# Custom Hostnames

{% hint style="warning" %}
**IMPORTANT: our Shared Windows Runtime (staging.wem.io and live.wem.io) is no longer the default runtime and new projects should NOT be running on this environment.** 

Check forum post <https://forum.wem.io/link?threadid=837> for information to get your **existing** Windows applications migrated to new Kubernetes Shared Runtime.&#x20;

For **new** projects: if your Workspace does not yet provide Kubernetes Hosting Zones, please make a request in WEM Support.
{% endhint %}

At some point you might want to use a hostname that is part of your own domain to be linked to your WEM-portal.

Something like \*\*<https://portal.yourdomain.ext**&#x20>;

For this to work, you need to understand a bit about [DNS and Hostnames](https://en.wikipedia.org/wiki/Hostname), and most importantly the CNAME DNS record.&#x20;

### CNAME DNS Records

To let people access your WEM Portal by using your hostname, the Internet's DNS system needs to know where to go when the hostname is entered in a browser - and that is done by linking the hostname via a CNAME record to the location of the WEM Runtime Zone where your portal is running.

The CNAME Target values are the hostnames by which the WEM Runtime Zones are known and can be reached for internet traffic; once the WEM Runtime Zone is reached, the WEM Runtime Services will recognize your actual hostname in the request and the corresponding portal will be presented to the user.

Below are the standard steps for portals running in the **West-Europe Kubernetes Zone**:

<figure><img src="/files/ZfEiC9FsPhx25myz913P" alt=""><figcaption><p>Hosting Zones in Modeler Portal Settings</p></figcaption></figure>

1. Create a **CNAME** record for the hostname in your domain's DNS management (or let your DNS management people do this for you).
2. Point the CNAME to **live.westeurope.wem.io** when your portal is using the WEM Shared West-Europe (kubernetes) hosting zone. *Check below for other runtime zone values.*
3. Add the hostname to your [**portal settings**](/platform/wemmodeler/project-settings/portal-settings.md#manage-hostnames) and publish from Modeler to Staging and Live (*publish is a linear chain*).
4. For an SSL Certificate, it is no longer necessary to make a WEM Support Request - the Kubernetes Runtime will automagically create a standard LetsEncrypt SSL Certificate when a new (custom) hostname is published and added to the Runtime. This may take up to 15 minutes so please allow the runtime to perform the necessary steps (request, validate, install) before checking your app for a valid SSL certificate. This service will fail when the CNAME is not correct or not yet available: the LetsEncrypt validation step will fail and the request will be blocked. If this is your case, you can create a Support ticket to let WEM Support check and manually fix your certificate requests, provided your custom DNS/CNAME record is correct and publicly available.

{% hint style="info" %}
You can have multiple hostnames added to your portal, but they all MUST target the same Zone as indicated in the Hosting Zone setting of the portal.&#x20;

So you can use and keep using the standard provided hostname that automatically uses the correct zone-related endpoint and add your own hostname as additional option to use when all settings (CNAME record and SSL certificate) are in place.
{% endhint %}

For CNAME records in your domain's DNS management, use:

<table data-header-hidden><thead><tr><th>Runtime Zone</th><th>CNAME Target</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Runtime Zone</strong></td><td><strong>CNAME target</strong></td><td>Your domain hostnames</td></tr><tr><td>WEM Shared West-Europe Live</td><td><strong>live.westeurope.wem.io</strong></td><td></td></tr><tr><td>WEM Shared West-Europe Staging</td><td><strong>staging.westeurope.wem.io</strong></td><td></td></tr><tr><td>WEM Shared US Live</td><td><strong>live.us.wem.io</strong></td><td></td></tr><tr><td>WEM Shared US Staging</td><td><strong>staging.us.wem.io</strong></td><td></td></tr><tr><td><del>EUR Live</del></td><td><em>no longer supported for new requests</em></td><td>portal.yourdomain.ext</td></tr><tr><td><del>EUR Staging</del></td><td><em>no longer supported for new requests</em></td><td>testing.yourdomain.ext</td></tr><tr><td><del>APAC Live</del></td><td><em>no longer supported for new requests</em></td><td></td></tr><tr><td>Kubernetes Private Cloud*</td><td><em><strong>check with DevOps or WEM Support</strong> for the correct hostname.</em></td><td></td></tr></tbody></table>

<figure><img src="/files/3y6fnq7O1vCP8VAQHHGh" alt="" width="375"><figcaption><p>CNAME and WEM Portal Hostname</p></figcaption></figure>

A DNS-change like this may take up to 24 hours to be distributed along all DNS servers around the internet. You can check your hostname using Google's DIG: <https://toolbox.googleapps.com/apps/dig/> - if it shows the correct value, you can assume the hostname is available to all (or at least most) users.

<div align="right"><figure><img src="/files/Qi3hsDiNP4NvCba9bRIl" alt="" width="166"><figcaption><p>CNAME check in DIG</p></figcaption></figure></div>

### **Use/Force HTTPS: LetsEncrypt default service**

To have **SSL** available (and forced) for your custom hostname, WEM offers the service for free [Let's Encrypt certificates](https://letsencrypt.org/). On WEM Kubernetes (Private) Clouds this is automatically handled - provided that the CNAME is correct.&#x20;

The CNAME is used by the LetsEncrypt Validation Step to check that the hostname is indeed linked to the environment from where the request is created. If the CNAME is not available or not pointing to the correct environment, the request will fail and will be blocked. In that case, you need to ask WEM Support to manually start the request again - AFTER you have made sure the CNAME is correct.

**This process can take up to 15 minutes**, so please wait at least this long before checking if your newly published hostname is SSL secured.

*For the current EUR and APAC Zones, we will no longer provide custom SSL certificates, but rather ask you to request a migration (*[*https://forum.wem.io/link?threadid=837*](https://forum.wem.io/link?threadid=837)*).*<br>

### WEM Kubernetes Private Clouds

Obviously we cannot provide the CNAME Target values for the WEM Kubernetes Private Clouds in this public documentation. For any specific WEM Kubernetes environment, the correct CNAME target value can be obtained via authorized DevOps or WEM Support.

{% hint style="info" %}
For portals running in a Kubernetes (Private) Cloud, some details may be different:

* The hostname may not be publicly available if the environment uses private DNS, in which case the check using Google DIG is not possible;
* The Publish DevOps Settings may be turned off in the Modeler Settings, in which case the hostname and https management must be done in the WEM DevOps Portal (and then there is no need to publish the changes for hostnames and https).
* The WEM DevOps Portal provides other options to manage SSL certificates, including starting a custom request to be handled by your Certificate Authority of choice.
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wem.io/platform/wemtipsandtricks/custom-hostnames.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.