Configure a Custom Hostname (DNS) for a Player

Article Overview

The following article describes how to configure a custom Hostname (DNS) for a player

Web Application Firewall (WAF) Policies

Since all requests pass through your WAF, it is crucial to ensure that the following paths remain unblocked for the Player server to function correctly:

• /general_static/*
• /player/*
• /api/*

If you have bot protection or security policies, these paths should be whitelisted to:

• Prevent unnecessary blocking
• Avoid false positives
• Ensure seamless operation of the Player server

Option 1 - Access with EasySend WAF -> the {PLAYER_NAME}.easysend.app also available

(See Figure 1)

1. Provide Sub-Domain
2. On our Cloudflare account, set up the custom domain:
   1. Log in to Cloudflare
   2. Navigate to the “easysend.app” domain
   3. Under “SSL/TLS” go to “Custom Hostnames”
   4. Click “Add custom hostname”:
      1. Custom Hostname: Customer sub-domain (FQDN - full qualified domain name), for instance “forms.xxxx.co.il”
      2. Minimum TLS Version: 1.2
      3. Certificate type: Provided by Cloudflare
      4. SSL certificate authority: Google Trust Services
      5. Certificate validation method: TXT Validation
      6. Custom Origin Server: {PLAYER_NAME}.easysend.app
      7. Click “Add custom hostname”
      8. Save the text records and provide them to the customer with the following instructions:
         1. Please create the below new DNS TXT records:
            1. DCV Delegation for Custom Hostnames:
               1. TXT Name: _acme-challenge.{FQDN}
               2. TXT Value: TXT Value: {FQDN}.60cc560555bdab86.dcv.cloudflare.com
         2. Hostname pre-validation:
            1. 1. TXT Name: _cf-custom-hostname.{FQDN}
               2. TXT Value: Copy from Cloudflare
         3. Create a new CNAME DNS record with the below values:
            1. 1. Type: CNAME
               2. Target: {PLAYER_NAME}.easysend.app
3. Go to the Rules page in Cloudflare:
   1. Click “Create Page Rule”:
      1. In URL - use the {FQDN}/* (i.e. forms.xxxx.co.il/* )
      2. Choose the settings are: “Host Header Override”
      3. In value type: {PLAYER_NAME}.easysend.app
      4. Deploy the change
4. Configure helm: - Only after setting the above DNS records:
   1. EASYSEND_PLAYER_BACKEND_ADDRESS: {FQDN}
   2. EASYSEND_PLAYER_FRONTEND_ADDRESS: {FQDN}

Figure 1: Access With EasySend WAF

Option 2 - Direct access with EasySend WAF
 -> the {PLAYER_NAME}.easysend.app is not available

(See Figure 2)

1. Provide Sub-Domain
2. On the Cloudflare account, set up the custom domain:
   1. Log in to Cloudflare
   2. Navigate to the “easysend.app” domain
   3. Under “SSL/TLS” go to “Custom Hostnames”
   4. Click “Add custom hostname”:
      1. Custom Hostname: Customer sub-domain (FQDN - full qualified domain name), for instance “forms.xxxx.co.il”
      2. Minimum TLS Version: 1.2
      3. Certificate type: Provided by Cloudflare
      4. SSL certificate authority: Google Trust Services
      5. Certificate validation method: TXT Validation
      6. Custom Origin Server: Configure to the relevant ALB (read about Custom Domain Routing for EasySend Application Endpoints)
      7. Click “Add custom hostname”
      8. Save the text records and provide it to the customer with the following instructions:
         1. Please create the below new DNS TXT records:
            1. DCV Delegation for Custom Hostnames:
               1. TXT Name: _acme-challenge.{FQDN}
               2. TXT Value: {FQDN}.60cc560555bdab86.dcv.cloudflare.com
            2. Hostname pre-validation:
               1. TXT Name: _cf-custom-hostname.{FQDN}
               2. TXT Value: Copy from Cloudflare
         2. Create a new CNAME DNS record with the below values:
            1. 1. Type: CNAME
               2. Target: Configure to the relevant ALB (read about Custom Domain Routing for EasySend Application Endpoints)
         3. Make sure that the SSL\TLS encryption mode are “Full” and Not Flexible on the customer end
3. Configure helm: - Only setting the above DNS records:
   1. EASYSEND_PLAYER_BACKEND_ADDRESS: {FQDN}
   2. EASYSEND_PLAYER_FRONTEND_ADDRESS: {FQDN}
   3. BASE_URL: {FQDN}

Figure 2: Direct Access With EasySend WAF

Reference

Strict (SSL-Only Origin Pull)

Enforce encryption between Cloudflare and your origin. Use this mode to ensure that connections to your origin are always encrypted, regardless of your visitor’s request.

Full (Strict)

Enable encryption end-to-end and enforce validation on origin certificates. Use Cloudflare’s Origin CA to generate certificates for your origin.

Full

Enable encryption end-to-end. Use this mode when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.

Flexible

Enable encryption only between your visitors and Cloudflare. This will avoid browser security warnings; however, all connections between Cloudflare and your origin are made over HTTP.

Off (not secure)

No encryption applied. Turning off SSL disables HTTPS and causes browsers to show a warning that your website is not secure.

Custom Domain Routing for EasySend Application Endpoints 

When you wish to utilize custom domains without directly accessing the default “player.easysend.app” endpoint, it is essential to route their traffic through the designated Application Load Balancers (ALB) specific to each region or environment. Below is a list of the recommended ELBs that should be used:

By directing traffic through these specific ELBs, customers can seamlessly integrate their custom domains while maintaining optimal performance and security. This approach ensures that all user interactions are properly routed and managed, preserving the integrity and reliability of the EasySend application. For further details or assistance with setting up custom domain routing, please refer to our documentation or contact our support team.