Is it possible to register all subdomains?
I want to register all subdomains below .studioProject.h-and-c.co.uk
103 Replies
What do you mean by register?
like, show a page on all of them
You can use wildcard records: https://blog.cloudflare.com/wildcard-proxy-for-everyone/
But keep in mind, the free universal ssl certificate only covers first level subdomains. That is, if your domain is
h-and-c.co.uk, it would cover
*.h-and-c.co.uk, but not *.studioProject.h-and-c.co.uk. You'd have to buy Advanced Certificate Manager (ACM - $10 USD/month) and issue another wildcard cert from it
(That is, if you want to take advantage of Cloudflare's CDN/reverse proxy. If you don't, you can use unproxied wildcard records and not need a cert covering it in Cloudflare, your origin would still need a valid cert for it though)ok
i'm using dns only and for some reason, hi.hello.h-and-c.co.uk says that the domain doesn't exist but i have created a wildcard dns certificate for *.*.studioProject.h-and-c.co.uk
you can't have two wildcards, only one, and it has to be leftmost
check the blog I linked above, it explains most of the rules/limits around it
how do i do that then?
If you create one for .studioProject.h-and-c.co.uk, hi.hello.studioProject.h-and-c.co.uk would be covered
```
Wildcards are only supported on the first label. Meaning something like subdomain..mycoolwebpage.xyz is not a wildcard on the level of the asterisk character. If you create a DNS record with that name, the asterisk is interpreted as the literal character and not as the wildcard operator.
You cannot create wildcards on multiple levels. So if you create a DNS record on ..mycoolwebpage.xyz, only the first asterisk is interpreted as a wildcard while the second one is interpreted as the literal “*” character.
Wildcards will be applied for multiple levels. But a specific record on any equal or lower level will terminate anything on or below this specific record — independent of the type of that specific record. Here is an example. If you have only these two records on your domain
```
ok
i with the cloudflare dashboard would point that out as an error
still doesn't say it
hello.studioProject.h-and-c.co.uk now says 404 and hi.hello.studioProject.h-and-c.co.uk still doesn't exist
The 404 is going to be from your origin, not a cloudflare thing
i know that
what's the record you created exactly, just *.studioProject.h-and-c.co.uk?
*.studioproject on the dashboard
The recursion stops the second it hits anything that does exist. For example, if you have a record for
hello.studioproject, the wildcard will stop recursing, and not hit hi.hello.studioprojectok, these are all of the records for .studioproject
TXT
hi.hello.studioproject
A
*.studioproject
Right, so since you have a TXT Record for that, the A wildcard won't apply
you'd have to manually create the A record for that
but i need a txt or my hosting provider won't work
all of my A records go to the same ip if that helps
Should the txt record be wildcard, or does it have to be on hi.hello?
hi.hello
i removed the txt and it still doesn't work
Then if you want the same wildcard behavior on hi.hello, create another A record on hi.hello.studioproject with the same value, and then a second wildcard on *.hi.hello.studioproject with the same value, and it'll be like the txt record isn't therre
That's just cache
;; QUESTION SECTION:
;hi.hello.studioProject.h-and-c.co.uk. IN A
;; ANSWER SECTION:
hi.hello.studioProject.h-and-c.co.uk. 300 IN A redacted
tf?
You can use dig on Linux, i.e
dig hi.hello.studioProject.h-and-c.co.uk @aarav.ns.cloudflare.com querying your authoritive nameserver to test things without cache getting in the way, Cf's DNS propogation is pretty fast, like a few seconds world wide, ignoring cacheand u just exposed my hosting ip :P
well with dns-only it's always going to be exposed, but sure I can edit it out
i still don't get it
so, what do i put in the a record
This is the condition you are currently hitting that is confusing you
Wildcards will be applied for multiple levels. But a specific record on any equal or lower level will terminate anything on or below this specific record — independent of the type of that specific record.
so, what do i put in that
For what? what's your goal?
Maybe it's better to ask what specifically you are confused about
to get *.*.studioproject.h-and-c.co.uk working
You're fine with DNS-only right? and you want the TXT record on hi.hello.studioproject?
yes
i have it as dns only so that cf doesn't keep breaking things
because that's what it keeps doing as proxied
probably because your configuration doesn't support ssl/tls
anyway, you would want your records like this
The second wildcard there is only necessary if you want xxx.hi.hello.studioproject to work, as without it the TXT Record existing stops the normal wildcard from working on hi.hello and recursing any further
i don't want anything below hi.hello.studioproject.h-and-c.co.uk working but i might in the future so, i'll leave it there
it works, now how do i get security working on hi.hello.studioproject.h-and-c.co.uk
so that this disappears
You mean http/https? You'd have to get a certificate for it. Let's Encrypt and a few other providers offer free certificates via certbot, which can be automated to renew depending on your install/etc
ok, also, how do i get it to display the page at hello.wumpus-dev.repl.co on all wildcards that are not declared
Keep in mind wildcards with certificates only cover one level, it's just how they work. If you got a certificate that was for
*.studioproject.h-and-c.co.uk, it would only cover xx.studioproject.h-and-c.co.uk and not hi.hello.studioproject.h-and-c.co.uk. You can get a certificate that covers mutiple hostnames, known as Subject Alternative Names (SANs), i.e *.studioproject.h-and-c.co.uk and hi.hello.studioproject.h-and-c.co.uk, there's a limit on SANs though
That's going to depend on repl, if they even support wildcards or not. You could do something hacky eitherway with a simple VPS that proxies to repl and has wildcard certificates on iti don't get it
just how do i do it?
@chaika.me
how do you do what? Hook it up with repl? Go through their tutorial, it's their platform, they decide what goes, if they support wildcards or not, etc
just, look at repl.co and just try some subdomains on it, u'll get it
have u figured it out how i want it yet?
I don't have a repl account, and don't understand what you're saying, all I can do is refer you to their custom domain guide
https://docs.replit.com/hosting/custom-domains
Custom Domains | Replit Docs
Connecting your domain to your repl
do u get what i mean?
so, i want to display the page at https://hello.wumpus-dev.repl.co on all of the pages still wildcard OR the 404 page on h-and-c.co.uk
that's something you would need to configure at repl
how is it? it's on cloudflare's end
i can just display the 404 page on h-and-c.co.uk and it wouldn't be anything to do with replit then
Maybe I am misunderstanding what you are saying, you are saying you want to show a repl or a page on your apex, based on what condition?
ok, let me explain from scratch
so, i want to display the 404 page on h-and-c.co.uk on all of the wildcard pages (right now, everything except hi.hello.h-and-c.co.uk are wildcards for more context)
and then over time add specific records pointing to repls or something, like you have on hi.hello?
yes
i will use the cloudflare api from my web app to add the records for things like hi.hello
you can just change the wildcard to a cname to
h-and-c.co.uk, and if the Express server accepts those hostnames/supports that, it would just work. Then over time just add specific records for repls/other thingsok
let me try that
You wouldn't really be able to get it to work with https though, you'd need an infinite amount of certificates, you could get
*.studioproject.h-and-c.co.uk and that would cover all of the first level subdomains, but any other wouldn't be securecan you have numbers in the domain name?
so i could point it to like 404.h-and-c.co.uk?
yea, you mean a cname or something? Still, visiting test.random.studioproject wouldn't have a cert
i got it to use ssl
where u can add hostnames to use mTLS, i added *.studioproject
just doing some replit template stuff, brb
Client Certificates aren't edge certificates, they're certs a connecting client can present to Cloudflare and pass through security mechanisms
yes but it's dns only
yea so it would do nothing
hang on a sec, lemme just test it
just verifying it
right, now how do i fix this?
does it work on the actual domain you added and just not a random one?
If I had to guess, that's a response from Repl saying "we don't have a certificate for this"
yes, it does
it's not repl though
becuase it points to projectnotfound.studio.errors.h-and-c.co.uk
wait, i forgot to add a certificate for that
at least i get a response now
just need to do a few more things with replit
and, back to this
@chaika.me
you're trying to get repl to work wildcard? or otherwise, cname to it from a subdomain not added to repl directly?
on projectnotfound.studio.errors.h-and-c.co.uk (the thing that points to replit), it works but on the wildcards (the things that point to projectnotfound.studio.errors.h-and-c.co.uk), it sends that
yea usually products that support custom domains require each host that you want to work to be added to them invidiually
yeah but i don't know if replit supports wildcards
keep in mind a CNAME is just saying "look for the IP over here", there's no actual binding between a random wildcard subdomain you visit and projectnotfound.studio.errors.h-and-c.co.uk
The request replit gets is just with the host header/sni of hello.hi.studioproject, the cname is just dns level information
i don't know the ip of h-and-c.co.uk so i can't use an a record
even if you did it wouldn't matter, Repl is likely looking for a host header/sni match to serve the right certificate and content, otherwise what would they know to serve if the IP is shared
i'll try wildcards with replit
https wouldn't work anyway, if your visting hello.hi.studioproject, the only cert that would work for it is either direct match (hello.hi.studioproject) or a wildcard on the same level (*.hi.studioproject)
no, replit doesn't work with wildcards
how does repl.co do it then?
they have https on wildcards
they issued a wildcard just for wumpus-dev
yeah
ok
...
how do i issue a wildcard for every subdomain like that?
for every single possible one in existence? there is a limit because of dns being capped at I believe 256 characters, but realistically you can't. They're taking advantage, just like Cloudflare does with workers.dev addresses for example, of knowing a level and only needing one level wildcard
if each customer gets a repl.co wildcard subdomain, they're just issuing one per customer. Which can be done, with a bit of infrastructure and probably agreements to bypass rate limits, stuff like that
just, how do i do it, i don't understant it
so, if i just made the username limit for my site 50 chars, it would be every single possible one for 50 characters?
if each customer gets their own subdomain, yea you could issue one per customer as they sign up
yeah but replit does that for even non-existent usernames
I really doubt it
it does
if you change the url, you get the same ssl failure
https://hello.hi-dev.repl.co/
if an account doesn't exist
ok...
When you create an account, they issue a new certificate for you
ok
can u just give me the records for that?
to do what? issue certificates for each customerr?
yes
i can just use the cloudflare api to add the records
there's no easy dns records for that. You would need your own infrastructure capable of issuing and serving the certificates. You would hit Let's Encrypt rate limits as well, repl.co is on something called the Public Suffix List, in each browser, which is essentially "treat each subdomain as a full domain, for security and some certificate providers rate limiting purposes: https://publicsuffix.org/. If you wanted to issue certs for each customer you'd need to get on that list as well.
ok, i'll get on that list tommorow, can u just give me the records?
You would need to point at your own web servers that would be capable of serving the certificates you issue, or use some paid provider for it
they probably wouldn't approve you, not sure, it's not something you can just get on without a use case and some backing I believe
i have a use case
an ide, like codesandbox and stuff like that
Repl talks about how they created their own dns infrastructure for custom domains and such a bit here: https://blog.replit.com/dns
a good read, you'd have to automate a lot of stuff, not sure if there are really and off the shelf solutions for it
can i just do it the codesandbox way instead?
just something like hfd37dgs.studioproject.h-and-c.co.uk
yea with a single wildcard cert and record, you'd have to find a provider which works with that though or host it on your own vps/infra
how do i host it on my own infrastructure?
@chaika.me
When I say your own infrastructure, I mean running your own web server like nginx/services, on a virtual private server/dedicated server, or even just a container host like fly.io. Basically just doing the web server stuff yourself rather then using an existing provider, if you can't find any providers that offer out of the box solutions for what you want
i use express
is that good enough
nginx is just a hassle to set up with existing servers
and i have to pay for nginx???
yea, you'd just have to get a certificate (like via certbot/let's encrypt) configure Express to serve the cert, and then whatever code to handle the different hostnames serving different customer stuff. Nginx is just the gold standard of web servers, and free/open source. There is an enterprise version but you don't need it
issue: my nix env won't load with the certbot client