Deploy HTTP containers by region and capacity profile with TLS, DNS, autoscaling, rate limiting, and IP filtering built in. Same console, same API, same activity log as the rest of Bahriya.
Bahriya containers run across multiple geographic regions on dedicated infrastructure. Choose where your workloads run — from regions like Falkenstein, Helsinki, Virginia, and Singapore, with more locations on the way — and the platform handles ingress, TLS certificates, DNS, and load balancing automatically. Every container gets a per-region hostname and optional vanity domain with GeoDNS or round-robin routing. Both IPv4 and IPv6 addresses are included at no extra cost.
Each container is backed by a deployment with startup and liveness probes, horizontal autoscaling, configurable CPU and memory limits, and encrypted secret injection. Bring your own container image from any private registry, define environment variables and secrets per project, and let the platform converge your desired state across every region you deploy to.
Everything you do in the console can be done through the API with a personal access token. Create containers, update configurations, rotate secrets, and monitor deployments programmatically. The API follows the same resource model as the UI, so there is no feature gap between interactive and automated workflows.
Resource usage is tracked per minute per container and billed against your organisation balance. Every runtime period is rounded up to the next whole minute with a 60-second minimum, and extra replicas added by autoscaling are billed the same way for the time they are running. View real-time cost breakdowns, download invoices, and top up your balance through Stripe — all from the billing section of the console. Pricing is published and consistent across regions.
Platform features
No bolt-on add-ons or third-party integrations to manage. Every feature ships as part of the platform and works across all regions.
Scaling
Set a minimum and maximum replica count with CPU and memory utilisation targets. The platform scales your container up during traffic spikes and back down when load subsides — per region, automatically. You only pay for the replicas that are running.
Security
Every container endpoint is issued a TLS certificate via Let's Encrypt, automatically renewed before expiry. Default hostnames, vanity domains, and custom DNS entries all receive certificates with zero configuration on your part.
Networking
Protect your services from abuse with per-container rate limits. Configure requests per minute and per hour thresholds directly from the console or API. Rate limiting is enforced at the ingress layer before traffic reaches your application.
Networking
Restrict access to your containers by IP address. Whitelist trusted IPs for internal services or staging environments, or blacklist known bad actors. Both modes are applied at the edge, so blocked requests never reach your workload.
Observability
Stream container logs directly in the console without SSH access or third-party tooling. Filter by region and time range to diagnose issues in real time. Logs are available for every replica across every region your container is deployed to.
Observability
Monitor CPU usage, memory consumption, network throughput, and replica counts from the console. Metrics are collected per container, per region, so you can identify performance bottlenecks and validate that autoscaling is behaving as expected.
Observability
If your application exposes a Prometheus-compatible endpoint, tell Bahriya the port and path and it will scrape, aggregate, and chart every metric your application exports — across all replicas and regions. No separate Prometheus server, no scrape configs, no time-series database to manage.
DNS
Route users to the nearest region with GeoDNS, or distribute traffic evenly with round-robin. Add a vanity hostname and the platform manages the DNS records, health checks, and failover across every region automatically.
Configuration
Store API keys, database credentials, and sensitive configuration as encrypted secrets. Secrets are injected into your containers at runtime as environment variables, encrypted at rest with AES-256, and scoped to projects so teams only access what they need.
Configuration
Pull container images from any private OCI-compliant registry. Register your registry credentials once per project and reference them from any container. Credentials are encrypted and applied automatically during deployment.
Edge container cloud
Traditional edge platforms restrict you to short-lived functions in a single language. Bahriya lets you deploy full containers across global regions, turning every location into an edge node for your entire application.
Edge functions (Cloudflare Workers, Vercel Edge, etc.)
Edge functions are useful for lightweight request transformations, but they are not a deployment target for real applications.
Bahriya — full containers at the edge
Any language, any framework
If it runs in a container, it runs on Bahriya — Go, Rust, Python, PHP, Java, .NET, Node.js, or anything else.
Full containers, not functions
Deploy your actual application, not a stripped-down function wrapper. Background workers, WebSocket servers, ML models — all supported.
Multi-region in one operation
Select from a growing list of global regions — Falkenstein, Helsinki, Virginia, Singapore, and more. Each region runs your full container independently.
GeoDNS routes users to the nearest region
Users hit the closest deployment automatically. No CDN proxy layer, no cache invalidation complexity — just your application, running close to your users.
Persistent connections and state
WebSockets, gRPC streams, in-memory caches, connection pools — everything works because you are running a real process, not a request handler.
No vendor lock-in
Any OCI-compliant container image. Build with Docker, Podman, Buildpacks, or anything else — if it produces a standard image, it runs on Bahriya. No proprietary runtime, no special SDK.
No language restrictions. No execution time limits. No vendor lock-in. Just your container, deployed globally.
For years, teams deployed to a single cluster in one region and bolted on a CDN for global reach. The CDN cached static assets and proxied requests back to the origin — adding latency, cache invalidation complexity, and a dependency on a third-party network for every request.
Edge function platforms tried to fix this by letting you run code closer to users, but they traded flexibility for proximity. You get low latency, but only for the subset of your logic that fits inside a constrained runtime with a single supported language.
Bahriya eliminates the tradeoff. Deploy your full application — in any language, with any dependencies — to every region you need. GeoDNS routes users to the nearest instance. Your entire stack runs at the edge, not just a thin function layer.
Resource control
Define exactly how much compute each container gets. Resources are enforced per replica, per region.
Set minimum CPU and memory requests that are guaranteed to your container, with limits calculated automatically to allow controlled bursting. Resource requests are enforced per replica so your workload always gets the capacity it was provisioned for.
Configure a health check path and bootstrap time for each container. The platform uses startup probes to avoid killing slow-starting applications and liveness probes to restart unhealthy ones. Probe timing adapts to your bootstrap window, from 5 seconds to 10 minutes.
Select one or more regions for each container. The platform deploys, scales, and monitors each region independently. Add or remove regions at any time — the platform converges the desired state without downtime to existing regions.
Every create, update, delete, and configuration change is recorded with a timestamp and the user who made it. The activity log gives operators a complete audit trail of who changed what and when, across all resources in the organisation.
Create and manage containers with guided setup and stable defaults for production paths.
Review activity history, status views, and runtime details from a single control point.
Configure replicas, sizing, networking add-ons, and rate limits in a repeatable way.
Mirror console operations through APIs for internal tooling and automation.
Coming Soon
Planned for later in 2026/2027, timeline subject to change.
Persistent block storage that attaches to your containers. Retain data across restarts and deployments without external storage services.
Redis-compatible in-memory data store with persistent snapshots and restore. Session caching, queues, pub/sub, and real-time data — without Redis licensing concerns.
Managed relational database with automated backups, point-in-time recovery, and regional deployment. A production-ready RDBMS for structured data and transactional workloads.
Managed PostgreSQL with automated backups, point-in-time recovery, and regional deployment. Advanced SQL features, JSONB support, and extensions for modern application workloads.
A globally distributed, multi-region document database with built-in replication. Conflict-free sync across regions for offline-first applications and geo-distributed NoSQL workloads.
S3-compatible object storage for files, media, backups, and static assets. Accessible from your containers or directly via standard S3 APIs and client libraries.
Global content delivery network for static assets, media, and API acceleration. Edge caching across multiple PoPs with automatic origin pull from your containers or object storage.
Managed RabbitMQ for asynchronous messaging between containers. Multi-region clusters, project-private networking, and per-node billing — same operational model as Memcached.
Start with a limited trial and evaluate how teams move from ad-hoc provisioning to platform workflows.
