← Back to list
app-platform-networking
by digitalocean-labs
Claude/Agent Skills for DigitalOcean App Platform - deployment, migration, networking, database configuration, and troubleshooting
⭐ 2🍴 1📅 Jan 23, 2026
Run in ManusSKILL.md
name: app-platform-networking version: 1.0.0 min_doctl_version: "1.82.0" description: Configure domains, routing, CORS, VPC, static IPs, and inter-service communication for DigitalOcean App Platform. Use when setting up custom domains, subdomain routing, cross-origin API access, or secure database connectivity. related_skills: [designer, postgres, managed-db-services] deprecated: false
App Platform Networking Skill
Configure domains, routing, CORS, VPC, static IPs, and inter-service communication.
Quick Decision
What networking do you need?
├── Custom domain?
│ └── YES → See domains-dns.md
│
├── Multiple services on one domain?
│ ├── Different paths (/api, /app) → Path-based routing
│ └── Different subdomains (api.*, app.*) → Subdomain routing
│
├── Frontend calling API across origins?
│ └── YES → CORS configuration
│
├── Secure database connectivity?
│ └── YES → VPC + trusted sources
│
└── Need static outbound IP?
└── YES → Dedicated egress
When to Use
| Scenario | Need This Skill |
|---|---|
| Starter domain only | No |
| Custom domain | Yes |
| Multiple services, different paths | Yes |
| Multiple subdomains | Yes |
| Cross-subdomain API calls (CORS) | Yes |
| Secure database access via VPC | Yes |
| Firewall allowlisting (egress IP) | Yes |
Quick Reference
| Feature | App Spec Field | Example |
|---|---|---|
| Custom domain | domains[].domain | example.com |
| Wildcard | domains[].wildcard | true |
| Path routing | ingress.rules[].match.path.prefix | /api |
| Subdomain routing | ingress.rules[].match.authority.exact | api.example.com |
| CORS | ingress.rules[].cors | See reference |
| VPC | vpc.id | UUID |
| Dedicated egress | egress.type | DEDICATED_IP |
Path-Based Routing (Quick Start)
ingress:
rules:
- component: { name: api }
match: { path: { prefix: /api } }
- component: { name: frontend }
match: { path: { prefix: / } }
Rule order matters: Specific rules first.
Full guide: See ingress-routing.md
Subdomain Routing (Quick Start)
domains:
- domain: example.com
type: PRIMARY
wildcard: true
zone: example.com
ingress:
rules:
- component: { name: api }
match:
authority: { exact: api.example.com }
path: { prefix: / }
- component: { name: app }
match:
authority: { exact: app.example.com }
path: { prefix: / }
Full guide: See domains-dns.md
CORS (Quick Start)
ingress:
rules:
- component: { name: api }
match: { path: { prefix: /api } }
cors:
allow_origins:
- exact: https://app.example.com
allow_methods: [GET, POST, PUT, DELETE, OPTIONS]
allow_headers: [Content-Type, Authorization]
allow_credentials: true
Note: With allow_credentials: true, use exact origins only (no regex).
Full guide: See cors-configuration.md
VPC + Trusted Sources (Quick Start)
vpc:
id: your-vpc-uuid
VPC CIDR whitelisting (recommended):
doctl vpcs get $VPC_ID --format IPRange # e.g., 10.126.0.0/20
doctl databases firewalls append $CLUSTER_ID --rule ip_addr:10.126.0.0/20
| Setup | Trusted Source Rule |
|---|---|
| Public only | app:$APP_ID |
| VPC enabled | ip_addr:<vpc-cidr> |
Critical: Bindable variables return PUBLIC hostnames even with VPC. Use private URLs:
doctl databases connection --private <cluster-id> --format URI
Full guide: See vpc-trusted-sources.md
Reference Files
- domains-dns.md — Domain types, DNS setup, wildcards, TLS, CAA
- ingress-routing.md — Path routing, rewrites, redirects, authority matching
- cors-configuration.md — CORS fields, patterns, credentials
- vpc-trusted-sources.md — VPC setup, trusted sources matrix, private URLs
- static-ips-egress.md — Ingress IPs, dedicated egress, HTTP/2, internal ports
- complete-patterns.md — 5 complete architecture patterns
Common Issues
| Issue | Fix |
|---|---|
| Domain not resolving | Check DNS records, allow 72h propagation |
| SSL certificate error | Add CAA records for letsencrypt.org + pki.goog |
| CORS preflight fails | Add OPTIONS to allow_methods |
| VPC connection refused | Use VPC CIDR whitelisting, not app-based rules |
| Wrong component serves | Reorder rules (specific first) |
Integration with Other Skills
- → designer: Add domains/ingress to app spec
- → troubleshooting: Debug DNS, CORS, VPC issues
- → postgres: VPC connectivity for managed databases
- → deployment: Deploy networking changes
Score
Total Score
75/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
