So, I've been reading quite some content about this. The latest one being here, and the heroku doc.
At the end, nobody answers the question clearly:
Is it possible to have http://nakeddomain.com aiming at a heroku app?
Here's what I know:
It is easy to redirect http://nakeddomain.com to http://www.nakeddomain.com to CNAME http://myapp.herokuapp.com : I don't want to do that
It is sometimes possible to ANAME (or ALIAS, or CNAME depending on the DNS provider vocabulary) apex name to another record. But in that case, all records are CNAMEd or ANAMEd (even the MX for mail delivery) which makes mail#nakeddomain.com unroutable as redirected to heroku app which certainly doesn't handle it by default.
So I'm going to reformulate
Is it possible to have http://nakeddomain.com aiming at a heroku app while using mails#nakeddomain.com?
How? Which services to use?
How much does it costs if there are extras to pay?
Should I stick on CNAMing apex name and move the mailer to another service (Google Apps, or Sendgrid as some suggest in Stackoverflow) or is it making it worse?
Subsidary questions:
Been reading Cloudflare is quite nice. How does it help me?
We are using 1and1 as a DNS provider currently? Does it make it easier/harder anyhow?
Been also reading DNSimple allows more features than other DNS providers. Which one?
Since we send automatic mails from our app, SPAM filtering is also a concern from mails#nakeddomain.com, if that has to do with the required configuration.
Thanks for support
Apex domains have no impact on using the naked domain for emails - completely different types of record. I have domains using DNSimple CNAMEs and the same domain for email. One is a cname, the other is an MX reocrd.
I would suggest using DNSimple or the cheaper option DNS made easy - both support ALIAS records, with the $30 a year plan you get 10 domains. I typically using one or the other and Google Apps for email which works just fine. For applications to send email I use Sendgrid.
CloudFlare is a caching layer. To use them you have to move your DNS to them.
You can use 1&1 as your registrar but you then use one of the previously mentioned to host the DNS - they have far superior services. Both provide CNAME but also redirection at DNS level so you can have www.domain.com redirected to domain.com at DNS level and not in your application. If you use Sendgrid for sending emails I'm sure they have a SPF record you can put on your domain to help keep emails out of spam folders.
EDIT:
Cloudflare seems to be the good solution for me: brings CDN and naked domain through changing DNS servers to their own and they have a free plan.
I'm going to answer point by point to explain what I've done:
Is it possible to have http://nakeddomain.com aiming at a heroku app while using mails#nakeddomain.com?
Yes
How? Which services to use?
Only using DNSimple or DNS made easy, as they handle ALIAS/ANAME records.
How much does it costs if there are extras to pay?
Cheapest is DNS made easy with $30/year
Should I stick on CNAMing apex name and move the mailer to another service (Google Apps, or Sendgrid as some suggest in Stackoverflow) or is it making it worse?
Haven't explored this option much, but if your domain provider has decent mail services, no reason to move out of it. It probably costs more money for this service...
Subsidary questions:
Been reading Cloudflare is quite nice. How does it help me?
Finally did not end up using it...
We are using 1and1 as a DNS provider currently? Does it make it easier/harder anyhow?
1and1 doesn't have ALIAS/ANAME records. So I had to use extra service (DNS made easy in my case), they give you a list of dns hosts that need to be replaced in the 1and1 interface and then it takes care of the rest.
Careful: For beginners reading this, updating these entries won't assign changes all over the web at once as DNS is based a lot on caching. You need to take this in account when doing changes, if you have production services. You could end up with weird behaviors between like infinite redirects, cdn not properly redirecting, or OAuth redirects broken for a while ...
Been also reading DNSimple allows more features than other DNS providers. Which one?
More customization is possible with DNS made easy. Interface will be more user-friendly also.
Eg. 301 redirects instead of 302 for 1and1, PTR records and other newest DNS records
Since we send automatic mails from our app, SPAM filtering is also a concern from mails#nakeddomain.com, if that has to do with the required configuration.
I read PTR records were good to prevent SPAM, but as far as I understood, it doesn't make sense when using heroku because the whole point of this record is to aim IP-Address to nakeddomain.com which is not possible as heroku doesn't provide fixed IP-addresses.
Hope it helps.
Related
I have a CNAME record for www.example.com with value of www.example.com.herokudns.com, and also for example.com with the value of example.com.herokudns.com.
The problem is that I do not know how to make MX records for a mail server on my domain provider server without losing the above functionality.
If I try to create MX records, the domain provider server complains that CNAME exists for example.com and I must remove it. If I remove it and create records for MX as instructed by mail server provider, the mail starts working but browsing to example.com is not possible. Only www.example.com continues to work.
How I could solve this? I tried to google and read about CNAME similar questions here, but can't find any solution.
This is a direct incompatibility with DNS based PaaS like Heroku which doesn't have a single static IP endpoint, and the nature of DNS. You do have options, but you need to assess how each one compliments or counters the very reason you chose an integrated platform like Heroku in the first place. Fortunately, there does look like there's some simple and effective solutions, depending on your exact configuration and providers:
The long and short of it is:
It's not standard to CNAME the apex '#'
See here, here, and here for more details.
Heroku explain that you need to use a DNS provider that supports CNAME functionality at the apex, or use sub-domains exclusively
See https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain
There's a good write-up on this specific topic here:
Heroku and Root (aka “apex” or “naked”) Domains
At face value, the PointDNS addon looks dead simple:
heroku domains:add example-domain.com
NOTE: I've never tried PointDNS and have no opinion of them at all. The suggestion is merely a copy/paste from a heroku article based on simplicity.
I have an application running on example.herokuapp.com. No subdomains, no HTTPS, just a basic, read-only application. I also bought my domain name example.com from name.com. How do I link my domain name to the Heroku app?
I found these two questions, but I can't understand them, don't have any idea what DNS, CNAME, A records etc. are..
How to configure DNS records for Name.com and a Heroku app
How to connect my domain bought on name.com with my herokuapp?
I would appreciate a dummy-friendly explanation on how to setup my domain name with my Heroku app.
From this page I understand (guess) I need to use an additional service such as DNSimple or CloudFlare, is this correct? I tried CloudFlare but there is an additional problem that my domain is already linked to 000webhost.com (which I want to remove) via name.com. Anyways, please just tell me what do I need to have in the end :) Also I prefer to use only the free plans, if possible.
Thanks in advance
I am desperately trying to connect my domain to something.parseapp.com. I have tried a few settings but none of them works. My settings are in the following picture.
I search around and find a solution for you here: http://blog.kchandrahasa.com/blog/2013/07/09/crazydomains-crazy-issues/
Below is a summary with my own experience, just in case the link is dead in future.
In order to change CNAME records in Crazy Domains, you have to pay for it. For a cheaper solution, you can change the nameservers of your domain to other free DNS management services like:
cloudns.net
freedns.afraid.org
CloudFlare
I suggest you to use CloudFlare since it's more powerful and support many features. Proceed as below:
Create an account in Cloudflare
Once you login, you will have to add your domain name.
It will scan your DNS settings.
After it finishes scanning, proceed with "I'm done entering my DNS records".
Take note of the 2 nameservers Cloudflare provides you at this step.
Now come back to Crazy Domains, login to your account.
Click on Domains and click Update Name Servers under DNS settings.
Delete the existing crazy domains name servers and enter the two nameservers given by Cloudflare. It will take up to 24 hours, but in my experience it will be just some hours.
Now come back at CloudFlare and enter your CNAME as instructed by Parse.
We have a hosted website that uses Cloudflare to improve website speed performance and load times. As such, the DNS details for the site currently include:
-MX records leading to the hosting provider for emails.
-CNAME record for the hostname to be routed via Cloudflare for website performance
We recently decided that we wished to move our email mailboxes from the hosting provider to Microsoft Exchange. However, Microsoft has advised that as part of the migration process, we need to create a CNAME record in CloudFlare to allow for autoconfiguration of Microsoft Outlook to pickup mailbox settings associated with the hostname. However, CloudFlare only allows for 1 CNAME to exist which is currently used to route website traffic via CloudFlare.
Question: I don't want to get rid of CloudFlare services by changing the CNAME record to point to Microsoft's outlook configuration address for Exchange. Is there anyway that I can create an additional CNAME record? I came across CNAME flattening but i'm not sure if it would be applicable in this scenario or what the steps would be to implement it. This surely can't be the first time someone has wanted to have their website traffic routed via Cloudflare but their hostname also to be used for Microsoft Exchange email.
I'm hoping there is some creating way around it, even if it's creating a subdomain (e.g. traffic.domain.com) which one CNAME can route web traffic to CloudFlare to while another subdomain (mail.domain.com) has a CNAME to route to Microsoft's outlook autoconfig.
Any help or advice would be appreciated.
Please open a support ticket and we can assist. If we are managing your DNS fully, there is no limitation to the number of CNAMES in settings. You should still be able to put a CNAME in your DNS settings pointing to Microsoft.
I am developing an app (RoR + Heroku) which allows users create their own websites either using my subdomain (pagename.myapp.com) or using their own domain (pagename.com).
An important point of this is that this option is the key of my business: subdomains are the free plans and custom domains are the paid ones. So I have a table where I store the custom domains of each user and check if this page is active (exists and has paid the quota).
For that I need to give users the capability of point their domain to my servers. All we know that Heroku don't recommend the use of DNS A-Records.
Also I would like to abstract as much as possible this feature to being able to switch my infrastructure (Heroku to AWS) in the future without having to ask all my users to change their DNS Zone. Taking this into account, I think that the best option would be run something like an EC2 proxy (using AWS Elastic IP) which give me the ownership of this IP. This proxy I think that should redirect to proxy.myapp.com, and I would resolve the request in the app level.
Due to I didn't find clear information about that, I am not sure if this hypotesis is the best solution and how to setup the proxy (which type of proxy use? Nginx maybe?).
Said that, I would like to ask recommendations/best practices to solve this "common" feature.
Thanks
What you are wanting to do is fairly straight forward to implement. Your assumptions are correct about setting up the proxy. Nginx or haproxy will both work great for this (I personally would use haproxy). Here are some of the gotchas that you will run into though:
Changing the host header at a proxy server can cause the end web application to generate incorrect links. You can use relative paths to fix this, but it requires that the web application developer to be aware of the environment that they are running in.
user connects to www.example.com (proxy server)
proxy server connects to www.realdomain.com (web app)
the web app has a link for a shopping cart. www.realdomain.com/shoppingcart
the end user clicks on the link but the link is www.realdomain.com/shoppingcart instead of www.example.com/shoppingcart
The cost of the host acting as the proxy server. This can spiral out of control really quickly. For example, do you want redundancy, if so how are you planning on implementing that? Do you plan on having ssl termination? If so you will have to increase the CPU count to accommodate the additional load. Do you want to have a secure connection to heroku from your proxy? If you do then you will need to increase the CPU count for that as well. You may have to add additional ram as well depending on the number of concurrent connections.
Heroku also changes their load balancers regularly. This is important because your proxy service will need to reload the config / update the ip addresses of the heroku instances every 60 seconds. In my experience they may change once or twice a day, but the DNS entry that they use has a 60 second TTL. That means that you should make sure that you are capable of updating your config up to every 60 seconds.
My company has been doing something very similar to this for almost a year now. We use haproxy and simply have it reload the config regularly. We have never had an outage or an interruption to our end users. Nginx is also a very good product. It has built in DNS caching so if you go that route you will need to make sure that you configure it correctly so that the DNS cache TTL is 60 seconds.
Will many of your clients want to use your app on their domain apex? E.g. example.com rather than theapp.example.cpm? If not, I would recommend having them CNAME to proxy.myapp.com which CNAMEs to myapp.herokuapp.com. Then, you can update proxy.myapp.com without customer interruption.
If you do need apex or A record support, you would want to set up Nginx as a reverse proxy for your Heroku app. Keep in mind that if you need HTTPS support for client domains, you will need to do some sort of certificate management on your proxy.
I like the answer dtorgo gave and that he mentioned the TLS termination, which many online tutorials on custom domains don't touch at all.
I'll go into more detail on how to implement the custom domains feature for your SaaS while also handling the TLS/HTTPS.
If your customers just CNAME to your domain or create the A record to your IP and you don't handle TLS termination for these custom domains, your app will not support HTTPS, and without it, your app won't work in modern browsers on these custom domains.
You need to set up a TLS termination reverse proxy in front of your webserver. This proxy can be run on a separate machine but you can run it on the same machine as the webserver.
CNAME vs A record
If your customers want to have your app on their subdomain, e.g. app.customer.com they can create a CNAME app.customer.com pointing to your proxy.
If they want to have your app on their root domain, e.g. customer.com then they'll have to create an A record on customer.com pointing to your proxy's IP. Make sure this IP doesn't change, ever!
How to handle TLS termination?
To make TLS termination work, you'll have to issue TLS certificates for these custom domains. You can use Let's Encrypt for that. Your proxy will see the Host header of the incoming request, e.g. app.customer1.com or customer2.com etc., and then it will decide which TLS certificate to use by checking the SNI.
The proxy can be set up to automatically issue and renew certificates for these custom domains. On the first request from a new custom domain, the proxy will see it doesn't have the appropriate certificate. It will ask Let's Encrypt for a new certificate. Let's Encrypt will first issue a challenge to see if you manage the domain, and since the customer already created a CNAME or A record pointing to your proxy, that tells Let's Encrypt you indeed manage the domain, and it will let you issue a certificate for it.
To issue and renew certificates automatically, I'd recommend using Caddyserver, greenlock.js, OpenResty (Nginx).
tl;dr on what happens here;
Caddyserver listens on 443 and 80, it receives requests, issues, and renews certificates automatically, proxies traffic to your backend.
How to handle it on my backend
Your proxy is terminating TLS and proxying requests to your backend. However, your backend doesn't know who is the original customer behind the request. This is why you need to tell your proxy to include additional headers in proxied requests to identify the customer. Just add X-Serve-For: app.customer.com or X-Serve-For: customer2.com or whatever the Host header is of the original request.
Now when you receive the proxied request on the backend, you can read this custom header and you know who is the customer behind the request. You can implement your logic based on that, show data belonging to this customer, etc.
More
Put a load balancer in front of your fleet of proxies for higher availability. You'll also have to use distributed storage for certificates and Let's Encrypt challenges. Use AWS ECS or EBS for automated recovery if something fails, otherwise, you may be waking up in the middle of the night restarting machines, or your proxy manually.
If you need more detail you can DM me on Twitter #dragocrnjac