Docs / Networking

Custom domains

Partial — customer-managed TLS for external domains

Apply your own domain names to BreachFix Cloud web services and static sites. Your service keeps its default {serviceId}.breachfix.com URL in addition to any custom domains you add.

Overview

  • Default service URLs use platform TLS (Cloudflare Universal SSL on *.breachfix.com).
  • Custom external domains use customer-managed TLS at your DNS provider in v1.
  • Routing activates after DNS verification — no redeploy required.

1. Add your domain in the dashboard

  1. Open your service → Settings → Custom domains.
  2. Enter your domain (e.g. app.example.com) and click Add domain.

Unicode domains must be Punycode-encoded first (e.g. ëxample.comxn--xample-ova.com).

2. Configure DNS

Remove AAAA records while configuring DNS to avoid IPv6 routing issues.

  • Subdomains: CNAME to your service default host (e.g. srv-abc123.breachfix.com)
  • Apex: ANAME, ALIAS, or CNAME flattening where supported

Provider guides:

3. Verify

  1. Click Verify in Settings → Custom domains.
  2. Use dig CNAME your.domain +short if verification fails — DNS may still be propagating.

TLS for custom domains

Configure TLS at your DNS provider. Cloudflare: SSL mode Full (not Full Strict) when proxying. See TLS certificates.

Advanced

OAuth: register callback URLs for each custom domain. Wildcards: add individual subdomains in v1 — wildcard custom domains are not fully supported.