Network /
Networking on Northflank
Northflank allows flexible and secure private and public networking for services, jobs, databases and other addons. HTTP, HTTP/2, Websockets, gRPC, TCP and UDP are all supported networking protocols.
Networking settings are accessed on the ports & DNS page on deployment and combined services, and on the settings page in the network section for databases and other addons.
Northflank load balancer
Northflank uses scalable and highly performant load balancers to securely distribute external traffic to containers in your projects. Traffic is routed to your application containers to the configured ports.
For a service running multiple instances, ingress traffic will be directed with a round-robin load-balancing strategy. The load balancer will not route traffic to non-ready containers, for example containers that are starting, terminating, or that are failing health checks.
Public networking
HTTP, HTTP/2, Websockets and gRPC can be exposed publicly via a load-balancer served with an auto-generated TLS certificate with either code.run endpoints or your own domains. HTTPS requests are terminated at the edge load-balancer and the request is then routed internally via Northflank’s network.
You can choose to publicly expose databases and other addons via a load-balanced TCP endpoint. Northflank will enforce and generate TLS certificates which will be automatically configured in the database and connection details.
Northflank will expose your HTTP ports publicly on ports 80 and 443 and route traffic to your configured ports. HTTP (port 80) traffic is automatically redirected to HTTPS (port 443).
Expose ports in your application
Expose ports in your application to make it available for networking.
Add public ports
Configure ports to expose your services on the internet.
Domains on Northflank
Manage your domains on Northflank, quickly and easily assigning them to your deployments.
Expose a database with TLS
Secure internal database connections or expose it publicly with TLS.
Network security
You can configure security policies for individual ports, with allow/deny lists based on IP address, basic auth for endpoints, and SSO for organisations. You can also create granular security policies by subdomain path, for even greater control.
Set IP policies
Allow or deny access to services based on IP addresses.
Configure basic authentication
Require users to enter a username and password to access your site.
Use SSO access control
Use your organisation's SSO provider to authenticate access to your services.
Configure security policies by path
Set security policies to restrict access to your endpoints based on port and subdomain path.
Private networking
Ports serving all protocols can be configured for private networking. Services, jobs and databases with private ports will only be accessible by other resources inside the same project.
Deployments and databases can be forwarded for secure, local access, without the need to publicly expose them to the internet.
You can enable multi-project networking to securely access resources from another Northflank project, and enable Tailscale in your projects to access resources in your Tailscale VPN.
Add private ports
Configure ports to allow your services to communicate securely within your project.
Forward deployments and databases
Forward deployments and databases to your local machine for development.
Multi-project networking
Configure projects to securely allow ingress network traffic from other projects.
Use Tailscale
Allow secure access to Tailscale devices to resources within your project.
Headers
You can access the source IP of a request from the X-Forwarded-For header , which is attached to all HTTP/S requests by the Northflank load balancer.
Request and response headers can also be managed by configuring path-based routing for your subdomains.