Skip to main content
Tensor9 can automatically generate publicly-accessible custom DNS hostnames and hosted zones for deployed appliances. Vendors can enable this feature by defining a vanity domain during creation of a Tensor9 app that serves as the root domain for appliance subdomains. This delegation also enables the automatic generation of SSL certificates inside applianes automatically and touch-free.

Vendor-provided vanity domain

Tensor9 will automatically assign and delegate a vanity domain to your customer’s appliances once you perform the following steps:
1

Specify a vanity domain during app creation

During creation of your Tensor9 app, provide a vanity domain that will serve as the root for appliances:
tensor9 app create \
  -name ai-chat \
  -displayName "AI Chat (Playground)"  \
  -vanityDomain ai-chat.playground.tensor9.app
Specifying a vanity domain during app creation will cause the Tensor9 Vendor Controller to create a hosted zone for the specified domain in your Tensor9 account.Example output:
App `ai-chat` [id: xxxx] created successfully.
The vanity domain for your new app is: `ai-chat.playground.tensor9.app`.
To finish setting up your vanity domain, please add the following DNS records to your domain's DNS zone:
    NS ai-chat.playground.tensor9.app ns-1.awsdns-1.org
    NS ai-chat.playground.tensor9.app ns-2.awsdns-2.com
    NS ai-chat.playground.tensor9.app ns-3.awsdns-3.co.uk
    NS ai-chat.playground.tensor9.app ns-4.awsdns-4.net
2

One-time manual delegation

You must do a one-time manual delegation to this newly created hosted zone in order for Tensor9 to be able to delegate subdomains from it. In the example above, we can delegate the ai-chat.playground.tensor9.app root domain by adding a new NS record with the nameservers shown in the output in the DNS management for our tensor9.app domain.
3

Annotate a hosted zone resource

Your origin stack must define a hosted zone resource. The hosted zone name does not have to match your vanity domain; Tensor9 will replace the hosted zone name with the assigned vanity domain for the appliance during compilation.
resource "aws_route53_zone" "app_zone" {
  name = "example.com"
}

resource "aws_route53_record" "ai_chat_app" {
  name    = "www.example.com"
  ttl     = 300
  type    = "CNAME"
  zone_id = aws_route53_zone.app_zone.zone_id

  records = [aws_lb.lb.dns_name]
}
During appliance deployment, Tensor9 will automatically delegate a subdomain of the configured root vanity domain into your customer’s appliance. This delegation happens when a hosted zone resource is created in the appliance account. Any records you add to your hosted zone in your origin stack will automatically be created in the customer’s appliance vanity domain. During compilation of your origin stack the Tensor9 compiler automatically detects the domain specified in a hosted zone resource in your origin stack and changes the domain to be the assigned vanity domain to your customer’s appliance. Following our example root vanity domain of ai-chat.playground.tensor9.app, assuming a main entrypoint to the app via a record called www, vanity domains assigned to customer appliances might look something like this: 
www.<applianceID>.ai-chat.playground.tensor9.app

Best Practices

Please note the following best practices when defining a root vanity domain for your customers:

Purchase a separate root domain

If your app is present at saas.com pick an alternative like saas-customers.com or saas.app. This ensures that the cookie space for your hosted offering is entirely separate from your customer’s installs. Your customers will have control over the appliance vanity domain hosted zone since they are created inside their environment.

Keep the root domain as brief as possible

The maximum length of the Common Name in a certificate is 64 characters. Vanity domains assigned to customers will include the appliance ID as well as any endpoints you have defined in your origin stack. The total length of the subdomain for which a certificate is requested cannot exceed the limit.

SSL

Since Tensor9 automatically delegates a vanity subdomain into the customer’s account, it is possible to generate certificates automatically and touch-free. If your origin stack defines SSL certificates, like AWS ACM certificates, make sure that the domain of the certificate refers to a record inside of your stack’s hosted zone and enable DNS validation. If you also provide a root vanity domain during app creation (as described above) then Tensor9’s automatic delegation of an assigned vanity subdomain into the customer’s account will allow the resource to be created at stack deploy time.