Mapping custom domains

You can set up a custom domain rather than the default address that Cloud Run provides for a deployed service.

There are a couple of ways to set up a custom domain for a Cloud Run service:

You can map multiple custom domains to the same Cloud Run service.

Before you begin

Purchase a new domain, unless you already have one that you want to use. You can use any domain name registrar.

If you want to register a domain with Cloud Domains, see Registering a domain with Cloud Domains within the Cloud Run console.

Map a custom domain using an global external HTTP(S) load balancer

With this option, you add a global external HTTP(S) load balancer in front of your Cloud Run service and configure a custom domain at the load balancer level.

One advantage of using a global external HTTP(S) load balancer is that it gives you a lot of control around your custom domain setup. For example, it allows you to use your own TLS certificate or route specific URL paths to the Cloud Run service. It also allows you to configure Cloud CDN for caching and Google Cloud Armor for additional security.

Follow Set up a global external HTTP(S) load balancer with Cloud Run to map a custom domain using a global external HTTP(S) load balancer.

Map a custom domain using Firebase Hosting

With this option, you configure Firebase Hosting in front of your Cloud Run service and connect a configure domain to Firebase Hosting.

Using Firebase Hosting has a low price and optionally allows you to host and serve static content alongside the dynamic content served by your Cloud Run service.

To map a custom domain using Firebase Hosting:

  1. Add Firebase to your Google Cloud project
  2. Install the Firebase CLI
  3. In a folder different from the source code of your service, create a firebase.json file with the following content:

      {
        "hosting": {
          "rewrites": [{
            "source": "**",
            "run": {
              "serviceId": "SERVICE_NAME",
              "region": "REGION"
            }
          }]
        }
      }
    

    Replace SERVICE_NAME and REGION with the name and region of your Cloud Run service.

  4. Deploy the Firebase Hosting configuration:

    firebase deploy --only hosting --project PROJECT_ID
  5. Connect a custom domain to Firebase Hosting

Read more about Firebase Hosting and Cloud Run.

Map a custom domain using Cloud Run domain mapping (Limited availability)

Cloud Run domain mapping limitations

It is not possible to use Cloud Run domain mappings in the following regions:

  • asia-east2
  • asia-northeast2
  • asia-northeast3
  • asia-southeast2
  • asia-south1
  • asia-south2
  • australia-southeast1
  • australia-southeast2
  • europe-central2
  • europe-southwest1
  • europe-west2
  • europe-west3
  • europe-west6
  • europe-west8
  • europe-west9
  • northamerica-northeast1
  • northamerica-northeast2
  • southamerica-east1
  • southamerica-west1
  • us-west2
  • us-west3
  • us-west4

In these regions, you should use the other options described on this page.

When you use Cloud Run domain mappings, you map a custom domain to your service, then update your DNS records. You can map a domain, such as example.com or a subdomain, such as subdomain.example.com. You can only map a domain to /, not to a specific URL path like /users.

The following considerations apply:

  • A managed certificate for HTTPS connections is automatically issued and renewed when you map a service to a custom domain.
  • Provisioning the SSL certificate usually takes about 15 minutes but can take up to 24 hours.
  • You cannot upload and use your own certificates.

Map a custom domain to a service

You can use the Google Cloud console or the gcloud CLI to map a custom domain to a service.

Console

  1. Open the domain mappings page in the Google Cloud console:
    Domain mappings page

    Note that if your display window is too small, the Mapping Custom Domains button isn't displayed and you must click the 3-dot vertical ellipse icon at the right corner of the page.

  2. In the Domain Mappings page, click Add Mapping.

  3. From the dropdown list in the Add Mapping form, select the service you are mapping the custom domain to:

    Add domain mappings

  4. Enter the domain name.

  5. Click Continue.

  6. You need to verify the ownership of a domain before being able to use it, unless you purchased your domain from Google. If you want to map subdomain.example.com or subdomain1.subdomain2.example.com, you should verify ownership of example.com. For more information on verifying domain ownership, refer to Webmaster Central help

  7. Update your DNS records at your domain registrar web site using the DNS records displayed in the last step. You can display the records at any time by clicking DNS Records in the "..." action menu for a domain mapping.

  8. Click Done.

Command line

  1. You must verify domain ownership the first time you use that domain in the Google Cloud project, unless you purchased your custom domain from Google. You can determine whether the custom domain you want to use has been verified by using the command

    gcloud domains list-user-verified

    If your ownership of the domain needs to be verified, open the Webmaster Central verification page:

    gcloud domains verify BASE-DOMAIN

    where BASE-DOMAIN is the base domain you want to verify. For example, if you want to map subdomain.example.com, you should verify the ownership of example.com.

    In Webmaster Central, complete domain ownership verification. For more information, refer to Webmaster Central help.

  2. Map your service to the custom domain:

    gcloud beta run domain-mappings create --service SERVICE --domain DOMAIN
    • Replace SERVICE with your service name.
    • Replace DOMAIN with your custom domain, for example, example.com or subdomain.example.com

Add your DNS records at your domain registrar

After you've mapped your service to a custom domain in Cloud Run, you need to update your DNS records at your domain registrar. As a convenience, Cloud Run generates and displays the DNS records you need to enter. You must add these records that point to the Cloud Run service at your domain registrar for the mapping to go into effect.

If you're using Cloud DNS as your DNS provider, see Adding a record.

  1. Retrieve the DNS record information for your domain mappings using:

    Console

    1. Go to the Cloud Run domain mappings page:
      Domain mappings page

    2. Click the 3-dot vertical ellipse icon to the right of your service, then click DNS RECORDS to display all the DNS records:

    select DNS records

    Command line

    gcloud beta run domain-mappings describe --domain [DOMAIN]

    Replace [DOMAIN] with your custom domain, for example, example.com or subdomain.example.com.

    You need all of the records returned under the heading resourceRecords.

  2. Log in to your account at your domain registrar and then open the DNS configuration page.

  3. Locate the host records section of your domain's configuration page and then add each of the resource records that you received when you mapped your domain to your Cloud Run service.

  4. When you add each of the above DNS records to the account at the DNS provider:

    • Select the type returned in the DNS record in the previous step: A, or AAAA, or CNAME.
    • Use the name www to map to www.example.com.
    • Use the name @ to map example.com.
  5. Save your changes in the DNS configuration page of your domain's account. In most cases, it takes only a few minutes for these changes to take effect, but in some cases it can take up to several hours, depending on the registrar and the Time-To-Live (TTL) of any previous DNS records for your domain. You can use a dig tool, such as this online dig version, to confirm the DNS records have been successfully updated.

  6. Test for success by browsing to your service at its new URL, for example https://www.example.com. Note that it can take several minutes for the managed SSL certificate to be issued.

Add verified domain owners to other users or service accounts

When a user verifies a domain, that domain is only verified to that user's account. This means that only that user can add more domain mappings that use that domain. So, to enable other users to add mappings that use that domain, you must add them as verified owners.

If you need to add verified owners of your domain to other users or service accounts, you can add permission through the Webmaster Central page:

  1. Navigate to this address in your web browser:

    https://www.google.com/webmasters/verification/home

  2. Under Properties, click the domain for which you want to add a user or service account.

  3. Scroll down to the Verified owners list, click Add an owner, and then enter a Google Account email address or service account ID.

    To view a list of your service accounts, open the Service Accounts page in the Cloud console:

    Go to Service Accounts page

Delete a Cloud Run domain mapping

You can use the Google Cloud console or the gcloud command line tool to delete a domain mapping.

Console

  1. Open the domain mappings page in the Google Cloud console:
    Domain mappings page

  2. In the Domain Mappings page, select domain mapping you want to delete and click Delete.

Command line

  1. Delete the domain mapping:

    gcloud beta run domain-mappings delete --domain DOMAIN
    • Replace DOMAIN with your custom domain, for example, example.com or subdomain.example.com

Register a domain with Cloud Domains within the Cloud Run console

To register a domain with Cloud Domains within the Cloud Run console, follow these steps:

  1. Go to Cloud Run
  2. Click Manage custom domains.
  3. Click Register domain.
  4. Complete the registration process following the instructions for Registering a domain.
  5. Map your domain to Cloud Run and add DNS records at your domain registrar.