Public Access Configuration

This guide provides detailed configuration instructions for making your Zerops services publicly accessible from the internet. For an overview of all access methods, see the Access & Networking guide.

Public Access Methods

Choose the access method that best fits your needs:

• Zerops Subdomain Access - Quick setup with .zerops.app domains, ideal for development and testing
• Custom Domain Access - Production-ready access through your own domains with full SSL support
• Direct Port Access - Direct port routing for non-HTTP protocols and specialized applications

Zerops Subdomain Access

Zerops subdomains provide quick public access through .zerops.app addresses, ideal for development and testing environments.

Configuration

1. Navigate to your service detail page in Zerops GUI
2. Select Subdomain & domain & IP access from the left menu (for runtime services)
3. Toggle the Zerops subdomain access switch

Once enabled, Zerops assigns a unique subdomain for your application. If you've defined multiple internal ports with HTTP support in your zerops.yaml, each port receives its own unique .zerops.app subdomain.

Configure internal ports for your Runtime

BunDeno.NETElixirGleamGoJavaNode.jsPHPPythonRust

Technical Implementation

When using Zerops subdomains:

• Access your application using the https:// protocol (Zerops automatically manages SSL certificates)
• Traffic flows through a central HTTP balancer that:
  • Terminates SSL connections
  • Forwards requests to your application via HTTP
  • Handles all security certificates

Limitations

Production Considerations

• The central HTTPS balancer is shared across all Zerops projects, which creates a scalability bottleneck
• Maximum upload size is limited to 50MB
• Not recommended for production traffic due to scalability bottleneck
• Better suited for development and testing environments

Custom Domain Access

Custom domain access provides production-ready public access through your own domain names, offering better performance and full control over domain settings.

IP Address Configuration

Before setting up domain access, you need to configure public IP addresses. Zerops offers the following options:

IPv4 Configuration

Dedicated IPv4 Address ($3/30 days)

• Dedicated to your project and shared across all project services
• One IPv4 address per project limit
• Protects against blacklisting risks associated with shared IPs
• Subscription automatically renews every 30 days (cannot be purchased with promo credit)
• Fee is non-refundable but address can be reused in another project until subscription ends
• Recommended for production workloads

Shared IPv4 Address (Free)

• Available at no cost
• Shared across all Zerops users and their projects
• Limitations:
  • For HTTP/HTTPS traffic only
  • Restricted number of open connections
  • Shorter connection timeouts
• Not recommended for production use

IPv6 Configuration

IPv6 Address (Free)

• Dedicated to your project and shared across all project services
• One IPv6 address per project limit
• Automatically activated with first domain setup
• Available for all projects at no additional cost

Dual Stack Recommendation

Since IPv6 support is not universal, using both IPv4 and IPv6 is recommended for maximum accessibility.

HTTP Routing Setup

To configure domain access:

1. Go to your service detail page in Zerops GUI and select Subdomain & domain & IP access (or access from project's Project & Services Access Overview section → HTTP Balancer (L7) Configuration & Public Access Through Domains)
   • For advanced L7 balancer settings (connection handling, buffers, performance optimization), click Advanced balancer configuration
2. Click Setup first domain access
3. Configure domain settings:
   • Enter domain names (e.g., mydomain.com, app.mydomain.com)
   • Add multiple domains if needed (useful for multi-language sites)
   • Choose SSL certificate management
4. Define routing rules:
   • Source: The public path (the part of URL after your domain)
   • Destination: Choose which application and internal port receives the traffic
   • Add multiple routing configurations as needed

Alternative Access

Domain configuration can also be accessed from individual service pages under Subdomain & domain & IP access.

All settings can be modified later as your needs change.

DNS Configuration

After setting up domain access in Zerops, configure your DNS records with your domain registrar:

DNS Configuration Guides

• Cloudflare users: Follow the Cloudflare DNS Configuration Guide for step-by-step Cloudflare-specific instructions
• Other providers: Use the DNS and Proxy Configuration Guide for universal DNS setup instructions

HTTPS & SSL Configuration

When using Let's Encrypt certificates (recommended):

Certificate Management:

• Zerops handles all certificate installation and renewal automatically
• Certificates are provided free of charge
• No manual certificate management required

Traffic Flow:

1. Traffic arrives at your public IPv4/IPv6 addresses
2. Requests route through your project's dedicated HTTPS balancer
3. SSL termination occurs at the balancer level
4. Internal traffic uses HTTP protocol for optimal performance

Balancer Architecture:

• Deployed in two containers for high availability
• Scales vertically based on traffic demands
• Cannot be directly modified by users
• Included free of charge with custom domain setup

Load Balancing:

• Round-robin load balancing across multiple service instances
• Health checks to route traffic only to healthy instances
• Connection pooling for improved performance

Performance Considerations:

• Use dedicated IPv4 addresses instead of shared ones for high-traffic applications
• Consider the L7 Balancer advanced configuration options for production optimization

Direct Port Access

Direct port access enables public access to specific ports on your services, supporting any protocol and specialized use cases beyond HTTP.

Service Compatibility

Currently, direct public port access is only available for runtime services and PostgreSQL databases.

Port Configuration

1. Navigate to your service detail page in Zerops GUI:
   • For runtime services: Select Subdomain & domain & IP access
   • For PostgreSQL services: Select Direct access through IP address
   • Or access from project's Project & Services Access Overview section → Direct IP Accesses to Services
2. Configure port settings:
   • Either Setup first access through IPv6 or activate Unique IPv4 add-on (if needed)
   • Choose any port from 10-65435 (ports 80 and 443 are reserved)
   • Select destination service and internal port
   • Each public port can be mapped to any internal service port
   • Multiple public ports can point to the same internal port if needed
   • Port configurations can be set independently for IPv4 and IPv6

Service-Level Access

For runtime services, you can also access port configuration from the service detail page under Subdomain & domain & IP access.

Firewall Configuration

Secure your public ports with optional firewall rules:

1. Enable firewall for specific ports
2. Choose policy type:
   • Blacklist: Block specific IPs/ranges (allow all others)
   • Whitelist: Allow only specific IPs/ranges (block all others)
3. Configure IP rules:
   • Single IP format: Affects only the specific IP address
   • IP range format: Affects all IPs in the specified CIDR range

For information about Zerops' platform-wide firewall and port restrictions, see the Firewall Reference Guide.

Protocol Support

Direct port access supports:

• TCP protocols: HTTP, HTTPS, database connections, custom TCP services
• UDP protocols: DNS, gaming protocols, custom UDP services
• Any port-based protocol your application requires

Next Steps

• DNS Configuration: DNS and Proxy Configuration Guide or Cloudflare Guide
• Advanced Routing: L7 Balancer Configuration & Advanced Routing Guide
• Wildcard Domains: Wildcard Domain Configuration
• Internal Access: Internal Access Configuration Guide

Need help? Join our Discord community.