> ## Documentation Index
> Fetch the complete documentation index at: https://docs.phala.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Reference

> Quick lookup for URL patterns, environment variables, and configuration parameters

## URL Patterns

| Pattern                                    | Protocol                              | Example                                                              |
| ------------------------------------------ | ------------------------------------- | -------------------------------------------------------------------- |
| `{app-id}.{cluster}.phala.network`         | HTTP/HTTPS to port 80 (default)       | `abc123.dstack-prod5.phala.network`                                  |
| `{app-id}-{port}.{cluster}.phala.network`  | HTTP/HTTPS (TLS termination)          | `deadbeef111111111111111111111111-8080.dstack-prod5.phala.network`   |
| `{app-id}-{port}g.{cluster}.phala.network` | gRPC/HTTP2                            | `deadbeef111111111111111111111111-50051g.dstack-prod5.phala.network` |
| `{app-id}s.{cluster}.phala.network`        | TLS passthrough to port 443 (default) | `abc123s.dstack-prod5.phala.network`                                 |
| `{app-id}-{port}s.{cluster}.phala.network` | TLS passthrough                       | `deadbeef111111111111111111111111-5432s.dstack-prod5.phala.network`  |
| `{app-id}-22.{cluster}.phala.network`      | SSH tunnel                            | `deadbeef111111111111111111111111-22.dstack-prod5.phala.network`     |

**Default Port Behaviors:**

* No port specified = routes to port 80 for HTTP or port 443 for TLS passthrough
* All external connections use port 443 regardless of internal port
* `{app-id}` is auto-generated on deployment
* `{port}` matches your container's exposed port
* `{cluster}` is regional (us, eu, asia)

## Auto-populated Environment Variables

You can use these variables in your docker-compose file:

| Variable                | Value                  | Example            |
| ----------------------- | ---------------------- | ------------------ |
| `DSTACK_APP_ID`         | Application identifier | `abc123def456`     |
| `DSTACK_GATEWAY_DOMAIN` | Regional domain        | `us.phala.network` |

## Environment Variables

The variables you can change to config networking features.

### SSH Access

| Variable                 | Type   | Purpose                          |
| ------------------------ | ------ | -------------------------------- |
| `DSTACK_ROOT_PASSWORD`   | string | Root password (dev images only)  |
| `DSTACK_ROOT_PUBLIC_KEY` | string | SSH public key (dev images only) |

### Custom Domains

| Variable          | Required | Type    | Purpose                                        |        |                             |
| ----------------- | -------- | ------- | ---------------------------------------------- | ------ | --------------------------- |
| `DOMAIN`          | Yes      | string  | Custom domain name                             |        |                             |
| `TARGET_ENDPOINT` | Yes      | string  | `http://service:port` or `grpc://service:port` |        |                             |
| `GATEWAY_DOMAIN`  | Yes      | string  | `_.${DSTACK_GATEWAY_DOMAIN}`                   |        |                             |
| `CERTBOT_EMAIL`   | Yes      | string  | Let's Encrypt email                            |        |                             |
| `SET_CAA`         | No       | boolean | Enable CAA records (default: false)            |        |                             |
| `DNS_PROVIDER`    | No       | string  | \`cloudflare                                   | linode | namecheap\` (auto-detected) |

### DNS Provider Credentials

| Provider   | Variables                                                        | Required Permissions |
| ---------- | ---------------------------------------------------------------- | -------------------- |
| Cloudflare | `CLOUDFLARE_API_TOKEN`                                           | Zone:Read, DNS:Edit  |
| Linode     | `LINODE_API_TOKEN`                                               | Domains:Read/Write   |
| Namecheap  | `NAMECHEAP_USERNAME`, `NAMECHEAP_API_KEY`, `NAMECHEAP_CLIENT_IP` | API enabled          |

## Protocol Support

| Protocol  | Default Mode        | TLS Passthrough Mode | Egress Traffic |
| --------- | ------------------- | -------------------- | -------------- |
| HTTP/1.1  | ✅                   | ✅                    | ✅              |
| HTTP/2    | ✅ (with `g` suffix) | ✅                    | ✅              |
| WebSocket | ✅                   | ✅                    | ✅              |
| TCP       | ❌                   | ✅ (with `s` suffix)  | ✅              |
| UDP       | ⚠️  (NAT traversal) | N/A                  | ✅              |

## Docker Images

| Component      | Image                               | Hash                                                                      |
| -------------- | ----------------------------------- | ------------------------------------------------------------------------- |
| Custom domains | `dstacktee/dstack-ingress:20250924` | `sha256:40429d78060ef3066b5f93676bf3ba7c2e9ac47d4648440febfdda558aed4b32` |

## Rate Limits

### DNS Providers

| Provider   | API Limits    | Certificate Speed |
| ---------- | ------------- | ----------------- |
| Cloudflare | 1200 req/5min | 1-2 minutes       |
| Linode     | 800 req/hour  | 2-5 minutes       |
| Namecheap  | 50 req/hour   | 5-15 minutes      |

### Let's Encrypt

| Limit                   | Rate                |
| ----------------------- | ------------------- |
| Certificates per domain | 50/week             |
| Duplicate certificates  | 5/week              |
| Failed validations      | 5/hour per hostname |