Follow the steps below to configure a custom Domain within your Org.
Follow step one in the domain quick start to create and verify the apex domain name using the Console UI.
The CLI can also be used to create the apex domain for verification and routing configuration. See the sample manifiest files below.
Refer to the Domain Verification section within the Domain reference page for additional details.
A Domain can be created using the following methods:
Follow step two in the domain quick start for detailed instruction on how to create and configure your domain name using the console UI.
A Domain can be created / updated using the CLI's apply command.
Below are a few sample Domain manifests (in YAML) that can be used as input to the CLI's apply command.
After updating and saving the manifests to a local file, execute the following command to apply:
copycpln apply -f FILE_NAME.yaml --org ORG_NAME
Before using the CLI's apply command, the TXT DNS records must exist and be propagated only for the apex domain. The DNS entries for the subdomain will not be verified on creation. Routing and certificate generation will not occur until the records have been added, propagated, and the target workload is in a ready state and can serve requests.
Configure Domain for APEX Verification
example.com
with your domain.copykind: domainname: example.comdescription: example.comspec:dnsMode: cname
Configure Domain for APEX Verification and Path Based Routing.
example.com
with your domain, GVC_NAME, and WORKLOAD_NAMEcopykind: domainname: example.comdescription: example.comtags: {}spec:acceptAllHosts: falsednsMode: cnameports:- number: 443protocol: http2routes:- port: 4200prefix: /workloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAME
Configure Domain for APEX Verification and Subdomain Based Routing.
example.com
with your domain, GVC_NAME, and TLS_SECRETdnsMode
is set to cname
and a TLS secret is required.copykind: domainname: example.comdescription: example.comtags: {}spec:dnsMode: cnamegvcLink: //gvc/GVC_NAMEports:- number: 443tls:serverCertificate:secretLink: //secret/TLS_SECRET
Configure a subdomain for path based routing.
sub.example.com
with your domain, GVC_NAME, and WORKLOAD_NAME.copykind: domainname: sub.example.comdescription: sub.example.comtags: {}spec:dnsMode: cnameports:- routes:- prefix: /workloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAME
Configure a subdomain for subdomain based routing.
sub.example.com
with your domain and GVC_NAME.https://WORKLOAD_NAME.sub.example.com/
.copykind: domainname: sub.example.comdescription: sub.example.comtags: {}spec:dnsMode: nsgvcLink: //gvc/GVC_NAME
Use the manifest YAML templates below to create a Domain per your requirements.
The examples above use the minimum properties required to create/update a domain based on your requirements.
The complete YAML manifest templates below contain both the required and optional properties.
Notes:
dnsMode
can either be cname
(for path based) or ns
(for subdomain based). For an apex domain, it must be cname
.acceptAllHosts
will only be active if the dedicated load balancer is enabled on the GVC.hostPrefix
will only be active if the dedicated load balancer
is enabled on the GVC and the acceptAllHosts
propert is set to true
.copykind: domainname: sub.domain.comdescription: sub.domain.comtags: {}spec:acceptAllHosts: falsednsMode: cnameports:- cors:allowCredentials: trueallowHeaders:- '*'allowMethods:- '*'allowOrigins:- exact: '*'exposeHeaders:- '*'maxAge: 24hnumber: 443protocol: http2routes:- hostPrefix: exampleport: 4200prefix: /examplereplacePrefix: /v1/exampleworkloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAME_01- prefix: /workloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAME_02tls:cipherSuites:- ECDHE-ECDSA-AES256-GCM-SHA384- ECDHE-ECDSA-CHACHA20-POLY1305- ECDHE-ECDSA-AES128-GCM-SHA256- ECDHE-RSA-AES256-GCM-SHA384- ECDHE-RSA-CHACHA20-POLY1305- ECDHE-RSA-AES128-GCM-SHA256- AES256-GCM-SHA384- AES128-GCM-SHA256clientCertificate:secretLink: //secret/TLS_SECRET_CLIENT_CERTIFICATEminProtocolVersion: TLSV1_2serverCertificate:secretLink: //secret/TLS_SECRET_SERVER_CERTIFICATE
copykind: domainname: sub.example.comdescription: sub.example.comtags: {}spec:acceptAllHosts: truednsMode: nsgvcLink: //gvc/GVC_NAMEports:- cors:allowCredentials: falseallowHeaders:- '*'allowMethods:- '*'allowOrigins:- exact: '*'exposeHeaders:- '*'maxAge: 24hnumber: 443protocol: http2tls:cipherSuites:- ECDHE-ECDSA-AES256-GCM-SHA384- ECDHE-ECDSA-CHACHA20-POLY1305- ECDHE-ECDSA-AES128-GCM-SHA256- ECDHE-RSA-AES256-GCM-SHA384- ECDHE-RSA-CHACHA20-POLY1305- ECDHE-RSA-AES128-GCM-SHA256- AES256-GCM-SHA384- AES128-GCM-SHA256clientCertificate:secretLink: //secret/TLS_SECRET_CLIENT_CERTIFICATEminProtocolVersion: TLSV1_2serverCertificate:secretLink: //secret/TLS_SECRET_SERVER_CERTIFICATE
To successfully add a Domain to your Org, DNS records are required to be added.
The values in the sample below might not correspond to the entries necessary for your domain. Use the values that are presented during the creation of the domain.
When created the domain with the console UI, the final step will display the DNS records that need to be added.
These records will need to be sent to the network administrator in charge of handling the domain's DNS configuration.
Example:
RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln | TXT | 600 | ORG_ID_GUID |
RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln-sample | TXT | 600 | ORG_ID_GUID |
sample | CNAME | 600 | GVC_ALIAS.cpln.app |
Note: The GVC_ALIAS can be obtain from the console UI by clicking on the GVC and it will be displayed on the Info
page.
Using the CLI, executing the command cpln gvc get GVC_NAME
will output the alias.
RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln-sample | TXT | 600 | ORG_ID_GUID |
sample | NS | 1800 | ns1.cpln.cloud |
sample | NS | 1800 | ns2.cpln.cloud |
sample | NS | 1800 | ns1.cpln.live |
sample | NS | 1800 | ns2.cpln.live |
In the examples above, the TXT record for the subdomain is only required if the domain is created in an Org that doesn't contain the apex domain. The ORG_ID_GUID value will be the ID of the Org the domain is created in.
The record _cpln-sample
is based on the sub-domain. The text after _cpln-
will be the sub-domain (i.e., _cpln-SUB_DOMAIN
).
To obtain the ORG_ID_GUID, run the CLI command: cpln org get ORG_NAME --output json
.
The output of the command will display all the properties of the Org object. Use the value of the id
key for the TXT value.
After the DNS records have been created, the propagation time for the changes to take effect depends on the cache setting of your domain's DNS Start of Authority (SOA) record.
Once the records are fully propagated, any DNS changes to your subdomain will be reflected within a few seconds.
Refer to the Configure a CDN guide.
When editing a domain within the console UI, the following options are available when clicking Advanced Mode
:
Refer to the following pages for details on enabling dedicated load balancing:
The accept all hosts setting (acceptAllHosts
in the above example manifest) can be enabled when dedicated load balancing is enabled.
For each port, configure TLS Settings which includes setting the TLS version, forwarding client certificates, using custom server certificates, and allowed cipher suites.
For each port, configure custom CORS settings.
When using Path Based Routing:
hostPrefix
in the above example manifest) can be optionally defined.