Daytona provides a preview proxy service that can be used to handle [preview URLs](https://www.daytona.io/docs/en/preview.md) for sandboxes. This gives you full control over the preview experience, including custom domains, authentication, error handling, and styling. - **Custom domain**: host your proxy under your own domain (e.g., `preview.yourcompany.com`) - **User authentication**: implement custom authentication logic for private previews - **Sandbox management**: automatically start stopped sandboxes before forwarding users - **Custom error pages**: style error pages to match your brand - **Preview warning control**: disable Daytona's preview warning - **CORS management**: override Daytona's default CORS settings ## How it works When a user visits a preview URL, your custom proxy receives the request and can: 1. Authenticate the user using custom logic 2. Check sandbox status and start it if needed 3. Forward the request to the actual sandbox 4. Handle responses with custom styling and error pages 5. Send custom headers to control Daytona's behavior Your proxy should forward the `X-Forwarded-Host` header with the original request host when proxying requests to Daytona. ## WebSocket support The preview proxy fully supports WebSocket connections. WebSocket upgrade requests (`Upgrade: websocket`) are automatically detected and proxied. WebSocket connections skip the preview warning page. ## Reserved ports The following ports are reserved for internal services and always require authentication, even on public sandboxes: | Port | Service | | ----------- | ----------------------------------------- | | **`22222`** | [**Web** terminal](https://www.daytona.io/docs/en/web-terminal.md) | | **`2280`** | Toolbox (IDE/development interface) | | **`33333`** | Recording dashboard | Your custom proxy should avoid exposing these ports unless you explicitly need access to these services. ## Proxy headers Your proxy can send special headers to control Daytona's behavior. ### Disable preview warning To disable Daytona's preview warning page, send: ``` X-Daytona-Skip-Preview-Warning: true ``` The warning page is only shown to browser requests. It sets a `daytona-preview-page-accepted` cookie that persists for 24 hours after acceptance. ### Disable CORS Daytona's default CORS policy allows all origins with credentials. To override this and use your own CORS settings, send: ``` X-Daytona-Disable-CORS: true ``` ### Disable last activity update To prevent sandbox last activity updates when previewing, set the `X-Daytona-Skip-Last-Activity-Update` header to `true`. This prevents Daytona from keeping sandboxes that have [auto-stop enabled](https://www.daytona.io/docs/en/sandboxes.md#auto-stop-interval) in a started state: ```bash curl -H "X-Daytona-Skip-Last-Activity-Update: true" \ https://3000-sandbox-123456.proxy.daytona.work ``` ### Authentication For private preview links, send: ``` X-Daytona-Preview-Token: {sandboxToken} ``` The `sandboxToken` can be fetched through the Daytona SDK or API using the [standard preview URL](https://www.daytona.io/docs/en/preview.md#standard-preview-url) methods. ## Examples Examples of custom preview proxies are available on [GitHub](https://github.com/daytonaio/daytona-proxy-samples).