From 33b4e23525cf9fda3edc8f9994da02677f8cc8c4 Mon Sep 17 00:00:00 2001 From: Mikulas Tomanka Date: Wed, 3 Sep 2025 12:53:15 +0200 Subject: [PATCH 1/9] region updates, a record updates, mentioning hostname pre-validation when necessary, clarifying cusotm proxy use case --- .../go-live/manage-hostnames/README.md | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 7070c7c7a8d..c64a40c5f40 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -9,12 +9,13 @@ Let's say you have a project named `Snoopy`. The default hostnames will be: * **Development environment** - `dev-snoopy.euwest01.umbraco.io` * **Staging environment** - `stage-snoopy.euwest01.umbraco.io` -The hostnames contain the region on which your project is hosted. Currently, there are four options available when choosing a region for your Umbraco project: +The hostnames contain the region on which your project is hosted. The options available when choosing a region for your Umbraco project are: -* West Europe (euwest01), -* East US (useast01), -* South UK (uksouth01), and +* West Europe (euwest01) +* East US (useast01) +* South UK (uksouth01) * Australian East (aueast01) +* Canada Central (cacent01) To access the backoffice, add `/umbraco` at the end of the Live, Development, or Staging URL. @@ -58,7 +59,7 @@ If you're using the [Former A and AAAA records](./#former-a-and-aaaa-records) co Former A and AAAA records -The following Records will become obsolete in the future. Refrain from using them. +The following Records are now obsolete, and remain here for documentation purposes. * A Records * `104.19.191.28` @@ -115,16 +116,16 @@ All hostnames added to an Umbraco Cloud project's environment will get a TLS (HT You will need to **remove the old DNS entry** before the Cloudflare service generates a new certificate for your Hostname. {% endhint %} -### Is your Domain hosted on your own Cloudflare account? +### Is your hostname managed/proxied in your own Cloudflare account? Cloudflare is a popular DNS provider, which offers a variety of different services to improve performance and security. We also use it for DNS and Hostnames on Umbraco Cloud. When adding a hostname to your project hosted on Umbraco Cloud, using your own Cloudflare account the process is slightly different. 1. Set Proxy Status to **DNS Only** when creating a _CNAME_ or _A-record_ for your hostname in Cloudflare. -2. Change Proxy Status to **Proxied** once your hostname is **Protected** on the Hostname page for your Cloud project. Also, make sure the website is accessible through the hostname. +2. Change Proxy Status to **Proxied** once your hostname is **Protected** on the Hostname page for your Cloud project. -The above is primarily relevant when you need to use specific Cloudflare services like Page Rules, Workers, and so on. +In order to minimize downtime you can also use the [hostname pre-validation method](hostname-pre-validation.md) ### Using Certification Authority Authorization (CAA) for your domain? @@ -152,27 +153,28 @@ The Certificate Authority (CA) used to issue certificates for all Umbraco Cloud On the Professional and Enterprise plans, you can manually add your certificate to your project and bind it to one of the configured hostnames. -## Using your Web Application Firewall (WAF) on Umbraco Cloud +## Using a custom Web Application Firewall (WAF) or a proxy on Umbraco Cloud -If you need to use WAF in front of your Umbraco Cloud website this section will highlight some of the common configurations needed. +If you need to use a custom WAF or proxy in front of your Umbraco Cloud website this section will highlight some of the common configurations needed. {% hint style="info" %} -Configuration may vary depending on which WAF you are using, so you should always consult your vendor for best practices and recommendations. +Configuration may vary depending on which WAF you are using, so you should always consult your vendor for best practices and recommendations or reach out to Umbraco Cloud Support. {% endhint %} -In most cases, you need to ensure that the WAF and Umbraco Cloud are using the same certificate on the specific hostname. Custom certificates are a plan-specific feature on Umbraco Cloud, so make sure that you have access to upload certificates. +### Proxying to the custom hostname -* Make sure the hostname is pointing to Umbraco Cloud (dns.umbraco.io). -* Certificate issued for the actual hostname. A custom certificate is required for a WAF hostname. -* Be on a [plan](https://umbraco.com/products/umbraco-cloud/pricing/) that supports custom certificates. +If you can't point your hostname to dns.umbraco.io Umbraco Cloud won't be able to reissue a certificate for your hostname during future renewals (3 months). You can publish a DCV(domain control validation) record or use a custom certificate. -When configuring the hostname and certificate on Umbraco Cloud it will be necessary to validate the hostname using a TXT record. This is needed because in most cases the WAF will hide that the website is running on Umbraco Cloud. This means that the usual domain ownership verification cannot be performed. This same approach can also be used to configure a hostname before updating the DNS for the hostname. +The DCV record is a CNAME record with key `_acme-challenge.` pointing to `.0df3da1ce1ef695a.dcv.cloudflare.com`. +E.g.: www.example.com - CNAME `_acme-challenge.www.example.com` points to `www.example.com.0df3da1ce1ef695a.dcv.cloudflare.com` -Adding a hostname on a Cloud project is possible before a DNS change. It can take up to approx. 14 days before it's removed. That means that you have 14 days to add a TXT record in your DNS settings. +The DCV record will ensure that Umbraco Cloud can always issue the -Reach out to support and they will assist you with the details needed to be in the TXT record. We will first be able to see what you need to add to the TXT record when you have added the hostname. +When configuring the hostname on Umbraco Cloud use the [hostname pre-validation method](hostname-pre-validation.md). -When that is added it should work immediately. +### Proxying to default Umbraco Cloud hostnames *.{region}.umbraco.io + +You can proxy freely to the default Umbraco Cloud hostname. The application runtime will see *.{region}.umbraco.io as the application url. Multisite set-ups aren't supported when proxying to default hostnames. ## [Rewrites on Umbraco Cloud](rewrites-on-cloud.md) From 138d9bc03435c3d470aa64ddc0390d5a06932c13 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:30:46 +0200 Subject: [PATCH 2/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index c64a40c5f40..f20a41489ab 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -59,7 +59,7 @@ If you're using the [Former A and AAAA records](./#former-a-and-aaaa-records) co Former A and AAAA records -The following Records are now obsolete, and remain here for documentation purposes. +The following Records are now obsolete and remain here for documentation purposes. * A Records * `104.19.191.28` From c3295c5ec37ec226cf6da9d366d80cfac4b98262 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:30:56 +0200 Subject: [PATCH 3/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index f20a41489ab..ad3babb67bf 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -125,7 +125,7 @@ When adding a hostname to your project hosted on Umbraco Cloud, using your own C 1. Set Proxy Status to **DNS Only** when creating a _CNAME_ or _A-record_ for your hostname in Cloudflare. 2. Change Proxy Status to **Proxied** once your hostname is **Protected** on the Hostname page for your Cloud project. -In order to minimize downtime you can also use the [hostname pre-validation method](hostname-pre-validation.md) +To minimize downtime, you can also use the [hostname pre-validation method](hostname-pre-validation.md). ### Using Certification Authority Authorization (CAA) for your domain? From f6baea8d3262dde7c9723c7ed1a3a390005910d3 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:31:04 +0200 Subject: [PATCH 4/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index ad3babb67bf..396b0b43a9e 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -155,7 +155,7 @@ On the Professional and Enterprise plans, you can manually add your certificate ## Using a custom Web Application Firewall (WAF) or a proxy on Umbraco Cloud -If you need to use a custom WAF or proxy in front of your Umbraco Cloud website this section will highlight some of the common configurations needed. +This section covers common configurations for using a custom WAF or proxy with your Umbraco Cloud website. {% hint style="info" %} Configuration may vary depending on which WAF you are using, so you should always consult your vendor for best practices and recommendations or reach out to Umbraco Cloud Support. From 2f460eab89ad4f4898d42133b78846df8684ba3a Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:31:12 +0200 Subject: [PATCH 5/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 396b0b43a9e..49b82912e8c 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -163,7 +163,7 @@ Configuration may vary depending on which WAF you are using, so you should alway ### Proxying to the custom hostname -If you can't point your hostname to dns.umbraco.io Umbraco Cloud won't be able to reissue a certificate for your hostname during future renewals (3 months). You can publish a DCV(domain control validation) record or use a custom certificate. +If your hostname can't point to `dns.umbraco.io`, Umbraco Cloud won't be able to reissue a certificate for your hostname during future renewals (3 months). You can publish a Domain Control Validation (DCV) record or use a custom certificate. The DCV record is a CNAME record with key `_acme-challenge.` pointing to `.0df3da1ce1ef695a.dcv.cloudflare.com`. E.g.: www.example.com - CNAME `_acme-challenge.www.example.com` points to `www.example.com.0df3da1ce1ef695a.dcv.cloudflare.com` From db41962d11a2451cc15c1b132c474efdebd0f92b Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:31:21 +0200 Subject: [PATCH 6/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 49b82912e8c..9a79bf50aeb 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -166,7 +166,7 @@ Configuration may vary depending on which WAF you are using, so you should alway If your hostname can't point to `dns.umbraco.io`, Umbraco Cloud won't be able to reissue a certificate for your hostname during future renewals (3 months). You can publish a Domain Control Validation (DCV) record or use a custom certificate. The DCV record is a CNAME record with key `_acme-challenge.` pointing to `.0df3da1ce1ef695a.dcv.cloudflare.com`. -E.g.: www.example.com - CNAME `_acme-challenge.www.example.com` points to `www.example.com.0df3da1ce1ef695a.dcv.cloudflare.com` +For example, `www.example.com` - CNAME `_acme-challenge.www.example.com` points to `www.example.com.0df3da1ce1ef695a.dcv.cloudflare.com` The DCV record will ensure that Umbraco Cloud can always issue the From a5c280903aa38fabfc37b8e003a2fca2c2a5245a Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:31:43 +0200 Subject: [PATCH 7/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 9a79bf50aeb..047db4cc7bc 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -174,7 +174,7 @@ When configuring the hostname on Umbraco Cloud use the [hostname pre-validation ### Proxying to default Umbraco Cloud hostnames *.{region}.umbraco.io -You can proxy freely to the default Umbraco Cloud hostname. The application runtime will see *.{region}.umbraco.io as the application url. Multisite set-ups aren't supported when proxying to default hostnames. +You can proxy freely to the default Umbraco Cloud hostname. The application runtime will see `*.{region}.umbraco.io` as the application URL. Multisite set-ups aren't supported when proxying to default hostnames. ## [Rewrites on Umbraco Cloud](rewrites-on-cloud.md) From 7f1875989cc6a6f2392ffd09be3a5b4a5afe5b09 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:31:50 +0200 Subject: [PATCH 8/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 047db4cc7bc..1c4c6917c92 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -172,7 +172,7 @@ The DCV record will ensure that Umbraco Cloud can always issue the When configuring the hostname on Umbraco Cloud use the [hostname pre-validation method](hostname-pre-validation.md). -### Proxying to default Umbraco Cloud hostnames *.{region}.umbraco.io +### Proxying to default Umbraco Cloud hostnames `*.{region}.umbraco.io` You can proxy freely to the default Umbraco Cloud hostname. The application runtime will see `*.{region}.umbraco.io` as the application URL. Multisite set-ups aren't supported when proxying to default hostnames. From 72bca48bf1f3bf96707ee2e2b97643a3dd999449 Mon Sep 17 00:00:00 2001 From: Mikulas Tomanka Date: Wed, 3 Sep 2025 17:34:53 +0300 Subject: [PATCH 9/9] Update umbraco-cloud/go-live/manage-hostnames/README.md --- umbraco-cloud/go-live/manage-hostnames/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/go-live/manage-hostnames/README.md b/umbraco-cloud/go-live/manage-hostnames/README.md index 1c4c6917c92..e99f828ac45 100644 --- a/umbraco-cloud/go-live/manage-hostnames/README.md +++ b/umbraco-cloud/go-live/manage-hostnames/README.md @@ -168,7 +168,7 @@ If your hostname can't point to `dns.umbraco.io`, Umbraco Cloud won't be able to The DCV record is a CNAME record with key `_acme-challenge.` pointing to `.0df3da1ce1ef695a.dcv.cloudflare.com`. For example, `www.example.com` - CNAME `_acme-challenge.www.example.com` points to `www.example.com.0df3da1ce1ef695a.dcv.cloudflare.com` -The DCV record will ensure that Umbraco Cloud can always issue the +The DCV record will ensure that Umbraco Cloud can always issue/renew the certificate for the custom hostname. When configuring the hostname on Umbraco Cloud use the [hostname pre-validation method](hostname-pre-validation.md).