Skip to main content

Wildcard Domains

It is possible to set up custom wildcard domains (i.e. *.example.com) so that you do not need to set up a new DNS record for each domain. Before setting this up, make sure you are using a DNS provider which supports wildcard domains. For AWS, you will need a DNS provider that supports wildcard domains for CNAME records, while for Digital Ocean/Google Cloud Platform, you will need a DNS provider that supports wildcard domains for A records.

There are two options for setting up wildcard domains:

  • Separate certificate per domain: in this setup, a single wildcard DNS record is used, but each domain creates a new certificate. This is the recommended setup if you are not frequently creating subdomains.
  • Wildcard certificate: all domains share a single wildcard certificate. This is recommended if you're managing a large number of domains, or you'd like to capture a set of wildcard domains for a single application.
info

Note that wildcard certificates are only supported on Digital Ocean at the moment, but it is possible to set them up manually through AWS/GCP. If you'd like instructions for manual setup, please reach out on Discord or over email.

Separate Certificates per Domain

To set up the wildcard DNS record, create either an A record or CNAME record for the wildcard domain. If you're on GCP/Digital Ocean, create an A record; if you're on AWS, create a CNAME record. Make sure DNS has propagated before moving to the next step.

info

It might take up to 30 minutes for DNS records to fully propagate. Please wait before deploying your applications until the DNS propagation is complete. You can check this using tools like dnschecker.org or running nslookup <your-domain>.

Once you've created this record, simply deploy an application that falls under that wildcard domain:

Custom Domain Deployment

Wildcard Certificates

Digital Ocean

Prerequisites
  • From your DNS provider, point the nameservers of your domain to Digital Ocean. You can find provider specific ways to do this here.
  • Create a personal access token on Digital Ocean. Visit this direct link to create a token. If this doesn't work, see this documentation.
  1. Once the nameservers of your domain have been swapped out, create an A record for your wildcard domain. Make sure that the A record you create points at the load balancer attached to the Kubernetes cluster provisioned through Porter.

  2. Once DNS propagation is complete, deploy the HTTPS Issuer template to the cert-manager namespace from the Porter Dashboard.

HTTPS issuer deployment

  1. Enter the email you'd like to receive any updates about the certificate that will be issued (e.g. expiry date). Enable the wildcard domain, copy your personal access token and input the wildcard domain you have made the A record for in step 1. Then hit the Deploy button.

Deploy HTTPS issuer

It might take a few minutes for the HTTPS Issuer instance to be ready. To be safe, wait 5~10 minutes before you start creating deployments that use the wildcard domain.

Using the wildcard domain

  1. From the Web Service view, click Enable Custom Domains. Put in the name of the domain you'd like to expose your web service on and make sure it matches the wildcard domain you have configured in the previous section. Then toggle the Use wildcard domain option.

Wildcard domain option

After you hit deploy, it might take a few minutes for the endpoint to be secured with HTTPS. Once that's done, you will be able to access endpoints on the domain you have specified.

With wildcard domain enabled, you can create deployments and expose them on domains without having to create another DNS record, as long as the domain matches the wildcard domain.