Zerops subdomain, custom domains & IP access
Zerops offers 3 different ways how to access your application from the internet:
Public access through zerops.app subdomain​
By default, your runtime service is not publicly accessible. To test your application, you can enable public access through zerops.app subdomain. Go to the service detail page in Zerops GUI and select Public access & internal ports in the left menu. Then toggle the Zerops subdomain access switch. Zerops will assign the unique zerops.app subdomain for your application. If you have defined more internal ports with http support in your zerops.yml, Zerops will create the unique zerops.app subdomain for each port. Learn more about how to define internal ports for your runtime:
Use the https:// protocol to access your application through zerops.app subdomain, Zerops manages the SSL certificate for you. A central Zerops http balancer is used to terminate the SSL connection. The traffic is then redirected to your application on the http:// protocol.
Do not use the zerops.app subdomain for production. The traffic is limited by the central https balancer that is shared with other Zerops projects and will always create a bottleneck that prevents your application to scale. The maximum upload limit for zerops.app subdomain is 20 MB.
Public access through your domain​
By default, your runtime service is not publicly accessible. When your application is ready for production or if you want to test it on the production domain, configure the public access through your domain.
Go to the service detail page in Zerops GUI and select Public access & internal ports in the left menu. Click on the Setup first domain access button.
Public IPv4 address​
To access your runtime service through your domain you will need a public IPv4 address. The public IPv4 address is dedicated for your project and costs $3 for each 30 days. To enable the public IPv4 address click on the activate button. Once the public IPv4 address is active, you can configure the public access through your domain for your runtime application. If you have multiple runtime applications in the same project, they will share the same public IPv4 address. You can't purchase more than one public IPv4 address for your project.
You cannot purchase the public IPv4 for your promo credit. Top up your credit to purchase your first IPv4 address.
The public IPv4 subscription is automatically renewed after 30 days and the $3 fee is deducted from your credit on the renewal date. If you delete the project with an active public IPv4, the fee for the public IPv4 is not refunded but you can use the same IPv4 for another project for free until the end of the subscription.
Public IPv6 address​
Zerops assigns one dedicated public IPv6 address to each project. The public IPv6 address is free of charge. The public IPv6 address is active when you enable a public domain access for your first runtime service. You cannot add multiple public IPv6 addresses to your project.
If you are sure that your users have the IPv6 connection to the internet, you can use only the public IPv6 address to access your application through your domain.
Configure public http routing​
To configure the public http routing go to the service detail page in Zerops GUI and select Public access & internal ports in the left menu. Click on the Setup first domain access button.
Follow these steps:
- Enter your domain name e.g.
mydomain.comto the domains input. You can enter a subdomain e.g.app.mydomain.com, the level of your subdomain is not limited. If you have multiple domains and you want to set the identical routing for them, for example if you have multiple domains for different languages, add them to the input. - If you don't want Zerops to install and maintain the Let's Encrypt SSL certificate for your domain(s), disable the Automatically install SSL certificates switch. The SSL certificate installed by Zerops is free of charge.
- Add one or more routing configurations. Each routing configuration has 2 settings: The source in the form of a public path (the part of the URL after your domain(s)) and the destination where you choose to which application and internal port you want to redirect the incoming traffic from the defined source.
You can change these settings any time.
How to configure your domain DNS​
Your domain DNS settings cannot be changed in Zerops GUI. Go to your domain registrar and configure following DNS records:
- Point the A record to your project public IPv4 address.
- Point the AAAA record to your project public IPv6 address.
After the TTL of your domain's DNS expires, your application in Zerops will be accessible through your domain.
HTTPS​
If you have enabled the Let's Encrypt certificate for your domain(s), use the https:// protocol to access your application through your domain. Zerops instals and renews the SSL certificate for you. A dedicated https balancer is installed to your project and Zerops redirect all the traffic that is coming through your project's public IPv4 and IPv6 address to the https balancer.
The https balancer redirects the traffic to the specific service and its internal port based on the public http routing configuration. The SSL certificate is installed in the https balancer and it's where the https:// connection is terminated. The traffic is then redirected to your service on the http:// protocol.
Thanks to this solution, the SSL certificate is separated from your application environment and all the internal traffic in your project private network uses the http:// protocol.
You cannot install your own SSL certificate or otherwise modify the project https balancer rules directly.
The project https balancer is always installed in 2 containers to ensure the redundancy. Zerops scales both https balancer containers vertically based on the current traffic.
The project https balancer is free of charge.
Open a public port for a non http(s) communication​
By default, your runtime service is not publicly accessible. If your application uses a non http(s) communication, open a public port to access your application from the internet.
Go to the service detail page in Zerops GUI and select Public access & internal ports in the left menu. Click on the Setup first access through IPv6.
You can open any public port from the range 10 - 65435 except 80 and 443. Ports 80 and 443 are dedicated for the http(s) routing. Set the destination for the public port: choose a runtime service and its internal port.
You can open multiple public ports. If needed you set the same destination for different public ports.
Enable firewall​
Optionally enable the firewall on the public port:
Choose the firewall policy type: Blacklist or whitelist.
If you select blacklist, enter one or more IP addresses or IP ranges that will be blacklisted on the firewall. If you select whitelist, enter one or more IP addresses or IP ranges that will be whitelisted on the firewall.
If you don't specify the range, Zerops adds the single IP address to the firewall. If the range is specified, the IP range that begins on the entered IP address is added to the firewall.
You can change these settings any time.
Public IPv4 address​
You can open one or more public ports on the public IPv4 or IPv6 address. Zerops assigns one dedicated public IPv6 address to each project. The public IPv6 address is free of charge.
Before you can open a public port on a public IPv4 address you need to purchase an IPv4 address. The public IPv4 address is dedicated to your project and costs $3 for each 30 days. To enable the public IPv4 address click on the activate button. Once the public IPv4 address is active, you can open one or more public ports on the IPv4 address assigned to your project. You can't purchase more than one public IPv4 address for your project.
The list of opened public ports on the IPv4 address is independent of the list of opened public ports on the IPv6 address.