Cloudflare bare domain configuration
Hi folks,
Have struggled to get my bare domain and www. working with Cloudflare, have read the Railway docs, and Cloudflare ones, and have tried many different settings, have ended up giving up, and now I'm here.
Here are the latest steps I've followed, could you please tell me where I'm going wrong?
1. In Railway: add a custom domain for
mydomain.com
2. In Cloudflare: add a CNAME for Name = @
, target = <host>.up.railway.app
-> the name of this DNS record automatically changes to mydomain.com
3. In Railway: add a custom domain for www.mydomain.com
4. In Cloudflare: add a CNAME for Name = www
, target = <other_host>.up.railway.app
After these steps, I can see Cloudflare proxy detected
on both custom domains in Railway.
Both my CNAME records are Proxied on Cloudflare.
When I do this, the www. version works, the bare domain doesn't (I get 'this site can't be reached' in the browser).
I've tried changing SSL/TLS mode from Full to Flexible in Cloudflare, still doesn't work. I've tried disabling Universal SSL
/re-enabling, same thing.
I only have one other DNS record, which is a TXT to auth with another service.
Any help appreciated!
Project ID: c18400df-5dee-4fe7-bc56-a98db8d475bdSolution:Jump to solution
I had to
1. create a custom domain in railway for my bare domain
2. create a CNAME for bare domain, pointing to the railway host
3. create a CNAME for www pointing to @
4. enable Universal SSL...
57 Replies
Project ID:
c18400df-5dee-4fe7-bc56-a98db8d475bd
(FYI, I've just gone through this again while writing this, and now the bare domain works and the www. doesn't π )
If you want both to work like that then you'll need to add two custom domains, a
www.mydomain.com
one and a mydomain.com
one
Although my recommendation would be to choose one of them and then have the other redirect to your chosen one, this keeps things more consistentI have two custom domains
I'd be happy to do the redirect - I have tried that in Cloudflare using a Redirect Rule - I think I must have done that wrong, as it didn't work
Oh I see now, sorry I misread π
Based on how you set it up, it should work π€
Quick side note here:
I've tried changing SSL/TLS mode from Full to Flexible in Cloudflare, still doesn't workSSL/TLS mode should always be on full when on Railway
Full strict, or just Full?
Just
Full
is finecool
if you're doing the redirect, is the best thing to set up a custom domain for the bare, or for www., domain in railway?
that's completely up to you, personally I like it when websites don't use
www
but that's just personal preference π€£and you set up the redirect in Cloudflare using a Redirect Rule?
also, should
Universal SSL
be on?I believe so, although I'm not very experienced with Cloudflare so I can't really help a lot in that context
No, that should be turned off
ok, so I've just:
1. Removed my custom domains
2. Added mydomain.com (the bare url)
3. Added a CNAME for
@
and <host>.up.railway.app
to Cloudflare
4. Disabled Universal SSL
and now none (www.mydomain.com, http://mydomain.com, https://mydomain.com and https://www.mydomain.com) of my urls are workingWould you mind sharing the domain you're using?
DMd
Seems the cause is a
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
, usually these resolve themselves and are usually caused by SSL cacheinteresting - when I do:
and
who do you own the domain with?
bought on GoDaddy, DNS transfer to Cloudflare
I've just reenabled Universal SSL and my bare domain url works again
Easiest thing is to point your bare domain at railway, and point
www
at your bare domain:hmm the plot thickens, this is something I haven't tried
back in 5 mins
If that doesn't work, you can also redirect www to your bare domain: https://developers.cloudflare.com/pages/how-to/www-redirect/
Cloudflare Docs
Redirecting www to domain apex Β· Cloudflare Pages docs
Learn how to redirect a www subdomain to your apex domain (example.com).
this doesn't seem to work for me: bare domain does, www. doesn't
trying second suggestion, thank you Dane
I just set one up, had to point the www domain at the bare domain, and add the bulk redirect.
The DNS record on the www just allows Cloudflare to listen on www (they are pointing it to a dummy IP), using a CNAME record pointing to the bare domain works as well.
it works!!
Dane, thank you, you are a hero
I think that's the cleanest solution as you are also telling google not to index the www because of the 301 redirect
thank you so much; I really appreciate your help
can you DM your domain?
nvm i can grab it from your service
yeah it's there
show me your dns in cloudflare?
DMd
ssl tls mode set to full?
ah man I've just deployed and I now get a 404
annnd it's back
SSL/TSL = Full, Universal is off
Universal SSL should be on (unless you have an advanced certificate). The hosts on your universal ssl should be
*.example.com, example.com
to include www.
SSL = Full
The connection from Cloudflare to Railway is over SSL, so you need SSL = Full.
Full (strict) is only when you are using a cloudflare origin cert on Railway (can be done through a cloudflare warp tunnel)turning Universal SSL on stops my www. -> bare domain redirect working
(unless there's an amount of time I need to wait after enabling it)
There usually is a bit of a time delay. Do you have an advanced certificate as well, or just universal?
whatever is out of the box/free, I guess universal?
ok, so you would need to have universal enabled as that is the only certificate encrypting your connection between the browser and cloudflare.
Do you have the orange cloud turned on for your bare domain and www?
I only have one CNAME now, for @ (which replaces with mydomain.com) and yes, proxied/orange cloud is on
You probably need to add a cname for
www
pointing to @
as welldone: now, with www. I get "This site canβt be reached" / "DNS_PROBE_FINISHED_NXDOMAIN"
what's your domain?
DMd
You may just need to wait a bit
both www and bare domain are coming up fine for me
really
hmm
I've just flushed my DNS and looks like it's working for me too
it's always DNS
Glad it's working! DNS is a pain for sure, especially when you add on proxies and SSL rules
π
@Brody if it's useful, LMK if you'd like me to write up the steps I (Dane) just took to make this work, for this page: https://docs.railway.app/guides/public-networking
catch me up, what was the final nail in the coffin to make this work?
Solution
I had to
1. create a custom domain in railway for my bare domain
2. create a CNAME for bare domain, pointing to the railway host
3. create a CNAME for www pointing to @
4. enable Universal SSL
5. create a bulk redirect pointing www. to bare domain
going to check out for now and hope nothing breaks - thanks again Dane
i would love a pr to add that to the docs
Yeah I can do that, whereβs the repo?
scroll down
@Brody have submitted PR
awesome, I will look at that
merged, thanks again!