Skip to content
HostStack Docs

Custom Domains

Bring your own domain or register a new one through HostStack. SSL is provisioned automatically in either case.

Two ways to use a domain

External — keep your domain at any registrar and point DNS at HostStack with a CNAME (or A) record. This is the flow described on the rest of this page and works for every TLD.

Registered through HostStack — buy or transfer the domain from Dashboard → Domains → New domain. We handle WHOIS, ICANN registrant verification, auto-renewal, and a built-in DNS editor on our own nameservers (ns1.hoststack.dev /ns2.hoststack.dev). Routing a registered domain to a service still uses the "Adding a Domain" flow below — just skip the DNS step because we already control the zone.

Adding a Domain

  1. Go to Domains in your dashboard
  2. Click Add Domain
  3. Enter your domain name and select the service to route to

You can also add domains via the CLI:

bash
hoststack domains add my-app.example.com --service svc_abc123

DNS Configuration

Add a CNAME record pointing to your service's internal URL:

DNS Record
Type:   CNAME
Name:   my-app.example.com
Value:  my-app-abc123.hoststack.dev

Provider-specific examples

Cloudflare

Add a CNAME record in your Cloudflare DNS settings. Set Proxy status to "DNS only" (grey cloud) during initial setup. You can enable the orange cloud (proxy) after verification if desired.

Namecheap

Go to Domain List → Manage → Advanced DNS. Add a CNAME record with Host = subdomain and Value = your HostStack URL.

AWS Route 53

Create a CNAME record in your hosted zone. For apex domains, use an ALIAS record pointing to your HostStack URL.

Apex Domains

Apex domains (e.g., example.com without www) require an ALIAS or ANAME record, which not all DNS providers support. If your provider doesn't support ALIAS records, we recommend:

  • Use www.example.com as your primary domain
  • Set up a redirect from example.com to www.example.com at your DNS provider
  • Switch to Cloudflare (free tier supports CNAME flattening, which works like ALIAS)

Splitting one host across multiple services

Multi-service apps often want one hostname to back two services — e.g. example.com serves the frontend, and example.com/api/* hits the backend. Add the hostname twice — once as a catch-all for the web service, and a second time with an explicit Path prefix for the api. Traefik prefers the more specific match, so prefix routes win for matching paths without any priority configuration.

Two attachments, one hostname
# Catch-all attachment (serves SSR / frontend)
hoststack domains add example.com --service skyskraber-web

# Path-prefix attachment (serves /api/*)
hoststack domains add example.com --service skyskraber-api --path-prefix /api

Path prefixes must start with /, contain at least one segment (so / is rejected — that's the catch-all), and use URL-safe characters only (no globs, no query strings). Both attachments serve the same Let's Encrypt cert.

Talking to siblings inside a project

Every service in the same project sits on a private Docker network and can reach its siblings by name. Two stable URLs are auto-injected as env vars, so backend code can call other services without hard-coding IPs:

Auto-injected for every sibling
# By human name (matches your service's display name):
http://my-api:3000

# By stable id (immutable across renames):
http://hoststack-svc-{id}:3000

# Two env vars are auto-injected for every sibling:
process.env.MY_API_INTERNAL_URL          // ergonomic — KEY changes on rename
process.env.ABCDEF1234567890_INTERNAL_URL // stable — KEY never changes

# Both URL VALUES are stable; they always point at hoststack-svc-{id}.
# Use the public-id form in production code if you can't accept the
# (small) churn of a sibling rename.

Sibling resolution only works inside a single project — services in different projects don't share a network. You can rename a service at any time; HostStack automatically redeploys the renamed service and every active sibling so their <NAME>_INTERNAL_URL env-var keys converge to the new name within a few minutes. The public-id form is unaffected and the URL value is stable throughout.

SSL Certificates

SSL is automatically provisioned via Let's Encrypt once your domain is verified. No configuration needed — HTTPS is enabled by default. Certificates auto-renew 30 days before expiry.

Moving a Domain

To move a domain to a different service, go to the domain's settings page and change the target service. The SSL certificate is preserved — no re-verification needed.

Verification

After adding the DNS record, click Verify in the dashboard. HostStack will check the CNAME record and provision the SSL certificate. DNS changes typically propagate within minutes but can take up to 48 hours in rare cases.

Troubleshooting

CNAME not resolving

Wait up to an hour for DNS propagation. Check your record with dig my-app.example.com CNAME. Ensure there's no conflicting A record on the same subdomain.

SSL certificate pending

Let's Encrypt needs to reach your domain to issue a certificate. Make sure your DNS points to HostStack and there's no firewall or proxy blocking HTTP-01 challenges.

"Too many redirects" error

If using Cloudflare, set the SSL mode to "Full" (not "Flexible"). Flexible mode causes a redirect loop because HostStack always serves HTTPS.

Next: Environment Variables

Essential cookies only — for login sessions. No tracking. Details