Disable starter domain -- App Platform | Voters

Disable starter domain -- App Platform

Ignacio González

We should be able to disable the starter domain in App Platform or create a 301 redirect to a custom domain.
With this not being an option static sites are always duplicated, which is a terrible SEO practice.
At the very least it would be nice being able to set a robots.txt file in the starter domain to prevent search engines from indexing it.

December 9, 2022

Bikram Gupta

Pinned

This feature is available as part of broader subdomain routing configuration.
https://docs.digitalocean.com/products/app-platform/how-to/manage-domains/#use-subdomain-routing
Note that instead of disabling the starter domain, you will configure it to route it to your custom domain.

Bikram Gupta

This feature is available as part of broader subdomain routing configuration.
https://docs.digitalocean.com/products/app-platform/how-to/manage-domains/#use-subdomain-routing
Note that instead of disabling the starter domain, you will configure it to route it to your custom domain.

Alan Hamlett

Bikram Gupta the example doesn't work with error parsing app spec: unknown field "authority"

Lukas Ender

Alan Hamlett I get the same error.
Is this perhaps a feature that one may need to "opt-in" first?
I found, that we may need to opt-in to public preview features (https://docs.digitalocean.com/platform/product-lifecycle/#public-preview and https://cloud.digitalocean.com/account/feature-preview) 
However, on the settings page we are not able to see the new feature and therefore also can't opt-in.
Maybe we need to give them just a little more time until it becomes available?

Frederic Houle

Alan Hamlett I get the same error.

Timo Behrens

Lukas Ender it worked for me without opting in to anything. I just edited the app spec in the UI and added the following as part of the ingress rules:

- redirect:
      authority: example.com
    match:
      authority:
        # The static placeholder ${STARTER_DOMAIN} matches on the app's starter domain
        exact: ${STARTER_DOMAIN}

Lukas Ender

Timo Behrens Ok, I see, thanks! This indeed works via the UI in the DigitalOcean web interface.
However, we use the doctl
 cli tool to manage the app spec and deploy new changes.
And it seems the new feature is not fully supported by doctl
 as of yet.
Here's what I found:
I updated the app spec file via the DO Web Interface and the new feature works. It successfully redirects from the starter domain to the custom domain
Then I want to sync the changed app spec file and do a doctl apps spec get $APP_ID > app-spec.yml
. The redirect rules are fetched but the important part match.authority.exact: ${STARTER_DOMAIN}
 part is missing!
When I try to update the YAML file and then deploy the changes via doctl apps update $APP_ID --spec app-spec.yml
 (or also just try to validate the spec file via doctl apps spec validate app-spec.yml
) I get the error unknown field "authority"
So, my assumption is, that doctl
 (or the API it interacts with) needs an upgrade as well?
Unless this also works via the cli tool, we can't really use this feature without breaking our deployment process

Bikram Gupta

Frederic Houle Lukas Ender Alan Hamlett Apologies for the inconvenience. Looking into it and will update asap. No opt-in required for the public preview.

Frederic Houle

Bikram Gupta It seems to be working now, using the UI. It wasn't yesterday. And the redirect works fine!

Bikram Gupta

Frederic Houle: Glad to hear! Thank you for trying out and using this in the first hours. As always, your feedback and participation is valuable for us.

Joel DeTeves

This is a major security issue Bikram Gupta, we need to protect our app behind Cloudflare Zero Trust and having the default domain up bypasses the proxy

Bikram Gupta

Joel DeTeves FYI it is available starting today.

https://docs.digitalocean.com/products/app-platform/how-to/manage-domains/#use-subdomain-routing

Joel DeTeves

Bikram Gupta thanks! Looking forward to trying it.

Frederic Houle

Bikram Gupta Hey Bikram, it works great by modifying the app spec or thru the command line, but now we can't use the UI anymore. For example, changing the instance size gives an error about a "redirect" rule.

Bikram Gupta

Hi, just wanted to confirm that we have started working on it. I will reply when the public preview is ready this month.

Giga Gatenashvili

+1, this is so critical for us.

Benjamin Stirrup

+1, is there any update regarding this request ?

Iurii Komarov

+1 to the request

This is critical especially for startups, to avoid content being doubled across different domains. It's better to forbid starter domains on network level rather than on app level.

David Adams

There are so many versions of this question on here and other forums going back years. It really needs to be implemented ASAP. We at least need firewall support for the App platform. I'm currently trying to figure out the best solution for this. If anyone has one please post it.

Lukas Ender

This would also help increase the setup from a security perspective.
Imagine your custom domain is registered with Cloudflare and proxied through Cloudflare.
Cloudflare's Zero Trust network allows to configure policies via "Access" and manage who can access the service.
However, if the generated starter domain always exists and is accessible, one can bypass the policies if the starter address is known.

Ahmed Mansoor

Why is this still a thing that's not resolved? It's not secure to leave starter domain open.

Eric Malamisura

Agree, this is almost a deal breaker for me as having this URL just hang out there is pretty annoying.

→