Disable starter domain -- App Platform
Ignacio González
We should be able to disable the starter domain in App Platform or create a 301 redirect to a custom domain.
With this not being an option static sites are always duplicated, which is a terrible SEO practice.
At the very least it would be nice being able to set a robots.txt file in the starter domain to prevent search engines from indexing it.
B
Bikram Gupta
This feature is available as part of broader subdomain routing configuration.
https://docs.digitalocean.com/products/app-platform/how-to/manage-domains/#use-subdomain-routing
Note that instead of disabling the starter domain, you will configure it to route it to your custom domain.
B
Bikram Gupta
This feature is available as part of broader subdomain routing configuration.
Note that instead of disabling the starter domain, you will configure it to route it to your custom domain.
Alan Hamlett
Bikram Gupta the example doesn't work with error parsing app spec: unknown field "authority"
L
Lukas Ender
Alan Hamlett I get the same error.
Is this perhaps a feature that one may need to "opt-in" first?
I found, that we may need to opt-in to public preview features (https://docs.digitalocean.com/platform/product-lifecycle/#public-preview and https://cloud.digitalocean.com/account/feature-preview)
However, on the settings page we are not able to see the new feature and therefore also can't opt-in.
Maybe we need to give them just a little more time until it becomes available?
F
Frederic Houle
Alan Hamlett I get the same error.
Timo Behrens
Lukas Ender it worked for me without opting in to anything. I just edited the app spec in the UI and added the following as part of the ingress rules:
- redirect:
authority: example.com
match:
authority:
# The static placeholder ${STARTER_DOMAIN} matches on the app's starter domain
exact: ${STARTER_DOMAIN}
L
Lukas Ender
Timo Behrens Ok, I see, thanks! This indeed works via the UI in the DigitalOcean web interface.
However, we use the
doctl
cli tool to manage the app spec and deploy new changes.And it seems the new feature is not fully supported by
doctl
as of yet.Here's what I found:
- I updated the app spec file via the DO Web Interface and the new feature works. It successfully redirects from the starter domain to the custom domain
- Then I want to sync the changed app spec file and do a doctl apps spec get $APP_ID > app-spec.yml. The redirect rules are fetched but the important partmatch.authority.exact: ${STARTER_DOMAIN}part is missing!
- When I try to update the YAML file and then deploy the changes via doctl apps update $APP_ID --spec app-spec.yml(or also just try to validate the spec file viadoctl apps spec validate app-spec.yml) I get the errorunknown field "authority"
So, my assumption is, that
doctl
(or the API it interacts with) needs an upgrade as well?Unless this also works via the cli tool, we can't really use this feature without breaking our deployment process
B
Bikram Gupta
Frederic Houle Lukas Ender Alan Hamlett Apologies for the inconvenience. Looking into it and will update asap. No opt-in required for the public preview.
F
Frederic Houle
Bikram Gupta It seems to be working now, using the UI. It wasn't yesterday. And the redirect works fine!
B
Bikram Gupta
Frederic Houle: Glad to hear! Thank you for trying out and using this in the first hours. As always, your feedback and participation is valuable for us.
L
Lukas Ender
Bikram Gupta, this has not yet been addressed on the
doctl
level, correct? I've upgraded to 1.125.0.But when I try to deploy (or validate) the changes I get the error:
Error: parsing app spec: json: unknown field "authority"
However, it works when adding the redirect rule via the Web Interface directly.
Just checking in if I am doing something wrong on my end. Many thanks in advance! :)
B
Bikram Gupta
Lukas Ender Sorry for the inconvenience. Please try the the latest doctl build (was merged a while back).
L
Lukas Ender
Bikram Gupta No worries! I've tested the latest version and can confirm it works now as expected 👌 Thanks for the quick fix 🤝
Joel DeTeves
This is a major security issue Bikram Gupta, we need to protect our app behind Cloudflare Zero Trust and having the default domain up bypasses the proxy
B
Bikram Gupta
Joel DeTeves FYI it is available starting today.
Joel DeTeves
Bikram Gupta thanks! Looking forward to trying it.
F
Frederic Houle
Bikram Gupta Hey Bikram, it works great by modifying the app spec or thru the command line, but now we can't use the UI anymore. For example, changing the instance size gives an error about a "redirect" rule.
B
Bikram Gupta
Frederic Houle Please confirm with more details if you still see the problem. You can also email me: bgupta digitalocean com
F
Frederic Houle
Bikram Gupta I will try it a bit later on. Thanks for the follow up Bikram!
B
Bikram Gupta
Hi, just wanted to confirm that we have started working on it. I will reply when the public preview is ready this month.
Giga Gatenashvili
+1, this is so critical for us.
Benjamin Stirrup
+1, is there any update regarding this request ?
Iurii Komarov
+1 to the request
This is critical especially for startups, to avoid content being doubled across different domains. It's better to forbid starter domains on network level rather than on app level.
David Adams
There are so many versions of this question on here and other forums going back years. It really needs to be implemented ASAP. We at least need firewall support for the App platform. I'm currently trying to figure out the best solution for this. If anyone has one please post it.
L
Lukas Ender
This would also help increase the setup from a security perspective.
Imagine your custom domain is registered with Cloudflare and proxied through Cloudflare.
Cloudflare's Zero Trust network allows to configure policies via "Access" and manage who can access the service.
However, if the generated starter domain always exists and is accessible, one can bypass the policies if the starter address is known.
A
Ahmed Mansoor
Why is this still a thing that's not resolved? It's not secure to leave starter domain open.
E
Eric Malamisura
Agree, this is almost a deal breaker for me as having this URL just hang out there is pretty annoying.
Load More
→