DEV Community

Sue Smith for Fastly

Posted on • Edited on

Point a domain at your site with Fastly

Got a shiny new domain you want to point at a site or application you have hosted somewhere on the web? If you’re anything like me, you’ll have a bunch of domains you thought sounded cool and that are lying around doing nothing. Well the good news is that you can use Fastly TLS and CDN to point the domain at your site completely for free. Follow the steps below!

What you’ll need:

  • Your new domain and access to the DNS settings (these will be where you registered the domain)

That’s it!

Sign up for a free Fastly account

Jump over to fastly.com/signup – fill out your details and get signed up.

We are going to get two things from Fastly:

  • A service to deliver our origin website through the CDN
  • A TLS certificate to safely send traffic to the domain through Fastly

We get a few other benefits by default:

🤑 Caching – making the site fast and maybe even saving us on costs
🔐 Security – like DDoS protection out of the box
📊 Observability – showing us what’s happening with site traffic

Create a service

In your Fastly account, click Create service and choose CDN.

Create a CDN service

  • Give your service a name of your choice – this is just so that you can identify it in your Fastly account.
  • Enter your domain (it's easiest if you include the www – if you need to use an apex domain, like suesmith.lol instead of www.suesmith.lol see the note at the end of this guide).

Enter name and domain

  • Enter your origin – for me this is a Glitch site so it has a .glitch.me address.
  • Try the recommended settings in their default state – if you have issues later you can always toggle them off.

Origin and defaults

Activate your service!

Create a TLS certificate

OK now we need to grab a TLS certificate. In the top menu in your Fastly account, click Security, then Manage certificates under TLS Management.

Manage TLS

In TLS management, click Get started. If you have a TLS certificate in your account already you’ll click Secure another domain instead.

We’re going to use a Fastly-supplied certificate. Enter your domain name and click Add.

Add your domain

Fastly will add your domain as the Common name. With Certainly selected, click Submit.

Submit TLS

Verify your domain

When you submit your new TLS certificate, Fastly will provide the details to verify your domain.

TLS pending validation

Click Verification options.

This is where things can get a bit unpredictable depending on your domain registrar! The instructions below should work for most providers. 🤞

Copy the ACME DNS challenge CNAME and value (hit the clipboard icon for the value). The CNAME will be _acme-challenge followed by your domain name, and the address to point the DNS record at will be a string of characters followed by fastly-validations.com.

TLS verification

In your domain registrar account (wherever you registered the domain), navigate to the Custom DNS settings. We’re going to add two new CNAME records, one to verify the domain for the TLS certificate, and one to route the domain traffic to Fastly.

First let’s verify the domain:

  • Set the host name to the address from the TLS info that’s something like _acme-challenge followed by your domain name (note that for some domain management tools you only need to enter the subdomain up to www and they add the rest)
  • Set the address (sometimes called data or content, it’ll expect an IP address) to the value you copied that includes fastly-validations.com

DNS example

Save your new record. With any luck back in your Fastly account the domain will pass validation!

Domain passing validation

Shortly after this the certificate will be issued.

Certificate issued

Point your domain at Fastly

OK we’re almost there! Now you just need to point your domain to Fastly. This is what will happen once your domain settings are in place:

  • Someone visits the domain
  • The domain points at Fastly
  • Fastly finds the service with the domain in it
  • Fastly sends the visitor a response based on the service config – at first it’ll be the origin host response (for me this will be the Glitch site), then later it might be cached, meaning Fastly doesn’t even need to visit the origin

🚨 Do not complete this step until you’re ready to send visitors to your domain to the origin in your Fastly service – this is the point at which your domain traffic will start moving through Fastly.

First you’ll need to grab the correct CNAME to point your domain at – in your Fastly account, navigate to (Secure > TLS Certificates >) Domains and View details for the domain. Copy the CNAME record address – it will be a single character followed by .sni.global.fastly.net.

CNAME details

🔋 To enable IPv6, append dualstack. to the start of your address.

Back in your domain registrar DNS settings, add another CNAME record, this time for the www version of your domain, pointing at e.g. dualstack.t.sni.global.fastly.net (adjust that single character to match your certificate). If you already have a CNAME record for www you'll need to replace it with the one for your Fastly service.

CNAME pointing to Fastly

💡 If you have an existing CNAME record for the domain, you may want to reduce the TTL value before making a change, to speed up the process of sending your traffic through Fastly – this also helps if things go wrong and you need to make further changes.

Give it some time for your changes to propagate (at least the TTL value, which is in seconds) and you should soon see the origin site you pointed your Fastly service at when you visit the domain you registered!

The site being served through Fastly

Well check that out, it’s my Glitch in Bio site being served through a Fastly cache node in Manchester and at my daft domain. 🎉

🛠️ Use the terminal command dig <your-domain.com> to check what’s happening with the DNS while you wait for changes to propagate.

Note on using apex domains

If you want to use the apex version of your domain (without a subdomain like www at the start of it, like suesmith.lol) with Fastly, you'll need a few extra steps – clone your CDN service to edit the configuration, then activate the new version when you're ready:

  • Add the apex version of your domain in both your Fastly CDN service and your TLS certificate, carrying out the necessary verification in your DNS settings
  • In your DNS settings, in addition to the CNAME record for the www version of your site, add A records with the Fastly IP addresses from your TLS subscription – more detail in the Fastly docs
  • Optional: In your Fastly service, switch on the Redirect traffic to www subdomains setting, choosing the apex version of your domain

Your DNS provider may also be able to redirect your apex domain to the www version.

🛟 If you get stuck and can’t get your domain to connect up, pop over to community.fastly.com and ask for help. There will almost certainly be someone who has encountered your issue before, and otherwise your post will help future developers!

Next steps

The Fastly docs have a ton of additional info on using the CDN and TLS for your site:

👀 Check out the Observability stats for your site in your Fastly account.

🍬 If you don’t have a site or host yet but want to point your domain somewhere, grab a Glitch in Bio remix from glitch.new/links and use its .glitch.me address as your service origin – you can easily switch it out later if you want to point your domain somewhere else!

🚨 Update 19 December 2023: You should have your own domain

Top comments (4)

Collapse
 
eshin_gansho profile image
Eshin Gansho

I love how Fastly's TLS Manager succeeds domain verification then as it is requesting the subscription it changes to fails verification and does this over and over for hours when the TXT record was added to my domain once and remains there unchanged and every server around the world on dnschecker.org/ has ZERO issues resolving it but Fastly keeps saying it can't. Seems Fastly is broken and unusable. I get that the first two domains are free, but why would anyone ever want to pay for it if that doesn't even function right? Not a good look Fastly!

Collapse
 
eshin_gansho profile image
Eshin Gansho

A follow up, after 12 hours of trying Fastly's own certificate authority, I check the Let's Encrypt checkbox and that one instantly worked, so Fastly's certificate system just doesn't work it seems.

Collapse
 
suesmith profile image
Sue Smith

Hi there! Apologies for the hassle, we did have an outage last week which may have affected you. I have several of my own domains working through Fastly's own certificate authority so can assure you it does work! Since you mention a TXT record which we don't touch in this guide, can I ask if the flow you followed was the one in this post or something different? Any more detail you can provide about errors you were seeing would be great. If you're comfortable sharing your domain, the Fastly TLS team would love to look into this further for you.

Thread Thread
 
eshin_gansho profile image
Eshin Gansho

Yes, I followed the flow precisely. It is good Fastly offers the Let's Encrypt option as a fallback in case Fastly's certificate system isn't working, that came in handy. Everything is working now and well at that, thanks!