DNS Configuration

Expose requires specific DNS records to route traffic correctly.

Required Records

Create these A records pointing to your VPS IP:

Type	Name	Value	Purpose
A	`api`	`YOUR_VPS_IP`	API server
A	`*.expose`	`YOUR_VPS_IP`	Tunnel subdomains
A	`*.hosted`	`YOUR_VPS_IP`	Deployment subdomains

Example Configurations

OVH

Go to Web Cloud → Domain names → Your domain → DNS Zone
Add records:
- Type: A, Subdomain: api, Target: Your IP
- Type: A, Subdomain: *.expose, Target: Your IP
- Type: A, Subdomain: *.hosted, Target: Your IP

Cloudflare

Go to DNS → Records
Add A records (disable orange proxy cloud):
- Name: api, IPv4: Your IP, Proxy: DNS only
- Name: *.expose, IPv4: Your IP, Proxy: DNS only
- Name: *.hosted, IPv4: Your IP, Proxy: DNS only

DigitalOcean

Go to Networking → Domains → Your domain
Create A records for each subdomain

Verify DNS

After creating records, verify they’re working:

# Check API domain
dig +short api.yourdomain.com
# Should return your VPS IP

# Check wildcard
dig +short test.expose.yourdomain.com
# Should return your VPS IP

DNS propagation usually takes 5-30 minutes, but can take up to 48 hours.

TLS Certificates

Expose uses wildcard TLS certificates via Let’s Encrypt DNS-01 challenge. This requires API access to your DNS provider.

OVH API Setup

Go to https://eu.api.ovh.com/createToken/
Create a token with these permissions:
- GET /domain/zone/*
- PUT /domain/zone/*
- POST /domain/zone/*
- DELETE /domain/zone/*
Save the Application Key, Application Secret, and Consumer Key

Cloudflare API Setup

Go to Profile → API Tokens
Create token with Zone → DNS → Edit permissions
Save the API Token

Troubleshooting

DNS Not Resolving

# Check if record exists
dig yourdomain.com ANY

# Check specific record
dig +trace api.yourdomain.com

Certificate Issues

If Let’s Encrypt can’t issue certificates:

Verify DNS API credentials
Check Traefik logs: docker logs traefik
Ensure DNS records are correct
Wait for full DNS propagation