@kurt Awesome! Thanks! I forgot NameCheap automatically ads the domain name. The API to Fly has worked so well we barely ever have to tinker with DNS settings! lol
Another option for those who don’t want to give out IP addresses is to use Route 53 name servers for customers. Have the customer add your name servers and then manage A/AAAA records from there.
If name servers and higher end DNS management sound interesting to you for this kind of thing … post about it here. We have a bunch of plumbing built for managing DNS (and even domain registrations) for your customers.
Usually you can create an AAAA record, even if you don’t have IPv6 service.
If you not, you can create a CNAME pointing *.our-platform.com to <app>.fly.dev. It’s theoretically slower for DNS lookups, but it handles all the AAAA lookups for you.
Does this mean that app user at this point can create CNAME mapping checkout.user.com to user.inlinecheckout.com so they get custom branded/whitelabel subdomain they can access?
Now, even though I created the cert, it still shows “not verified”, why is that?
Is there a way for us to only use DNS somehow without having/managing any apps?
All we need is that users get a custom subdomain functionality.
So no reverse proxy app is a possibility as we already use GCP load balancer in front of Kubernetes deployments and having another layer in front of that infrastructure is completely redundant.
On other PHP project I worked on, users are able to map (CNAME) their own subdomains to *.shw.io hostname you guys provide and be able to visit that subdomain with our own app on it.
How is that approach done?
I don’t want to have any appss deployed on Fly, we already have the entire infra.
There’s unfortunately no way to do TLS for your customers without either running the app on Fly, or running a reverse proxy on Fly. You can deploy a simple nginx configuration that points to your GCP load balance if you’d prefer not to host your app on Fly: Run an NGINX proxy on Fly · Fly
The old shw.io domain was a custom reverse proxy. Individual nginx instances are more reliable, but a little harder to setup.
If you only point *.inlinecheckout.com at it, it will just handle subdomains like user.inlinecheckout.com. inlinecheckout.com can keep running directly against your load balancer.
1. I built Nginx Docker image as per your docs instructions and deployed it to Fly via CLI.
This below is my current nginx.conf I thought will do the trick:
This likely has something to do with Cloudflare, how do I configure it so there are no SSL handshake errors?
Do I do something wrong in my nginx.conf and proxy_pass directive?
If above get fixed and there are no errors, will my users be able to create CNAME in their domain DNS and map their checkout.example.com subdomain to my whitelabel.inlinecheckout.com subdomain to be able to open white-labeled application?