Using the steps below, makers with admin access can customize a portal's domain.
Note: We recommend using Cloudflare as your DNS provider. The only provider-specific instructions in this article relate to Cloudflare.
In this article:
- Create a custom CNAME record with your DNS provider
- Check CAA records
- Validate domain ownership
- Set up a custom domain on your Productboard workspace
- Troubleshooting
Create a custom CNAME record with your DNS provider
If you're using a provider that isn't Cloudflare, make sure it supports SSL (AWS Cloudfront. for example).
- Change your domain nameservers to point to the provider you will be using. Here is documentation on how to change your domain nameserver to Cloudflare.
- Wait for DNS propagation. DNS changes can take up to 72 hours to take effect (but are typically much faster).
- Go to the DNS section on your provider's website and add a CNAME record for your public portal custom domain. The name is based on the first part of your custom domain, so if your custom domain is roadmap.example.com, use ‘roadmap‘.
- Point the CNAME record at Productboard’s portal domain: app.productboard.com.
Warning: It is NOT recommended to enable Cloudflare's orange “Proxy” option as Productboard already uses Cloudflare CDN and it might cause additional issues. Please refer to the troubleshooting section below if you have issues with the proxy enabled.
Checking CAA records
Productboard will automatically issue a certificate for your custom domain using Cloudflare’s integration with the Let’s Encrypt certificate authority. This ensures Let’s Encrypt can safely generate a certificate for you. If you do not use CAA records, feel free to skip ahead.
CAA DNS records are used to restrict which certificate authorities can generate certificates for your domains. Please check your DNS zones for CAA records. You can use online tools such as this one from entrust.com.
If you do use CAA records, please make sure you are allowing letsencrypt.org. This means having a CAA record such as 0 issue "letsencrypt.org" for your domain or any of its parent domains. For example, if your custom domain is portal.example.com, it is also inheriting CAA records from example.com.
Warning: you cannot place CNAME and CAA records at the same level. Your CAA records must be placed at a higher level to be effective. For example, a portal at portal.example.com must have CAA records set at example.com. If your internal policy forbids Let’s Encrypt, please contact Productboard Support. We might be able to use an alternate authority or guide you in setting up your own TLS proxy.
The example below shows Cloudflare's process for adding a CAA record for productboard.com to the list of CAA records, which currently includes only amazon.com.
Validate domain ownership
In order to prevent other malicious users from registering their own Portal with your custom domain we need to validate that the custom domain you provide in the Portal sharing settings belongs to you.
We validate the domain ownership by using Cloudflare’s DCV delegation mechanism.
In order to pass our domain ownership validation, go to the DNS management section on your provider's website and add a CNAME record following the format below:
_acme-challenge.<your-portal-hostname>
For example, if you want to host a portal on roadmap.example.com
use _acme-challenge.roadmap
as a subdomain for the CNAME record.
The target of the CNAME record should look as follows:
<your-portal-hostname>.d19149da518b6350.dcv.cloudflare.com
For example, if you want to host a portal on roadmap.example.com
, you’d use roadmap.example.com.d19149da518b6350.dcv.cloudflare.com
as the Target.
Here’s how the setup might look if you’re using Cloudflare (note that Cloudflare turns the proxy switch on by default. Make sure to set DNS only (proxy off) when adding the record):
Once the CNAME entry is there you can go to Productboard and set up a custom domain for your Portal.
Note: Please don’t remove the _acme-challenge entry as long as you’re using a custom domain for your portal. If at some point you decide to stop using the portal with a custom domain, make sure to first remove the _acme-challenge entry and only then change your portal sharing settings.
Set up a custom domain on your Productboard workspace
- Go to your Productboard workspace.
- Go to the portal you wish to share.
- Click Share
- In Portal share settings, select Public and toggle on Host Portal on your domain.
- Add your custom domain and click Save.
Once saved, changes will be deployed on our back end. It might take up to 30 minutes for changes to take effect. Wait 30 minutes and try to visit the custom domain for your public portal.
If you see your public portal on your custom domain, your portal is fully secured and ready to go. Users visiting your portal will see the green lock icon in their browser, letting them know the site is secure! ✅
Note: Portal sharing options apply only to the portal from which you access them. That means you can have several different portals with their own custom domains going at once!
Troubleshooting
HTTPS is not working
Symptoms:
- Cloudflare's error code for this is 1001.
- Other DNS providers will throw other errors, SSL errors, or display an unexpected page.
Please wait at least 30 minutes after making any DNS changes for results to appear.
If nothing happens, your provider may be having problems generating a certificate for your custom domain via Let’s Encrypt or validating your CNAME record internally.
First, ensure you have no CAA records blocking Let’s Encrypt from issuing a certificate. If you have CAA records installed for your domain, please make sure one of your CAA records includes 0 issue "letsencrypt.org". Please mind that CAA records are frequently placed at level 2 domains, so for example if your custom domain is portal.example.com, your CAA record might be at example.com.
If you are using the orange proxy option on Cloudflare or another proxy in between, try removing said proxy temporarily to see if that fixes the issue. Your proxy might be blocking Let’s Encrypt’s validation bot or Cloudflare’s own domain validation bot.
If the issue still persists, please disable your custom domain in Productboard, wait 30 minutes, then enable it again. Cloudflare uses a backoff schedule if your domain fails to validate for some time and it can take up to 24 hours. Re-enabling your domain can trigger the validation sooner.
Cloudflare Rocket Loader conflict
Symptoms:
- Your portal appears blank after deployment and you can see a green lock icon in the browser.
Open DevTools in your browser.
If you see that the rocket-loader.mins.js
script is not allowed to load, turn off the Rocket Loader script in your Cloudflare settings by going to Cloudflare > Speed tab > Optimalization > scroll down to Rocket Loader > click Turn off.
Custom domain not working after 7 days
Symptoms:
- Your custom domain is not working correctly and more than 7 days have passed since you set it up in Productboard.
Our domain ownership validation solution has a 7-day retry schedule. After this period no more validation checks will happen and you will need to remove and readd your custom domain in Productboard.
- Uncheck Host Portal on your domain in Productboard’s “Share portal” settings and click Save.
- Go through these docs again: ensure your domain is ready for validation and enable your custom domain again in the Share portal settings.
Comments
Article is closed for comments.