Your first $5 top-up doubles to $10 — one-time, for every new account. Get Started
Krova CloudKrova Cloud

Custom domains

Point your own domain at a Cube with automatic HTTPS, and tune per-domain proxy settings.

Map a domain you own to a port on a Cube. Krova Cloud runs a reverse proxy in front of your Cube that terminates HTTPS, forwards requests to your app, and passes through the real visitor information your app needs.

Add a domain

  1. Point your domain at Krova Cloud by adding a CNAME record to dns.krova.cloud.
  2. In your Cube's networking tab, add the domain and the port your app listens on inside the Cube.
  3. HTTPS is provisioned and renewed automatically — there are no certificates to manage.

If your DNS is on Cloudflare, both modes work: DNS-only (grey cloud — Krova Cloud issues the certificate) or Proxied(orange cloud — Cloudflare's edge sits in front).

Real visitor information

Your app receives the real client details on every request, so logging, rate-limiting, and geolocation work as expected:

  • X-Real-IP and X-Forwarded-For— the real visitor IP (spoof-safe; not the proxy's address).
  • X-Forwarded-Proto and X-Forwarded-Host — the original scheme and hostname.

Per-domain settings

Each domain has its own independent proxy configuration — changing one domain never affects another. You can tune all of these from the domain's settings (and over the REST API, at create time or any time after):

  • Security headers— let Krova Cloud enforce platform security headers, or pass your app's own through.
  • Request & response header overrides — inject or remove headers to/from your app.
  • Max request body size — cap upload sizes (or leave unlimited).
  • Response compression — optional gzip/zstd at the edge (off by default; most CDN-fronted domains are already compressed).
  • IP allow / deny lists — restrict who can reach the app by IP or CIDR (IPv4 and IPv6).
  • Basic Auth — put a username/password in front of the domain (the password is hashed and never stored in plaintext).

See the REST API reference for the exact field names, types, and an example that sets these in one request.

Uploads & CORS

Upload size limits

Krova Cloud does not cap upload sizes by default — your app receives every byte you send. If an upload returns a 413 Request Entity Too Large, the limit is almost always inside your Cube, not at the Krova Cloud proxy:

  • nginx — raise client_max_body_size in your nginx config (e.g. client_max_body_size 500m;).
  • PHP — raise post_max_size and upload_max_filesize in php.ini.
  • Framework body parsers— check your framework's body-size limit (Express limit, Next.js bodyParser.sizeLimit, Django DATA_UPLOAD_MAX_MEMORY_SIZE, etc.).

If you want Krova Cloud to enforce a hard cap at the proxy (to reject over-size requests before they reach your app), set Max request bodyin the domain's settings. When a request declares its size in Content-Length, the proxy returns 413 cleanly before forwarding. Chunked uploads without a Content-Length header that exceed the cap may in rare cases return a 502 instead of 413 — this is a known Caddy limitation.

CORS

If a cross-origin frontend (e.g. a separate SPA on app.example.com calling an API at api.example.com) is being blocked by the browser, enable CORSin the domain's settings. Krova Cloud handles the entire CORS protocol at the proxy — your app never needs to touch Access-Control-* headers:

  • Preflight OPTIONS requests are answered at the edge (your app never sees them).
  • Access-Control-Allow-Origin is added to every response, including error responses (413, 403) and upstream-down interstitials, so cross-origin callers always get a parseable error.
  • Use the wildcard (*) for a public API that any origin may call. Use an explicit origin list (e.g. https://app.example.com) when you need cookies or Authorization headers (credentials).
  • The preflight cache (Access-Control-Max-Age) defaults to 600 s and can be set up to 86 400 s (Chromium's hard cap), reducing the number of preflight round-trips.

Removing a domain

Removing a domain takes down its route immediately. Update your DNS afterwards if you're pointing the domain somewhere else.