ROFL Proxy Support for Frontend Hosting

ROFL now automates frontend hosting, TLS, and custom domains inside TEEs

Oasis
Oct 29, 2025
  • ROFL supports proxy-based frontend hosting directly inside TEEs
  • Automatic TLS management and DNS configuration guidance built in
  • No manual proxy setup when deploying applications anymore

Oasis built the runtime offchain logic (ROFL) framework to serve as the complete solution for trustless offchain apps and agents. As such, it is in a constant state of evolution, with one of the latest upgrades being enhanced port proxy—a feature that enables developers to avoid cumbersome 3rd-party proxy configuration for incoming connections.

ROFL now automatically handles subdomain assignment, traffic routing, and certificate provisioning, creating secure HTTPS endpoints as soon as an app is deployed. And with the latest Oasis CLI version and artifacts, builders can also skip long, per-provider domain names and use custom domains.

Technical Flow 

The process for a developer is straightforward: 

​​1. Add domain annotation to your compose file 

2. Rebuild and redeploy your app, then run the CLI to get DNS configuration instructions 

3. Add DNS records and verification token to your domain 

4. Restart your app to provision TLS certificates for the custom domain

Docs: here

The underlying architecture remains robust across multiple layers. The scheduler component (running on a ROFL node) assigns each deployment a subdomain (or manages custom domain routing) and then routes traffic based on TLS handshake information without accessing plaintext data. 

Secure Wireguard tunnels carry traffic between the scheduler and applications, with provisioning managed through component labels that allow machines to retrieve attested metadata. At the app level, a second internal proxy routes requests between containers and provisions TLS certificates, with the keys generated entirely inside the TEE, ensuring end-to-end encryption.

Why It Matters

Applications can now run both their backend logic and user interfaces in the same TEE with professional custom domain support, while secure networking, TLS management, and domain assignment are handled automatically in the background. 

This is another important step toward realizing a full-stack confidential compute platform. It also makes deploying production-ready apps significantly easier, reducing complexity while preserving the trust properties that make ROFL unique. Learn more about it here.

Related Articles

zkTLS: Building A Verifiable and Private Web 

Take a deep dive into zkTLS, one of crypto's newest privacy primitives.

Technology
Mar 17, 2025
Read More

AI Agents Need A Privacy Layer

How privacy-preserving technologies enhance the utility of AI Agents. 

Technology
Feb 28, 2025
Read More

Plurality Network: Building Confidential Identity Systems on ROFL 

Plurality is building private identity systems on ROFL, including confidential reputation scoring, AI training & more.

Ecosystem
Jul 7, 2025
Read More
How we use cookies?
At Oasis Foundation we believe in your privacy, so you can choose to browse our site without any tracking or by clicking “Accept”, you help us to improve our site and help us grow our ecosystem. View our Privacy Policy for more information.
AcceptDecline