Cloudflare for SaaS
My SaaS, saas.com, allows users to pick a subdomain from a list of predefined domains (a.com, b.com, and dozens more). They can also bring their own domain. In other words:
1.
*.saas.com is only used for the SaaS—no UGC (user-generated content)—e.g. the root is for the homepage, while help.saas.com for knowledge base.
2. a.com/b.com redirects to saas.com a.k.a the homepage. Someday they might have their own landing page instead of redirecting.
3. *.a.com and *.b.com are for users. They can pick anything e.g. bla.b.com as long as it's available, not used by other users.
4. They can also bring their own domain, e.g. sub.myco.com.
5. They can also choose nothing. Which means their UCG will be available from the root of a.com/b.com, e.g. a.com/my-ucg. This is the default.
Given those requirements, my first question: Where should I enable the "Cloudflare for SaaS" feature? In saas.com? Or in either a.com/b.com?
FYI, saas.com, a.com and b.com are all managed in Cloudflare under one account (e.g. [email protected]).4 Replies
I would recommend a 4th option: Get a new domain completely separate from the other ones like <saas>customers.com and use that, for a few reasons
1. Your SaaS Custom Domains inherit all your zone's configuration, including firewall rules and such, so easy to accidentally configure something that effects them without meaning to, plus you can make rules that target specific SaaS hostnames, but you're limited in rule count
2. With Worker Routes/using Workers w/ CF For SaaS, you have to target all hostnames
*/* for them to run on your saas hostnames/customer domains, which makes it easy to misconfigure and mess up your own subdomains@Chaika FYI, currently I use Fly.io to manage to setup, but I plan to migrate to Cloudflare to put everything in one place. Here's some examples:
https://mom.xn--nk8h.id/K4MD1JLRN <-- point #3, subdomain
https://cert.fyi/DEMO <-- point #5, root domain
@Chaika thanks, and it seems I can't put root as fallback origin? I.e. saascustomers.com is not allowed, but fallback.saascustomers.com is ok?
There needs to be a proxied record there, but other then that I'm not aware of a restriction on using root/it works fine for me to do so