How to configure Cloudflare when my client CNAME their sites to my servers?

Hi,
I’ve been using Cloudflare for years. I have a basic scenario to cover, and I’m not sure about the configs in Cloudflare.

As I manage bigger and bigger websites (I host CMS sites), my clients want to keep control over their nameservers. In the future, I’m looking for a cleaner setup.

At the moment, I’m asking clients to point the A name to my load balancer IP. It’s a pain as I might change this address from time to time.

In this example, hosting.link is a domain I own. In the future, I would like to:

CLIENT’s point-of-view

I will ask my client to configure it’s DNS that way:

domain is:

TYPE   HOST             CONTENT
CNAME  @                clientdomain-com.hosting.link

HOSTING point-of-view

( I’m not sure here, that’s why I’m asking here :-p)

DNS management for hosting.link

TYPE   NAME               CONTENT
A      hosting.link       123.123.123.11 (IP of my load balancer)
CNAME  clientdomain-com    hosting.link
CNAME  clientone-com       hosting.link
CNAME  clienttwo-com       hosting.link

My reverse proxy (Traefik) generates wildcard SSL certs over*.hosting.link

I guess it’s a pretty standard setup for my SaaS. Can you help with that?

Thank you in advance!
Pascal

Allow CNAME records across accounts for domains on Cloudflare Pro, Business, or Enterprise plans by contacting Cloudflare support.

Unless your client is using a DNS server which supports ANAME records or Cloudflare’s CNAME flattening they won’t be able to create a CNAME for their APEX record as it is specifically disallowed by RFC.

Cloudflare’s edge has no SSL certificate for corpdomain.com nor does it have any knowledge on how to route requests for that host name if the record is :orange:. You can either :grey: the record and install/manage SSL on your origin for those hosts or Cloudflare offers an SSL for SaaS service which allows for the provisioning of custom hostnames and host name routing definitions.

Support for apex proxying is an additional optional feature as well.

Thanks for this quick answers! @thedaveCA & @cscharff
I just updated the context above.

Is this a typo?

Unless your client is using a DNS server which supports ANAME records

Make sense

Cloudflare’s edge has no SSL certificate for corpdomain.com

Here, with client’s example, he is not using Cloudflare, so I’m confused

nor does it have any knowledge on how to route requests for that host name if the record is :orange:.

My reverse proxy (Traefik) generates wildcard SSL certs over*.hosting.link
But with your explanation I’m confuse. From which point of view? Clients or the HOSTING (me)

You can either :grey: the record and install/manage SSL on your origin for those hosts or Cloudflare offers an SSL for SaaS service which allows for the provisioning of custom hostnames and host name routing definitions.

Thank you very much!

No, it’s a new(ish) record type. https://tools.ietf.org/id/draft-ietf-dnsop-aname-01.html#rfc.section.2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.