Make apex domains work with Cloudflare for SaaS’s custom hostnames feature

i have a domain where i brought its DNS over to cloudflare (by using cloudflare’s nameservers) that i also have setup as a custom hostname with Cloudflare for SaaS. when i create a CNAME for the www and point it at my CNAME target, everything works well (this is the specific hostname i am working on: https://www.photoactivemedia.com/). however, when i create a CNAME for @ and point that at the same CNAME target, i get a 530 (Error 1016 when the error page shows up: https://photoactivemedia.com/). i also tried creating a CNAME for the root to point it at the www version, but that didn’t work either. also, when i created a custom hostname for the apex domain in Cloudflare for SaaS, i got the error “custom hostname does not CNAME to this zone.” if anyone has any idea what i’m doing wrong or how i can resolve this, i’d love to hear about it!
20 Replies
Chaika
Chaika2mo ago
, when i created a custom hostname for the apex domain in Cloudflare for SaaS, i got the error “custom hostname does not CNAME to this zone.”
You need two things: A: Custom hostname for both www and apex B: Both www and apex to CNAME Directly to your cf for saas zone, not to www or any shortcuts You could always just not do your apex and plop a redirect on there as well within CF, it usually doesn't make sense to have both be cf for saas and you'd be using 2x the custom hostnames
acusti
acusti2mo ago
@Chaika thanks so much for the reply! re: A, that’s how i have it. re: B, as per the cf for saas instructions, i created a fallback origin (which uses 192.0.2.1) and then a “CNAME target” that CNAMEs to the fallback origin. are you saying i should CNAME apex and www to 192.0.2.1? or something else?
Chaika
Chaika2mo ago
I'm saying both your root/apex should CNAME to the same target as your www
acusti
acusti2mo ago
like this?
No description
acusti
acusti2mo ago
(i used @ for the root CNAME, but cloudflare shows it as the full apex hostname)
Chaika
Chaika2mo ago
yup. Before it wasn't I understand? Cf For SaaS doesn't work well with indirect, has to be directly at
acusti
acusti2mo ago
that was the first way i tried it, which seems to partially work, because cloudflare is at least handling the request with that record in place
Chaika
Chaika2mo ago
you've got a redirect loop now. Looks like a page rule or a bulk/dynamic redirect rule on your photoactivemedia.com zone
acusti
acusti2mo ago
yeah i tried add a redirect rule from apex to www to see if that would help, but it created that loop so i just disabled it
Chaika
Chaika2mo ago
worth mentioning if outlyne.io and photoactivemedia.com are in the same account they're allowed to point cross-zone same-account and it's going to result in semi-weird behavior until the cf for saas hostname takes What does the Custom Hostname for photoactivemedia.com say now?
acusti
acusti2mo ago
same as before
No description
acusti
acusti2mo ago
and outlyne.io and photoactivemedia.com are in the same account do you think i should create a separate account?
Chaika
Chaika2mo ago
yea so ignore the http 530 it's giving you right now, cnaming same-account has special behavior not necessarily just understand that behavior's a bit different/weird if this was diff acct and it was still pending you'd be getting a cross-cf error page rn, not a 530 it's probably not checked yet, you could try deleting/readding to try to speed it up
acusti
acusti2mo ago
just deleted and re-added and it still thinks that
custom hostname does not CNAME to this zone.
if i recall correctly, when i CNAMEd the apex without the custom hostname, i was getting SSL errors from no cert but i’m not sure if i can verify that behavior / get back to how it was configured before
Chaika
Chaika2mo ago
probably same-account cross-zone silliness still same? Did you try clicking refresh? Just to sanity check I tested one on of my zones same-account and it said the same at first, ~30s later I refreshed and it was active
acusti
acusti2mo ago
oh interesting! but yeah, same thing after refreshing.
Chaika
Chaika2mo ago
I don't see anything else messy with your setup. If you wanted to try something else you could try what they do with non-cf apex's, which is: delete cname/a/aaaa records, readd custom hostname, add required ownership txt, wait for it to verify it in hostname status, and then add cname record. Or you could just throw a redirect on there https://community.cloudflare.com/t/redirect-example-com-to-www-example-com-using-single-dynamic-redirects/636762 and try again with a diff testing domain later
acusti
acusti2mo ago
ok i will try both, thanks so much for your help! if i could quickly summarize what seems to be the issue to make sure i understand: the DNS setup for the domain, including the root CNAME via CNAME flattening is fine and working correctly. however, the actual custom hostname record in cf for saas for the apex domain isn't working because it isn’t picking up the CNAME record for whatever reason, hence why my application isn’t getting invoked in the end for the apex domain.
Chaika
Chaika2mo ago
including the root CNAME via CNAME flattening is fine and working correctly.
only if using CF DNS
however, the actual custom hostname record in cf for saas for the apex domain isn't working because it isn’t picking up the CNAME record for whatever reason, hence why my application isn’t getting invoked in the end for the apex domain
yup, it's not making the hostname active and grabbing traffic The way I view CF For SaaS espec when involved with another Cloudflare zone is that when the custom hostname configuration is active it's literally grabbing your traffic and forcing it down the cf for saas zone's path This isn't a typical setup where let's say you have nginx somewhere configured for specific hostnames. This is traffic reaches CF's normal proxy and normal traffic flow, and looking for a cf for saas hostname is part of that flow and then using that config
acusti
acusti2mo ago
ok, i tried the redirect rule based on those instructions you sent and it works! this is great and solves the issue of duplicate content issues for SEO anyways. thanks again!
Want results from more Discord servers?
Add your server