DNS & SSL
Point your domain at the server and get free HTTPS, all in under 10 minutes.
DNS records
At your DNS provider (Cloudflare, OVH, Namecheap, Route 53...) add two A records:
| Hostname | Type | Value | TTL |
|---|---|---|---|
fchat.example.com | A | YOUR.SERVER.IP | 300 |
*.fchat.example.com | A | YOUR.SERVER.IP | 300 |
acme.fchat.example.com. The wildcard makes all of them resolve to your server without you adding a record per tenant.Verify DNS
Wait 1-5 minutes for propagation, then:
dig +short fchat.example.com dig +short anything.fchat.example.com
Both should return your server IP. If they do not, the SSL step will hang.
HTTPS / SSL
Caddy ships inside the Docker stack and handles HTTPS automatically. The first time a browser visits your domain, Caddy:
- Asks Let's Encrypt for a free certificate.
- Solves the HTTP-01 challenge on port 80.
- Caches the certificate inside the Docker volume.
- Auto-renews 30 days before expiry, forever.
Point APP_URL at the real domain
After DNS is set, update .env:
APP_URL=https://fchat.example.com APP_CENTRAL_DOMAINS=fchat.example.com
Then clear the config cache:
docker compose exec app php artisan config:clear docker compose restart
Custom tenant domains
By default each tenant lives at their-slug.your-apex.com. Tenants can also use their own domain (e.g. chat.acme.com) from their admin panel.
For that to work the tenant adds a TXT record to verify ownership and a CNAME pointing at your apex. The platform polls DNS and provisions a Caddy certificate the moment it sees the verification token.
Cloudflare proxy
If your DNS records have the orange-cloud proxy enabled at Cloudflare:
- Set SSL/TLS mode to Full (strict).
- Keep Always Use HTTPS on.
- Disable Rocket Loader (it breaks the WebSocket client).
livekit.your-domain.com if you front the platform with Cloudflare.