Zerops Domain & Access Configuration
Zerops provides three ways to make your application accessible from the internet:
- Zerops subdomain - ideal for testing and development
- Custom domain - recommended for production deployments
- Direct port access - for non-HTTP protocols and specialized use cases
Each method serves different needs and comes with its own configuration options.
By default, your runtime service is not publicly accessible until you configure one of these methods.
Public Access Through Zerops Subdomain​
For development and testing purposes, Zerops offers a quick way to make your application accessible through a .zerops.app subdomain. This option requires minimal configuration and includes automatic SSL certificate management.
Configuration Steps​
- Navigate to your service detail page in Zerops GUI
- Select Public access & internal ports from the left menu
- Toggle the Zerops subdomain access switch
Once enabled, Zerops assigns a unique subdomain for your application. If you've defined multiple internal ports with HTTP support in your zerops.yaml, each port receives its own unique .zerops.app subdomain.
Technical Details​
When using Zerops subdomains:
- Access your application using the
https://protocol (Zerops automatically manages SSL certificates) - Traffic flows through a central HTTP balancer that:
- Terminates SSL connections
- Forwards requests to your application via HTTP
- Handles all security certificates
- The central HTTPS balancer is shared across all Zerops projects, which creates a scalability bottleneck
- Maximum upload size is limited to 50MB
- Not recommended for production traffic
Public Access Through Your Domain​
When your application is ready for production or you need to test with your actual domain, configure custom domain access. This method provides better performance, scalability, and full control over your domain settings.
IP Address Configuration​
Before setting up domain access, you'll need public IP addresses. Zerops offers the following IP options:
IPv4 Options​
Dedicated IPv4 Address ($3/30 days)​
- Dedicated to your project and shared across all project services
- One IPv4 address per project limit
- Protects against blacklisting risks associated with shared IPs
- Subscription automatically renews every 30 days (cannot be purchased with promo credit)
- Fee is non-refundable but address can be reused in another project until subscription ends
- Recommended for production workloads
Shared IPv4 Address (Free)​
- Available at no cost
- Shared across all Zerops users and their projects
- Limitations:
- Restricted number of open connections
- Shorter connection timeouts
- Not recommended for production use
IPv6 Address (Free)​
- Dedicated to your project and shared across all project services
- One IPv6 address per project limit
- Automatically activated with first domain setup
- Available for all projects at no additional cost
Since IPv6 support is not universal, using both IPv4 and IPv6 is recommended for maximum accessibility.
Configuring HTTP Routing​
To set up domain access:
- Go to your service detail in Zerops GUI and select Public access & internal ports
- Click Setup first domain access
- Configure your domain settings:
- Enter domain names (e.g.,
mydomain.com,app.mydomain.com) - Add multiple domains if needed (useful for multi-language sites)
- Choose SSL certificate management
- Enter domain names (e.g.,
- Define routing rules:
- Source: The public path (the part of URL after your domain)
- Destination: Choose which application and internal port receives the traffic
- Add multiple routing configurations as needed
All settings can be modified later as your needs change.
DNS Configuration​
After setting up domain access in Zerops, you'll need to configure your DNS records with your domain registrar.
- Cloudflare users: Follow our Cloudflare DNS Configuration Guide for step-by-step Cloudflare-specific instructions
- Other providers: Use the general DNS and Proxy Configuration Guide for universal DNS setup instructions
HTTPS Configuration​
When using Let's Encrypt certificates (recommended):
Certificate Management​
- Zerops handles all certificate installation and renewal
- Certificates are free of charge
- No manual certificate management required
Traffic Flow​
- Traffic arrives at your public IPv4/IPv6 addresses
- Requests route through your project's dedicated HTTPS balancer
- SSL termination occurs at the balancer level
- Internal traffic uses HTTP protocol for optimal performance
Balancer Architecture​
- Deployed in two containers for redundancy
- Scales vertically based on traffic demands
- Cannot be directly modified
- Included free of charge
Opening Public Ports​
For applications requiring direct port access or non-HTTP protocols, Zerops provides flexible port configuration options.
Currently, direct public port access is only available for runtime services and PostgreSQL databases.
Port Configuration​
- Navigate to service detail page in Zerops GUI
- For runtime services select Subdomain & domain & IP access
- For PostgreSQL select Direct access through IP address
- Configure your port settings:
- Either Setup first access through IPv6 or activate Unique IPv4 add-on (if needed)
- Choose any port from 10-65435 (except 80 and 443)
- Select destination service and internal port
- Each public port can be mapped to any internal service port
- Multiple public ports can point to the same internal port if needed
- Port configurations can be set independently for IPv4 and IPv6
Firewall Configuration​
Optionally secure your ports with firewall rules:
- Enable firewall for specific ports
- Choose policy type:
- Blacklist: Block specific IPs/ranges
- Whitelist: Allow only specific IPs/ranges
- Configure IP rules:
- Single IP format affects only the specific IP
- IP range format affects all IPs in that CIDR range
