Domains and HTTPS

Take a web app from an ugly address:port to a real domain with automatic SSL, using the Network page's Ports, Falix subdomains, and Reverse Proxy tabs.

http://198.51.100.20:25591 gets your site online, but you wouldn't put it on a business card — and it has no padlock. This guide is a tour of the server's Network page, which is where a web app graduates from a raw address to a real domain with automatic HTTPS.

At a glance
You need A web app that already loads at its address:port — if not, fix that first with Your first web app
Plan All plans
Time Ten minutes, plus DNS wait time for a custom domain

The tabs, at a glance

Option What you get SSL? URL looks like
Ports Your raw public address No address:25591
Falix subdomain A free, friendly DNS name No yourname.falixsrv.me:25591
Reverse Proxy A real domain, no port Yes, automatic yourname.falix.org

For an actual website you almost always want the Reverse Proxy — the other two are stepping stones. (There's also an Internal Network tab for private server-to-server connections between your own Falix servers — nothing to do with public visitors, but handy when one of your servers needs to talk to another without exposing it.)

Ports — instant, ugly, fine for testing

The Ports tab lists your server's allocation: the public address and port. Combined as http://address:port, it works the moment your app is listening, with zero setup. It's the right tool while you're still building — no DNS, no waiting. It's just not something you'd hand to visitors.

Falix subdomains — a friendlier name

The Falix subdomains section gives you a free DNS name that points at your server, so people type words instead of an IP. You pick a label (3–30 characters, lowercase letters, digits, and hyphens) and a suffix — falixsrv.me, falix.gg, falix.me, falix.dev, falix.app, or falix.pro — giving something like yourname.falixsrv.me.

⚠️ Heads up: A subdomain only points the name at your address, so for a web app the port still shows in the URL (yourname.falixsrv.me:25591), and it brings no SSL on its own. It's a nicer address, not full hosting.

Reverse Proxy — the real answer for websites

The Reverse Proxy tab is what makes a site look professional: a clean domain, no port in the URL, and HTTPS set up for you automatically. It's available on all plans. A proxy has two choices to make:

  • The domain. Either a Falix domain like yourname.falix.org (instant, nothing to configure), or your own custom domain, which adds a DNS verification step (below).
  • The backend port. This is the port on your server that the proxy forwards traffic to — it must be one of your server's own ports (in the 1024–65535 range), i.e. the port your app is actually listening on.

🎯 Good to know: A new proxy's SSL status moves from pending to active on its own — no certificate files to manage. A custom domain stays pending until its DNS verification completes.

You can run several proxies per server (around five), so pointing both www.yoursite.com and a bare yoursite.com, or a Falix domain and your custom one, at the same app is fine — each is just another proxy on the list.

💡 Tip: The raw address:port URL keeps working the whole time — if the proxied domain misbehaves, testing the port directly tells you whether the problem is your app or the proxy in front of it.

Using your own custom domain

Point a domain you own at your app by adding it as a custom domain on the Reverse Proxy tab and completing the DNS verification step it shows you — you add the record it gives you at your domain registrar to prove you control the name. Once DNS is verified, SSL is issued automatically and the status flips to active. (Exact records are shown in the panel at the time you add the domain; follow those.)

Managing a proxy

Each proxy on the list can be changed after you create it:

  • Repoint it — change the backend port it forwards to (still one of your server's own ports, 1024–65535), for when your app moves to a different port.
  • Disable / re-enable — switch a proxy off without deleting it, then flip it back on later.
  • Retry SSL — if a custom domain's certificate didn't issue, retry it once DNS is verified. Falix subdomains use a shared wildcard certificate, so there's nothing to retry there.
  • Delete — remove the proxy entirely; the domain stops resolving to your app, while your server and its raw address:port are untouched.

Verify it works

After creating a proxy, wait for the SSL status to read active, then open your domain in a browser over https://. You should see your site and a padlock, with no port in the address bar. That's the finished, shareable version — the one to actually give to people. Bookmark the plain address:port for yourself, though; it stays useful for quick checks whenever you're changing the app.

Troubleshooting

  • SSL stuck on "pending" — for a custom domain, DNS isn't verified yet; recheck the record you added at your registrar and give it time to propagate. A Falix domain should go active quickly; if it doesn't, the proxy can't reach your app (see below).
  • Domain loads but shows a proxy/502-style error — the proxy reached Falix but your app isn't answering on the backend port. Confirm the app is running and listening on that exact port, bound to 0.0.0.0; then work through I can't reach my app.
  • Subdomain or proxy name rejected — it broke the naming rules. Use 3–30 characters, lowercase letters, digits, and hyphens only, and pick a label that isn't already taken.

Next steps

Was this guide helpful?