Skip to main content
You can add custom domains to your Ryvn installations:
  • Server services are configured through the Ryvn dashboard
  • Helm chart services are configured in your chart’s ingress values
  • A custom root domain replaces ryvn.run with your own domain across the entire environment

Custom root domain

By default, Ryvn environments use ryvn.run subdomains for public services. You can replace this with your own domain so that all services in the environment are reachable under it — myapp.staging.acme.com instead of myapp.env-xyz.ryvn.run. A common pattern is to use a subdomain per environment, like staging.acme.com or production.acme.com. This keeps each environment’s services under a clear namespace while leaving the rest of acme.com under your existing DNS provider. This is an environment-wide setting. Once configured, every service shares the same base domain without per-service DNS setup. Ryvn handles wildcard TLS certificates and DNS record management for the domain. Helm charts using {{ .ryvn.env.state.public_domain.name }} resolve to your domain with no config changes.

How it works

Ryvn creates a DNS hosted zone for your domain and gives you a set of nameservers. You point your domain to those nameservers at your registrar, which lets Ryvn manage DNS records and issue TLS certificates for the domain.

Setup

1

Set the domain in your environment config

  1. Go to your environment’s Settings > Infrastructure
  2. Add public_root_domain to your environment config:
public_root_domain: staging.acme.com
  1. Save and provision the environment
2

Get the nameservers

After provisioning completes, the assigned nameservers appear in Settings > Infrastructure under the Domain Setup section. You’ll see a list of NS records to create.
3

Delegate your domain

At your domain registrar, create NS records that point your subdomain to the nameservers from the previous step:
  1. Log in to your DNS provider (e.g., Cloudflare, Namecheap, GoDaddy, Route 53)
  2. Add an NS record for your subdomain (e.g., staging) for each nameserver Ryvn provided
This delegates only the subdomain to Ryvn — the rest of your domain stays under your existing DNS provider.
4

Verify

After DNS propagation, your services will be reachable under the new domain. Check delegation with:
dig staging.acme.com NS
The response should list the nameservers from the dashboard.
You can also delegate a full domain (e.g., acme.com) by changing its nameservers entirely to the ones Ryvn provides. Be aware this transfers DNS control for the entire domain to Ryvn, so coordinate with the Ryvn team if you have existing records on the domain.
After setup, new services get subdomains under your domain, TLS certificates are provisioned for you, and {{ .ryvn.env.state.public_domain.name }} resolves to your domain in helm charts. You can still add per-service custom domains for services that need a different domain entirely.

Server services

Server service domains are managed through the Ryvn dashboard. Traffic is proxied through Ryvn’s infrastructure, which handles TLS certificates and routing.

Adding a custom domain

1

Enable public networking

  1. Open your installation in the Ryvn dashboard
  2. Go to Settings > Networking
  3. Switch to Public networking mode
  4. Wait about 10 seconds for your installation to connect to the external load balancer
2

Add custom domain

  1. Enter your domain name in the custom domain field
  2. Click Save
Unicode domains need to be converted to Punycode first (e.g., ëxample.com becomes xn--xample-ova.com). You can use tools like Punycoder for the conversion.
3

Configure DNS

  1. Copy the load balancer hostname or IP shown in the UI below the custom domain field
  2. In your domain provider’s DNS settings, create a record:
TypeNameValue
CNAME@ or subdomainLoad balancer hostname/IP from step 1
Some DNS providers call this ALIAS or ANAME instead of CNAME. They work the same way.
4

Connect and verify

  1. Back in Ryvn, click Connect
  2. Ryvn verifies domain ownership and creates a TLS certificate
  3. Once done, check that your domain is accessible over HTTPS

Helm chart services

Helm charts use ingress configuration for custom domains, rather than the dashboard.

Ryvn networking

Each environment has:
  • Two NGINX ingress controllers: external-nginx (public) and internal-nginx (VPC-internal)
  • cert-manager issuers: external-issuer (public domains) and internal-issuer (internal domains)
  • External DNS for managing ryvn.run and internal domain records

Adding a custom domain

1

Ensure ingress template

Your helm chart needs an ingress.yaml template in the templates/ directory.See the Kubernetes Ingress documentation for examples.
2

Configure ingress values

Update your ingress configuration in the Ryvn dashboard:
  1. Go to your installation’s Settings > Helm Values
  2. Add or update the ingress section:
ingress:
  enabled: true
  className: external-nginx  # Use external-nginx for public domains
  annotations:
    cert-manager.io/cluster-issuer: external-issuer
  hosts:
    - host: myapp.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: myapp-tls
      hosts:
        - myapp.example.com
  1. Click Save to deploy the changes
For internal-only services, use className: internal-nginx and cert-manager.io/cluster-issuer: internal-issuer
3

Configure DNS records

  1. Get the load balancer hostname from your installation’s Resources tab (find the ingress resource and copy its address)
  2. Create a DNS record with your domain provider:
TypeNameValue
CNAME@ or subdomainLoad balancer hostname from step 1
For apex domains (example.com), use ALIAS or ANAME record types if your DNS provider supports them, otherwise use A records with the load balancer IPs.
4

Verify

Once DNS propagates, your application will be reachable at your custom domain with HTTPS.

Using ryvn.run domains

You can use template variables instead of hardcoding the ryvn.run domain: 
ingress:
  enabled: true
  className: external-nginx
  annotations:
    cert-manager.io/cluster-issuer: external-issuer
  hosts:
    - host: myapp.{{ .ryvn.env.state.public_domain.name }}
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: myapp-tls
      hosts:
        - myapp.{{ .ryvn.env.state.public_domain.name }}
This resolves to your environment’s public domain. If you’ve configured a custom root domain, these templates pick it up with no changes needed.

Troubleshooting

Verify DNS propagation: 
nslookup myapp.example.com
dig myapp.example.com
Check if DNS records are correct: 
dig myapp.example.com CNAME
dig myapp.example.com A
Test from different locations: 
# Test with different DNS servers
nslookup myapp.example.com 8.8.8.8
nslookup myapp.example.com 1.1.1.1
Common fixes:
  • DNS propagation can take up to 48 hours
  • Double-check records are correct at your domain provider
  • Clear local DNS cache: sudo dscacheutil -flushcache (macOS) or ipconfig /flushdns (Windows)

Advanced configuration

Custom annotations

You can add nginx annotations for routing control: 
ingress:
  enabled: true
  className: external-nginx
  annotations:
    cert-manager.io/cluster-issuer: external-issuer
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"