|
| 1 | +Custom Domains |
| 2 | +============== |
| 3 | + |
| 4 | +With custom domains you can serve your documentation from your own domain. |
| 5 | +By default your documentation is served from a Read the Docs :ref:`subdomain <hosting:subdomain support>`: |
| 6 | +``<slug>.readthedocs.io`` or ``<slug>.readthedocs-hosted.com``, |
| 7 | +for example ``https://pip.readthedocs.io``. |
| 8 | + |
| 9 | +.. contents:: |
| 10 | + :local: |
| 11 | + |
| 12 | +Adding a custom domain |
| 13 | +---------------------- |
| 14 | + |
| 15 | +To setup your custom domain, follow these steps: |
| 16 | + |
| 17 | +#. Go the :guilabel:`Admin` tab of your project. |
| 18 | +#. Click on :guilabel:`Domains`. |
| 19 | +#. Enter your domain. |
| 20 | +#. Mark the :guilabel:`Canonical` option if you want use this domain |
| 21 | + as your :doc:`canonical domain </canonical-urls>`. |
| 22 | +#. Click on :guilabel:`Add`. |
| 23 | +#. At the top of the next page you'll find the value of the CNAME record that you need to point your domain to. |
| 24 | + For |org_brand| this is ``readthedocs.io``, and for :doc:`/commercial/index` |
| 25 | + the record is in the form of ``<hash>.domains.readthedocs.com``. |
| 26 | + |
| 27 | + .. note:: |
| 28 | + |
| 29 | + For a subdomain like ``docs.example.com`` add a CNAME record, |
| 30 | + and for a root domain like ``example.com`` use an ANAME or ALIAS record. |
| 31 | + |
| 32 | +By default, we provide a validated SSL certificate for the domain, |
| 33 | +this service is provided by Cloudflare. |
| 34 | +The SSL certificate issuance can take about one hour, |
| 35 | +you can see the status of the certificate on the domain page in your project. |
| 36 | + |
| 37 | +As an example, fabric's DNS record looks like this: |
| 38 | + |
| 39 | +.. prompt:: bash $, auto |
| 40 | + |
| 41 | + $ dig CNAME +short docs.fabfile.org |
| 42 | + readthedocs.io. |
| 43 | + |
| 44 | +.. warning:: |
| 45 | + |
| 46 | + We don't support pointing subdomains or root domains to a project using A records. |
| 47 | + DNS A records require a static IP address and our IPs may change without notice. |
| 48 | + |
| 49 | +Strict Transport Security |
| 50 | +------------------------- |
| 51 | + |
| 52 | +By default, we do not return a `Strict Transport Security header`_ (HSTS) for user custom domains. |
| 53 | +This is a conscious decision as it can be misconfigured in a not easily reversible way. |
| 54 | +For both |org_brand| and |com_brand|, HSTS for custom domains can be set upon request. |
| 55 | + |
| 56 | +We always return the HSTS header with a max-age of at least one year |
| 57 | +for our own domains including ``*.readthedocs.io``, ``*.readthedocs-hosted.com``, ``readthedocs.org`` and ``readthedocs.com``. |
| 58 | + |
| 59 | +.. _Strict Transport Security header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security |
| 60 | + |
| 61 | +Legacy domains on |com_brand| |
| 62 | +----------------------------- |
| 63 | + |
| 64 | +Some older setups configured a CNAME record pointing to |
| 65 | +``<organization-slug>.users.readthedocs.com``, |
| 66 | +these domains will continue to resolve. |
| 67 | + |
| 68 | +Previously you were asked to add two records, |
| 69 | +this process has been simplified. |
| 70 | +If you have doubts about deleting some of the old records, |
| 71 | +please reach out to :ref:`support <support:user support>`. |
| 72 | + |
| 73 | +Multiple documentation sites as sub-folders of a domain |
| 74 | +------------------------------------------------------- |
| 75 | + |
| 76 | +You may host multiple documentation repositories as **sub-folders of a single domain**. |
| 77 | +For example, ``docs.example.org/projects/repo1`` and ``docs.example.org/projects/repo2``. |
| 78 | +This is `a way to boost the SEO of your website <https://moz.com/blog/subdomains-vs-subfolders-rel-canonical-vs-301-how-to-structure-links-optimally-for-seo-whiteboard-friday>`_. |
| 79 | + |
| 80 | +See :doc:`subprojects` for more information. |
| 81 | + |
| 82 | +Troubleshooting |
| 83 | +--------------- |
| 84 | + |
| 85 | +SSL certificate issue delays |
| 86 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 87 | + |
| 88 | +The status of your domain validation and certificate can always be seen on the details page for your domain |
| 89 | +under :guilabel:`Admin` > :guilabel:`Domains` > :guilabel:`YOURDOMAIN.TLD (details)`. |
| 90 | + |
| 91 | +Domains are usually validated and a certificate issued within minutes. |
| 92 | +However, if you setup the domain in Read the Docs without provisioning the necessary DNS changes |
| 93 | +and then update DNS hours or days later, |
| 94 | +this can cause a delay in validating because there is an exponential back-off in validation. |
| 95 | +Loading the domain details in the Read the Docs dashboard and saving the domain again will force a revalidation. |
| 96 | + |
| 97 | +Certificate authority authorization |
| 98 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 99 | + |
| 100 | +Certificate authority authorization (CAA) is a security feature that allows domain owners to limit |
| 101 | +which certificate authorities (CAs) can issue certificates for a domain. |
| 102 | +This is done by setting CAA DNS records for your domain. |
| 103 | + |
| 104 | +The readthedocs domains that you'll point your domains to already |
| 105 | +have the proper CAA records. |
| 106 | + |
| 107 | +.. prompt:: bash $, auto |
| 108 | + |
| 109 | + $ dig +short readthedocs.io CAA |
| 110 | + 0 issue "digicert.com; cansignhttpexchanges=yes" |
| 111 | + 0 issuewild "digicert.com; cansignhttpexchanges=yes" |
| 112 | + 0 issue "comodoca.com" |
| 113 | + 0 issue "letsencrypt.org" |
| 114 | + 0 issuewild "comodoca.com" |
| 115 | + 0 issuewild "letsencrypt.org" |
| 116 | + |
| 117 | +.. prompt:: bash $, auto |
| 118 | + |
| 119 | + $ dig +short 0acba22b.domains.readthedocs.com CAA |
| 120 | + proxy-fallback.readthedocs-hosted.com. |
| 121 | + 0 issue "digicert.com" |
| 122 | + 0 issue "comodoca.com" |
| 123 | + 0 issue "letsencrypt.org" |
| 124 | + |
| 125 | +In case that there are CAA records for your domain that do not allow the certificate authorities that Read the Docs uses, |
| 126 | +you may see an error message like ``pending_validation: caa_error: YOURDOMAIN.TLD`` |
| 127 | +in the Read the Docs dashboard for your domain. |
| 128 | +You will need to update your CAA records to allow us to issue the certificate. |
| 129 | + |
| 130 | +We use Cloudflare, which uses Digicert as a CA. See the `Cloudflare CAA FAQ`_ for details. |
| 131 | + |
| 132 | +.. _Cloudflare CAA FAQ: https://support.cloudflare.com/hc/en-us/articles/115000310832-Certification-Authority-Authorization-CAA-FAQ |
| 133 | + |
| 134 | +.. note:: |
| 135 | + |
| 136 | + If your custom domain was previously used in GitBook, contact GitBook support (via live chat in their website) |
| 137 | + to remove the domain name from their DNS Zone in order for your domain name to work with Read the Docs, |
| 138 | + else it will always redirect to GitBook. |
0 commit comments