Adding a domain

In the management console, select the folder.

From the list of services, select Smart Web Security.

In the left-hand panel, select Domain security and select the proxy server you want to add a domain for.

In the left-hand menu, go to the Domains tab and click Add domain.

Enter the address of the domain your web application is in.

You can add a wildcard domain, e.g., *.example.com. In which case requests to all subdomains of the specified domain will be processed.

Optionally, enter a domain description.

Click Continue.

Specify the protocol for your web application to communicate with its users as well as additional parameters:

• HTTPS and HTTP: Encrypted HTTPS connection and HTTP support for rare use cases. For example, for a transition period or to support legacy equipment.

  • Optionally, enable Redirect HTTP to HTTPS to send HTTP requests over HTTPS.

  • Optionally, expand the Connection settings section and change the numbers of used ports and the HTTPS version.

    By default, the HTTP/2 version, HTTP port 80, and HTTPS port 443 are used.

• HTTPS: Encrypted HTTPS connection.

  • Optionally, expand the Connection settings section and change number of the used port and the HTTPS version.

    By default, the HTTP/2 version and HTTPS port 443 are used.

• HTTP: Unencrypted connection. We recommend using it for test purposes only. You do not need a certificate for this option, but traffic between the user and your application will be transmitted in plain text.

  • Optionally, expand the Connection settings section and change the number of the used port.

    HTTP port 80 is used by default.

If using HTTPS, select a certificate from Certificate Manager issued for the specified domain or click Create and select:

• Custom certificate: If your web application already has a TLS certificate.

  1. Enter a name and description for the certificate.
  2. Optionally, enable deletion protection to prevent the certificate from being deleted.
  3. Copy or upload the certificate, intermediate certificate chain, and your private key in PEM format.
  4. Click Create certificate.

• Let's Encrypt certificate: If your web application does not have a TLS certificate.

  1. Enter a name and description for the certificate.

  2. Optionally, enable deletion protection to prevent the certificate from being deleted.

  3. Click Create certificate. The interface will prompt you to create a CNAME resource record in the public DNS zone of your domain. You need this record to verify your domain rights.

     Note

     You can create the record manually or, if your domain is delegated to Yandex Cloud DNS, use this guide to automatically create a resource record.

     Wait until your rights for the domain are confirmed. It usually takes a few minutes to complete the check.

  4. To view the check status, click Show logs.

     After the check status changes to Valid, the certificate will be issued and its status will change to Issued. Until the certificate is issued, you will not be able to proceed with adding the domain.

Click Continue.

Under Target resources, set up the targets:

1. Enter the server IP address and port your web application runs on.

2. Optionally, enter a comment for the server.

3. Optionally, click Add resource to add connections to any additional targets.

4. Optionally, expand the Connect target resources section to configure additional connection settings:

   • In the Protocol field, select the connection protocol, HTTPS or HTTP.
   • Optionally, if you selected HTTPS and have multiple domain names and certificates, in the SNI field, add a SNI handler to route traffic based on the domain name.
   • If you selected HTTPS, upload the TLS certificate file.
   • Select the protocol version, HTTP/2 or HTTP/1.1.

Click Add domain.