🇪🇺 EU egress for Netlify, on any plan

🇪🇺 Static IP for Netlify

Netlify Functions run on shared AWS infrastructure with rotating egress, and the only native static option is an Enterprise-only add-on. Route your outbound calls through two fixed static EU IPs set as an HTTPS_PROXY env var, on any plan.

Netlify Function

# Netlify env var (any plan)

HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

# functions/orders.js

const agent = new HttpsProxyAgent(..)

const res = await fetch(

  'https://api.partner.eu/orders',

  { agent })

Why Netlify apps keep losing a stable source IP

Netlify runs your functions on shared AWS infrastructure, so the outbound address rotates, and the only native fix is locked behind an Enterprise plan.

Shared AWS egress by default

Netlify Functions run on AWS Lambda, pulling outbound IPs from a large shared pool. Those addresses rotate constantly, so a call that reaches an IP-whitelisted partner API one minute gets a 403 the next with no code change.

Static IPs are Enterprise-only

Netlify does offer fixed egress through Private Connectivity, but it's an add-on for Enterprise plans that start around $500 a month. Free, Personal, and Pro projects have no native way to pin their outbound address.

No EU egress natively

Netlify is a US company and its functions run on US AWS regions. Even the Enterprise Private Connectivity option leaves from US infrastructure, so it doesn't solve the GDPR data-residency side for EU teams.

Noisy neighbours on shared pools

Because the AWS IP pool is shared, your function's address can get rate-limited or blocked because of what some unrelated tenant did from the same IP. You inherit the reputation of whoever else rode that address before you.

When a partner asks

"What IP will your Netlify function call from, so I can allow it?"

You want one fixed answer that holds across every deploy, not "whichever Lambda instance AWS happened to run."

The Solution

Send Netlify's outbound calls through a fixed EU IP

Netlify function

HTTPS Proxy

(Static EU IP)

Whitelisted API

Every outbound HTTPS call from your Netlify function leaves from the same pair of EU addresses, whether it's a partner API or a payment endpoint. Two IPs back the account, and if one is down the other takes over.

One env var covers the function. fetch and axios honour HTTPS_PROXY with no code rewrite, on Free or Pro.
A dedicated address, not a shared AWS pool. Your calls don't inherit the rate-limit reputation of noisy neighbours.
TLS passes straight through, so API tokens and request payloads stay unreadable at the proxy.

What this gives a Netlify deployment

Two fixed EU addresses to whitelist, with automatic failover between them. You give partners one stable thing to trust instead of a rotating AWS list.
Works on any plan. You don't need Netlify's Enterprise tier or its Private Connectivity add-on just to get an allowlisted address.
EU egress where Netlify offers none natively. Your function calls leave from European infrastructure, which lines up with GDPR data-residency expectations.
Your own dedicated address, so you stop inheriting blocks and rate limits from other tenants sharing the AWS pool.
No function rewrite. Set the proxy as a Netlify environment variable and your existing fetch code starts routing through it.

Who it's built for

Jamstack & frontend teams

Shipping on Netlify whose serverless functions call partner APIs behind an IP allowlist.

Indie & free-plan projects

On plans well below Netlify's Enterprise Private Connectivity, who still need a fixed address to reach IP-whitelisted APIs.

EU SaaS builders

Running EU products on Netlify that need GDPR-aligned outbound access from a fixed EU address.

Compliance-minded teams

Accountable for where their Netlify functions send data, who want a documented EU egress rather than an ever-changing AWS address.

Implementation

Set HTTPS_PROXY as a Netlify environment variable. Outbound calls then leave through your fixed EU IP, with no function rewrite.

Node.js (fetch, in a Netlify Function)

Add HTTPS_PROXY in Site settings > Environment variables. In the function, pass it explicitly with https-proxy-agent.

// Netlify env var (any plan)
HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443
PARTNER_API_TOKEN=your_token

// functions/orders.js
const { HttpsProxyAgent } = require('https-proxy-agent');

exports.handler = async () => {
  const agent = new HttpsProxyAgent(process.env.HTTPS_PROXY);

  const res = await fetch('https://api.partner.eu/orders', {
    headers: { 'Authorization': `Bearer ${process.env.PARTNER_API_TOKEN}` },
    agent,
  });

  return { statusCode: 200, body: JSON.stringify(await res.json()) };
};

Setting the variable on Netlify

Add it as an environment variable in Site settings. Keep the proxy URL out of your repo by storing it in the dashboard or via the Netlify CLI.

# Dashboard: Site settings > Environment variables
HTTPS_PROXY = https://user:pass@eu-01.outboundgateway.com:8443
Scope: Production, Deploy previews, Branch deploys (as needed)

# Or via the Netlify CLI
netlify env:set HTTPS_PROXY "https://user:pass@eu-01.outboundgateway.com:8443"

# In code, read it like any env var
const proxy = process.env.HTTPS_PROXY;

Two IPs, so a deploy doesn't break your integration

Your account comes with two static IP addresses (for example 51.xx.xx.10 and 51.xx.xx.11). Whitelist both on your partner API. If one proxy node is briefly unavailable, traffic shifts to the other, so a Netlify redeploy isn't the thing that severs your connection.

📖 Want the longer version? Worked examples, error handling, and other languages are in the Node.js Guide, Python SSL Proxy Guide, and the rest of the docs.

EU egress for Netlify workloads

Netlify is US-hosted and runs functions on US AWS regions. For GDPR-minded teams, a fixed EU egress fills that gap.

European infrastructure

The proxy runs in EU data centres, so your Netlify function's outbound traffic leaves from European infrastructure instead of a US AWS region.

GDPR-conscious by design

Because TLS passes straight through, the proxy never decodes your API tokens or request payloads. It forwards encrypted bytes; it doesn't read them.

No transatlantic detours

Traffic doesn't bounce through US infrastructure on its way to your partner API, which keeps the data path inside the EU and removes a wrinkle from GDPR reviews.

An egress you can name

When a partner asks where your Netlify function calls from, the answer is two fixed EU addresses, not a list that changes with every AWS scale event. The failover pair covers maintenance windows.

Why teams route Netlify through OutboundGateway

A pair of fixed IPs

Two addresses to register, with automatic failover, so your traffic isn't riding on a single point of failure.

Any plan, no Enterprise seat

No need for Netlify's Enterprise tier or Private Connectivity add-on. Set an env var and you have a fixed egress.

EU-hosted

European data centres and a GDPR-conscious setup, giving your Netlify app a predictable EU address it doesn't have natively.

Dedicated, not shared

Your own fixed address, so you stop inheriting rate limits and blocks from noisy neighbours on the shared AWS pool.

Encrypted end to end

TLS passthrough means the proxy can't read your traffic. Tokens and request data stay private the whole way.

Flexible plans

Starting from €29/month. Flexible plans for every scale. Cancel anytime.

Give your Netlify functions a fixed EU egress

Stop letting shared AWS egress and an Enterprise-only addon decide whether your IP-whitelisted APIs keep working. Put your Netlify outbound traffic behind one stable, GDPR-conscious address.

€29/month starter plan • 7-day refund policy • Direct founder support

Frequently asked questions

Doesn't Netlify offer static IPs natively?

Netlify has a Private Connectivity feature that gives builds and functions a specific set of allowlist IPs, but it's an add-on for Enterprise plans (which start around $500 a month) and it egresses from US AWS regions. OutboundGateway gives you a fixed pair of EU addresses on any plan, set as a simple HTTPS_PROXY env var, which is useful if you're on Free or Pro, want EU data residency, or would rather not pay for Enterprise.

How do I set the proxy on Netlify?

Add HTTPS_PROXY in Site settings > Environment variables, scoped to Production, Deploy previews, or Branch deploys, or with netlify env:set. In a Node function, pass it to https-proxy-agent. The variable is stored in the dashboard, not your repo, so it stays out of source control.

Does it work on the free plan?

Yes. Because the proxy is just an environment variable, it works regardless of your Netlify plan. Free and Pro projects that can't access Netlify's Enterprise Private Connectivity can still get a fixed pair of EU addresses for their outbound HTTPS calls.

Still weighing it up?

Happy to talk through how a two-IP egress fits your specific Netlify setup, whether it's a serverless function or a build step.

Contact Our Founders →