Serverless deployment with NEXUS AI: custom domains, scaling, rollback, and more
How NEXUS AI serverless works
Your first serverless deployment
Environments
Custom domains
Add a custom domain
Verify DNS
Apex domains
List and remove domains
Scaling
Replica limits
Scaling and cost
Health checks
Configuration
Check current health status
Rollback
How rollback works
Secrets and environment variables
Multi-service deployments
Redeploy
CI/CD integration
Auto-destroy
Real-time logs
Plan comparison
Deployment command reference
Checklist: production-ready serverless deployment
Frequently asked questions
What's next Published: April 25, 2026
Category: Platform · DevOpsReading time: 16 minutesAuthor: NEXUS AI Team Serverless means different things to different teams. For most, it means: don't manage servers, don't think about capacity until it matters, and pay for what you actually run. That premise is right. The implementation — tangled cloud console configurations, provider-specific YAML, and per-cloud IAM policies — is where the promise breaks down. NEXUS AI deploys containerized applications to AWS App Runner, Google Cloud Run, and Azure Container Apps from a single CLI command. No cloud console. No provider-specific configuration files. Custom domains, replica scaling, one-click rollback, and health checks work the same way across all three. This post covers every production feature in detail: how it works, what it costs, and the exact CLI commands to run it. NEXUS AI acts as a deployment orchestration layer on top of the three major serverless container runtimes: You choose the provider at deploy time. NEXUS AI handles the cloud-side provisioning — service creation, IAM, registry, networking — and gives you a live URL within minutes. Switching providers is a single flag change on the next redeploy. Your container runs on your cloud account (Pro and above), not on shared NEXUS AI infrastructure. The data and workload stay in your AWS, Google Cloud, or Azure environment. Deploy from a Git repository in one command: Or deploy a pre-built container image: Within 3–5 minutes, your deployment is live at a *.nexusai.run subdomain: No Dockerfile required if you deploy from source — NEXUS AI detects your runtime and generates one. No registry setup, no IAM policy documents, no VPC configuration. Every deployment belongs to an environment: DEVELOPMENT, STAGING, or PRODUCTION. Environments affect: Staging and production run independently — different secrets, different provider configs, same codebase. A bad deploy to staging never touches production. Every deployment gets a *.nexusai.run subdomain automatically. For production workloads, attach your own domain. Once you've added the CNAME record at your registrar, trigger verification: NEXUS AI checks DNS propagation and issues a TLS certificate automatically. Verification typically completes within 2–10 minutes of DNS propagation, which depends on your TTL settings. Both subdomain (app.yourcompany.com) and apex (yourcompany.com) are supported. For apex domains, use your registrar's ALIAS or ANAME record (or CNAME flattening if your registrar supports it) pointing to api-prod.nexusai.run. Custom domains are available on Starter ($29/mo) and above. The Free plan uses *.nexusai.run subdomains only. Scale a running deployment between 1 and 10 replicas with a single command. No redeploy required — scaling applies to the live deployment immediately. On Google Cloud Run, AWS App Runner, and Azure Container Apps, scaling is applied directly to the underlying service — NEXUS AI calls the provider's API to set the replica count and the change takes effect within 30–60 seconds. The maximum is 10 replicas per deployment across all plans. For workloads requiring more than 10 replicas, use the provider's native auto-scaling configuration directly on the cloud console alongside NEXUS AI's managed deployment. Replicas run continuously on App Runner and Cloud Run until you scale back down. They are not auto-scaled to zero. If you need scale-to-zero, configure minimum instances on the underlying provider or use the nexus deploy stop command to halt a deployment entirely during off-hours. NEXUS AI configures health checks on every deployment. A deployment that fails health checks is automatically flagged — and if it stays unhealthy past the retry threshold, it surfaces in both the dashboard and your audit log. Health checks are configured at deploy time: The 40-second start period is the most important default to understand. It gives your container time to initialize before health checks begin — a Node.js app loading large models or a Java app with a slow JVM startup won't be marked unhealthy before it's ready. Redeploy to a previous known-good state with one command. No rebuilding, no config archaeology. Rollback is available on Pro ($149/mo) and above. On Free and Starter plans, rollback is not available — the recovery path is a new deployment from the previous image tag or branch. NEXUS AI stores the previous deployment configuration — image, environment variables, secrets references, provider, region, and replica count. When you rollback, it provisions a new deployment using that configuration. The original deployment record is preserved in your history. The rollback deployment gets a generated name (rollback-{timestamp}) and runs at the same replica count as the original. Secrets are injected at runtime — never baked into the container image. Set them once; they're available across redeployments. Your application reads them as standard environment variables: No SDK. No fetch-on-startup. No cold-start penalty from secret retrieval. Secrets are decrypted in the NEXUS AI control plane and injected into the container spec before the first process starts. Environment variables that aren't secrets can be passed inline at deploy time: NEXUS AI supports Docker Compose deployments for applications that require multiple services running together — an API, a background worker, and a Redis sidecar, for example. When --compose is specified, NEXUS AI reads your docker-compose.yml, provisions each service as a deployment, and wires them together within the same project. Services can reference each other by name on the internal network. Push a new image or rebuild from source without changing any configuration: Redeployments on cloud providers (AWS App Runner, Google Cloud Run, Azure Container Apps) complete in 60–90 seconds. The old revision stays running until the new one passes health checks — zero-downtime by default. A typical GitHub Actions pipeline with NEXUS AI: The pipeline token uses deploy:write scope only — it cannot read secrets, change configuration, or touch other deployments. One compromised pipeline token is one redeployment trigger, nothing more. Temporary deployments — review apps, QA environments, demo instances — can be set to self-destruct after a fixed window: The deployment runs normally until the deadline, then stops and cleans up its cloud resources automatically. No manual teardown required, no forgotten review apps billing at end of month. Stream build and runtime logs for any deployment: Logs are available within seconds of a container writing to stdout/stderr. Build logs (the image build, Dockerfile execution, dependency installation) are also accessible via the same command with --build. Which cloud provider should I use?For most workloads: Google Cloud Run (GCP_CLOUD_RUN) for its zero-to-running speed and global network, AWS App Runner (AWS_APP_RUNNER) if your team already runs on AWS and wants everything in one account, Azure Container Apps (AZURE_CONTAINER_APPS) for Microsoft-stack integrations. All three behave identically from the NEXUS AI CLI perspective. Does NEXUS AI support scale-to-zero?Not natively managed from the CLI — replicas run continuously at whatever count you set. The underlying providers (Cloud Run, Container Apps) support scale-to-zero natively; you can configure it on the cloud console alongside NEXUS AI's deployment. nexus deploy stop halts the deployment entirely, which achieves zero cost during idle periods for non-production environments. Can I bring my own Dockerfile?Yes. If your repository includes a Dockerfile, NEXUS AI uses it. If not, it generates one based on detected runtime (Node.js, Python, Go, Java, etc.). You can also pass a Dockerfile path explicitly with --dockerfile. How does rollback work on Cloud Run and App Runner?NEXUS AI stores your previous deployment configuration and provisions a new deployment from it — it does not use the provider's native revision rollback. This means rollback works identically across all four providers and preserves a clean audit trail of every state the deployment has been in. What happens if a deployment fails health checks?The deployment status changes to FAILED or UNHEALTHY. For cloud providers, the previous revision stays running (Cloud Run and Container Apps keep the last healthy revision active). You'll see a DEPLOYMENT_FAILED event in your audit log with the exit code and error message. Run nexus deploy logs <name> to see what went wrong, then redeploy or rollback. Can I run multiple services (API + worker + DB) in one deployment?
Use --compose to deploy a Docker Compose file. Each service in the compose file becomes a tracked service under the same deployment, connected on an internal network. External database connections should use NEXUS AI secrets rather than running a database container — ephemeral containers are not a reliable database host. Start with a single command. If your app is already containerized: You'll have a live URL in under 5 minutes. Add your custom domain, wire up secrets, and set up your CI/CD pipeline — the entire production setup takes under an hour. NEXUS AI starts at $29/mo on the Starter plan. Custom domains, Google Cloud Run deployments, and up to 3 team members are included. Start at nexusai.run. No cloud console. No YAML. One command from prompt to production. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse
nexus deploy source \ --name api-prod \ --repo https://github.com/your-org/your-api \ --branch main \ --provider GCP_CLOUD_RUN \ --region us-central1 \ --port 3000
nexus deploy source \ --name api-prod \ --repo https://github.com/your-org/your-api \ --branch main \ --provider GCP_CLOUD_RUN \ --region us-central1 \ --port 3000
nexus deploy source \ --name api-prod \ --repo https://github.com/your-org/your-api \ --branch main \ --provider GCP_CLOUD_RUN \ --region us-central1 \ --port 3000
nexus deploy create \ --name api-prod \ --image ghcr.io/your-org/api:latest \ --provider AWS_APP_RUNNER \ --region us-east-1 \ --port 3000
nexus deploy create \ --name api-prod \ --image ghcr.io/your-org/api:latest \ --provider AWS_APP_RUNNER \ --region us-east-1 \ --port 3000
nexus deploy create \ --name api-prod \ --image ghcr.io/your-org/api:latest \ --provider AWS_APP_RUNNER \ --region us-east-1 \ --port 3000
✓ Deployment api-prod created URL: https://api-prod.nexusai.run Provider: AWS_APP_RUNNER (us-east-1) Status: RUNNING Replicas: 1
✓ Deployment api-prod created URL: https://api-prod.nexusai.run Provider: AWS_APP_RUNNER (us-east-1) Status: RUNNING Replicas: 1
✓ Deployment api-prod created URL: https://api-prod.nexusai.run Provider: AWS_APP_RUNNER (us-east-1) Status: RUNNING Replicas: 1
# Deploy the same app to staging and production as separate deployments
nexus deploy source --name api-staging --env staging --provider GCP_CLOUD_RUN ...
nexus deploy source --name api-prod --env production --provider AWS_APP_RUNNER ...
# Deploy the same app to staging and production as separate deployments
nexus deploy source --name api-staging --env staging --provider GCP_CLOUD_RUN ...
nexus deploy source --name api-prod --env production --provider AWS_APP_RUNNER ...
# Deploy the same app to staging and production as separate deployments
nexus deploy source --name api-staging --env staging --provider GCP_CLOUD_RUN ...
nexus deploy source --name api-prod --env production --provider AWS_APP_RUNNER ...
nexus domain add api-prod app.yourcompany.com
nexus domain add api-prod app.yourcompany.com
nexus domain add api-prod app.yourcompany.com
✓ Domain app.yourcompany.com added to api-prod Verification: PENDING Add this DNS record at your registrar: Type: CNAME Name: app Value: api-prod.nexusai.run
✓ Domain app.yourcompany.com added to api-prod Verification: PENDING Add this DNS record at your registrar: Type: CNAME Name: app Value: api-prod.nexusai.run
✓ Domain app.yourcompany.com added to api-prod Verification: PENDING Add this DNS record at your registrar: Type: CNAME Name: app Value: api-prod.nexusai.run
nexus domain verify api-prod <domain-id>
nexus domain verify api-prod <domain-id>
nexus domain verify api-prod <domain-id>
# List all domains for a deployment
nexus domain list api-prod # Remove a domain
nexus domain remove api-prod <domain-id>
# List all domains for a deployment
nexus domain list api-prod # Remove a domain
nexus domain remove api-prod <domain-id>
# List all domains for a deployment
nexus domain list api-prod # Remove a domain
nexus domain remove api-prod <domain-id>
# Scale up before a high-traffic event
nexus deploy scale api-prod --replicas 5 # Scale back down after
nexus deploy scale api-prod --replicas 2
# Scale up before a high-traffic event
nexus deploy scale api-prod --replicas 5 # Scale back down after
nexus deploy scale api-prod --replicas 2
# Scale up before a high-traffic event
nexus deploy scale api-prod --replicas 5 # Scale back down after
nexus deploy scale api-prod --replicas 2
✓ api-prod scaled to 5 replica(s) Previous: 2 Current: 5 Provider: GCP_CLOUD_RUN
✓ api-prod scaled to 5 replica(s) Previous: 2 Current: 5 Provider: GCP_CLOUD_RUN
✓ api-prod scaled to 5 replica(s) Previous: 2 Current: 5 Provider: GCP_CLOUD_RUN
# Stop during off-hours
nexus deploy stop api-staging # Restart when needed
nexus deploy start api-staging
# Stop during off-hours
nexus deploy stop api-staging # Restart when needed
nexus deploy start api-staging
# Stop during off-hours
nexus deploy stop api-staging # Restart when needed
nexus deploy start api-staging
nexus deploy source \ --name api-prod \ --health-check-type http \ --health-check-url /health \ --health-check-interval 30 \ --health-check-timeout 3 \ --health-check-retries 3 \ --health-check-start-period 40 \ ...
nexus deploy source \ --name api-prod \ --health-check-type http \ --health-check-url /health \ --health-check-interval 30 \ --health-check-timeout 3 \ --health-check-retries 3 \ --health-check-start-period 40 \ ...
nexus deploy source \ --name api-prod \ --health-check-type http \ --health-check-url /health \ --health-check-interval 30 \ --health-check-timeout 3 \ --health-check-retries 3 \ --health-check-start-period 40 \ ...
nexus deploy status api-prod
nexus deploy status api-prod
nexus deploy status api-prod
NAME STATUS HEALTH REPLICAS RESTARTS PROVIDER UPTIME
api-prod RUNNING healthy 2 0 AWS_APP_RUNNER 14h ago
NAME STATUS HEALTH REPLICAS RESTARTS PROVIDER UPTIME
api-prod RUNNING healthy 2 0 AWS_APP_RUNNER 14h ago
NAME STATUS HEALTH REPLICAS RESTARTS PROVIDER UPTIME
api-prod RUNNING healthy 2 0 AWS_APP_RUNNER 14h ago
nexus deploy rollback api-prod
nexus deploy rollback api-prod
nexus deploy rollback api-prod
# Check deployment history before rolling back
nexus deploy list --json | jq '.[] | select(.name | startswith("api-prod"))'
# Check deployment history before rolling back
nexus deploy list --json | jq '.[] | select(.name | startswith("api-prod"))'
# Check deployment history before rolling back
nexus deploy list --json | jq '.[] | select(.name | startswith("api-prod"))'
[ { "name": "api-prod", "status": "FAILED", "createdAt": "2026-04-25T14:22:00Z" }, { "name": "rollback-k3x9ab2", "status": "RUNNING", "createdAt": "2026-04-25T14:30:00Z" }
]
[ { "name": "api-prod", "status": "FAILED", "createdAt": "2026-04-25T14:22:00Z" }, { "name": "rollback-k3x9ab2", "status": "RUNNING", "createdAt": "2026-04-25T14:30:00Z" }
]
[ { "name": "api-prod", "status": "FAILED", "createdAt": "2026-04-25T14:22:00Z" }, { "name": "rollback-k3x9ab2", "status": "RUNNING", "createdAt": "2026-04-25T14:30:00Z" }
]
# Store secrets in the vault
nexus secret set DATABASE_URL "postgres://..." --environment production
nexus secret set STRIPE_SECRET_KEY "sk_live_..." --environment production
nexus secret set OPENAI_API_KEY "sk-..." --environment production # Deploy — secrets are automatically injected
nexus deploy source --name api-prod --env production ...
# Store secrets in the vault
nexus secret set DATABASE_URL "postgres://..." --environment production
nexus secret set STRIPE_SECRET_KEY "sk_live_..." --environment production
nexus secret set OPENAI_API_KEY "sk-..." --environment production # Deploy — secrets are automatically injected
nexus deploy source --name api-prod --env production ...
# Store secrets in the vault
nexus secret set DATABASE_URL "postgres://..." --environment production
nexus secret set STRIPE_SECRET_KEY "sk_live_..." --environment production
nexus secret set OPENAI_API_KEY "sk-..." --environment production # Deploy — secrets are automatically injected
nexus deploy source --name api-prod --env production ...
const db = new Pool({ connectionString: process.env.DATABASE_URL });
const db = new Pool({ connectionString: process.env.DATABASE_URL });
const db = new Pool({ connectionString: process.env.DATABASE_URL });
nexus deploy source \ --name api-prod \ --env-var NODE_ENV=production \ --env-var LOG_LEVEL=info \ --env-var PORT=3000 \ ...
nexus deploy source \ --name api-prod \ --env-var NODE_ENV=production \ --env-var LOG_LEVEL=info \ --env-var PORT=3000 \ ...
nexus deploy source \ --name api-prod \ --env-var NODE_ENV=production \ --env-var LOG_LEVEL=info \ --env-var PORT=3000 \ ...
nexus deploy source \ --name platform-prod \ --repo https://github.com/your-org/platform \ --compose \ ...
nexus deploy source \ --name platform-prod \ --repo https://github.com/your-org/platform \ --compose \ ...
nexus deploy source \ --name platform-prod \ --repo https://github.com/your-org/platform \ --compose \ ...
# Redeploy from the same source (pulls latest from the branch)
nexus deploy redeploy api-prod # Or from CI/CD using an Access Token
NEXUS_API_KEY=nxk_... nexus deploy redeploy api-prod
# Redeploy from the same source (pulls latest from the branch)
nexus deploy redeploy api-prod # Or from CI/CD using an Access Token
NEXUS_API_KEY=nxk_... nexus deploy redeploy api-prod
# Redeploy from the same source (pulls latest from the branch)
nexus deploy redeploy api-prod # Or from CI/CD using an Access Token
NEXUS_API_KEY=nxk_... nexus deploy redeploy api-prod
name: Deploy to production on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build and push image run: | docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} . docker push ghcr.io/${{ github.repository }}:${{ github.sha }} - name: Deploy to NEXUS AI env: NEXUS_API_KEY: ${{ secrets.NEXUS_API_KEY }} run: | npx nexus-cli deploy redeploy api-prod
name: Deploy to production on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build and push image run: | docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} . docker push ghcr.io/${{ github.repository }}:${{ github.sha }} - name: Deploy to NEXUS AI env: NEXUS_API_KEY: ${{ secrets.NEXUS_API_KEY }} run: | npx nexus-cli deploy redeploy api-prod
name: Deploy to production on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build and push image run: | docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} . docker push ghcr.io/${{ github.repository }}:${{ github.sha }} - name: Deploy to NEXUS AI env: NEXUS_API_KEY: ${{ secrets.NEXUS_API_KEY }} run: | npx nexus-cli deploy redeploy api-prod
# Spin up a review deployment that destroys itself after 24 hours
nexus deploy source \ --name pr-1234-review \ --auto-destroy 24h \ ...
# Spin up a review deployment that destroys itself after 24 hours
nexus deploy source \ --name pr-1234-review \ --auto-destroy 24h \ ...
# Spin up a review deployment that destroys itself after 24 hours
nexus deploy source \ --name pr-1234-review \ --auto-destroy 24h \ ...
# Follow runtime logs
nexus deploy logs api-prod --follow # Get last 200 lines
nexus deploy logs api-prod --tail 200 # Filter by keyword
nexus deploy logs api-prod --follow | grep ERROR
# Follow runtime logs
nexus deploy logs api-prod --follow # Get last 200 lines
nexus deploy logs api-prod --tail 200 # Filter by keyword
nexus deploy logs api-prod --follow | grep ERROR
# Follow runtime logs
nexus deploy logs api-prod --follow # Get last 200 lines
nexus deploy logs api-prod --tail 200 # Filter by keyword
nexus deploy logs api-prod --follow | grep ERROR
# Deploy from source
nexus deploy source --name <name> --repo <url> --branch <branch> --provider <provider> --port <port> # Deploy from image
nexus deploy create --name <name> --image <image> --provider <provider> --port <port> # Redeploy (same config, new build)
nexus deploy redeploy <name> # Scale replicas (1–10)
nexus deploy scale <name> --replicas <n> # Rollback to previous version (Pro+)
nexus deploy rollback <name> # Stop / start
nexus deploy stop <name>
nexus deploy start <name> # View status
nexus deploy status <name> # Stream logs
nexus deploy logs <name> --follow # List deployments
nexus deploy list # Delete deployment
nexus deploy delete <name> # Custom domains
nexus domain add <deployment> <domain>
nexus domain verify <deployment> <domain-id>
nexus domain list <deployment>
nexus domain remove <deployment> <domain-id>
# Deploy from source
nexus deploy source --name <name> --repo <url> --branch <branch> --provider <provider> --port <port> # Deploy from image
nexus deploy create --name <name> --image <image> --provider <provider> --port <port> # Redeploy (same config, new build)
nexus deploy redeploy <name> # Scale replicas (1–10)
nexus deploy scale <name> --replicas <n> # Rollback to previous version (Pro+)
nexus deploy rollback <name> # Stop / start
nexus deploy stop <name>
nexus deploy start <name> # View status
nexus deploy status <name> # Stream logs
nexus deploy logs <name> --follow # List deployments
nexus deploy list # Delete deployment
nexus deploy delete <name> # Custom domains
nexus domain add <deployment> <domain>
nexus domain verify <deployment> <domain-id>
nexus domain list <deployment>
nexus domain remove <deployment> <domain-id>
# Deploy from source
nexus deploy source --name <name> --repo <url> --branch <branch> --provider <provider> --port <port> # Deploy from image
nexus deploy create --name <name> --image <image> --provider <provider> --port <port> # Redeploy (same config, new build)
nexus deploy redeploy <name> # Scale replicas (1–10)
nexus deploy scale <name> --replicas <n> # Rollback to previous version (Pro+)
nexus deploy rollback <name> # Stop / start
nexus deploy stop <name>
nexus deploy start <name> # View status
nexus deploy status <name> # Stream logs
nexus deploy logs <name> --follow # List deployments
nexus deploy list # Delete deployment
nexus deploy delete <name> # Custom domains
nexus domain add <deployment> <domain>
nexus domain verify <deployment> <domain-id>
nexus domain list <deployment>
nexus domain remove <deployment> <domain-id>
nexus deploy create \ --name my-app \ --image your-registry/your-app:latest \ --provider GCP_CLOUD_RUN \ --port 3000
nexus deploy create \ --name my-app \ --image your-registry/your-app:latest \ --provider GCP_CLOUD_RUN \ --port 3000
nexus deploy create \ --name my-app \ --image your-registry/your-app:latest \ --provider GCP_CLOUD_RUN \ --port 3000 - Which secrets are injected (secrets are scoped per environment)
- Which team members can deploy (RBAC enforces environment-level permissions)
- Which providers are available (controlled by your org's provider config) - [ ] Set all secrets via nexus secret set before first deploy — zero plaintext env vars
- [ ] Configure --health-check-url to match your app's actual health endpoint
- [ ] Set --health-check-start-period to at least your app's cold-start time
- [ ] Create a scoped deploy:write token for CI/CD — never use your personal token in pipelines
- [ ] Add your custom domain and verify DNS before announcing the URL
- [ ] Run nexus deploy status <name> --watch on the first production deploy to catch health check failures early
- [ ] Set --auto-destroy on review and QA deployments — prevent billing surprises
- [ ] Scale to at least 2 replicas for production — single-replica deployments have no redundancy - Stop shipping secrets. Start using a vault.
- RBAC deep dive: roles, scopes, and least privilege
- Audit logs and compliance: what gets recorded and why
- MCP integration: 37 tools for Claude and AI agents
