Skip to main content

Overview

Daytona provides flexible network configuration options including network isolation, allow lists, and port preview functionality for accessing services running in sandboxes.

Network Security

Block All Network Access

Prevent sandboxes from accessing external networks: 
import { Daytona } from '@daytonaio/sdk'

const daytona = new Daytona()

// Create sandbox with all network access blocked
const sandbox = await daytona.create({
  networkBlockAll: true
})

console.log(`Network blocked: ${sandbox.networkBlockAll}`)

Network Allow List

Allow access to specific CIDR network ranges: 
// Allow access to specific IP ranges
const sandbox = await daytona.create({
  networkAllowList: '192.168.1.0/16,10.0.0.0/24'
})

console.log(`Network allow list: ${sandbox.networkAllowList}`)

Default Network Behavior

By default, sandboxes have full network access: 
// Default: full network access
const sandbox = await daytona.create()

console.log(`Network blocked: ${sandbox.networkBlockAll}`)  // false
console.log(`Allow list: ${sandbox.networkAllowList}`)      // undefined

Port Previews

Port previews allow you to access web services running inside sandboxes through secure URLs.

Get Preview URL

import { Daytona } from '@daytonaio/sdk'

const daytona = new Daytona()
const sandbox = await daytona.create()

// Start a web server in the sandbox
await sandbox.process.executeCommand('python -m http.server 8000')

// Get preview link for port 8000
const preview = await sandbox.getPreviewLink(8000)

console.log(`Preview URL: ${preview.url}`)
console.log(`Token: ${preview.token}`)

Public vs Private Previews

Control whether preview links are publicly accessible: 
// Create public sandbox (preview links accessible without auth)
const publicSandbox = await daytona.create({
  public: true
})

const publicPreview = await publicSandbox.getPreviewLink(8000)
console.log(`Public URL: ${publicPreview.url}`)  // No token required

// Create private sandbox (preview links require token)
const privateSandbox = await daytona.create({
  public: false
})

const privatePreview = await privateSandbox.getPreviewLink(8000)
console.log(`Private URL: ${privatePreview.url}`)
console.log(`Token required: ${privatePreview.token}`)

Set Sandbox Visibility

Change the public/private status after creation: 
const sandbox = await daytona.create({ public: false })

// Make sandbox public
await sandbox.setPublic(true)
await sandbox.refreshData()
console.log(`Is public: ${sandbox.public}`)  // true

// Make sandbox private again
await sandbox.setPublic(false)
await sandbox.refreshData()
console.log(`Is public: ${sandbox.public}`)  // false

Network Configuration Examples

Isolated Development Environment

Create a completely isolated sandbox for secure code execution: 
const isolatedSandbox = await daytona.create({
  networkBlockAll: true,
  public: false,
  labels: {
    purpose: 'secure-execution',
    network: 'isolated'
  }
})

// This sandbox cannot access external networks

Internal API Access

Allow access only to internal services: 
const apiSandbox = await daytona.create({
  networkAllowList: '10.0.0.0/8,172.16.0.0/12',  // Internal IP ranges
  labels: {
    purpose: 'api-testing',
    network: 'internal-only'
  }
})

Web Application with Preview

Develop and preview a web application: 
import { Daytona } from '@daytonaio/sdk'

const daytona = new Daytona()

// Create sandbox for web development
const webSandbox = await daytona.create({
  public: true,  // Public previews for easy sharing
  labels: {
    app: 'web-frontend',
    team: 'engineering'
  }
})

// Start development server
await webSandbox.process.executeCommand(
  'npm install && npm run dev',
  '/app'
)

// Get preview URL for the app
const preview = await webSandbox.getPreviewLink(3000)
console.log(`App preview: ${preview.url}`)

Advanced Port Management

Multiple Port Previews

// Get preview links for multiple ports
const frontendPreview = await sandbox.getPreviewLink(3000)
const backendPreview = await sandbox.getPreviewLink(8000)
const dbAdminPreview = await sandbox.getPreviewLink(5050)

console.log(`Frontend: ${frontendPreview.url}`)
console.log(`Backend: ${backendPreview.url}`)
console.log(`DB Admin: ${dbAdminPreview.url}`)

Security Best Practices

  1. Use network isolation for untrusted code: Set networkBlockAll: true when running untrusted or user-submitted code.
  2. Restrict API access: Use networkAllowList to limit access to only required internal services.
  3. Private by default: Create sandboxes with public: false unless public access is required.
  4. Secure preview tokens: For private sandboxes, treat preview tokens as sensitive credentials.
  5. Monitor network usage: Use labels to track and organize sandboxes by network configuration.

Network Configuration Reference

ParameterTypeDefaultDescription
networkBlockAllbooleanfalseBlock all outbound network access
networkAllowListstringundefinedComma-separated CIDR ranges to allow
publicbooleanfalseMake preview links publicly accessible

Build docs developers (and LLMs) love

Get started for freeTalk to us