GuidesFlightcontrolCustom Domains

Custom Domains

This guide will show you how to connect a custom domain you purchased elsewhere with your service on Flightcontrol.

Custom domains are added to your service’s CloudFront distribution. We do not currently support custom domains on the load balancer.

Setup Your Custom Domain

To connect a custom domain, you’ll need to follow these high-level steps:

  1. Navigate to the Domains tab of the service you want to connect the domain to
  2. Click the “Add domain” button TODO
  3. Enter the domain you want to connect, then click “Begin domain setup”
    • We recommend using a subdomain (i.e. www.example.com) instead of a root domain (i.e. example.com). See the Root Domain Recommendations section for more details. TODO
  4. Wait while the new certificate is provisioned TODO
  5. Add the DNS verification record (and CAA if displayed) to your domain provider. This will not direct traffic to your service. It’s just domain verification so AWS can issue the SSL certificate.
    • See the Apply Changes To Your Domain Provider section for more details.

      Why do I see a CAA record? The CAA record restricts who can issue certificates for your domain. You currently have a CAA record that prevents AWS from issuing the certificate. You need to add “amazon.com” to the CAA record.

      TODO
  6. Wait while the new certificate is attached to CloudFront TODO
  7. Once the certificate is attached, and you are ready to redirect traffic, proceed to the next step. 8. Add the DNS records to your domain provider. This will direct all traffic on that domain to your Flightcontrol service. TODO

The Flightcontrol dashboard will not display a connected status on your service DNS record. You can verify that your DNS has propogated correctly by accessing the domain or using a DNS record checker.

Apply Changes To Your Domain Provider

The specific instructions will depend on whether you are setting up a root domain or a subdomain.

For a Subdomain

The DNS changes for a subdomain are the most straightforward. As you can see from the screenshot above, you’ll get 2 CNAME records.

You’ll need to add those records to your domain provider.

Here are some guides from different providers:

For a Root Domain

With this option, things become less straightforward.

The most important thing to be aware of is that your domain provider NEEDS to support an ALIAS record, if they don’t you’ll need to move the domain to one that does or fallback to the subdomain option. If they do support it, then you should be able to set it up by adding the DNS records as shown to you by Flightcontrol (see external articles above with some examples).

However, please note that that Flightcontrol can’t verify if the ALIAS record was setup correctly since this record type is an internal translation and won’t appear in the nameserver response. So we only just check if CNAME is correct and assume the setup has been successful.

Lastly, if you have used Route53 as your domain provider, your domain needs to be in the same account as the service AND you’ll need to configure things slightly differently. When you create the ALIAS record, instead of using the CloudFront domain, you have to choose the exact Cloudfront distribution that was created by Flightcontrol.

Root Domain Recommendations

We have several recommendations if you are considering setting up a root domain (such as example.com).

Use the www Subdomain Instead of the Root Domain

We recommend you add a subdomain (i.e.: use www.example.com) instead of directly referencing the root domain (example.com).

If you go with this recommendation but still want users to be able to use example.com, please contact us and we will add a redirection for you.

Root Domain Not Recommended

When using a root domain, all cookies on that root level are shared with its child subdomains (i.e. every single subdomain) which might cause cookies collision and sharing the cookie with a 3rd party that is using a CNAME from your domain.

Besides that, root domains requires that you set an ALIAS record (a custom implementation of an A record), which removes the benefits of distributed CDN due to how it resolves the IP.

If you still prefer to setup a root domain, make sure that it accepts an ALIAS DNS Record, which is a custom one not supported by all providers (Namecheap is one that does).

Wildcard Domains

Besides the 2 options discussed at length, we also support wildcard domains, i.e.: "domain": "*.example.com"

With this option you can make use of the HOST HTTP Request Header sent to your app to see the exact domain being used and the configuration is the same as for the subdomain.

Multiple Domains

Each Flightcontrol service with CloudFront supports adding multiple CloudFront distributions and adding multiple domains to each CloudFront distribution.

Options:

  • Add multiple domains to a CloudFront domain certificate group
  • Create a new domain certificate group with a new CloudFront distribution

Why two options? A CloudFront distribution can only have a single certificate. You can add multiple domains to this certificate as long as you own all the domains.

But if you are adding domains that others own, like your customer’s domains, they should each have their own certificate for proper security and privacy.

Limitations

  • Each CloudFront distribution can only have a single certificate. Anyone inspecting the certificate will see all the domains that are added to the certificate.
  • By default, a CloudFront distribution can only have 10 domains. If you need more, you can request a quota increase from AWS.

Automating Custom Domains with the API

You can automate custom domains for your users using our Custom Domains API.

Environment VariablesLogging