To further fine-tune your Qovery infrastructure, you can set advanced settings through the Advanced Settings section of your service.

The screen shows you the list of available advanced settings and for each of them:

  • The default value
  • The value configured right now

You can show only the modified values by activating the "Show only overridden settings" feature toggle.

All services have access to advanced settings, you can find where they are available in the documentation below with those badges:

TypeDescriptionDefault Value
integerAllows you to specify an interval, in seconds, after which the application build times out.1800


TypeDescriptionDefault Value
integerCPU allocated to your build process4000


TypeDescriptionDefault Value
integerGB RAM allocated to your build process8


TypeDescriptionDefault Value
integerStorage in GB allocated to your build processnull

Note: The default value on a GKE cluster is set to 10 GB since by default it force pods without declared ephemeral storage to run with only 1 GB.


TypeDescriptionUse CaseDefault Value
integerDecide how many times in seconds the application is supposed to stop at maximum. After this time, the application will be forced to stop (killed)An application requiring several tasks to be stopped properly should have a higher grace period. If the application finishes early, then it will not wait until the end of the grace period60



TypeDescriptionUse CaseDefault Value
Map<String, String>Set pod placement on specific Kubernetes nodes labels.Can be useful to send pods on desired architecture (GPU/ARM/AMD) or any other specific workload based on node labels (Eg. {"": "gpu"}, {"": "arm64"})``


TypeDescriptionDefault Value
stringDefine how you want pods affinity to behave.
Preferred: allows, but does not require, pods of a given service are not co-located (or co-hosted) on a single node
Required: ensures that the pods of a given service are not co-located (or co-hosted) on a single node (safer in term of availability but can be expensive depending on the number of replicas)

Deployment strategy


TypeDescriptionUse CaseDefault Value
stringSet deployment strategy type (RollingUpdate or Recreate)Rolling update strategy will gracefully rollout new versions, while Recreate will stop all current versions and create new ones once all old ones have been shutdown (more info)RollingUpdate


TypeDescriptionDefault Value
integerDefine the percentage of a maximum number of pods that can be unavailable during the update process (more info).25


TypeDescriptionDefault Value
integerDefine the percentage of the maximum number of pods that can be created over the desired number of pods (more info)25

Lifecycle Hooks


TypeDescriptionDefault Value
stringAllows you to run a command after the application is started. The command should be a shell command or script.``


TypeDescriptionDefault Value
stringAllows you to run a command before the application is stopped. The command should be a shell command or script. Qovery requires the sh shell by default and sets a sleep of 15 seconds to let Nginx update its config. Avoiding error codes returned during a rolling update.["/bin/sh", "-c", "sleep 15"]

Network Settings


TypeDescriptionUse CaseDefault Value
string(For CORS users) Allows you to specify which set of headers can be present in the client request.For security purposes, you can indicate which HTTP headers can be used during a CORS preflight request which includes the Access-Control-Request-Headers request header. For more information, see CORS HTTP Response Headers."DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"


TypeDescriptionUse CaseDefault Value
string(For CORS users) Allows you to specify which set of methods can be used for the client request.For security purposes, you can indicate which HTTP methods are permitted while accessing a resource in response to cross-origin requests. For more information, see CORS HTTP Response Headers."GET, PUT, POST, DELETE, PATCH, OPTIONS"


TypeDescriptionUse CaseDefault Value
string(For CORS users) Allows you to specify which origin(s) (domain, scheme, port) can access a resource.For security purposes, you can allow only one or a short list of origins to access your resources. For more information, see CORS HTTP Response Headers."*"


TypeDescriptionUse CaseDefault Value
booleanAllows you to enable Cross-Origin Resource Sharing (CORS).The CORS mechanism supports secure cross-origin requests and data transfers between browsers and servers. For more information on CORS and when to enable it, see Cross-Origin Resources Sharing.false


TypeDescriptionUse CaseDefault Value
booleanAllows you to enable Sticky session.Enable the load balancer to bind a user's session to a specific target. This ensures that all requests from the user during the session are sent to the same targetfalse


TypeDescriptionUse CaseDefault Value
integerLimits the maximum time (in seconds) during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing.Useful to tune your gRPC application3600


TypeDescriptionUse CaseDefault Value
integerSets a timeout (in seconds) during which an idle keepalive connection to an upstream server will stay open.Useful to tune your gRPC application60


TypeDescriptionUse CaseDefault Value
integerAllows you to set, in megabytes, a maximum size for resources that can be downloaded from your server.By default, users can download resources (files, images, videos...) of up to 100 MB. You can use this advanced setting to lower or increase this limitation.100


TypeDescriptionUse CaseDefault Value
integerAllows you to set, in kilobytes, a header buffer size used while reading the response header from upstream.E.g. You are using Auth0 with NextJS, you will need to set a bigger header size4


TypeDescriptionUse CaseDefault Value
integerDefines a timeout (in seconds) for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.E.g. You can use it to define the maximum time to wait for your application to establish the connexion.60


TypeDescriptionUse CaseDefault Value
integerDefines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.E.g. You can use it to fine-tune your WebSocket application.60


TypeDescriptionUse CaseDefault Value
integerSets a timeout (in seconds) for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed.E.g. You can use it to fine-tune your WebSocket application.60


TypeDescriptionDefault Value
stringAllows you to enable or disable nginx proxy-buffering. Valid values are on or offon


TypeDescriptionDefault Value
stringAllows you to enable or disable nginx proxy-request_buffering. Valid values are on or offon


TypeDescriptionUse CaseDefault Value
integerSets a timeout (in seconds) for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.Useful to define the maximum timeout to wait for client connection.60


TypeDescriptionUse CaseDefault Value
stringAllows you to specify which IP ranges are allowed to access your application. The value is a comma-separated list of CIDRs, e.g., default, any IP can access your application if it's exposed publicly and the users know the URL. You can limit its access by specifying the IPs you want to reach the app (e.g. the IP of your office) (any IP)


TypeDescriptionDefault Value
stringAllows you to specify which IP ranges are not allowed to access your application. The value is a comma-separated list of CIDRs, e.g.,``


TypeDescriptionDefault Value
stringSet the name of an environment variable to use as a basic authentication (login:crypted_password) from htpasswd command.``

Here is an example where you can create a secret environment variable on Qovery and set a name like BASIC_AUTH_CREDENTIALS. The content should be the result of the htpasswd command:

$ htpasswd -n <username>
New password:
Re-type new password:

The content of the BASIC_AUTH_CREDENTIALS environment variable should be: username:$apr1$jpwW4vG9$fwbzWBgRqARzNX93plDq20. To finish, set the network.ingress.basic_auth_env_var advanced settings to BASIC_AUTH_CREDENTIALS.

You can pass set credentials by separating them with a comma. For example: username1:$apr1$jpwW4vG9$fwbzWBgRqARzNX93plDq20,username2:$apr1$jpwW4vG9$fwbzWBgRqARzNX93plDq20. However, the total length of the environment variable should not exceed 1MB.


TypeDescriptionDefault Value
stringAllows you to specify additional headers to the outgoing response. The header values are separated by comma (e.g. {"X-Frame-Options":"DENY","X-Content-Type-Options":"nosniff"}{}


TypeDescriptionDefault Value
stringAllows you to specify additional headers to the incoming requests. The header values are separated by comma (e.g. {"X-Frame-Options":"DENY","X-Content-Type-Options":"nosniff"}).{}


TypeDescriptionDefault Value
stringAllows you to customize configuration-snippet.null


TypeDescriptionDefault Value
stringAllows you to customize server-snippet.null


TypeDescriptionDefault Value
stringAllows you to set limit burst multiplier.null


TypeDescriptionDefault Value
stringAllows you to set limit rpm.null


TypeDescriptionDefault Value
stringAllows you to set limit rps.null


TypeDescriptionDefault Value
stringAllows you to set custom-http-error. example: "404,503".null



TypeDescriptionDefault Value
integerAuto-scaling is triggered when a specific CPU utilization metric is reached (for instance, 40%). This advanced setting allows you to set this metric.60


TypeDescriptionDefault Value
integerAuto-scaling is triggered when a specific memory utilization metric is reached (for instance, 40%). This advanced setting allows you to set this metric.null

Job Settings


TypeDescriptionDefault Value
integerBy default terminated jobs in a completed or failure state are not deleted. if this parameter is set, Kubernetes will automatically cleanup completed jobs after the ttlnull


TypeDescriptionDefault Value
stringIt defines if it is allowed to start another instance of the same job if the previous execution didn't finish yet: Allow/Forbid/Replace)Forbidden


TypeDescriptionDefault Value
stringAllows you to define the maximum number of failed job executions that should be returned in the job execution history1


TypeDescriptionDefault Value
stringAllows you to define the maximum number of succeeded job executions that should be returned in the job execution history1



TypeDescriptionUse CaseDefault Value
integerDefine the CPU overcommit (pod cpu limit) of the service.A service require more CPU at startup than during the running phase. You can reduce the configured CPU for the service and just increase the resources.override.limit.cpu_in_milli to reduce the resources used by the service at runtimenull (i.e. request = limit)

This settings can be changed only if the advanced settings allow_service_cpu_overcommit is set to true.


TypeDescriptionUse CaseDefault Value
integerDefine the memory overcommit (pod memory limit) of the service.A service require more memory at startup than during the running phase. You can reduce the configured memory for the service and just increase the resources.override.limit.ram_in_mib to reduce the resources used by the service at runtimenull (i.e. request = limit)

This settings can be changed only if the advanced settings allow_service_ram_overcommit is set to true.



TypeDescriptionUse CaseDefault Value
stringAllows you to set an existing Kubernetes service account nameE.g. On AWS, you can assume a role on an application to give it specific AWS permissions without having to specify AWS credentials``


TypeDescriptionDefault Value
booleanAutomount Kubernetes service account token to have access to Kubernetes API from podsfalse