Infrastructure

Security and isolation

nouva runs services in isolated containers with sandboxing for stronger boundaries. Data is scoped to projects and environments, and credentials are injected securely at runtime.

Networking and domains

Services receive private networking by default, with public URLs only when you expose a service. Provided *.up.nouva.cloud hostnames route through the hosted Nouva edge, while custom domains point directly to your server and terminate on local Traefik.

Data durability

Managed databases include automated backups and recovery workflows. Use volumes and snapshots to protect file based data and support migrations.

Operational guidance

• Keep staging and production environments separate.
• Plan regular backup verification in staging.
• Use least privilege when issuing API tokens.