Custom domain with CNAME

Currently, it is not possible to assign a custom domain name to a Bucket. If you want to use your own domain, you can manually set up domain forwarding.

This how-to guide explains how to set up a CNAME record. Since CNAME records currently do not work unless the host header is set as the Bucket URL, this how-to guide also explains how to overwrite the host header in the following two example scenarios:

Via Cloudflare with the Enterprise Plan
Via a short code snippet at the beginning of a Python script that uses your domain

Prerequisites:

Your own domain
A Bucket with public objects

By the end of this how-to guide, all requests should get forwarded directly to the Bucket.

Create a new DNS entry

Create a new CNAME record. Point the domain at the hostname of the Bucket.

TYPE Name Value

CNAME example.com <bucket_name>.<region>.your-objectstorage.com

Note that it can take several hours to propagate.

TYPE	Name	Value
CNAME	example.com	`<bucket_name>.<region>.your-objectstorage.com`

Check the connection

You can use nslookup to check if the changes were already applied:
```
nslookup example.com
```
Once the CNAME record works, you can use curl to check if you can successfully access the Bucket data via your domain. Note that the host header of the request has to be the Bucket URL. For now, you can set the host header in the curl request. At the moment, Server Name Indication (SNI) is not set to the correct hostname. For this reason, you will also need the flag --insecure.
```
curl -H "Host: <bucket_name>.<region>.your-objectstorage.com" --insecure https://example.com/test.txt
```

Overwrite the host header via a provider

Some providers offer the option to overwrite the host header of incoming requests.

Cloudflare, for example, offers this feature to customers with the Enterprise Plan:
- Select your domain
- In the left menu bar, navigate to "Rules" » "Overview"
- Select + Create rule » Origin Rule
- Set to which incoming requests this rule should be applied
  
  Field Operator Value
  
  Hostname equals example.com
- For "Host Header", select the option Rewrite to... and enter your Bucket URL

Field	Operator	Value
Hostname	equals	example.com

Overwrite the host header and set the SNI in a script

If you can't change the host header via your provider and you're using the domain in a script, you can change the header via a short code snippet at the beginning of the script.

The code snippet has to cover the following values:

GET request

Client sends request to
CNAME points to, and DNS returns IP for

example.com
<bucket_domain>

Client

Set SNI for TLS handshake

Default
Set to

example.com
<bucket_domain>

Set Host header in HTTP request

Default
Set to

example.com
<bucket_domain>

Server

Returns cert. for

Receives request for

<bucket_domain>

<bucket_domain>

Overwrite	Description
SNI	SNI (Server Name Indication) specifies which hostname the client expects a SSL/TLS certificate for, and which SSL/TLS certificate the server should send. If the server does not have a certificate for the requested hostname, it will return a standard certificate. If the client receives a different certificate than it expected, certificate verification fails. By default, SNI matches the original requested domain. Our servers do not have SSL/TLS certificates for your custom domain, so you have to overwrite the SNI value with the Bucket domain.
Host header	The host header defines the requested domain. If a server receives a request for a domain it doesn't host, the request will fail. By default, the host header will be your domain but you can overwrite the value with the actual Bucket domain.

Overwrite

Description

SNI

SNI (Server Name Indication) specifies which hostname the client expects a SSL/TLS certificate for, and which SSL/TLS certificate the server should send. If the server does not have a certificate for the requested hostname, it will return a standard certificate. If the client receives a different certificate than it expected, certificate verification fails. By default, SNI matches the original requested domain. Our servers do not have SSL/TLS certificates for your custom domain, so you have to overwrite the SNI value with the Bucket domain.

Host header

The host header defines the requested domain. If a server receives a request for a domain it doesn't host, the request will fail. By default, the host header will be your domain but you can overwrite the value with the actual Bucket domain.

The example below uses urllib3 (see documentation about SNI).

Replace example.com and <bucket_name>.<region> with your own information.

import urllib3

def fetch(url):

    if "example.com" in url:
        headers = {"Host": "<bucket_name>.<region>.your-objectstorage.com"}
        sni_hostname = "<bucket_name>.<region>.your-objectstorage.com"
    else:
        headers = {}
        sni_hostname = None

    parsed_url = urllib3.util.parse_url(url)
    http = urllib3.HTTPSConnectionPool(parsed_url.host, assert_hostname=sni_hostname)
    return http.request("GET", parsed_url.request_uri, headers=headers).data.decode()

print(fetch("https://example.com/test.txt"))

When you access your domain, the request should now get forwarded to the Bucket.