How to use fly.io to manage the multiple domains for our project

Ah I see the problem, change the Host field to just _acme-challenge. Right now the record is _acme-challenge.listingvillage.listingvillage.com.

The “Resolved” indicator says *.listingvillage.com is setup to point to your app, but that’s separate from the DNS challenge.

@kurt - TXT deleted.

The TXT record only contained: _acme-challenge

While the CNAME is: _acme-challenge.listingvillage.com

@kurt Awesome! Thanks! I forgot NameCheap automatically ads the domain name. The API to Fly has worked so well we barely ever have to tinker with DNS settings! lol

1 Like

Ok I think once you delete that TXT record, it’ll work.

Another option for those who don’t want to give out IP addresses is to use Route 53 name servers for customers. Have the customer add your name servers and then manage A/AAAA records from there.

If name servers and higher end DNS management sound interesting to you for this kind of thing … post about it here. We have a bunch of plumbing built for managing DNS (and even domain registrations) for your customers.

For my project, automated DNS failover is really big. If Fly could do that as well I would migrate to Fly.

Hey @jerome

Can you help me with this? I didnt know it’s used for

Which DNS entry I need to create and how to validate these certificates?

Please help me

1 Like

It looks like they’re already valid? You should be good in terms of certificates.

@jerome what does this mean?

What I’m expected to do with this? I’m asking because the wording used here is rather confusing and I’m not sure what to do next…

You need to create a CNAME with the name on the left (can’t see the entire thing in the screenshot) and a value of inline-checkout.fly.dev.

What if I don’t have IPv6 service and no possibility of setting an AAAA record?

Usually you can create an AAAA record, even if you don’t have IPv6 service.

If you not, you can create a CNAME pointing *.our-platform.com to <app>.fly.dev. It’s theoretically slower for DNS lookups, but it handles all the AAAA lookups for you.

I created one:

  1. Does this mean that app user at this point can create CNAME mapping checkout.user.com to user.inlinecheckout.com so they get custom branded/whitelabel subdomain they can access?

  2. Now, even though I created the cert, it still shows “not verified”, why is that?

That inline-checkout app hasn’t been deployed yet. Once you deploy your app there, it’ll show as verified.

Is there a way for us to only use DNS somehow without having/managing any apps?

All we need is that users get a custom subdomain functionality.

So no reverse proxy app is a possibility as we already use GCP load balancer in front of Kubernetes deployments and having another layer in front of that infrastructure is completely redundant.

On other PHP project I worked on, users are able to map (CNAME) their own subdomains to *.shw.io hostname you guys provide and be able to visit that subdomain with our own app on it.

How is that approach done?

I don’t want to have any appss deployed on Fly, we already have the entire infra.

There’s unfortunately no way to do TLS for your customers without either running the app on Fly, or running a reverse proxy on Fly. You can deploy a simple nginx configuration that points to your GCP load balance if you’d prefer not to host your app on Fly: Run an NGINX proxy on Fly · Fly

The old shw.io domain was a custom reverse proxy. Individual nginx instances are more reliable, but a little harder to setup.

Would that reversed proxy serve only user.inlinecheckout.com or the entire domain inlinecheckout.com?

If you only point *.inlinecheckout.com at it, it will just handle subdomains like user.inlinecheckout.com. inlinecheckout.com can keep running directly against your load balancer.

Hey Kurt, here are updates:

1. I built Nginx Docker image as per your docs instructions and deployed it to Fly via CLI.
This below is my current nginx.conf I thought will do the trick:

server {
  listen 80;
  listen [::]:80;

  server_name whitelabel.inlinecheckout.com;

  location / {
      proxy_pass https://payments-staging.inlinecheckout.com/;
      proxy_set_header X-Forwarded-Host $http_host;
  }
}

2. I created cert and allocated 2 fresh IPv4 & IPv6 IP’s for it. It’s verified and seems it’s working.

Now, when I try visiting whitelabel.inlinecheckout.com, I get the:

a) Browser error:

b) curl output:


And my app logs show this:

c) fly logs output:

2021-02-22T19:07:11.705Z 964e4a57 lhr [info] 2021/02/22 19:07:11 [warn] 537#537: *418 upstream server temporarily disabled while SSL handshaking to upstream, client:

185.40.232.122, server: whitelabel.inlinecheckout.com, request: “GET / HTTP/1.1”, upstream: “https://172.67.73.174:443/”, host: “whitelabel.inlinecheckout.com
2021-02-22T19:07:11.734Z 964e4a57 lhr [info] 2021/02/22 19:07:11 [error] 537#537: *418 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client:

185.40.232.122, server: whitelabel.inlinecheckout.com, request: “GET / HTTP/1.1”, upstream: “https://104.26.14.148:443/”, host: “whitelabel.inlinecheckout.com
2021-02-22T19:07:11.738Z 964e4a57 lhr [info] 2021/02/22 19:07:11 [warn] 537#537: *418 upstream server temporarily disabled while SSL handshaking to upstream, client:

185.40.232.122, server: whitelabel.inlinecheckout.com, request: “GET / HTTP/1.1”, upstream: “https://104.26.14.148:443/”, host: “whitelabel.inlinecheckout.com
2021-02-22T19:07:11.739Z 964e4a57 lhr [info] 185.40.232.122 - - [22/Feb/2021:19:07:11 +0000] “GET / HTTP/1.1” 502 157 “-” “curl/7.75.0” “62.240.24.108, 213.188.195.153”

3 questions:

  • This likely has something to do with Cloudflare, how do I configure it so there are no SSL handshake errors?

  • Do I do something wrong in my nginx.conf and proxy_pass directive?

  • If above get fixed and there are no errors, will my users be able to create CNAME in their domain DNS and map their checkout.example.com subdomain to my whitelabel.inlinecheckout.com subdomain to be able to open white-labeled application?

Thanks in advance!