External DNS (CNAME setup) rollout to "cloudflare pages"

We have a zone that uses the Business plan. It is configured using CNAME setup (so cloudflare isn’t the dns server of our domain - each subdomain we want to use/benefit from cloudflare has a CNAME value of SUBDOMAIN.domain.com.cdn.cloudflare.net).
Currently our www.domain.com subdomain is a CNAME to www.domain.com.cdn.cloudflare.net, and in cloudflare www.domain.com (orange cloud) points to our current server, let’s call it server.domain.com.

As we work on migrating our static website to Cloudflare Pages, we want to do it in a controlled manner so we could both test everything’s working as should AND do a/b tests on the conversions of trialers.

To achieve this, we wanted to do 2 things:

  1. Connect a staging environment subdomain to a branch deployment of a preview environment
    This doesn’t work (at least for our CNAME dns setup). I created a new route53 cname record pointing our staging.domain.com to staging-branch.ourwebsite.pages.dev but going to staging.domain.com returned the production deployment of the cloudflare pages app.

  2. Use the weighted DNS records of Route53 to have a percentage of the traffic receive the cloudflare pages website and the rest receive our old website. So let’s say 50% of dns queries will resolve www.domain.com as a cname to www.domain.com.cdn.cloudflare.net and the other 50% will resolve to ourwebsite.pages.dev.
    This doesn’t seem to work as well as to get www.domain.com render the cloudflare pages app, I need to add it as a custom domain for the pages app, but when I tried doing that I got the warning that it would change the cloudflare dns record for www.domain.com from server.domain.com to ourwebsite.pages.dev.
    This means the percentage that even the 50% that will get the cname of www.domain.com.cdn.cloudflare.net will also get the cloudflare pages website and not the old website.

Any ideas of how can this be done?


Ok, let’s start with 2., which I doubt it’s actually doable directly from DNS. I doubt it’s doable at all. Pages requires you to have the record delegated to them for certificate issuance purposes.

Even adding a load balancer in the mix won’t work, you won’t have the certificate for Pages.

One thing that could work is implement it via Workers. That will work, but it’s obviously additional complexity (not much, but still).

For 1. have you added the custom staging subdomain as a custom domain in Pages itself?

Thanks @matteo for the reply.

Regarding the certificate issuance - isn’t it enough that www.domain.com points at www.domain.com.cdn.cloudflare.net? Cloudflare already has an SSL certificate for this hostname.
Also - I’m assuming there are ways of proving the ownership on the domain for cases of a “normal” migration from another platform to cloudflare pages without a downtime (the time between pointing the hostname to cloudflare and the ssl generation).

Another thing - since www.domain.com currently points at cloudflare (CNAME to www.domain.com.cdn.cloudflare.net) is it possible to do this weighted traffic rollout via cloudflare itself (meaning from inside the platform)? It’s just for a short period so we could measure the effect.

For 1 - Yes, I have added the subdomain as a custom domain in pages itself.

Ok, I asked the team… CNAME setups + Pages is weird.

One thing is sure, subdomain aliases for non-Cloudflare enabled domains are a no go, which is why it’s not working. I’m trying to gather if they work on CNAME setups.

I wish it worked like that, but Pages is using SSL for SaaS, which means it won’t have that certificate (there are ways with proxying + slightly more insecure SSL modes, the Full variant, to make it work).

Unfortunately doesn’t look like there are… which is a shame.