Skip to content
Broch Documentation

Wildcard Domain & DNS

Broch generates tunnel URLs by placing a name in front of your domain: name.tunnels.company.com. This requires a wildcard DNS record pointing *.tunnels.company.com at your server.

You need to own a domain and be able to create DNS records on it.

Choosing a hostname

Section titled “Choosing a hostname”

Pick a subdomain of a domain you control. Common patterns:

tunnels.company.com       *.tunnels.company.com → your server
broch.company.com     *.broch.company.com → your server
dev-tunnels.company.com   *.dev-tunnels.company.com → your server

The value you choose becomes API__WILDCARDHOSTNAME in your server configuration. For example:

API__WILDCARDHOSTNAME=tunnels.company.com

This produces tunnel URLs like my-app.tunnels.company.com.

If you want an air-gapped license, decide on this value before purchasing — the wildcard hostname must be specified at license issuance time and cannot be changed. See Licensing.

DNS record

Section titled “DNS record”

Create a wildcard A record (or CNAME) in your DNS provider pointing *.tunnels.company.com to your server’s IP address or hostname.

Record typeNameValue
A*.tunnels.company.comYour server’s IP address
CNAME*.tunnels.company.comYour server’s DNS name (e.g., ALB hostname on AWS)

Use a CNAME when the server’s IP address can change (e.g., AWS ALB, Azure Container Apps FQDN). Use an A record when the IP is stable (e.g., a reserved IP on DigitalOcean or a static IP on a VM).

Per-platform DNS setup

Section titled “Per-platform DNS setup”

Docker Compose (any Linux host)

Create a wildcard A record pointing to your server’s public IP:

*.tunnels.company.com  →  203.0.113.42   (your server IP)

Verify with: nslookup test.tunnels.company.com — should resolve to your IP.

Azure Container Apps

After deployment, the Bicep template outputs the Container App FQDN. Create a wildcard CNAME:

*.tunnels.company.com  →  your-app.region.azurecontainerapps.io

AWS (ECS / ALB)

After CloudFormation deployment, the stack outputs the ALB DNS name. Create a wildcard CNAME:

*.tunnels.company.com  →  your-alb-1234.us-east-1.elb.amazonaws.com

DigitalOcean (Terraform)

After terraform apply, the output shows the reserved IP. Create a wildcard A record:

*.tunnels.company.com  →  203.0.113.42   (reserved IP from output)

Propagation

Section titled “Propagation”

DNS changes take time to propagate — typically minutes, but up to 48 hours depending on your provider and TTL settings. Use a low TTL (300 seconds) while setting up and testing, then raise it once confirmed working.