Follow the steps below to configure a custom Domain within your Org.
In order for DNS to work, the apex domain (e.g., example.com) needs to be created in Control Plane and verified (using a TXT record) before subdomains can be created. This is required even if the apex domain is not served from Control Plane.
Once the apex domain is verified, subdomains can be added to the same Org without needing the TXT record verification step.
If multiple Orgs are creating subdomains using the same apex domain, the apex domain verification only needs to be performed in only one of the Orgs.
When creating an apex domain for verification:
CNAME
for the DNS Mode
.None
for the Routing Mode
.DNS
page to create the _cpln
TXT record.Create a new Domain by using one of the following methods:
Domains
in the left menu and click New
, orCreate
dropdown in the upper right corner and select Domain
.The console will prompt you for the desired domain name to associate with your Org.
After clicking Next
, the Spec
page will be displayed.
On this page, the following can be configured:
CNAME
is allowed.)https://WORKLOAD_NAME.SUB_DOMAIN.DOMAIN
Replace Prefix
can be provided that will replace the given path string before forwarding to the destination Workload./
should be placed at the end of the list
if multiple paths are configured.After clicking Next
, any required DNS entries will be displayed.
Once the DNS entries are added and the changes are propagated, click on the acceptance
checkbox and click Create
. The platform will verify the DNS entries and, if successful, add the domain to
your Org.
Refer to the Domain reference page for additional details.
A Domain can be created / updated using the CLI's apply command.
Below are a few sample Domain manifests (in YAML) that can be used as input to the CLI's apply command.
After updating and saving the manifests to a local file, execute the following command to apply:
copycpln apply -f FILE_NAME.yaml --org ORG_NAME
Before using the CLI's apply command, the DNS entries must exist and propagated.
copykind: domainname: sub.example.comspec:dnsMode: nsgvcLink: //gvc/GVC_NAME
NOTE: The port number and minimum TLS are currently static. This will be modifiable in the future.
copykind: domainname: sub.example.comdescription: Domain sub.example.comtags: {}spec:ports:- number: 443protocol: http2routes:- prefix: /workloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAMEtls:cipherSuites:- TLS_RSA_WITH_AES_256_GCM_SHA384- TLS_RSA_WITH_AES_128_GCM_SHA256- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- TLS_CHACHA20_POLY1305_SHA256- TLS_AES_256_GCM_SHA384- TLS_AES_128_GCM_SHA256
copykind: domainname: example.comspec:dnsMode: cname
Use the manifest YAML template below to create a Domain per your requirements.
copykind: domainname: sub.example.comdescription: Domain Descriptiontags: {}spec:dnsMode: nsgvcLink: //gvc/GVC_NAMEports:- cors:allowCredentials: trueallowHeaders:- ALLOWED_HEADERallowMethods:- GET- POSTallowOrigins:- exact: example-origin.comexposeHeaders:- EXPOSED_HEADERmaxAge: 24hprotocol: http2tls:cipherSuites:- TLS_RSA_WITH_AES_256_GCM_SHA384- TLS_RSA_WITH_AES_128_GCM_SHA256- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- TLS_CHACHA20_POLY1305_SHA256- TLS_AES_256_GCM_SHA384- TLS_AES_128_GCM_SHA256clientCertificate:secretLink: //secret/TLS_SECRET_CLIENT_CERTIFICATEserverCertificate:secretLink: //secret/TLS_SECRET_SERVER_CERTIFICATE
To successfully add a Domain to your Org using the NS
DNS Mode, the
following DNS entries are required.
The values in the sample below might not correspond to the entries necessary for your domain. Use the values that are presented during the creation of the domain.
These records will need to be sent to the network administrator in charge of handling the domain's DNS configuration.
Example:
CNAME
DNS Mode):RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln | TXT | 600 | ORG_ID_GUID |
RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln-sample | TXT | 600 | ORG_ID_GUID |
sample | NS | 1800 | ns1.cpln.cloud |
sample | NS | 1800 | ns2.cpln.cloud |
sample | NS | 1800 | ns1.cpln.live |
sample | NS | 1800 | ns2.cpln.live |
NOTE:
The record _cpln-sample
is based on the sub-domain. The text after _cpln-
will be the sub-domain (i.e., _cpln-SUB_DOMAIN
).
This record (_cpln-SUB_DOMAIN
) is optional if the Apex Domain has been verified in one of your Orgs.
To obtain the ORG_ID_GUID, run the CLI command: cpln org get ORG_NAME --output json
.
The output of the command will display all the properties of the Org object. Use the value of the id
key for the TXT value.
After the DNS records have been created, the propagation time for the changes to take effect depends on the cache setting of your domain's DNS Start of Authority (SOA) record.
Once the records are fully propagated, any DNS changes to your subdomain will be reflected within a few seconds.
To create:
Select CNAME
for the DNS Mode
and select either Subdomain Based
or Path Based
and configure as necessary.
When using the CNAME
mode:
A TLS secret must be assigned to the domain by:
Spec
page:Configure TLS
switch, thenUse Custom Server Certificate
, thenA CNAME
record must be created at the Domain's hosted DNS. The value of this record will be the Global Endpoint URL
of the target Workload.