Edge Network

Edge Network: Load Balancing and TLS

All Koyeb Apps are automatically accessible via a subdomain of routed via our Global Edge Network. Subdomains are constructed using the following format:


Our Global Edge Network provides native load balancing, TLS encryption, and caching (like a CDN).

HTTP load balancing

Koyeb's Edge Network provides global load balancing for applications running on the platform.

Koyeb allows you to deploy multiple Instances of your Services to various regions for availability and scaling. Within a region, requests are load balanced between all healthy Instances of the Service. If no healthy Instances are available within the region, the request may be passed to Instances in another region.

Routing and HTTP paths

When you deploy a publicly accessible Service, you define which ports it listens on and which HTTP paths should route to it.

Requests made to Services are first directed to the edge location closest to the request's origin. At the edge, routing rules are evaluated and the request is forwarded to the nearest region where the Service is deployed.


If you route a subpath (for example, /api/) of your domain instead of the root path (/), the path prefix will be stripped from the request when it is passed to your Service.

For example, suppose that your App domain is and you route requests for /api/ to your Service. Requests made to will be seen by your Service as

Here are few more examples to illustrate the routing behavior:

  • A request for will be passed to the Service as
  • A request for will be passed to the Service as

Built-in TLS

When you create an App with a public Service, external connections to the Service using the Service's subdomain are automatically encrypted with TLS.

TLS connections are terminated at the edge to increase performance and are securely transported within the encrypted Service Mesh to your application.

Unencrypted HTTP connections

Koyeb's Edge Network does not automatically redirected HTTP traffic to HTTPS.

If you use the Service's subdomain however, browsers will automatically use HTTPS because the .app top-level domain is included on the HSTS preload list (opens in a new tab). HTTP connections can be made using a CLI tool like curl or in your code.

If you would like to redirect all HTTP traffic to HTTPS, you can vote and track this feature on our public roadmap (opens in a new tab).