staging domain doesnt resolve

psybox

Hi
Originally I set staging.mydomain.com against the enhance control panel IP in cloudflare (A record). When you preview a site though it creates "previeweryeuriy.staging.mydomain.com" which never resolves. I created a staging domain on a test client called mytestdomain.staging.mydomain.com and it did not resolve either (yet wordpress auto installed, but you cannot login or see the website).

Re-reading the install instructions it suggests that I should not have created an A record in cloudflare for "staging". So I have removed it. However I am no further forward in getting "staging" to work. I created A record for webmail / phpmyadmin and they all work as expected.

I suspect cloudflare is causing some issues here - but I think I have the setup wrong??

twest

It's a little weird if you don't use Enhance DNS to host your staging domain. I really want 100% of my stack protected by Cloudflare, so I tested many things to get done to resolve, including adding the paid total tls service in CF to allow for valid SSL on sub-sub-domains, but nada work.

What finally did work for me was setting up my staging site on its own new domain so that my staging sites would resolve to website.stagingsite.com... Now that worked when I only had my one panel for hosting, but I was told I would need additional steps to get it to work on other hosting servers. Specifically, I was told to put a new record for *. hostname.stagingsite.com. now I don't know if that will run into the same problem I had before, because Cloudflare won't issue a valid SSL for sub-sub-domains, only sub-domains... I thought total tls would account for that problem though, but maybe not. It very may well be that we need to have a non-cloudflare domain with DNS managed by enhance-panel nameservers so it can get correct DNS config mapped out for all servers.

It's unfortunate, and opens a small security gap, exposed our origin server IPs, but to offer staging site functionality in enhance across multiple servers might not have any other option.

twest

I will test the issue of adding staging on additional servers with Cloudflare using the dedicated staging domain momentarily. I know it won't work on the free version for website.hostname.stagingsite.com, because that's too many level of subdomains down. So I will primarily be testing to see if it will resolve with Total TLS enabled which should give valid SSL and hopefully resolve... If the test fails, then there will be no way around it and the staging sites are just going to have to have DNS hosted on Enhance DNS.

twest

Okay I ran the test and confirmed it's not resolving with website.hostname.stagingsite.com. I have Total TLS in Cloudflare setup to validate sub-sub-domains automatically for *.hostname.stagingsite.com, but it doesn't resolve... I'm not sure why I was told to try that by Enhance guy, but it doesn't work.

What does work is just manually adding the dns into my staging site dns at Cloudflare for website.stagingsite.com and pointing the IP at whichever server the staging site is hosted at. You have to double check this because Enhance doesn't do the logical thing of placing staging sites on the same server as the website, so for me for example Enhance placed the staging site in another server in my case so I had to point the IP in Cloudflare at that server - it's a dumb waste of bandwidth that hopefully they fix in a future update (imagine you have a hosting site on a server in Los Angeles and the staging site gets dumped on a server you have in New York, now it has to transfer the data thousands of miles for no reason, then when you push it back to live it has to do that again, such a waste).

So to have 100% Cloudflare for staging, you need to manually create the dns entries at Cloudflare. If you want it to work automatically, you need to host your staging domain on the Enhance dns servers. Sucks, but it is what it is.

psybox

thanks @twest just to clarify;

your control panel (that all clients log into) is yourdomain.com
you have phpmyadmin.yourdomain.com / webmail.yourdomain.com etc (but not staging.yourdomain.com)
You have a new domain that you have set for the staging url - yourstagingdomain.com
you server hostnames are all serverA.yourstagingdomain.com / serverb.yourstagingdomain.com
in cloudflare you have then created A record for each server for serverA.yourstagingdomain.com / serverb.yourstagingdomain.com

I have to admit that is a little confusing and I have all my cloud servers using the same cloud domain name as the control panel and I dont want to have to undo that to be honest - but is doable I guess. A separate domain name for staging is super confusing for clients - but I really want to use cloudflare

twest

psybox you got it all pretty much right, except about server hostnames. My hostnames aren't setup to be related to the staging site domain, in your example my hostnames are host1.yourdomain.com, host 2.yourdomain.com.

And then the last step about Cloudflare, no I don't have records on my staging domain that point at anything anymore, since my test of making it automatic failed... The result of the test showed that whether you use a dedicated staging domain name or your main domain, it doesn't matter because Cloudflare and enhance don't work for automatic staging.

So you can keep using your main domain set to staging.yourdomain.com. And when you need to setup a staging site it will be site.staging.yourdomain.com. You will then need to create that as an A record in your Cloudflare (and you will need to buy $10/mo Total TLS do you can get an advanced SSL certificate that can put SSL on sub-sub-domains).

The alternative to all that is to use enhance DNS for your staging domain, then it will handle it all automatically. But you get no Cloudflare protection.

I'm not quite sure which way I'm going to go... I don't want to have to update my staging DNS at Cloudflare every time someone needs staging setup. But I also don't want any part of my stack to be unprotected by Cloudflare... For now, I'm just going to update Cloudflare manually as-needed, maybe enhance will fix this situation some day and it will work automatic.

psybox

twest thank you - that is he;pful/ I am going to keep my control panel url for the servers using cloudflare. I will purchase a spearate staging domain and host on enhance dns. Best of both worlds I think for now.