Skip to main content
At Upsun, customer environments are strictly isolated from each other using namespaces, seccomp, and cgroups. Persistent data (uploaded files into mounts, database data, etc.) is stored on a region-wide storage layer. Data is stored redundantly and mounted into the environments on deployment. Network is behind a firewall for incoming connections. Only a few ports are opened to incoming traffic: ports 22, 80, and 443. There are no exceptions, so any incoming web service requests, ETL jobs, or otherwise need to transact over one of these protocols. Outgoing TCP traffic isn’t behind a firewall, with the exception of port 25 which is blocked. For containers to be allowed to connect to each other, the following requirements must be met:
  • The containers must live in the same environment.
  • You need to define an explicit relationship between the containers in your app configuration.
Last modified on March 10, 2026