Use a custom domain
When you create a Fly App, it is automatically given a
fly.dev sub-domain, based on the app’s name. This is great for testing, but when you want to go to full production you’ll want your application to appear on your own domain and have HTTPS set up for you as it is with your
.fly.dev domain. That’s where the
fly certs command comes in. But let’s step back before we set up the TLS certificate, to the first step: directing traffic to your site.
The simplest option for directing traffic to your site is to create a CNAME record for your custom domain that points at your
.fly.dev host. For example, if you have a custom domain called
example.com and an app called
exemplum, then you can create a CNAME record for
example.com‘s DNS that would look like:
CNAME @ exemplum.fly.dev
You’ll need to configure this with your DNS provider.
example.com will tell the DNS system to look up
exemplum.fly.dev and return its results.
The other option is slightly more complicated because it uses the IP address of the app, rather than its DNS name. The upside is that it is slightly faster.
To start, you need the Fly IP address of your deployed application. To get that, use the
fly ips list command.
You’ll need to configure the A record with your DNS provider. You need to add in an “A Record” for your domain that points to the IP address. Once this is done and propagated through the DNS system, you should be able to connect over unencrypted HTTP to using the domain name. Continuing the preceding example, that’s the domain name:
To enable HTTPS on the domain, you need to get a certificate. Fly.io does that for you automatically.
It starts with creating a certificate for your custom domain with the
fly certs add command. For example:
fly certs add example.com
Hostname = example.com Configured = true Issued = Certificate Authority = lets_encrypt DNS Provider = enom DNS Validation Instructions = DNS Validation Hostname = DNS Validation Target = example.com.5xzw.flydns.net Source = fly Created At = 0001-01-01T00:00:00Z Status =
fly certs add starts the process of getting a certificate.
fly certs show to get the details needed for your next step. For example:
fly certs show example.com
Hostname = example.com Configured = true Issued = ecdsa, rsa Certificate Authority = lets_encrypt DNS Provider = enom DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.5xzw.flydns.net. DNS Validation Hostname = _acme-challenge.example.com DNS Validation Target = example.com.5xzw.flydns.net Source = fly Created At = 1m24s ago Status = Ready
The DNS Validation Instructions are an optional next step. For a short time (minutes) after we start the process of generating the first-ever certificate for your site, trying to load that site with an HTTPS URL will generate errors. If you’d like to make sure those errors aren’t ever visible, you can use a DNS challenge to pre-generate the certificate.
To do that, you need to create a
CNAME DNS record for a subdomain,
_acme-challenge, of your domain (the DNS Validation host name)
and point it at the DNS Validation Target. The process will depend on your DNS provider. Once complete, and the updated DNS data has propagated, that domain will be queried and confirm you have control of it. Certificates will be generated and installed and you’ll be able to access your custom domain.
For a more detailed example of configuring custom domains, see the Custom domains and SSL certificates guide.