Fix 1014 CNAME Cross-User Banned with Cloudflare for SaaS
Hello Cloudflare Community!
We need your help and hints on solving our case. The initial conditions are:
* Two Cloudflare accounts:
* Account A: has our main domain and a lot of stuff is already served on this domain (let’s call it siteA.com)
* Account B: here is another project hosted, which we can’t move to account A, meaning we don’t wanna move it to another github org. (let’s call it project.com)
* The project.com has multiple deployments: production, staging and another, which serves it’s content into subdirectory:
* Production: prod.project.com
* Staging: staging.project.com
* Subdirectory: subdir.project.com/subdir
We want to have the setup where subdomains will serve content from another account project:
* project-prod.siteA.com -> prod.project.com
* project-staging.siteA.com -> staging.project.com
* project-subdir.siteA.com/subdir -> subdir.project.com/subdir
Trying to set up this with CNAME’s causes 1014 CF Error. After reaching the support, asking to allow pointing to our another account we got the response to use Cloudflare for SaaS. But there is only one Fallback Origin which we can set. Are we missing something? Is there a way to set up this like we want?
P.S.: Please, let me know if this message should go to another place.
10 Replies
Yeah you can only have 1 Fallback Origin exept for Business plan
Thanks for the reply! Do you mean we can have multiple in Business plan? Are there any limits? I need multiple fallback origins for multiple apps
@Community Champion please, any advices.
Don't ping community champions for support requests.
@zegevlier sorry 🤝
You're talking about Cloudflare Pages, right?
If so, the answer is CF Pages itself uses Cf for SaaS under the hood, so you can't just double cf for saas on top of cf for saas, you should just add your main domain directly via Pages Custom Domain tab, and I think you could still use those specific branch records as long as it's also using Cf DNS: https://developers.cloudflare.com/pages/how-to/custom-branch-aliases/
@Chaika Grateful for your reply!
Correct, it's about CF Pages. I did this approach just now, it does not work(. When I setup custom domains for each branch (add a custom domain for each branch + set CNAME's on main account for that domains) every subdomain gets the production version. If I set a CNAME's within the account where the site is and then try to reach with a new set of CNAME's on main account I get 1014 (if proxy is on), turning off proxy leads to 522 Connection time out.
And I just wonder why the support recommended to use SaaS if it is already there.
hmm yea makes sense. Is there any reason why your staging and dev has to be on your main domain? I would understand having prod there, but the other ones I think would matter less.
If you really need it, your only approach left is to use a Worker to proxy the pages site. Your worker would be your Fallback Origin (https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/), and it would take the path + query and fetch the pages.dev. You could use the incoming hostname/url to route conditionally to the different environments
@Chaika we are using staging as a preview for Content Editors (meaning there live a draft versions of content) and we want those to be under the main domain as well.
So, if I understood correct, you suggest to use a worker as a fallback origin and inside the worker decide from where I want to pull the page based on the request subdomain?
yep, you can use a simple worker like this:
I would try to avoid doing it for prod/anything you don't have to, as you will pay for each request as it is a worker invocation (which is pretty cheap, but not cheaper then free)
@Chaika Cool, thank you very much, I was looking for any solution for a long time. I'm going to try that out tomorrow. Thanks again, appreciate your help!