Wildcard Domains
It is possible to set up custom wildcard domains (i.e. *.example.com
) so that you do not need to set up a new DNS record for each domain. Before setting this up, make sure you are using a DNS provider which supports wildcard domains. For AWS, you will need a DNS provider that supports wildcard domains for CNAME
records, while for Digital Ocean/Google Cloud Platform, you will need a DNS provider that supports wildcard domains for A
records.
There are two options for setting up wildcard domains:
- Separate certificate per domain: in this setup, a single wildcard DNS record is used, but each domain creates a new certificate. This is the recommended setup if you are not frequently creating subdomains.
- Wildcard certificate: all domains share a single wildcard certificate. This is recommended if you’re managing a large number of domains, or you’d like to capture a set of wildcard domains for a single application.
Separate Certificates per Domain
To set up the wildcard DNS record, create either an A
record or CNAME
record for the wildcard domain. If you’re on GCP/Digital Ocean, create an A
record; if you’re on AWS, create a CNAME
record. Make sure DNS has propagated before moving to the next step.
nslookup <your-domain>
.Once you’ve created this record, simply deploy an application that falls under that wildcard domain:
Wildcard Certificates
Digital Ocean
Prerequisites
- From your DNS provider, point the nameservers of your domain to Digital Ocean. You can find provider specific ways to do this here.
- Create a personal access token on Digital Ocean. Visit this direct link to create a token. If this doesn’t work, see this documentation.
- Once the nameservers of your domain have been swapped out, create an A record for your wildcard domain. Make sure that the A record you create points at the load balancer attached to the Kubernetes cluster provisioned through Porter.
- Once DNS propagation is complete, deploy the HTTPS Issuer template to the
cert-manager
namespace from the Porter Dashboard.
- Enter the email you’d like to receive any updates about the certificate that will be issued (e.g. expiry date). Enable the wildcard domain, copy your personal access token and input the wildcard domain you have made the A record for in step 1. Then hit the Deploy button.
It might take a few minutes for the HTTPS Issuer instance to be ready. To be safe, wait 5~10 minutes before you start creating deployments that use the wildcard domain.
Using the wildcard domain
- From the Web Service view, click Enable Custom Domains. Put in the name of the domain you’d like to expose your web service on and make sure it matches the wildcard domain you have configured in the previous section. Then toggle the Use wildcard domain option.
After you hit deploy, it might take a few minutes for the endpoint to be secured with HTTPS. Once that’s done, you will be able to access endpoints on the domain you have specified.
With wildcard domain enabled, you can create deployments and expose them on domains without having to create another DNS record, as long as the domain matches the wildcard domain.