diff --git a/custom-domain/dstack-ingress/README.md b/custom-domain/dstack-ingress/README.md
index c767569..b900dd5 100644
--- a/custom-domain/dstack-ingress/README.md
+++ b/custom-domain/dstack-ingress/README.md
@@ -176,6 +176,7 @@ configs:
 - `CERTBOT_EMAIL`: Your email address used in Let's Encrypt certificate requests
 - `TARGET_ENDPOINT`: The plain HTTP endpoint of your dstack application (for single domain mode)
 - `SET_CAA`: Set to `true` to enable CAA record setup
+- `CLIENT_MAX_BODY_SIZE`: Optional value for nginx `client_max_body_size` (e.g. `50m`) in single-domain mode
 
 **Backward Compatibility:**
 
diff --git a/custom-domain/dstack-ingress/scripts/entrypoint.sh b/custom-domain/dstack-ingress/scripts/entrypoint.sh
index e394d80..a3b5a3a 100644
--- a/custom-domain/dstack-ingress/scripts/entrypoint.sh
+++ b/custom-domain/dstack-ingress/scripts/entrypoint.sh
@@ -49,6 +49,11 @@ setup_certbot_env() {
 setup_py_env
 
 setup_nginx_conf() {
+    local client_max_body_size_conf=""
+    if [ -n "$CLIENT_MAX_BODY_SIZE" ]; then
+        client_max_body_size_conf="    client_max_body_size ${CLIENT_MAX_BODY_SIZE};"
+    fi
+
     cat <<EOF >/etc/nginx/conf.d/default.conf
 server {
     listen ${PORT} ssl;
@@ -88,6 +93,7 @@ server {
 
     # Disable SSL renegotiation
     ssl_early_data off;
+${client_max_body_size_conf}
 
     location / {
         ${PROXY_CMD}_pass ${TARGET_ENDPOINT};