Get dedicated IP addresses for your Akash deployments.
By default, Akash deployments are accessible through dynamic hostnames provided by the provider. IP Leases allow you to get a dedicated static IP address for your deployment, enabling custom domains, direct IP access, and more control over networking.
What are IP Leases?
An IP Lease is a dedicated public IPv4 address assigned to your deployment for the duration of your lease. This IP address:
- Remains static for the lifetime of your deployment
- Allows direct IP access without provider hostnames
- Enables custom domain mapping
- Supports any port configuration
- Works with TCP and UDP protocols
When to Use IP Leases
**Use IP Leases For:
- Custom domains - Point your own domain directly to your deployment
- Static IP requirements - When you need a consistent IP address
- Non-HTTP services - SSH, game servers, custom protocols
- Direct database access - Expose databases with a static IP
- Load balancing - Use your own load balancer pointed at the IP
Note: The IP lease address is for incoming connections only. Outbound/egress traffic from your deployment uses a different IP address.
**Don’t Need IP Leases For:
- Standard web apps - Provider hostnames work fine
- Cost-sensitive deployments - IP leases cost extra
How IP Leases Work
1. Define IP Endpoint in SDL
Define IP endpoints at the top level of your SDL and reference them in your service expose configuration:
endpoints: myendpoint: kind: ip
services: web: expose: - port: 80 as: 80 to: - global: true ip: myendpoint # Reference the endpoint2. Provider Assigns IP
When you create a lease, the provider assigns a dedicated public IP to your deployment.
3. Access Your Service
You can now access your service directly via the assigned IP address:
- HTTP:
http://123.456.789.10 - Custom ports:
123.456.789.10:8080 - Non-HTTP:
ssh [email protected]
SDL Configuration
Basic HTTP with IP Lease
version: "2.0"
endpoints: web-endpoint: kind: ip
services: web: image: nginx:latest expose: - port: 80 as: 80 proto: tcp to: - global: true ip: web-endpoint
profiles: compute: web: resources: cpu: units: 1.0 memory: size: 512Mi storage: size: 512Mi
placement: akash: pricing: web: denom: uakt amount: 10000 web-endpoint: # IP endpoint pricing denom: uakt amount: 10000 # Additional cost for IP
deployment: web: akash: profile: web count: 1Important: You must include pricing for your IP endpoint, as IP leases have additional costs.
Multiple Ports
Expose multiple ports on the same IP:
endpoints: server-ip: kind: ip
services: server: image: myapp:latest expose: - port: 80 as: 80 proto: tcp to: - global: true ip: server-ip - port: 443 as: 443 proto: tcp to: - global: true ip: server-ip # Same IP, different port - port: 22 as: 22 proto: tcp to: - global: true ip: server-ip # SSH on same IPCustom Port Mapping
Map container ports to different external ports:
endpoints: app-ip: kind: ip
services: app: expose: - port: 8080 # Container port as: 80 # External port proto: tcp to: - global: true ip: app-ipNow your service running on port 8080 inside the container is accessible via port 80 on the public IP.
UDP Services
IP leases work with UDP protocols, essential for game servers and real-time applications:
endpoints: game-ip: kind: ip
services: game-server: image: minecraft-server:latest expose: - port: 25565 as: 25565 proto: udp to: - global: true ip: game-ip
profiles: placement: akash: pricing: game-server: denom: uakt amount: 15000 game-ip: denom: uakt amount: 10000Custom Domains
Once you have an IP lease, you can point your custom domain to it.
1. Get Your IP Address
After deployment, find your assigned IP:
- Console: Check the deployment details
- CLI: Query the lease status
2. Configure DNS
Add an A record in your DNS provider:
Type: AName: @ (or subdomain)Value: 123.456.789.10TTL: 36003. Access via Domain
Your deployment is now accessible at yourdomain.com.
SSL/TLS with Custom Domains
For HTTPS with custom domains:
Option 1: Use Caddy (Automatic HTTPS)
endpoints: web-ip: kind: ip
services: web: image: caddy:latest env: - DOMAIN=yourdomain.com expose: - port: 80 as: 80 to: - global: true ip: web-ip - port: 443 as: 443 to: - global: true ip: web-ipOption 2: Use Traefik with Let’s Encrypt
Configure Traefik in your container to automatically obtain SSL certificates from Let’s Encrypt.
Option 3: Use a Reverse Proxy
Point your domain to a reverse proxy (Cloudflare, nginx) that handles SSL, then forward to your Akash IP.
Pricing
IP leases have additional costs beyond compute resources:
Provider Charges
- IP lease costs vary by provider
- Typically ~$5-15/month additional
- Specified in SDL under
ip_leasepricing - Paid from your escrow account like other resources
Example Cost Calculation
Base compute: $3/monthIP lease: $10/monthTotal: $13/monthSet Max Price
In your SDL, set the maximum you’re willing to pay:
endpoints: my-ip: kind: ip
placement: akash: pricing: web: denom: uakt amount: 10000 # Max for compute my-ip: denom: uakt amount: 10000 # Max for IP endpointProviders will bid at or below these amounts.
Multiple Services, One IP
You can expose multiple services on the same IP address with different ports:
version: "2.0"
endpoints: shared-ip: kind: ip
services: frontend: image: my-frontend:latest expose: - port: 3000 as: 80 proto: tcp to: - global: true ip: shared-ip
backend: image: my-backend:latest expose: - port: 8000 as: 8080 proto: tcp to: - global: true ip: shared-ip # Same IP, port 8080
database: image: postgres:15 expose: - port: 5432 as: 5432 proto: tcp to: - global: true ip: shared-ip # Same IP, port 5432
profiles: placement: akash: pricing: frontend: denom: uakt amount: 10000 backend: denom: uakt amount: 10000 database: denom: uakt amount: 10000 shared-ip: denom: uakt amount: 10000 # One IP endpoint for all servicesAccess your services:
- Frontend:
http://123.456.789.10:80 - Backend:
http://123.456.789.10:8080 - Database:
123.456.789.10:5432
Limitations
Per-Deployment
IP leases are per-deployment, not per-account:
- IP leases can be migrated between deployments on the same provider (see IP Lease Migration above)
- Closing a deployment without migration releases the IP
- Switching providers = new IP (cannot migrate across providers)
Provider Availability
Not all providers offer IP leases:
- Check provider attributes before bidding
- Filter for providers with IP lease support
- Pricing varies by provider
IPv4 Only
Currently, only IPv4 addresses are supported:
- No IPv6 support yet
- One IP address per deployment
IP Lease Migration
You can migrate IP leases between deployments on the same provider:
- Use
provider-services migrate-endpoints <endpoint-name> --dseq <destination-dseq> --gseq <destination-gseq>to transfer the IP to a new deployment - The IP address moves from the old deployment to the new one
- Useful when you need to update resources that cannot be changed via deployment updates (like CPU, memory, or storage)
Example:
provider-services migrate-endpoints web-ip \ --dseq 123457 \ --gseq 1 \ --provider <provider-address>Note: You cannot migrate IP leases across different providers - switching providers requires a new IP address.
Common Patterns
Game Server
endpoints: game-ip: kind: ip
services: minecraft: image: itzg/minecraft-server:latest env: - EULA=TRUE - TYPE=PAPER expose: - port: 25565 as: 25565 proto: tcp to: - global: true ip: game-ipPlayers connect to: 123.456.789.10:25565
SSH Access
endpoints: ssh-ip: kind: ip
services: jumpbox: image: ubuntu:22.04 expose: - port: 22 as: 22 proto: tcp to: - global: true ip: ssh-ipSSH command: ssh [email protected]
API with Custom Domain
endpoints: api-ip: kind: ip
services: api: image: myapi:latest expose: - port: 8080 as: 443 proto: tcp to: - global: true ip: api-ipAfter DNS setup: https://api.yourdomain.com
Troubleshooting
Provider Doesn’t Offer IP Leases
Solution: Choose a different provider that supports IP leases. Check provider attributes or ask in Discord for recommendations.
Can’t Access Service via IP
Possible causes:
- IP not assigned yet - Wait a few minutes after deployment
- Wrong port - Verify the
asport in your SDL - Firewall - Some providers may have additional firewall rules
- Service not running - Check container logs
IP Changed After Update
Cause: IP leases are stable within a deployment but may change if you close and recreate.
Solution: To keep the same IP, update your deployment instead of recreating it (when possible).
DNS Not Resolving
Causes:
- DNS not propagated - Can take up to 48 hours (usually much faster)
- Wrong IP - Double-check the IP address in your DNS settings
- TTL too high - Use shorter TTL (300-3600) for faster updates
Solution:
- Wait for DNS propagation
- Use
digornslookupto verify DNS records - Clear local DNS cache
Best Practices
DO:
- Budget for IP lease costs in addition to compute
- Use IP leases when you need static endpoints
- Configure monitoring for your IP-based services
- Document your IP addresses for team reference
- Plan for IP changes when migrating providers
DON’T:
- Hardcode IP addresses in your application code
- Expect IP to remain after closing deployment
- Use IP leases for basic web apps (costly and unnecessary)
- Share IP addresses publicly if security is a concern
Security Considerations
Firewall Rules
With a dedicated IP, your services are directly accessible:
- Implement application-level authentication
- Use firewalls within your containers
- Don’t expose sensitive services unnecessarily
- Monitor for suspicious traffic
DDoS Protection
Dedicated IPs can be targets for DDoS attacks:
- Use Cloudflare or similar DDoS protection
- Implement rate limiting
- Monitor bandwidth usage
- Have a plan to close and redeploy if attacked
Access Control
For services like SSH or databases:
- Use strong authentication (keys, not passwords)
- Change default ports if possible
- Implement IP whitelisting in your application
- Monitor access logs
Related Topics
- SDL Syntax Reference - Expose and endpoint configuration
- Deployments - Deployment lifecycle
- Providers & Leases - Choosing providers
Need help with IP leases? Ask in Discord #deployments channel!
