Skip to main content

Custom Domains

Every app gets a primary domain at https://{name}.foundrydb.com with a platform-issued certificate. You can also serve the app on your own hostnames: add up to five custom domains to app_config.custom_domains and the platform obtains and renews a certificate for each one automatically via HTTP-01.

Add custom domains at creation

curl -u "$USER:$PASS" -X POST https://api.foundrydb.com/app-services \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-api",
    "plan_name": "tier-2",
    "zone": "se-sto1",
    "app_config": {
      "image_ref": "ghcr.io/acme/api:1.0.0",
      "container_port": 8080,
      "custom_domains": ["api.acme.com", "www.acme.com"]
    }
  }'

Add or change custom domains on a running app

PATCH /app-services/{id} replaces app_config wholesale, so include the full desired list of custom domains alongside the rest of your config:

curl -u "$USER:$PASS" -X PATCH https://api.foundrydb.com/app-services/{id} \
  -H "Content-Type: application/json" \
  -d '{
    "app_config": {
      "image_ref": "ghcr.io/acme/api:1.0.0",
      "container_port": 8080,
      "custom_domains": ["api.acme.com", "www.acme.com", "acme.com"]
    }
  }'

Changing custom_domains triggers a zero-downtime blue/green redeploy so the ingress and certificates are updated.

DNS configuration

After adding a custom domain, point it at the app. Two options:

Record typeTargetWhen to use
CNAME{name}.foundrydb.comEasiest option; works for subdomains (e.g. api.acme.com).
AApp's floating IPRequired for apex domains (e.g. acme.com), which cannot use CNAME.

Get the app's floating IP from the detail response (GET /app-services/{id}).

The platform probes each custom domain over HTTP-01 to issue the certificate, so the DNS record must be live before the certificate can be issued. The platform retries automatically; there is no manual step to trigger certificate issuance after the DNS record propagates.

Rules and limits

  • Up to five custom domains per app.
  • foundrydb.com subdomains are not allowed as custom domains.
  • The primary {name}.foundrydb.com domain is always active and cannot be removed.
  • Certificates are renewed automatically before expiry. No action is needed on your part.

Removing custom domains

To remove a custom domain, patch the app with an app_config that omits it:

curl -u "$USER:$PASS" -X PATCH https://api.foundrydb.com/app-services/{id} \
  -H "Content-Type: application/json" \
  -d '{
    "app_config": {
      "image_ref": "ghcr.io/acme/api:1.0.0",
      "container_port": 8080,
      "custom_domains": ["api.acme.com"]
    }
  }'

The platform removes the certificate for the dropped domain and updates the ingress. You can then remove the DNS record on your side.