Appearance
Custom domains & SSL
Bring your own domain, point it at a pod, and turn on SSL with one click. No certificate files to manage, no renewal cron jobs, no proxy config to hand-edit.
Adding a domain
- Domains -> New domain in the console.
- Enter your domain (e.g.
example.comorapp.example.com). - Save.
That's the whole form - just the name. We work out the rest (whether it's a root domain or a subdomain) and show you the DNS records to publish next.
Verifying ownership
To prove the domain is yours, publish the verify-domain TXT record shown on the domain's DNS tab at your DNS provider. Checks run automatically in the background; Recheck DNS on the same tab checks on the spot.
- An unverified domain stays on your account, but it isn't locked to you yet: until you verify, anyone else who adds the domain and publishes its TXT challenge opens a 48-hour claim on it. Verify promptly and it locks to your account for good.
- The reverse also works - if someone else added the domain but never verified it, publishing your TXT record starts your own 48-hour claim. If they already verified it, it's locked to their account.
Mapping the domain to a pod
- Open the verified domain.
- Click Map to pod.
- Choose:
- Traffic type -
httporhttps. - Pod - the pod to serve this domain.
- Port - the internal port your app listens on (e.g.
3000).
- Traffic type -
- Save.
Traffic for your domain now reaches your pod through our reverse proxy. Publish the web-pointing record (an A record for a root domain, a CNAME for a subdomain) shown on the domain's DNS tab so requests actually route to us. You can't map to a database pod.
Enable SSL
- Publish the SSL delegation record - the
_acme-challengeCNAME shown on the domain's DNS tab - at your DNS provider, if you haven't already. Certificates are issued and renewed through it; without it, SSL never activates. - On the domain page, click Enable SSL.
- We provision the certificate and set it to renew before it expires - automatically, for as long as the domain exists.
Done. Your site is reachable at https://your-domain.com. Enabling SSL does not require the mapping to be in place first, so you can do it in either order.
Unmapping
Need to move a domain off a pod? Use Remove mapping on the pod-mapping card. The mapping clears and the web-pointing record drops off the DNS checklist (it comes back when you map again), but the SSL certificate is kept - so when you map it again later, there's nothing to re-issue.
Multiple domains, one pod
You can map several domains to the same pod, each with its own certificate. Handy for vanity domains, marketing pages, or staging aliases.
API
The same flow is available via the domains API.