You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/roo-code-cloud/environments.mdx
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -197,7 +197,11 @@ Invalid examples:
197
197
198
198
### Direct Port Access (Non-Proxied)
199
199
200
-
By default, all ports are proxied through an authentication layer that validates requests before forwarding them to your application. Setting `proxied: false` bypasses this proxy and exposes the port directly on the sandbox domain.
200
+
By default, all ports are proxied through an authentication layer that validates requests before forwarding them to your application. Setting `proxied: false` bypasses this proxy entirely and exposes the port directly on the sandbox domain.
201
+
202
+
:::tip[Try `unauthenticated: true` first]
203
+
If you just need to skip authentication (e.g., for a public-facing endpoint or webhook), use `unauthenticated: true` instead. It keeps the proxy in place while disabling the auth check, and doesn't count against the stricter non-proxied port limit. Only reach for `proxied: false` when the proxy itself is the problem.
204
+
:::
201
205
202
206
```yaml
203
207
ports:
@@ -208,13 +212,13 @@ ports:
208
212
proxied: false
209
213
```
210
214
211
-
Use `proxied: false` when you need:
215
+
Use `proxied: false` only when the proxy layer itself is incompatible with your use case:
212
216
213
-
- **Direct socket access** for protocols that don't work well through the HTTP proxy
214
-
- **Internal services** that handle their own authentication or don't need external access control
217
+
- **Direct socket access** for protocols that don't work through the HTTP proxy
218
+
- **Non-HTTP services** that need the raw port exposed without any intermediary
215
219
216
220
:::warning[Warning]
217
-
When `proxied` is `false`, the port is **completely exposed without authentication**, regardless of the `unauthenticated` setting. Only use this for ports that either handle their own security or don't serve sensitive content.
221
+
When `proxied` is `false`, the port is **completely exposed without authentication**, regardless of the `unauthenticated` setting. Non-proxied ports also count against a stricter limit (1 per environment vs. 10 for proxied ports). Only use this as a last resort when other options don't work.
218
222
:::
219
223
220
224
The `ROO_<NAME>_HOST` environment variable for a non-proxied port points to the direct sandbox domain instead of the preview proxy URL. Your application code doesn't need to change -- just use the injected variable as usual:
0 commit comments