Documentation Index
Fetch the complete documentation index at: https://mintlify.com/daytonaio/daytona/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Daytona provides flexible network configuration options including network isolation, allow lists, and port preview functionality for accessing services running in sandboxes.
Network Security
Block All Network Access
Prevent sandboxes from accessing external networks:
import { Daytona } from '@daytonaio/sdk'
const daytona = new Daytona()
// Create sandbox with all network access blocked
const sandbox = await daytona.create({
networkBlockAll: true
})
console.log(`Network blocked: ${sandbox.networkBlockAll}`)
Network Allow List
Allow access to specific CIDR network ranges:
// Allow access to specific IP ranges
const sandbox = await daytona.create({
networkAllowList: '192.168.1.0/16,10.0.0.0/24'
})
console.log(`Network allow list: ${sandbox.networkAllowList}`)
Default Network Behavior
By default, sandboxes have full network access:
// Default: full network access
const sandbox = await daytona.create()
console.log(`Network blocked: ${sandbox.networkBlockAll}`) // false
console.log(`Allow list: ${sandbox.networkAllowList}`) // undefined
Port Previews
Port previews allow you to access web services running inside sandboxes through secure URLs.
Get Preview URL
import { Daytona } from '@daytonaio/sdk'
const daytona = new Daytona()
const sandbox = await daytona.create()
// Start a web server in the sandbox
await sandbox.process.executeCommand('python -m http.server 8000')
// Get preview link for port 8000
const preview = await sandbox.getPreviewLink(8000)
console.log(`Preview URL: ${preview.url}`)
console.log(`Token: ${preview.token}`)
Public vs Private Previews
Control whether preview links are publicly accessible:
// Create public sandbox (preview links accessible without auth)
const publicSandbox = await daytona.create({
public: true
})
const publicPreview = await publicSandbox.getPreviewLink(8000)
console.log(`Public URL: ${publicPreview.url}`) // No token required
// Create private sandbox (preview links require token)
const privateSandbox = await daytona.create({
public: false
})
const privatePreview = await privateSandbox.getPreviewLink(8000)
console.log(`Private URL: ${privatePreview.url}`)
console.log(`Token required: ${privatePreview.token}`)
Set Sandbox Visibility
Change the public/private status after creation:
const sandbox = await daytona.create({ public: false })
// Make sandbox public
await sandbox.setPublic(true)
await sandbox.refreshData()
console.log(`Is public: ${sandbox.public}`) // true
// Make sandbox private again
await sandbox.setPublic(false)
await sandbox.refreshData()
console.log(`Is public: ${sandbox.public}`) // false
Network Configuration Examples
Isolated Development Environment
Create a completely isolated sandbox for secure code execution:
const isolatedSandbox = await daytona.create({
networkBlockAll: true,
public: false,
labels: {
purpose: 'secure-execution',
network: 'isolated'
}
})
// This sandbox cannot access external networks
Internal API Access
Allow access only to internal services:
const apiSandbox = await daytona.create({
networkAllowList: '10.0.0.0/8,172.16.0.0/12', // Internal IP ranges
labels: {
purpose: 'api-testing',
network: 'internal-only'
}
})
Web Application with Preview
Develop and preview a web application:
import { Daytona } from '@daytonaio/sdk'
const daytona = new Daytona()
// Create sandbox for web development
const webSandbox = await daytona.create({
public: true, // Public previews for easy sharing
labels: {
app: 'web-frontend',
team: 'engineering'
}
})
// Start development server
await webSandbox.process.executeCommand(
'npm install && npm run dev',
'/app'
)
// Get preview URL for the app
const preview = await webSandbox.getPreviewLink(3000)
console.log(`App preview: ${preview.url}`)
Advanced Port Management
Multiple Port Previews
// Get preview links for multiple ports
const frontendPreview = await sandbox.getPreviewLink(3000)
const backendPreview = await sandbox.getPreviewLink(8000)
const dbAdminPreview = await sandbox.getPreviewLink(5050)
console.log(`Frontend: ${frontendPreview.url}`)
console.log(`Backend: ${backendPreview.url}`)
console.log(`DB Admin: ${dbAdminPreview.url}`)
Security Best Practices
-
Use network isolation for untrusted code: Set
networkBlockAll: true when running untrusted or user-submitted code.
-
Restrict API access: Use
networkAllowList to limit access to only required internal services.
-
Private by default: Create sandboxes with
public: false unless public access is required.
-
Secure preview tokens: For private sandboxes, treat preview tokens as sensitive credentials.
-
Monitor network usage: Use labels to track and organize sandboxes by network configuration.
Network Configuration Reference
| Parameter | Type | Default | Description |
|---|
networkBlockAll | boolean | false | Block all outbound network access |
networkAllowList | string | undefined | Comma-separated CIDR ranges to allow |
public | boolean | false | Make preview links publicly accessible |