Daytona provides a preview proxy service that can be used to handle preview URLs for sandboxes. This gives you full control over the preview experience, including custom domains, authentication, error handling, and styling.
- Custom domain: host your proxy under your own domain (e.g.,
preview.yourcompany.com) - User authentication: implement custom authentication logic for private previews
- Sandbox management: automatically start stopped sandboxes before forwarding users
- Custom error pages: style error pages to match your brand
- Preview warning control: disable Daytona’s preview warning
- CORS management: override Daytona’s default CORS settings
How it works
Section titled “How it works”When a user visits a preview URL, your custom proxy receives the request and can:
- Authenticate the user using custom logic
- Check sandbox status and start it if needed
- Forward the request to the actual sandbox
- Handle responses with custom styling and error pages
- Send custom headers to control Daytona’s behavior
Your proxy should forward the X-Forwarded-Host header with the original request host when proxying requests to Daytona.
WebSocket support
Section titled “WebSocket support”The preview proxy fully supports WebSocket connections. WebSocket upgrade requests (Upgrade: websocket) are automatically detected and proxied. WebSocket connections skip the preview warning page.
Reserved ports
Section titled “Reserved ports”The following ports are reserved for internal services and always require authentication, even on public sandboxes:
| Port | Service |
|---|---|
22222 | Web terminal |
2280 | Toolbox (IDE/development interface) |
33333 | Recording dashboard |
Your custom proxy should avoid exposing these ports unless you explicitly need access to these services.
Proxy headers
Section titled “Proxy headers”Your proxy can send special headers to control Daytona’s behavior.
Disable preview warning
Section titled “Disable preview warning”To disable Daytona’s preview warning page, send:
X-Daytona-Skip-Preview-Warning: trueThe warning page is only shown to browser requests. It sets a daytona-preview-page-accepted cookie that persists for 24 hours after acceptance.
Disable CORS
Section titled “Disable CORS”Daytona’s default CORS policy allows all origins with credentials. To override this and use your own CORS settings, send:
X-Daytona-Disable-CORS: trueDisable last activity update
Section titled “Disable last activity update”To prevent sandbox last activity updates when previewing, set the X-Daytona-Skip-Last-Activity-Update header to true. This prevents Daytona from keeping sandboxes that have auto-stop enabled in a started state:
curl -H "X-Daytona-Skip-Last-Activity-Update: true" \ https://3000-sandbox-123456.proxy.daytona.workAuthentication
Section titled “Authentication”For private preview links, send:
X-Daytona-Preview-Token: {sandboxToken}The sandboxToken can be fetched through the Daytona SDK or API using the standard preview URL methods.
Examples
Section titled “Examples”Examples of custom preview proxies are available on GitHub.