Domains
Every project is reachable at {project}.orkestr.run out of the box, with TLS already in place. On paid plans you can also attach your own custom domains, and orkestr provisions and renews the certificate for you.
Adding a custom domain
- Go to Domains and add your domain (for example
app.example.com). - orkestr shows you the DNS record to create. Add it at your DNS provider.
- orkestr verifies the record and issues a TLS certificate.
- Once verified, traffic to your domain routes to the project.
# Point your domain at the project (example record)
app.example.com CNAME {project}.orkestr.runHow verification works
After you add the DNS record, orkestr checks that it resolves correctly before issuing a certificate. Until DNS has propagated and verification passes, the domain shows as pending - this can take anywhere from a few minutes to a while, depending on your DNS provider's TTL.
TLS
Certificates are issued and renewed automatically. You never handle keys or renewals - a daily sweep re-issues anything close to expiry. The default .orkestr.run subdomain is always served over HTTPS too.
Apex vs subdomain
- Subdomain (e.g.
app.example.com) - the simplest case, pointed with the record orkestr gives you. - Apex / root (e.g.
example.com) - use whatever apex-pointing mechanism your DNS provider supports; follow the record shown when you add the domain.
.orkestr.run subdomain is available on every plan.FAQ
How long until my domain works?
As soon as the DNS record propagates and verification passes. Lower your record's TTL beforehand if you want it to be quick.
Do I need to upload a certificate?
No. orkestr issues and renews TLS automatically for both custom domains and the default subdomain.
Can one project have multiple domains?
Yes - add each domain and create its DNS record; they all route to the same project.
Is my origin IP exposed?
No. Traffic is fronted by the CDN, which terminates TLS and hides the underlying host.