TLS

Automatic TLS for every public endpoint. Certificates are provisioned, renewed, and rotated without configuration — HTTPS is the default across the entire platform.

Bring your own certificate or let INET manage the full lifecycle. Either way, expiry is never your problem.

  • Attach a domain to any resource — certificate is issued automatically within minutes
  • Zero-downtime renewal runs in the background with no restart needed
  • Certificate status and expiry visible per resource in the console

Certificate Management

  • Managed certificates — issued automatically on domain attach; renewed before expiry
  • Wildcard certificates — one certificate covering all subdomains of a zone
  • Custom certificates — upload your own PEM bundle for specific CA requirements
  • Multi-domain — one certificate for multiple hostnames on the same endpoint

Termination

  • Edge termination — TLS ends at the INET edge; traffic to your service travels the private network
  • Passthrough — raw TLS forwarded to your service for end-to-end encryption
  • Mutual TLS — client certificate authentication for service-to-service calls

DNS

Managed DNS for your domains and your internal network. Route public traffic to platform resources and get automatic private resolution within every project.

Public and private DNS are unified — the same zone can serve external clients and internal services.

  • Delegate your domain to INET nameservers — records sync immediately on any change
  • TLS certificates issued automatically when a public record is attached to a platform resource
  • Private hostnames created and removed automatically with resources

Public DNS

  • All standard record types with per-record TTL control
  • Alias records that follow target IP changes automatically
  • Health-check routing — unhealthy endpoints removed from DNS automatically
  • Weighted and failover routing for multi-region deployments

Private DNS

  • Every Machine, Function, and Bucket gets a stable private hostname at provision time
  • Hostnames resolve within the project network — no manual records required
  • Custom private zones for internal service discovery

Firewall

Traffic control for every resource, without managing rules files. Define inbound and outbound policies per Machine, per project, or globally — enforced at the network layer before traffic reaches your service.

Rules apply instantly. No restart required, no agent to update.

  • Changes take effect immediately with no service interruption
  • Firewall events captured in Logs — see dropped traffic with source, destination, and rule match
  • IAM controls who can modify rules; changes are audited and can trigger Events

Rules

  • Inbound rules — allow or deny by source IP, CIDR, port, and protocol
  • Outbound rules — restrict egress for sensitive workloads
  • Priority ordering — rules evaluated top-down; first match wins
  • Default deny — all traffic not explicitly permitted is dropped

Profiles

Pre-configured rule sets for common workloads:

  • Web — allow 80/443 inbound; restrict all other public ingress
  • Database — allow access only from within the project network
  • Gaming — pre-configured port ranges for common game server protocols
  • Custom — build from scratch or extend any profile