Tensor9 lets each of your customers pick how their end users reach the deployed application. The choice is configuration, not source code: your same origin stack compiles into a deployment stack shaped to whatever posture the customer selects. The URL their end users type stays the same regardless of which option they pick; only the network path changes.Documentation Index
Fetch the complete documentation index at: https://docs.tensor9.com/llms.txt
Use this file to discover all available pages before exploring further.
Ingress options
| Option | What it does | When customers pick it | Compliance lever |
|---|---|---|---|
| Public (default) | The application is reachable on the public internet. | Adoption-friendly default for customers who do not require a network-isolation boundary. | None directly. Common starting posture for non-regulated customers. |
| Allowlist | The application is public-facing but restricted to a list of customer-supplied IPv4/IPv6 CIDRs. | The customer wants a public path but only from their corporate egress, partner networks, or other known sources. | Demonstrable network-boundary control. Audit-trail friendly: the CIDR list is the documented boundary. |
| Tailscale | The application is reachable only over the customer’s Tailscale network. | The customer already runs Tailscale and wants end users on their tailnet to reach the application. | Eliminates the public path. Tailnet membership becomes the identity-and-authorization boundary the customer’s security team already audits. |
Configuring an option
Ingress posture is set on the form factor you author. The form factor declares which of the three options it permits; your customer (or you on their behalf) picks from those permitted options at appliance setup time.- Public, Allowlist, and Tailscale are mechanical: declare them in the form factor, configure the customer’s specifics (the allowlist CIDRs, or the Tailscale auth key) in the appliance setup link, and the compiler emits the right deployment stack.