Edge Network: Load Balancing and TLS
All Koyeb Apps are automatically accessible via a subdomain of
koyeb.app routed via our Global Edge Network. Subdomains are constructed using the following format:
Our Global Edge Network provides native load balancing, TLS encryption, and caching (like a CDN).
Koyeb's Edge Network provides global load balancing for applications running on the platform.
Koyeb allows you to deploy multiple Instances of your Services to various regions for availability and scaling. Within a region, requests are load balanced between all healthy Instances of the Service. If no healthy Instances are available within the region, the request may be passed to Instances in another region.
When you deploy a publicly accessible Service, you define which ports it listens on and which HTTP paths should route to it.
Requests made to Services are first directed to the edge location closest to the request's origin. At the edge, routing rules are evaluated and the request is forwarded to the nearest region where the Service is deployed.
If you route a subpath (for example,
/api/) of your domain instead of the root path (
/), the path prefix will be stripped from the request when it is passed to your Service.
For example, suppose that your App domain is
myapp-myorg.koyeb.app and you route requests for
/api/ to your Service. Requests made to
https://myapp-myorg.koyeb.app/api/ will be seen by your Service as
Here are few more examples to illustrate the routing behavior:
- A request for
https://myapp-myorg.koyeb.app/api/listwill be passed to the Service as
- A request for
https://myapp-myorg.koyeb.app/api/resource/listwill be passed to the Service as
When you create an App with a public Service, external connections to the Service using the Service's
koyeb.app subdomain are automatically encrypted with TLS.
TLS connections are terminated at the edge to increase performance and are securely transported within the encrypted Service Mesh to your application.
Koyeb's Edge Network does not automatically redirected HTTP traffic to HTTPS.
If you use the Service's
.koyeb.app subdomain however, browsers will automatically use HTTPS because the
.app top-level domain is included on the HSTS preload list (opens in a new tab). HTTP connections can be made using a CLI tool like
curl or in your code.
If you would like to redirect all HTTP traffic to HTTPS, you can vote and track this feature on our public roadmap (opens in a new tab).