Custom domains
Point your own domain at a Cube with automatic HTTPS, and tune per-domain proxy settings.
Map a domain you own to a port on a Cube. Krova Cloud runs a reverse proxy in front of your Cube that terminates HTTPS, forwards requests to your app, and passes through the real visitor information your app needs.
Add a domain
- Point your domain at Krova Cloud by adding a CNAME record to
dns.krova.cloud. - In your Cube's networking tab, add the domain and the port your app listens on inside the Cube.
- HTTPS is provisioned and renewed automatically — there are no certificates to manage.
If your DNS is on Cloudflare, both modes work: DNS-only (grey cloud — Krova Cloud issues the certificate) or Proxied(orange cloud — Cloudflare's edge sits in front).
Real visitor information
Your app receives the real client details on every request, so logging, rate-limiting, and geolocation work as expected:
X-Real-IPandX-Forwarded-For— the real visitor IP (spoof-safe; not the proxy's address).X-Forwarded-ProtoandX-Forwarded-Host— the original scheme and hostname.
Per-domain settings
Each domain has its own independent proxy configuration — changing one domain never affects another. You can tune all of these from the domain's settings (and over the REST API, at create time or any time after):
- Security headers— let Krova Cloud enforce platform security headers, or pass your app's own through.
- Request & response header overrides — inject or remove headers to/from your app.
- Max request body size — cap upload sizes (or leave unlimited).
- Response compression — optional gzip/zstd at the edge (off by default; most CDN-fronted domains are already compressed).
- IP allow / deny lists — restrict who can reach the app by IP or CIDR (IPv4 and IPv6).
- Basic Auth — put a username/password in front of the domain (the password is hashed and never stored in plaintext).
See the REST API reference for the exact field names, types, and an example that sets these in one request.
Uploads & CORS
Upload size limits
Krova Cloud does not cap upload sizes by default — your app receives every byte you send. If an upload returns a 413 Request Entity Too Large, the limit is almost always inside your Cube, not at the Krova Cloud proxy:
- nginx — raise
client_max_body_sizein your nginx config (e.g.client_max_body_size 500m;). - PHP — raise
post_max_sizeandupload_max_filesizeinphp.ini. - Framework body parsers— check your framework's body-size limit (Express
limit, Next.jsbodyParser.sizeLimit, DjangoDATA_UPLOAD_MAX_MEMORY_SIZE, etc.).
If you want Krova Cloud to enforce a hard cap at the proxy (to reject over-size requests before they reach your app), set Max request bodyin the domain's settings. When a request declares its size in Content-Length, the proxy returns 413 cleanly before forwarding. Chunked uploads without a Content-Length header that exceed the cap may in rare cases return a 502 instead of 413 — this is a known Caddy limitation.
CORS
If a cross-origin frontend (e.g. a separate SPA on app.example.com calling an API at api.example.com) is being blocked by the browser, enable CORSin the domain's settings. Krova Cloud handles the entire CORS protocol at the proxy — your app never needs to touch Access-Control-* headers:
- Preflight
OPTIONSrequests are answered at the edge (your app never sees them). Access-Control-Allow-Originis added to every response, including error responses (413, 403) and upstream-down interstitials, so cross-origin callers always get a parseable error.- Use the wildcard (
*) for a public API that any origin may call. Use an explicit origin list (e.g.https://app.example.com) when you need cookies orAuthorizationheaders (credentials). - The preflight cache (
Access-Control-Max-Age) defaults to 600 s and can be set up to 86 400 s (Chromium's hard cap), reducing the number of preflight round-trips.
Removing a domain
Removing a domain takes down its route immediately. Update your DNS afterwards if you're pointing the domain somewhere else.