(FYI, I've just gone through this again while writing this, and now the bare domain works and the www. doesn't 🙈 )

If you want both to work like that then you'll need to add two custom domains, a [www.[mydomain.com](mydomain.com)](www.[mydomain.com](mydomain.com)) one and a [mydomain.com](mydomain.com) one

Although my recommendation would be to choose one of them and then have the other redirect to your chosen one, this keeps things more consistent

I have two custom domains

I'd be happy to do the redirect - I have tried that in Cloudflare using a Redirect Rule - I think I must have done that wrong, as it didn't work

Oh I see now, sorry I misread 🙏
Based on how you set it up, it should work 🤔

Quick side note here:

I've tried changing SSL/TLS mode from Full to Flexible in Cloudflare, still doesn't work
SSL/TLS mode should always be on full when on Railway

Full strict, or just Full?

Just Full is fine

cool

if you're doing the redirect, is the best thing to set up a custom domain for the bare, or for www., domain in railway?

that's completely up to you, personally I like it when websites don't use www but that's just personal preference 🤣

and you set up the redirect in Cloudflare using a Redirect Rule?

also, should Universal SSL be on?

I believe so, although I'm not very experienced with Cloudflare so I can't really help a lot in that context

No, that should be turned off

ok, so I've just:

1. Removed my custom domains

2. Added mydomain.com (the bare url)

3. Added a CNAME for @ and .[up.railway.app](up.railway.app) to Cloudflare

4. Disabled Universal SSL

and now none (www.mydomain.com, http://mydomain.com, https://mydomain.com and https://www.mydomain.com) of my urls are working

Would you mind sharing the domain you're using?

DMd

Seems the cause is a ERR_SSL_VERSION_OR_CIPHER_MISMATCH, usually these resolve themselves and are usually caused by SSL cache

interesting - when I do:

$ curl -I -L https://mydomain.com curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

and

```$ curl -I -L mydomain.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Aug 2024 15:54:23 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Aug 2024 16:54:23 GMT
Location: https://shareapodcast.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAt5pqcLCaUK3nHvDZkqM%2FyafZDuw3THGN8Km4eT9OpTLz4B8r2%2FHLyH%2FrfMWdd2GNyrnv3XeinvtjYJOGLlId2oukEQcfXPIGn%2FC3Lx3%2BL3vteuwTRHCH%2BFwAaztN7Kt%2FSLmw%3D%3D"}],"group":"cf-nel","maxage":604800} NEL: {"successfraction":0,"reportto":"cf-nel","maxage":604800}
Server: cloudflare
CF-RAY: 8b08eca85d4d949f-LHR
alt-svc: h3=":443"; ma=86400

curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure```

I ran a DNS check on the domain and I'm not seeing any CNAMEs on it 🤔

who do you own the domain with?

bought on GoDaddy, DNS transfer to Cloudflare

I've just reenabled Universal SSL and my bare domain url works again

Easiest thing is to point your bare domain at railway, and point www at your bare domain:

hmm the plot thickens, this is something I haven't tried

back in 5 mins

If that doesn't work, you can also redirect www to your bare domain: https://developers.cloudflare.com/pages/how-to/www-redirect/

this doesn't seem to work for me: bare domain does, www. doesn't

trying second suggestion, thank you Dane

I just set one up, had to point the www domain at the bare domain, and add the bulk redirect.

The DNS record on the www just allows Cloudflare to listen on www (they are pointing it to a dummy IP), using a CNAME record pointing to the bare domain works as well.

it works!!

Dane, thank you, you are a hero

I think that's the cleanest solution as you are also telling google not to index the www because of the 301 redirect

thank you so much; I really appreciate your help

can you DM your domain?

nvm i can grab it from your service

yeah it's there

show me your dns in cloudflare?

DMd

ssl tls mode set to full?

ah man I've just deployed and I now get a 404

annnd it's back

universal ssl off? this should be on, dane is right

SSL/TSL = Full, Universal is off

Universal SSL should be on (unless you have an advanced certificate). The hosts on your universal ssl should be *.[example.com](example.com), [example.com](example.com) to include www.
SSL = Full

The connection from Cloudflare to Railway is over SSL, so you need SSL = Full.
Full (strict) is only when you are using a cloudflare origin cert on Railway (can be done through a cloudflare warp tunnel)

turning Universal SSL on stops my www. -> bare domain redirect working

(unless there's an amount of time I need to wait after enabling it)

There usually is a bit of a time delay. Do you have an advanced certificate as well, or just universal?

whatever is out of the box/free, I guess universal?

ok, so you would need to have universal enabled as that is the only certificate encrypting your connection between the browser and cloudflare.
Do you have the orange cloud turned on for your bare domain and www?

I only have one CNAME now, for @ (which replaces with mydomain.com) and yes, proxied/orange cloud is on

You probably need to add a cname for www pointing to @ as well

done: now, with www. I get "This site can’t be reached" / "DNSPROBEFINISHED_NXDOMAIN"

what's your domain?

DMd

You may just need to wait a bit

both www and bare domain are coming up fine for me

really

hmm

I've just flushed my DNS and looks like it's working for me too

it's always DNS

Glad it's working! DNS is a pain for sure, especially when you add on proxies and SSL rules

🙏

@Brody if it's useful, LMK if you'd like me to write up the steps I (Dane) just took to make this work, for this page: https://docs.railway.app/guides/public-networking

catch me up, what was the final nail in the coffin to make this work?

I had to

1. create a custom domain in railway for my bare domain

2. create a CNAME for bare domain, pointing to the railway host

3. create a CNAME for www pointing to @

4. enable Universal SSL

5. create a bulk redirect pointing www. to bare domain

going to check out for now and hope nothing breaks - thanks again Dane

i would love a pr to add that to the docs

Yeah I can do that, where’s the repo?

scroll down

@Brody have submitted PR

awesome, I will look at that

merged, thanks again!