Before you Start

At Tithe.ly we only allow secure connections to our application. This means an SSL Certificate is required for a custom domain name to work.
There are two ways to set up SSL with Tithe.ly ChMS on your custom domain:

  • Use a flexible SSL (using a third party DNS provider like CloudFlare or AWS CloudFront)
  • Use your own SSL certificate (using a TLS Termination Proxy)

Please ensure you have the ability to add an SSL Certificate to your domain prior to proceeding.

You will also need an API Key from Google for the following features

  • Google Maps and Geocoding
  • Google Recaptcha V2

Using a Cloud Proxy Service (Cloudflare, Cloudfront or similar)

Setting up your CNAME record for your DNS Host

Depending on the DNS host you use, you may be able to add this record yourself, or you may need your host to add it for you. If you are not sure, get in touch with your hosting provider. Keep in mind that it is possible that your web host and your DNS host are different providers.

  • Go to your DNS provider’s website (e.g. Cloudflare or Namecheap). If you’re choosing one for the first time, go with one that supports SSL.
  • Create a CNAME (‘canonical name’) record for your custom domain.
  • Point it at Tithe.ly ChMS’ host domain for your region. 

The relevant host region for your domain would be as follows:

  • AU: cname.elvanto.com.au
  • US: cname.elvanto.net
  • EU: cname.elvanto.eu

It should mirror your account's existing URL that you've previously been using.

How to create a custom CNAME record with Cloudflare

These steps will vary, so check with your own DNS provider for support.

As an example, here’s how to set up a CNAME record with Cloudflare:

 

  1. Set up Cloudflare as the resolver for your custom CNAME by changing your domain nameserver to Cloudflare.
  2. Go to the ‘DNS’ section in Cloudflare and add a CNAME record for your custom domain. 
  3. Point it at the Tithe.ly ChMS’ host domain for your region, outlined above.

Configuring SSL Certificates

TSL, more commonly called SSL, is the most widely used way to secure the connection between your server and your browser. It ensures the connection between the server and browser is encrypted and safe, and appears as HTTPS.

Here’s what an SSL-configured website (with HTTPS) typically looks like on the Chrome browser:

This is what it looks like if you’ve visited a website not secured by SSL (without HTTPS):

You should configure SSL for your custom domain to keep sensitive information encrypted. If you want to do this, make sure you’ve set up your CNAME with a DNS provider that supports SSL, like Cloudflare.

Important

DNS changes can sometimes take up to 72 hours to take effect, but are typically much faster.

How to configure SSL With Cloudflare

Simply go to the ‘Crypto’ section and change SSL to ‘Flexible’ or ‘Full’.

Don’t choose ‘Full (Strict)’ as this will result in an invalid SSL certificate. To force HTTPS to be used by default, you can scroll down the page and select “Always use HTTPS”. You can also configure HTTP Strict Transport Security (HSTS) which helps with this as well. These are our recommended settings for this:

  • Max-Age: 12 Months
  • Include subdomains: Off
  • Preload: Off

Once done, view the instructions on setting up the domain name in your account at the bottom of this page. 

How to configure SSL with AWS

Go to the ‘CloudFront’ page within your account and click on ‘Create Distribution’.

Click on the ‘Get Started’ button under the ‘Web’ heading.

On the ‘Create Distribution’ page:

  • Enter your at the Tithe.ly ChMS’ host domain for your region in the ‘Origin Domain Name’ field
  • Change ‘Origin Protocol Policy’ to ‘HTTPS Only’
  • Change ‘Viewer Protocol Policy’ to ‘Redirect HTTP to HTTPS’
  • Change ‘Allowed HTTP Methods’ to ‘GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE’
  • Change ‘Cache Based on Selected Request Headers’ to ‘All’
  • Change ‘Forward Cookies’ to ‘All’
  • Change ‘Query String Forwarding and Caching’ to ‘Forward all, cache based on all’
  • Add your custom domain to the ‘Alternate Domain Names (CNAMEs)’ text box
  • Choose your SSL Certificate you created for your custom domain under ‘SSL Certificate’
  • Click ‘Create Distribution’

You CloudFront distribution will take some time to deploy. Once deployed go to ‘Route 53’ in your AWS account. Go to the ‘Hosted Zones’ area and click on the domain name that matches your custom domain. 

Click the ‘Create Record Set’ button and then enter your custom domain into the ‘Name’ field. Keep the ‘Type’ set as an A record and then set ‘Alias’ to ‘Yes’. In the ‘Alias Target’, find your CloudFront distribution, click on it and then click ‘Create’.

Once done, view the instructions on setting up the domain name in your account at the bottom of this page. 

Using your own SSL certificate via TLS Termination with Apache or Nginx

If you're unable to use Cloudflare or AWS CloudFront, or if you wish to host your own security certificates, you can do so through a TLS termination proxy. You’ll need to edit the configuration file on your proxy webserver.

If you are going to use this method, instead of adding the CNAME records mentioned above, you'll need to add DNS Records that point directly to the server you'll be hosting this on.

The following instructions will reference cname.elvanto.net as the proxy destination. Please ensure you use the correct hostname for your region. 

  • AU: cname.elvanto.com.au
  • US: cname.elvanto.net
  • EU: cname.elvanto.eu

This does not go into your DNS recrods though, but rather into your webserver's setup, discussed below.

Apache Config

The following example assumes you've already setup a server with Apache running. The following Apache config can be used to proxy your requests to our servers.

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName chms.custom-domain.com # specify your custom domain here

        SSLEngine on
        SSLProxyVerify none
        SSLProxyEngine on

        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        SSLCertificateFile /path/to/your/fullchain.pem
        SSLCertificateKeyFile /path/to/your/privatekey.pem

        ProxyPreserveHost On
        ProxyPass / https://cname.elvanto.net/ # Or cname.elvanto.com.au or cname.elvanto.eu
        ProxyPassReverse / https://cname.elvanto.net/ # Or cname.elvanto.com.au or cname.elvanto.eu
</VirtualHost>
</IfModule>

Once done, view the instructions on setting up the domain name in your account at the bottom of this page. 

NGINX Config

The following assumes you've already setup an NXINX Webserver and the relevant DNS entries.

Once done, the following config can be used to proxy requests back to our servers.

resolver 8.8.8.8; # use own DNS server if you have one
server {
  listen 443 ssl;
  server_name chms.custom-domain.com; # replace this with your domain

  ssl_certificate /path/to/your/fullchain.pem;
  ssl_certificate_key /path/to/your/privatekey.pem;

  location / {
    # using "set" is important as IP addresses of Tithely ChMS servers
    # changes dynamically. "set" enables nginx to follow dynamic IPs
    set $tithelyChms "https://cname.elvanto.net:443";  # Or cname.elvanto.com.au or cname.elvanto.eu
    proxy_set_header Host $host;
    proxy_pass $tithelyChms;
  }
}

There are many ways to set up your own SSL certificate - for example we recommend looking into services such as Let’s Encrypt as these are easy to install and free. However, we can’t guarantee that we can support every type of proxy setup. If you have specific needs, we can't support you in configuring it.

While most modern browsers support SNI, a few older ones don’t. If you’re supporting those browsers, you should use your own SSL certificate instead. Check with your DNS provider to see if this option is available.

Once done, view the instructions on setting up the domain name in your account at the bottom of this page. 

Step 2. Enter your Custom Domain in Tithe.ly ChMS

Once your CNAME record has propagated, you can then setup your custom domain name. You’ll know it has propagated when you visit the domain name and you receive a ‘Custom Domain Ready’ message on the screen.

 

 

You can then go to Settings -> Layouts within your account. Edit the Layout you wish to add the custom domain to.

Under the ‘Custom Domain’ heading, enter in the URL you want to use (e.g. chms.example.com).

Did this answer your question?