 100%
rename from styles/Vocab/Fly-terms/reject.txt
rename to styles/config/vocabularies/fly-terms/reject.txt
diff --git a/styles/words2ignore.txt b/styles/words2ignore.txt
index 5fa6049089..98f35c62b7 100644
--- a/styles/words2ignore.txt
+++ b/styles/words2ignore.txt
@@ -14,6 +14,7 @@ dockerignore
 healthcheck
 healthchecks
 heredocs
+IOPs
 nomad/v1
 num
 postgres
@@ -25,3 +26,7 @@ v1
 v2
 vm
 vms
+http
+youtube
+shopify
+unavailabilty
diff --git a/supabase/index.html.md b/supabase/index.html.md
new file mode 100644
index 0000000000..e54c659810
--- /dev/null
+++ b/supabase/index.html.md
@@ -0,0 +1,13 @@
+---
+title: Supabase Postgres
+layout: docs
+status: alpha
+nav: firecracker
+redirect_from: /docs/reference/supabase/
+---
+
+<aside class="callout">
+[Supabase](https://supabase.com) Managed Postgres on Fly.io infrastructure is no longer available. You can check out the announcement [here](https://github.com/orgs/supabase/discussions/33413).
+
+If you're interested in using Supabase Postgres, please see [their official documentation](https://supabase.com/).
+</aside>
\ No newline at end of file
diff --git a/tigris/index.html.markerb b/tigris/index.html.markerb
new file mode 100644
index 0000000000..1481615a95
--- /dev/null
+++ b/tigris/index.html.markerb
@@ -0,0 +1,126 @@
+---
+title: Tigris Global Object Storage
+layout: docs
+status: beta
+nav: firecracker
+redirect_from: /docs/reference/tigris/
+---
+
+[Tigris](https://tigrisdata.com) is a globally caching, S3-compatible object storage service built on Fly.io infrastructure.
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/cn2if9oInK0?si=LcWG4wle9DBBPf4F" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe><br/>
+
+Objects in Tigris are stored close to the region where they're written. Then, when requested, objects are cached close to the requesting user. This cache is intelligently managed by Tigris based on global traffic patterns. This behavior offers CDN-like behavior with zero configuration required.
+
+Learn more from their [service overview](https://www.tigrisdata.com/docs/overview/) and [architecture docs](https://www.tigrisdata.com/docs/concepts/architecture/).
+
+## Use Tigris with your framework
+
+Language- and framework-specific guides for setting up Tigris:
+
+- [Rails with Active Storage](/docs/rails/the-basics/active-storage/)
+- [Laravel with Tigris for CDN File Storage](/docs/laravel/the-basics/laravel-tigris-file-storage/)
+- [JavaScript with S3Client](/docs/js/the-basics/object-storage/)
+
+## Create and manage a Tigris storage bucket
+
+Creating and managing storage buckets happens exclusively via the [Fly CLI](/docs/flyctl/install/). Install it, then [sign up for a Fly account](/docs/getting-started/sign-up-sign-in/).
+
+<aside class="callout">Running the following command in a Fly.io app context -- inside an app directory or specifying `-a yourapp` -- will automatically set secrets on your app.</aside>
+
+<%= partial "/docs/partials/tigris/tigris-storage-create" %>
+
+### Migrating to Tigris with shadow buckets
+
+A shadow bucket is an existing S3 (or compatible) bucket, assigned to your Tigris bucket via `flyctl`.
+
+Shadow buckets enable transparent copying and writing of objects as they are requested or uploaded. This is helpful for a few scenarios, like:
+
+* Avoiding egress fees from large data migrations
+* Avoiding downtime by serving requests from Tigris while running a data migration
+* Testing Tigris global cache performance
+* Testing Tigris features with the option to switch back to your current provider
+
+#### How shadow buckets work
+
+Tigris follows this logic when a shadow bucket is set:
+
+* If a requested object is present in Tigris, it's served immediately
+* If not present, Tigris fetches it from the shadow bucket and stores it in a region close to the requesting user
+* Subsequent requests are served from Tigris and cached in the requesting user's region
+* Written objects are stored in Tigris close to the uploading user's region
+* Optionally, written objects are replicated to the shadow bucket
+* Deleted objects are removed from both the Tigris and shadow bucket
+
+#### Create a new bucket with a shadow bucket
+
+You must specify all shadow bucket attributes, including the endpoint and region. Check your provider docs to find these values. Here's the AWS S3 [list of regions and endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html).
+
+```cmd
+flyctl storage create -n mybucket -o myorg --shadow-access-key 123 --shadow-secret-key abc --shadow-endpoint https://s3.us-east-1.amazonaws.com --shadow-region us-east-1 --shadow-write-through
+```
+
+#### Add or remove a shadow bucket on an existing Tigris bucket
+
+You can also add and remove shadow buckets from existing Tigris buckets.
+
+```cmd
+flyctl storage update mybucket --shadow-access-key 123 --shadow-secret-key abc --shadow-endpoint https://s3.us-east-1.amazonaws.com --shadow-region us-east-1
+
+flyctl storage update mybucket --clear-shadow
+```
+
+`shadow-write-through` ensures that writes to Tigris buckets are replicated to the shadow bucket.
+
+### The Tigris web console
+
+To view more details about your buckets, sign in to the Tigris web console.
+
+```cmd
+flyctl storage dashboard <bucket_name>
+```
+
+Or, visit your organization-level overview for billing and organization settings:
+
+```cmd
+flyctl storage dashboard --org <org_name>
+```
+
+### List your buckets
+Get a list of all of your Tigris buckets.
+
+```cmd
+flyctl storage list
+```
+```output
+NAME                  	ORG
+js-storage-1           	fly-ephemeral
+late-surf-5384        	fly-ephemeral
+```
+
+### Delete a Tigris bucket
+
+Deleting can't be undone. Empty buckets can't be deleted without the `--force` option.
+
+```cmd
+fly storage destroy late-surf-5384
+```
+```output
+Destroying a Tigris bucket is not reversible.
+? Destroy Tigris bucket late-surf-5384? Yes
+Your Tigris bucket late-surf-5384 was destroyed
+```
+
+## Pricing and Billing
+
+Tigris buckets are billed by usage with no up-front costs. Check the official [Tigris Pricing](https://www.tigrisdata.com/docs/pricing/) page for details.
+
+
+## AWS API compatibility
+
+Check out the Tigris docs on compatibility: https://www.tigrisdata.com/docs/api/s3
+
+Tigris also supports the following:
+
+* [Pre-signed URLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html) for secure download and upload
+* Setting HTTP headers on objects such as `Cache-Control`
diff --git a/upstash/redis.html.md b/upstash/redis.html.md
new file mode 100644
index 0000000000..732be44b09
--- /dev/null
+++ b/upstash/redis.html.md
@@ -0,0 +1,161 @@
+---
+title: Upstash for Redis®*
+layout: docs
+nav: firecracker
+redirect_from: /docs/reference/redis/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/redis-upstash.png" alt="Illustration by Annie Ruygt of a puzzle box figure holding two slices of cake" class="w-full max-w-lg mx-auto">
+</figure>
+
+<aside class="callout">
+  &#42;Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Fly.io is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and Fly.io.
+</aside>
+
+[Upstash for Redis](https://docs.upstash.com/redis) is a fully-managed, Redis-compatible database service offering global read replicas for reduced latency in distant regions. Upstash databases are provisioned inside your Fly organization, ensuring private, low-latency connections to your Fly applications.
+
+See the [What you Should Know](#what-you-should-know) section for more details about how Upstash Redis operates on Fly.io.
+
+## Create and manage a Redis database
+
+Creating and managing databases happens exclusively via the [Fly CLI](/docs/flyctl/install/). Install it, then [signup for a Fly account](/docs/getting-started/sign-up-sign-in/).
+
+### Create and get status of a Redis database
+
+<aside class="callout">
+  If you're using Sidekiq, BullMQ or similar software, consider switching your database to a [fixed price plan](#fixed-price-plans) to avoid running up your pay-as-you-go bill.
+</aside>
+
+```cmd
+flyctl redis create
+```
+```output
+? Select Organization: fly-apps (fly-apps)
+? Choose a primary region (can't be changed later) Madrid, Spain (mad)
+? Optionally, choose one or more replica regions (can be changed later): Amsterdam, Netherlands (ams)
+```
+
+### The Upstash web console
+
+To view more details about database usage, connection strings, and more, use:
+
+```cmd
+flyctl redis dashboard <org_name>
+```
+
+### List your databases and view status
+Get a list of all of your Redis databases.
+
+```cmd
+flyctl redis list
+```
+```output
+ID             	NAME               	ORG          	PLAN	PRIMARY REGION	READ REGIONS
+aaV829vaMVQGbi5	late-waterfall-1133	fly-apps     	payg	mad           	ams
+```
+
+Note the database name, then fetch its status.
+
+```cmd
+fly redis status late-waterfall-1133
+```
+```output
+Redis
+  ID             = aaV829vaMVDGbi5
+  Name           = late-waterfall-1133
+  Plan           = Pay-as-you-go
+  Primary Region = mad
+  Read Regions   = ams
+  Private URL     = redis://password@fly-late-waterfall-1133.upstash.io
+```
+
+### Connect to a Redis database
+
+If you have `redis-cli` installed, you can connect directly to your Redis database and run commands.
+
+```cmd
+fly redis connect
+? Select a database to connect to empty-water-3291 (sjc) 200M
+Proxying local port 16379 to remote [fdaa:0:6d6b:0:1::3]:6379
+127.0.0.1:16379> set foo bar
+OK
+127.0.0.1:16379> get foo
+"bar"
+127.0.0.1:16379>
+```
+
+### Update a Redis database
+
+Upstash Redis instances can't change their primary region or name, but the following may change:
+
+* Read regions
+* Pricing plan
+* Eviction settings
+
+Use `flyctl redis update` and follow the prompts. Changing region settings doesn't cause downtime.
+
+### Delete a Redis database
+
+Deleting a Redis database can't be undone. Be careful!
+
+```cmd
+fly redis destroy my-redis-db
+```
+```output
+Your Redis database my-redis-db was deleted
+```
+
+## What you should know
+
+Your databases run within Fly.io infrastructure, but not inside your organization's network. So you're only paying Upstash pricing - not additional VM costs.
+
+All Upstash Redis databases are replicated within the same region in a highly-available configuration. This means that hardware failures generally don't affect Upstash software, and therefore, your databases. Upstash also keeps regular backups of data in storage outside of Fly.io.
+
+Once provisioned, the database primary region cannot be changed. However, replica regions can be added and removed at any time.
+
+### Traffic routing
+
+Upstash Redis is available in all Fly regions via a [private IPv6 address](/docs/networking/flycast/) restricted to your Fly organization. Traffic is automatically routed to the nearest replica, or in the absence of nearby replicas, to the primary instance.
+
+**If you plan to deploy in a single region, ensure that your database is deployed in the same region as your application.**
+
+### Writing to replica regions
+
+**Replicas forward writes to the primary**. Replicas can't be written to. Writes are synchronous, and synchronous writes over geographic distance experience latency. Plan for this latency in your application design.
+
+If you're using Redis as region-local cache and don't require a shared cache, setup separate databases per-region and enable object eviction.
+
+### Memory limits and object eviction policies
+
+By default, Upstash Redis will disallow writes when the max data size limit has been reached. If you enable **eviction**, keys will be evicted to free up space.
+
+First, keys marked with a TTL will be evicted at random. In the absence of volatile keys, keys will be chosen randomly for eviction. This is roughly the combination of the `volatile-random` and `allkeys-random` [eviction policies available in standard Redis](https://redis.io/docs/manual/eviction/).
+
+Note that items marked with an explicit TTL will expire accurately, regardless of whether eviction is enabled.
+
+## Pricing
+
+Upstash offers a range of payment plans for different use cases.
+
+#### Pay-as-you-go plan
+
+Upstash Redis databases start on the pay-as-you-go plan at **$0.20 per 100k requests**. This means you only pay for what you use. For most use cases, this is a good starting point.
+
+#### Fixed price plans
+
+Upstash also offers fixed price plans for when:
+
+* You're using Sidekiq, BullMQ or similar pre-packaged software that uses Redis as a queue, that aggressively poll Redis
+* You understand your Redis usage patterns and want a predictable monthly pricing
+
+These fixed price plans are available via `flyctl redis update <dbname>`:
+
+* Starter: $10 per month, single region only. Includes 200MB storage, 100 req/sec
+* Standard: $50 per month, $10 per replica region. Includes 3GB storage, 100 req/sec
+* Pro 2K: $280 per month, $100 per replica region. Includes 50GB storage, 10k req/sec
+
+Your usage is updated hourly on your monthly Fly.io bill. You can track database usage details in the [Upstash web console](#the-upstash-web-console) as well.
+
+
+Check the official [Upstash Pricing](https://upstash.com/pricing) page for more information.
diff --git a/upstash/vector.html.md b/upstash/vector.html.md
new file mode 100644
index 0000000000..14b9a61bdc
--- /dev/null
+++ b/upstash/vector.html.md
@@ -0,0 +1,102 @@
+---
+title: Upstash Vector
+layout: docs
+nav: firecracker
+redirect_from: /docs/reference/vector/
+---
+
+<aside class="callout">
+This service is in public beta in the `iad` and `fra` regions. We don't recommend using it in production yet. We welcome your feedback!
+</aside>
+
+[Upstash Vector](https://docs.upstash.com/vector) is a fully-managed, pay-as-you-go vector database designed for working with vector embeddings.
+
+When using Upstash vector through Fly.io, your index is hosted on Fly.io infrastructure via a private IPv6 address on your Fly.io organization network.
+
+## Create and manage a Vector index
+
+Creating and managing indexes happens exclusively via the [Fly CLI](/docs/flyctl/install/). Install it, then [signup for a Fly account](/docs/getting-started/sign-up-sign-in/).
+
+You need to select a [similarity function](https://upstash.com/docs/vector/features/similarityfunctions) and [embedding model](https://upstash.com/docs/vector/features/embeddingmodels) to create an index. If you're bringing your own vectorization, you need to choose the index dimension count.
+
+Learn more in the official [Upstash Vector documentation](https://upstash.com/docs/vector/overall/getstarted).
+
+### Create and get status of a Vector index
+
+```cmd
+flyctl ext vector create
+```
+```output
+? Select Organization: myorg (myorg)
+? Select a similarity function: Euclidean Distance (Natural Language Processing, Recommendation Systems)
+? Select an embedding model: WhereIsAI/UAE-Large-V1
+? Choose a name, use the default, or leave blank to generate one: my-vector-index
+
+
+? Choose the primary region (can't be changed later) Ashburn, Virginia (US) (iad)
+Your Upstash Vector index (my-vector-index) in iad is ready.
+
+Set the following secrets on your target app.
+VECTOR_ENDPOINT: my-vector-index-fly-vector.upstash.io
+VECTOR_READONLY_TOKEN: token
+VECTOR_TOKEN: token
+```
+
+### The Upstash web console
+
+To view more details about your index, including usage, run:
+
+```cmd
+flyctl ext vector dashboard -o <org_name>
+```
+
+### List your indexes and view status
+Get a list of all of your Vector indexes.
+
+```cmd
+flyctl ext vector list
+```
+```output
+NAME               	ORG          	PRIMARY REGION
+my-vector-index	myorg         	iad
+```
+
+Fetch status for an index:
+
+```cmd
+fly ext Vector status my-vector-index
+```
+```output
+RStatus
+  Name   = my-vector-index
+  Status = created
+```
+
+### Using your Vector index
+
+To start using your index, check the documentation for the [Vector REST API](https://upstash.com/docs/vector/api/get-started) and [example applications](https://upstash.com/docs/vector/examples).
+
+### Delete a Vector index
+
+Deleting a Vector index can't be undone. Be careful!
+
+```cmd
+fly ext vector destroy my-index
+```
+```output
+Your vector index my-index was deleted
+```
+
+## What you should know
+
+Once provisioned, the index primary region cannot be changed.
+
+Your index is accessible only via a [private IPv6 address](/docs/networking/flycast/) restricted to your Fly.io organization's network.
+
+**To ensure low latency connections, provision your index in the same region as your application.**
+
+## Pricing
+
+Upstash Vector indexes are billed by usage on a pay-as-you-go basis. Check the official [Upstash Pricing](https://upstash.com/pricing/vector) page for details.
+
+Your usage is visible on your current Fly.io bill, and updated periodically through the day. See detailed index usage details in the [Upstash web console](#the-upstash-web-console).
diff --git a/volumes/index.html.markerb b/volumes/index.html.markerb
index 392e3d519d..8322250fcc 100644
--- a/volumes/index.html.markerb
+++ b/volumes/index.html.markerb
@@ -6,29 +6,21 @@ toc: false
 order: 10
 ---
 
-Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/).
+Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). A Fly Volume is a slice of an NVMe drive on the same physical server as the Machine on which it's mounted.
 
-## Learn
 
-Understand how volumes work and whether they're right for your use case.
+* **[Fly Volumes overview](/docs/volumes/overview/):** Learn how volumes work and whether they're right for your use case.
 
-[Fly Volumes overview](/docs/reference/volumes/)
+* **[Fly Launch apps - Add volume storage](/docs/apps/volume-storage/):** Launch an app with volumes or add volume storage to an existing app.
 
-## How-Tos
+* **[Create and manage volumes with flyctl](/docs/volumes/volume-manage/):** Create, extend, copy, destroy, and restore volumes.
 
-Get things done with volumes.
+* **[Manage volume snapshots](/docs/volumes/snapshots/):** We back up your data with volume snapshots. Create a volume snapshot on-demand, change the retention time for automatic snapshots, and restore data from a snapshot.
 
-[Add volume storage](/docs/apps/volume-storage/)
+## Volume references
 
-[Manage volume storage](/docs/apps/volume-manage/)
+* [Volume states](/docs/volumes/volume-states/)
 
-Related how-tos:
+* [flyctl commands - `fly volumes`](/docs/flyctl/volumes/)
 
-[Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
-
-## Reference
-
-Commands and APIs for volumes.
-
-- [flyctl commands - `fly volumes`](/docs/flyctl/volumes/)
-- [Machines API - Volumes](https://docs.machines.dev/swagger/index.html#/Volumes)
\ No newline at end of file
+* [Machines API - Volumes](/docs/machines/api/volumes-resource/)
\ No newline at end of file
diff --git a/volumes/overview.html.markerb b/volumes/overview.html.markerb
new file mode 100644
index 0000000000..e74043837c
--- /dev/null
+++ b/volumes/overview.html.markerb
@@ -0,0 +1,111 @@
+---
+title: Fly Volumes overview
+layout: docs
+nav: firecracker
+order: 20
+redirect_from: /docs/reference/volumes/
+---
+
+<figure class="flex justify-center">
+  <img src="http://github.com/static/images/volumes.png" alt="Illustration by Annie Ruygt of a filing cabinet" class="w-full max-w-lg mx-auto">
+</figure>
+
+The root file systems of a Fly Machine are ephemeral and should only be used for temporary data, application code, and runtime files that can be rebuilt from scratch during deployments or restarts.  The performance of these ephemeral disks are heavily limited regardless of the Machine type you choose, with the maximum of 2000 IOPs and 8MiB/s bandwidth.
+
+Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). You can access and write to a volume on a Machine just like a regular directory. Use volumes to store your database files, to save your app's state, such as configuration and session or user data, or for any information that needs to persist after deploy or restart. Maximum volume performance varies by Machine type and noted in [Volume limits](/docs/volumes/overview#volume-limits)
+
+A Fly Volume is a slice of an NVMe drive on the same physical server as the Machine on which it's mounted and it's tied to that hardware. Fly Volumes are similar to the disk inside your laptop, accessible from a mount point in your file system. Using volumes tied to hardware has both advantages and disadvantages.
+
+## Volume considerations
+
+* **A volume belongs to one app**: Every Fly Volume belongs to a [Fly App](/docs/apps/overview/) and you can't share a volume between apps.
+* **A volume exists on one server**: Each volume exists on one server in a single region. It is not network storage.
+* **A volume can attach to one Machine**: You need to run as many volumes as there are Machines. There's a one-to-one mapping between Machines and volumes. A Machine can only mount one volume at a time and a volume can be attached to only one Machine.
+* **Develop your app to handle replication**: Volumes are independent of one another; Fly.io does not automatically replicate data among the volumes on an app, so if you need the volumes to sync up, then your app has to make that happen.
+* **Create redundancy in your primary region**: If your app needs a volume to function, and the NVMe drive hosting your volume fails, then that instance of your app goes down. There's no way around that. You can run multiple Machines with volumes in your app's primary region to mitigate hardware failures.
+* **Create and store backups**: If you only have a single copy of your data on a single volume, and that drive fails, then the data is lost. Fly.io takes daily snapshots and can retain them from 1 to 60 days (5 days by default), but the snapshots shouldn't be your primary backup method.
+
+Explore other options for data storage in [Databases & Storage](/docs/database-storage-guides/).
+
+## Volume attachment
+
+Fly Volumes and Fly Machines are meant to be paired together, but they are not always found in pairs. A Fly Volume can be created without a Fly Machine, or a Machine can be destroyed without destroying its volume. In these cases, the volume that's left is called an "unattached" volume. 
+
+A Fly Machine that does not require a volume will never attach itself to one. A Fly Machine that does require a volume will always be attached to one. When a volume is required according to the app or Machine configuration, any method of creating a new Fly Machine will pick up an unattached volume, create a new volume to attach, or it will fail (in the case of `fly machine` commands or create Machine API calls).
+
+## Volume redundancy
+
+<div class="warning icon">
+<b>Warning: Always provision at least two volumes per app.</b> Running an app with a single Machine and volume leaves you at risk for downtime and data loss. Volumes don't have built-in replication between them, so your app or database needs to take care of replicating data between volumes.
+</div>
+
+We try to keep individual Fly Machines up for as long as possible, but hardware failures happen. That's why we recommend running at least two Machines per app to increase availability. You can run two or more Machines in one region, or better yet, one or more Machines in multiple regions. If you only have one Machine and volume, then you'll have downtime if there's a host or network failure, and whenever you deploy your app. 
+
+You'll also need to replicate data between volumes. Some options for replicating databases include [LiteFS - Distributed SQLite](/docs/litefs/) and [Supabase Postgres](/docs/supabase/).
+
+In a few cases, you can run a single Machine with an attached volume. For example, if your app is in development and you're not yet worried about downtime or if you're running an app that can handle downtime and has a custom backup procedure.
+
+## Volume placement
+
+You can create volumes at the same time you create Machines, or ahead of time. If you try to create new Machines through [`flyctl scale count`](/docs/apps/scale-count/#scale-an-app-with-volumes), then `flyctl` will first check if you have any unattached volumes in the region you are creating new Machines in. If it finds unattached volumes, it will try to create the new Machines on the same servers. If it does not find any unattached volumes, then it will create new ones together with the Machines. You can also create unattached volumes through [`fly volumes create`](/docs/flyctl/volumes-create/).
+
+Volumes exist on a single server in a single [region](/docs/reference/regions/). For redundancy within a region, you can run multiple Machines with attached volumes. Remember that volumes don't automatically replicate data between them.
+
+To prevent a single server hardware failure from taking down your app, it is better if each volume is placed in a separate hardware zone. A separate hardware zone is just another way of saying a different server. We default to separate hardware zones when you create volumes with the [`fly volumes create`](/docs/flyctl/volumes-create/) command, but this is not guaranteed when creating Fly Volumes through other methods. Note that having each volume in a separate hardware zone limits the number of volumes your app can have in a region. If you need more volumes in a region than there are distinct hardware zones, you can set `--require-unique-zone` to `false` when you run [`fly volumes create`](/docs/flyctl/volumes-create/).
+
+You can hint what type of compute load you expect to use the volume for by using the `--vm-XXX` options with the [`fly volumes create`](/docs/flyctl/volumes-create/) command. For example, to create a volume you want to use with an L40S GPU Machine, set `--vm-gpu-kind=l40s` to ensure that your new volume is placed on GPU hardware.
+
+## Volume encryption
+
+Volumes are, by default, created with encryption-at-rest enabled for additional protection of the data on the volume. Use `--no-encryption` to instead create an unencrypted volume.
+
+## Volume size
+
+The default volume size is 1GB when you create a volume with the `fly volumes create` command, and when you use the `fly launch` command to [launch an app with a volume](/docs/apps/volume-storage/#launch-a-new-app-with-a-fly-volume). The maximum volume size is 500GB.
+
+You can extend a volume's size&mdash;either [manually](/docs/volumes/volume-manage/#extend-a-volume) or [automatically](/docs/reference/configuration/#the-mounts-section)&mdash;to make it larger, but you can't shrink a volume.
+
+## Volume limits
+
+The following table outlines the maximum IOPs and bandwidth for Fly Volumes, determined by the Machine type:
+
+| VM Size | Max IOPs | Max Bandwidth |
+|---------|------------------------|----------------------------|
+| shared-cpu-1x | 4000 | 16MiB/s |
+| shared-cpu-2x | 4000 | 16MiB/s |
+| shared-cpu-4x | 8000 | 32MiB/s |
+| shared-cpu-8x | 8000 | 32MiB/s |
+| performance-1x | 12000 | 48MiB/s |
+| performance-2x | 16000 | 64MiB/s |
+| performance-4x | 16000 | 64MiB/s |
+| performance-8x | 32000 | 128MiB/s |
+| performance-16x | 32000 | 128MiB/s |
+
+
+## Volume forks
+
+When you [fork a volume](/docs/volumes/volume-manage/#create-a-copy-of-a-volume-fork-a-volume), you create a new volume with an exact copy of the data from the source volume to use for testing, backups, or whatever you like. If you don't specify a region, then the new volume is in the same region, but on a different physical host. The forked volume isn't attached to a Machine until you scale or clone a new Machine in the same region. The new volume and the source volume are independent, and changes to their contents are not synchronized.
+
+## Volume snapshots
+
+Fly.io takes daily block-level snapshots of volumes. We keep snapshots for five days by default, but you can configure the snapshot retention to be from 1 to 60 days. Daily automatic snapshots may not have your latest data. You should still implement your own backup plan for important data.
+
+You can also [create a snapshot of a volume](/docs/volumes/snapshots/#create-a-volume-snapshot) on demand.
+
+You can [restore a volume snapshot](/docs/volumes/snapshots/#restore-a-volume-from-a-snapshot) into a new volume of equal or greater size.
+
+You can also [disable automatic daily snapshots](/docs/volumes/snapshots/#disable-automatic-daily-snapshots).
+
+## When volumes are not available
+
+There are some instances where volumes are not available.
+
+* **Build Time**: When building a Docker image for deploying an application (e.g. `flyctl deploy`), volumes are not accessible.
+* **Release Command**: Volumes are also not mounted to the temporary Machine created when using a [release_command](/docs/reference/configuration/#run-one-off-commands-before-releasing-a-deployment).
+
+## Related topics
+
+- [Create and manage volumes](/docs/volumes/volume-manage/)
+- [Manage volume snapshots](/docs/volumes/snapshots/)
+- [Add volume storage to a Fly Launch app](/docs/apps/volume-storage/)
+- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/volumes/snapshots.html.markerb b/volumes/snapshots.html.markerb
new file mode 100644
index 0000000000..f33a6bc1b0
--- /dev/null
+++ b/volumes/snapshots.html.markerb
@@ -0,0 +1,184 @@
+---
+title: Manage volume snapshots
+layout: docs
+nav: firecracker
+order: 40
+---
+
+A snapshot is a point-in-time copy of a volume's data. We automatically take daily snapshots of all Fly Volumes. We store snapshots for 5 days by default, but you can set volume snapshot retention from 1 to 60 days.
+
+<div class="important icon">
+If the data stored on your volume updates frequently, then you should have other methods to back up or replicate your data in addition to daily snapshots. If you only have a single copy of your data on a single volume, and the host fails, then any data stored between the time when the snapshot was taken and the time when the failure occurred will be lost.
+</div>
+
+You can use a volume snapshot to [restore the data into a new volume](#restore-a-deleted-volume). You can even use the same process to [restore data from a deleted volume](/docs/volumes/volume-manage/#restore-a-deleted-volume).
+
+## Set or change the snapshot retention period
+
+Snapshot retention is the length of time (in days) that we store a volume snapshot. The default is 5 days.
+
+Set snapshot retention when you create a volume:
+
+```
+fly volumes create <my_volume_name> --snapshot-retention <retention in days>
+```
+
+You can also update the snapshot retention for a volume. The new retention period is applied to new snapshots; it won't affect existing snapshots. 
+
+Update snapshot retention for an existing volume:
+
+```
+fly volumes update <volume id> --snapshot-retention <retention in days>
+```
+
+For Fly Launch apps, you can add snapshot retention to the `[mounts]` section of your app's `fly.toml` file. Any new Fly Volumes `fly deploy` creates will have the new retention period. This example sets the snapshot retention period to 14 days:
+
+```toml
+[mounts]
+source = "myapp_data"
+destination = "/data"
+snapshot_retention = 14
+```
+
+## Create a volume snapshot
+
+We automatically take daily snapshots of your volume and keep them for 5 days by default. You can also create a snapshot of a volume on demand:
+
+1. Run `fly volumes list` and copy the ID of the volume to create a snapshot from.
+
+1. Create a snapshot of the volume:
+
+    ```cmd
+    fly volumes snapshots create <volume id>
+    ```
+    ```out
+    Scheduled to snapshot volume <volume id>
+    ```
+
+    The snapshot might take a few seconds or longer to complete, depending on the volume size.
+
+1. List the volume's snapshots:
+
+    ```cmd
+    fly volumes snapshots list <volume id>
+    ```
+
+    Example output:
+    ```out
+    Snapshots
+    ID                           STATUS   STORED SIZE  VOL SIZE  CREATED AT  RETENTION DAYS
+    vs_A1b2C3d4E5f6G7h8I9j0K1l2  created      2.0 GiB    10 GiB  5 days ago               5
+    vs_M3n4O5p6Q7r8S9t0U1v2W3x4  created      187 MiB    10 GiB  4 days ago               5
+    vs_Y5z6A7b8C9d0E1f2G3h4I5j6  created       45 MiB    10 GiB  3 days ago               5
+    vs_K7l8M9n0O1p2Q3r4S5t6U7v8  created      106 MiB    10 GiB  2 days ago               5
+    vs_O9jqw997yvOuzyg1NVmmmjxh  running          0 B    10 GiB
+    ```
+
+The state of the new snapshot will go from `waiting` to `running` to `created`.
+
+For options, refer to the [`fly volumes snapshots` docs](/docs/flyctl/volumes-snapshots/) or run `fly volumes snapshots --help`.
+
+## Restore a volume from a snapshot
+
+The procedure to restore data from a deleted volume is very similar, see [Restore a deleted volume](/docs/volumes/volume-manage/#restore-a-deleted-volume). 
+
+Restore the data from a volume by creating a new volume from a snapshot:
+
+1. Run `fly volumes list` and copy the ID of the volume to restore.
+
+1. List the volume's snapshots:
+
+    ```cmd
+    fly volumes snapshots list <volume id>
+    ```
+
+    Example output:
+    ```out
+    Snapshots
+    ID                           STATUS   STORED SIZE  VOL SIZE  CREATED AT  RETENTION DAYS
+    vs_A1b2C3d4E5f6G7h8I9j0K1l2  created      2.0 GiB    10 GiB  5 days ago               5
+    vs_M3n4O5p6Q7r8S9t0U1v2W3x4  created      187 MiB    10 GiB  4 days ago               5
+    vs_Y5z6A7b8C9d0E1f2G3h4I5j6  created       45 MiB    10 GiB  3 days ago               5
+    vs_K7l8M9n0O1p2Q3r4S5t6U7v8  created      106 MiB    10 GiB  2 days ago               5
+    vs_W9x0Y1z2A3b4C5d6E7f8G9h0  created       73 MiB    10 GiB  1 day ago                5
+    ```
+
+1. Restore data from the volume snapshot into a new volume of equal or greater size:
+
+    ```cmd
+    fly volumes create <volume name> --snapshot-id <snapshot id> -s <volume size in GB>
+    ```
+
+    Example output:  
+    ```out
+    ? Select region: Sydney, Australia (syd)
+            ID: vol_mjn924o9l3q403lq
+          Name: pg_data
+          App: my-app-name
+        Region: syd
+          Zone: 180d
+      Size GB: 3
+    Encrypted: true
+    Created at: 02 Aug 22 21:27 UTC
+    ```
+
+For options, refer to the [`fly volumes create` docs](/docs/flyctl/volumes-create/) or run `fly volumes create --help`.
+
+## List snapshots and their stored sizes
+
+Snapshots for each volume are stored incrementally, so only data that has changed since the previously stored snapshot consumes additional storage. The total stored size of the snapshots is used for [Volume Snapshot billing](/docs/about/billing/#volume-snapshot-billing).
+
+1. Run `fly volumes list` and copy the ID of the volume.
+
+1. List the volume's snapshots:
+
+    ```cmd
+    fly volumes snapshots list <volume id>
+    ```
+
+    Example output:
+    ```out
+    Snapshots
+    ID                           STATUS   STORED SIZE  VOL SIZE  CREATED AT  RETENTION DAYS
+    vs_A1b2C3d4E5f6G7h8I9j0K1l2  created      2.0 GiB    10 GiB  5 days ago               5
+    vs_M3n4O5p6Q7r8S9t0U1v2W3x4  created      187 MiB    10 GiB  4 days ago               5
+    vs_Y5z6A7b8C9d0E1f2G3h4I5j6  created       45 MiB    10 GiB  3 days ago               5
+    vs_K7l8M9n0O1p2Q3r4S5t6U7v8  created      106 MiB    10 GiB  2 days ago               5
+    vs_W9x0Y1z2A3b4C5d6E7f8G9h0  created       73 MiB    10 GiB  1 day ago                5
+
+    Total stored size: 2.5 GiB
+    ```
+
+## Disable automatic daily snapshots
+
+Automatic daily snapshots are enabled by default. To disable automatic snapshots, use the `--scheduled-snapshots=false` flag.
+
+Disable automatic snapshots when you create a volume:
+
+```
+fly volumes create <my_volume_name> --scheduled-snapshots=false
+```
+
+Disable automatic snapshots for an existing volume:
+
+```
+fly volumes update <volume id> --scheduled-snapshots=false
+```
+
+Disabling automatic snapshots will not remove any existing snapshots for the volume; snapshots are only removed at the end of their retention periods.
+
+For Fly Launch apps, you can disable automatic snapshots in the `[mounts]` section of your app's `fly.toml` file. Any new Fly Volumes `fly deploy` creates will have automatic snapshots disabled:
+
+```toml
+[mounts]
+source = "myapp_cache"
+destination = "/cache"
+scheduled_snapshots = false
+```
+
+## Related topics
+
+- [Fly Volumes overview](/docs/volumes/overview/)
+- [Create and manage volumes](/docs/volumes/volume-manage/)
+- [Add volume storage to a Fly Launch app](/docs/apps/volume-storage/)
+- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/volumes/volume-manage.html.markerb b/volumes/volume-manage.html.markerb
new file mode 100644
index 0000000000..43396d95b8
--- /dev/null
+++ b/volumes/volume-manage.html.markerb
@@ -0,0 +1,261 @@
+---
+title: Create and manage volumes
+layout: docs
+nav: firecracker
+redirect_from: /docs/apps/volume-manage/
+---
+
+<div class="callout">
+**For Fly Launch apps:** Learn how to [create a new app with volumes or add a volume to your app](/docs/apps/volume-storage/).
+</div>
+
+You can manage Fly Volumes using the [`fly volumes`](/docs/flyctl/volumes/) command.
+
+Fly Volumes are local persistent storage for [Fly Machines](/docs/machines/). Learn [how Fly Volumes work](/docs/volumes/overview/).
+
+<div class="note icon">**Note**: `fly volumes` is aliased to `fly volume` and `fly vol`.</div>
+
+## Access a volume
+
+<%= partial "/docs/partials/docs/volumes_access" %>
+
+## Create a volume
+
+Create a Fly Volume:
+
+```cmd
+fly volumes create <my_volume_name>
+```
+
+Use the `--region` option to set a [region](/docs/reference/regions/), or select a region when prompted.
+
+Use the `--count` option to create more than one volume.
+
+Use the `--snapshot-retention` option to change the number of days we retain snapshots (default is 5 days).
+
+Use the `--scheduled-snapshots=false` option to disable automatic daily snapshots.
+
+For more options, refer to the [`fly volumes create` docs](/docs/flyctl/volumes-create/) or run `fly volumes create --help`.
+
+## Extend a volume
+
+You can make a volume bigger using the `fly volume extend` command. Note that you can extend (increase) a volume's size, but you can't make a volume smaller.
+
+You can also configure a volume to extend automatically after a certain threshold [using the Machines API](/docs/machines/api/volumes-resource/#extend-a-volume) or [in the [mounts] section](/docs/reference/configuration/#auto-extend-volume-size-configuration) of your app's `fly.toml` file.
+
+1. Run `fly volumes list` and copy the ID of the volume to extend.
+
+1. Extend the volume size:
+
+    ```cmd
+    `fly volumes extend <volume id> -s <new size in GB>`
+    ```
+
+1. (Optional) Check the new volume size in the Machine's file system:
+
+    ```cmd
+    fly ssh console -s -C df
+    ```
+
+    Example output:
+    ```out 
+    ? Select VM:  [Use arrows to move, type to filter]
+    > yyz: 4d891de2f66587 fdaa:0:3b99:a7b:ef:8cc4:dc49:2 withered-shadow-4027           
+    Connecting to fdaa:0:3b99:a7b:ef:8cc4:dc49:2... complete
+    Filesystem     1K-blocks   Used Available Use% Mounted on
+    devtmpfs          103068      0    103068   0% /dev
+    /dev/vda         8191416 172752   7582852   3% /
+    shm               113224      0    113224   0% /dev/shm
+    tmpfs             113224      0    113224   0% /sys/fs/cgroup
+    /dev/vdb         2043856   3072   1930400   1% /storage
+    ```
+
+    In the preceding example, the volume is mounted under `/storage` and has been resized to from 1GB to 2GB. The `df` command shows disk space in 1K blocks by default. Use the `-h` flag to return a more human-readable format.
+
+For options, refer to the [`fly volumes extend` docs](/docs/flyctl/volumes-extend/) or run `fly volumes extend --help`.
+
+## Create a copy of a volume (Fork a volume)
+
+Create an exact copy of a volume, including its data. By default, we place the new volume on a separate physical host in the same region. Use the `--region` option to fork the volume into another region.
+
+<div class="important icon">
+**Important:** After you fork a volume, the new volume is independent of the source volume. The new volume and the source volume do not continue to sync.
+</div>
+
+1. Run `fly volumes list` and copy the ID of the volume to fork.
+
+2. Fork the volume:
+
+    ```cmd
+    fly volumes fork <volume ID> --region <region>
+    ```
+
+    Example output:
+    ```out
+           ID: vol_grnoq5796wwj0dkv
+         Name: my_volume_name
+          App: my-app-name
+       Region: yyz
+         Zone: 511d
+      Size GB: 3
+   Encrypted: true
+  Created at: 12 Oct 23 18:57 UTC
+    ```
+    
+3. (Optional) Use [`fly scale count`](/docs/apps/scale-count/#scale-an-app-with-volumes) to create a new Machine that picks up the unattached volume, or attach the volume to a new Machine by cloning with the following command:
+
+```cmd
+`fly machine clone <machine id> --region <region code> --attach-volume <volume id>:<destination mount path>`
+```
+
+For options, refer to the [`fly volumes fork` docs](/docs/flyctl/volumes-fork/) or run `fly volumes fork --help`.
+
+A detailed guide to [volume forking](/docs/blueprints/volume-forking/) is also available.
+
+## Add a volume to an unmanaged Machine
+
+For Machines that aren't managed with Fly Launch (`fly.toml` and `fly deploy`), you can create a volume and attach it when you clone a Machine. You can also [clone a Machine with a volume](#clone-a-machine-with-a-volume) to get a new Machine with an empty volume.
+
+1. Create the volume in the same region as your app. For example:
+
+    ```cmd
+    fly volumes create <volume name> --region <region code>
+    ```
+
+1. Clone one of your app's Machines (with no volume) and attach the volume you just created:
+
+    ```cmd
+    fly machine clone <machine id> --region <region code> --attach-volume <volume id>:<destination mount path>
+    ```
+
+    `destination-mount-path` is the directory where the volume should be mounted on the file system. Note that you can't mount a volume with a `destination-mount-path` of `/`, since `/` is used for the root file system.
+
+    For example:
+
+    ```cmd
+    fly machine clone 148eddeef09789 --region yyz --attach-volume vol_8l524yj0ko347zmp:/data
+    ```
+
+1. Repeat the preceding steps as needed to create more Machines with volumes.
+
+1. Confirm that the volume is attached to a Machine with `fly machine list` or `fly volumes list`.
+
+1. (Optional) Destroy the Machine used to create the clone:
+
+    ```cmd
+    fly machine destroy <machine id>
+    ```
+    
+## Clone a Machine with a volume
+
+Clone a Machine with a volume to create a new Machine in the same region with an empty volume. Use the `-r` option to clone the Machine into a different [region](/docs/reference/regions/).
+
+1. Run `fly status` and copy the Machine ID of the Machine to clone.
+
+1. Clone the Machine:
+
+    ```cmd
+    fly machine clone <machine id>
+    ```
+
+1. List volumes to check the result:
+
+    ```cmd
+    fly volumes list
+    ```
+
+    Example output showing two volumes with attached Machines:
+    ```out
+    ID                      STATE   NAME    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT     
+    vol_ez1nvxkwl3jrmxl7    created data    1GB     lhr     4de2    true            91851edb6ee983  39 seconds ago
+    vol_zmjnv8m81p5rywgx    created data    1GB     lhr     b6a7    true            5683606c41098e  7 minutes ago
+    ```
+
+<div class="note icon">
+<b>Note:</b> `fly machine clone` doesn't write data into the new volume.
+</div>
+
+For options, refer to the [`fly machine clone` docs](/docs/flyctl/machine-clone/) or run `fly machine clone --help`.
+
+## Destroy a volume
+
+<div class="warning icon">
+<b>Warning:</b> When you destroy a volume, you permanently delete all its data. There is no undo. Make sure you've backed up any data you want to keep.
+</div>
+
+1. List volumes and find the ID for the one you want to destroy:
+
+```cmd
+fly volumes list
+```
+
+2. Destroy the volume using its ID:
+
+```cmd
+fly volumes destroy <volume id>
+```
+
+For options, refer to the [`fly volumes destroy` docs](/docs/flyctl/volumes-destroy/) or run `fly volumes destroy --help`.
+
+**Volumes attached to Machines**
+
+Volumes attached to Machines can’t be destroyed. You can check which Machine (if any) a volume is attached to by running `fly volumes list` First, stop and destroy the Machine, then the unattached volume can be destroyed.
+
+If you’re replacing the Machine, use `fly scale count` or `fly machine clone` to launch a new one. This will create and mount a fresh volume based on your `fly.toml` config.
+
+To stop using volumes entirely, remove any `[mounts]` from `fly.toml`, redeploy to detach them, and then destroy the volumes.
+
+**Note:** Snapshots taken before deletion may still be restorable for a limited time, provided you have the volume ID (default retention is 5 days).
+
+
+## Restore a deleted volume
+
+You can restore data from a deleted volume using a volume snapshot. At this time, you can only retrieve a deleted volume's ID for 24 hours after deletion. If you already have the volume ID, then you can still use it to access the volume's snapshots within the snapshot retention period. The default snapshot retention period is 5 days. Learn how to [set or change the snapshot retention period](/docs/volumes/snapshots/#set-or-change-the-snapshot-retention-period).
+
+1. Run `fly volumes list --all` and copy the ID of the deleted volume.
+
+1. List the volume's snapshots and copy the ID of the snapshot to restore:
+
+    ```cmd
+    fly volumes snapshots list <volume id>
+    ```
+
+    Example output:
+    ```out
+    Snapshots
+    ID                 	SIZE    	CREATED AT
+    vs_MgLAggLZkYx89fLy	17638389	1 hour ago
+    vs_1KRgwpDqZ2ll5tx 	17649006	1 day ago
+    vs_nymJyYMwXpjxqTzJ	17677766	2 days ago
+    vs_R3OPAz5jBqzogF16	17689473	3 days ago
+    vs_pZlGZvq3gkAlAcaZ	17655830	4 days ago
+    vs_A9k6age3bQov6twj	17631880	5 days ago
+    ```
+
+1. Restore from the volume snapshot into a new volume of equal or greater size:
+
+    ```cmd
+    fly volumes create <volume name> --snapshot-id <snapshot id> -s <volume size in GB>
+    ```
+
+    Example output:  
+    ```out
+    ? Select region: Sydney, Australia (syd)
+            ID: vol_mjn924o9l3q403lq
+          Name: pg_data
+          App: my-app-name
+        Region: syd
+          Zone: 180d
+      Size GB: 3
+    Encrypted: true
+    Created at: 02 Aug 22 21:27 UTC
+    ```
+
+For options, refer to the [`fly volumes snapshots` docs](/docs/flyctl/volumes-snapshots/) or run `fly volumes snapshots --help`.
+
+## Related topics
+
+- [Fly Volumes overview](/docs/volumes/overview/)
+- [Manage volume snapshots](/docs/volumes/snapshots/)
+- [Add volume storage to a Fly Launch app](/docs/apps/volume-storage/)
+- [Scale an app with volumes](/docs/apps/scale-count/#scale-an-app-with-volumes)
diff --git a/volumes/volume-states.html.markerb b/volumes/volume-states.html.markerb
new file mode 100644
index 0000000000..4aa5cbabeb
--- /dev/null
+++ b/volumes/volume-states.html.markerb
@@ -0,0 +1,39 @@
+---
+title: Volume states
+layout: docs
+nav: firecracker
+toc: false
+---
+
+This table explains the possible states for a Fly Volume. A volume may only be in one state at a time.
+
+|                |                                                                        |
+|----------------|------------------------------------------------------------------------|
+| **creating**                 | Initial state for a new volume.                          |
+| **created**                  | Volume is in a stable state with no on-going operations. |
+| **extending**                | The volume is being extended.                            |
+| **restoring**                | The volume is being restored from a snapshot.            |
+| **enabling\_remote\_export** | The volume fork process is initializing.            |
+| **hydrating**                | The volume is being forked (copied) and is actively hydrating. The volume can be mounted. |
+| **recovering**               | The volume is being recovered from the `pending_destroy` state. |
+| **scheduling_destroy**       | The volume is being deleted.           |
+| **pending_destroy**          | The volume is soft deleted.                              |
+
+## Transitions and states during actions on volumes
+
+- Create a volume: `creating` → `created`
+- Restore a volume from a snapshot: `creating` → `restoring` → `created`
+- Fork a volume to another host/region: `creating` → `enabling_remote_export` → `hydrating` → `created`
+- Extend a volume: `creating` → `extending` → `created`
+- Destroy a volume: `creating` → `scheduling_destroy` → `pending_destroy`
+- Migrate a volume to a new host (performed by Fly.io): source volume `created` → `pending_destroy`; destination volume [Fork a volume transitions]
+
+## Volumes are soft deleted before being destroyed
+
+We always soft delete volumes before destroying them permanently, so that we can recover them if needed. Soft-deleted volumes are in the `pending_destroy` state.
+
+When you destroy a volume (whether by flyctl commands or the Machines API), the volume stays in the `pending_destroy` state for 24 hours before being permanently deleted.
+
+When we destroy a volume during migration to a new host, the volume stays in the `pending_destroy` state for 1 week before being permanently deleted.
+
+