Custom Domain
Every Files.com site gets a custom subdomain that looks like <your-subdomain>.files.com.
This ensures that your custom branding (including logo and colors) is visible for the entire Files.com experience, including logging in and accessing public pages like inboxes and share links.
You can take your site customization a step further --- removing all traces of Files.com branding --- by setting up a completely custom domain. Something like files.your-company.com.
Other reasons to set up a custom domain include:
- some corporate firewalls block "File Sharing" sites, which sometimes include Files.com. Using a custom domain will usually work around these restrictions.
- some customers report better access in China when using a custom domain for a similar reason.
- using a custom domain also provisions you dedicated IP addresses, which some customers require.
- using a custom domain is required in order to enable insecure ciphers for SFTP only.
Files.com makes the process of setting up a custom domain easy. You will need both administrator access to your Files.com site, as well as access to your account with the DNS provider for your domain (e.g. GoDaddy, NameCheap, Route 53, etc.)
Your files.com subdomain will continue to work after adding a custom domain.
You can use any subdomain of any domain that you control. We recommend not using ftp as the first part of your domain (such as ftp.<your-domain>), since this will cause some browsers to improperly access the Files.com web interface.
Instead, we suggest using something like files.<your-domain>.
Once you have chosen your custom domain, the next step is to set up a CNAME DNS record with your DNS provider. The CNAME value will depend on whether you want your custom domain to use an SSL certificate provided by Files.com(recommended), or use your own SSL certificate.
If you plan to use SSL provided by Files.com, your CNAME record must point at your subdomain address.
If you are using your own custom SSL certificate your CNAME will point to an address that contains your subdomain name in the form s-[subdomain].di.app.files.com
Web UI
- Type Custom domain in the search box at the top of the screen and click a matching entry labeled "EDIT SETTINGS".
- Scroll to the setting labeled Custom domain
- Click the (?) icon to see the help text.
The help text will include "your custom domain DNS must have a CNAME that points to" followed by your subdomain address.
API
Use the Site API to get site settings, specifically the subdomain property. The returned subdomain value is not fully qualified, and will need ".files.com" appended to the end to be a fully qualified domain name.
CLI APP
To retrieve the subdomain for your site, you can use the command-line application. The returned subdomain value is not fully qualified, and will need ".files.com" appended to the end to be a fully qualified domain name.
files-cli sites get --fields subdomain
Files.com can provide and manage the SSL Certificate for your site. We also allow you to obtain and manage your own SSL Certificate from any other provider.
- In the web interface, type Custom domain in the search bar at the top of each page, then click on the matching result.
- Scroll to the setting labeled Custom domain and click to edit.
- Click to expand the advanced settings.
In the Who will register SSL Certificates for this domain? section, select between the two choices:
- Use a Files.com-provided certificate. If selected, Files.com will automatically maintain, secure, and renew the SSL certificate for this domain. This is the default, and is strongly recommended.
- Use my own certificate. If selected, Files.com will disable its CAA records, allowing you to register your own SSL certificate through any provider.
Files.com provides SSL certificates for custom domains free-of-charge. Renewals are handled automatically, and no further action is required on your part to keep the certificate active once set up. We use a popular Certificate Authority called Let's Encrypt, to create certificates that are valid for 90 days, and our system automatically begins the renewal process two weeks before the expiration date.
To set up your custom domain to use an SSL certificate provided by Files.com, simply create your CNAME record pointing your custom domain to your Files.com subdomain (e.g. your-subdomain.files.com).
Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.
Certificate provisioning in Files.com is very fast. We are generally able to provision and activate a certificate in 10-15 minutes after the DNS change has propagated and the domain has been added to Files.com according to our instructions.
If you prefer to use your own SSL certificate rather than one provided by Files.com, you will first need to upload and activate your SSL certificate. Navigate to the SSL page by typing SSL Certificate in the search bar at the top of every screen, then click the matching result.
If you have already obtained your SSL certificate, click the Upload and use your own certificate button to upload it. You will need to provide the certificate's private key (and key password if the key is encrypted), the certificate itself, and the intermediate certificates from your certificate authority.
If you haven't yet obtained a certificate, you can use the Generate CSR link to generate a new secure keypair and certificate signing request (CSR) which you can provide to any accredited SSL Certificate authority when purchasing an SSL certificate.
Some SSL vendors request the web server type as part of the certificate generation process. Files.com requires a certificate in OpenSSL format, which can usually be obtained by choosing the option for Apache, Linux, or Other.
For security purposes, we strongly recommend generating a new certificate that is used only by Files.com and is scoped to the exact subdomain used by Files.com (such as files.your-domain.com).
After uploading your SSL certificate, click the Activate button to activate it. Once your SSL certificate is active, the CNAME record value to use will be displayed under DNS Configuration.
In the example screenshot above, the CNAME value for the files.example.com) custom domain is s-example.di.app.files.com.
Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.
If you set up your custom domain using your own SSL certificate, and later wish to switch to using a certificate provided by Files.com, you can easily do so by deactivating your SSL certificate. Navigate to the SSL page by typing SSL Certificate in the search bar at the top of every screen, then click the matching result. Use the button to Deactivate your SSL certificate. You must then update your CNAME record according to the instructions for using an SSL certificate provided by Files.com.
Once your CNAME record is configured, you can complete the setup of your custom domain.
Web UI
- In the web interface, type Custom domain in the search bar at the top of each page, then click on the matching result.
- Scroll to the setting labeled Custom domain and click to edit.
- Click the Edit button.
- Enter your custom domain in the provided blank.
- Click the Save button
If you are using your own SSL certificate, you'll find the option to associate that certificate with your custom domain under the Advanced link.
API
Use the Site API to update site settings, specifically the domain property. Enter the fully-qualified domain name, such as files.example.com.
CLI APP
To update the custom domain for your site, you can use the command-line application. Replace NEW_DOMAIN in the command below with your fully-qualified custom domain name, such as files.example.com.
files-cli sites update --domain NEW_DOMAIN
Custom domain and SSL certificate changes typically take effect within minutes, though in rare cases these may take up to 48 hours. You and your users can continue to access your site at your custom subdomain in the meantime without interruption.
Before switching back from using your custom SSL certificate, be aware that:
- Manual intervention from Files.com Support is required. You should plan on arranging to have our Support team on the phone with you during the switch. Support is available during US Pacific Time Zone working hours.
- There will be some outage time during the switch but working with our Support team will minimize it.
- A custom domain is required in order to enable insecure ciphers for SFTP only, which you will no longer be able to utilize.
To switch back, the steps are:
- Reduce the TTL of your CNAME record from the default TTL value down to 60 seconds. A lower TTL will minimize the outage time.
- Wait for the duration of the previous TTL, usually around 24 hours, before progressing to the next step.
- Contact Files.com Support and have them live on the phone for the next steps.
- Change the CNAME record of your domain from s-[subdomain].di.app.files.com to [subdomain].files.com. (Files.com uses different CNAME records for Files-provided certificates versus customer provided certificates.)
- Files.com Support will validate the CNAME change and issue a new certificate.
- Once the new certificate is in place, you can restore the TTL of your CNAME record to its previous value.
Your SSL certificate will be used for any connections to your site that involve TLS encryption, which includes the web interface, the REST API, FTP, and WebDAV.
SFTP will not use the certificate, since that protocol uses SSH encryption instead of TLS.
Once you set up and activate your own SSL certificate, only connections initiated to your site via your custom domain will use that certificate.
Connections via your files.com subdomain will still use our Files.com certificate, since your certificate would not be valid for our domain.
As part of the custom domain setup process, Files.com automatically provisions two dedicated IP addresses that are exclusive to your site and act as static IP addresses. This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses in order to access your site via the custom domain, rather than having to whitelist our entire published list of IP addresses.
You can view your dedicated IP addresses on the Firewall page. To navigate there, type Firewall in the search bar at the top of every screen, and then click the matching result.
It is our goal to have your Dedicated IPs remain the same, and we work hard to avoid having IP Addresses change out from under you. In practice, dedicated IPs for our customers have remained the same for the past several years.
If we ever have to make changes to your IP addresses, we will endeavor to provide advance notice.
For extra capabilities, we have implemented an automated mechanic for you to be able to get real time notifications when a change occurs. You can achieve this by polling the /ip_addresses API endpoint shown in our API documentation. This endpoint returns a response including both our published list of IP addresses, and your site's two dedicated IP addresses.
If you follow the steps listed in Removing Your Custom Domain, your dedicated IP addresses will be released after 5 days. If you are following the steps for Changing an Existing Custom Domain you'll need to update your DNS entries within that same 5-day period to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.
The geographic region of your Custom Domain, and its associated Dedicated IPs, are determined by the region specified as the Geographic region on Files.com servers of the top-level folder of your Files.com site.
When using a custom domain, if you change the primary region where files are hosted on your Files.com site, the region of your Custom Domain will also change and we will issue you new IP addresses in the new region and release your old IP addresses.
Implementing a Custom Domain, along with the associated Dedicated IPs, can have performance implications on the transmission speed of international file transfers.
Files.com provides global acceleration features to minimize the network distance between users and regional storage. These features are circumvented when a Custom Domain is implemented in a different region than your storage region, meaning that file transfer durations will take longer than usual.
To maintain performance, we strongly recommend that your Custom Domain is implemented in the same region as your storage.
For global customers, note that all global users will be routed through the region of your Custom Domain and its Dedicated IPs. For example, if your Custom Domain is in Europe then all file transfers will be routed through Europe on their way to their final destination. This also applies to transfers to your Regional Storage. For example, if your Custom Domain is in Europe, and you have a folder that is stored in Singapore, then all file transfers to the Singapore folder will travel through Europe, even if they originate from Singapore itself.
You can set up multiple custom domains with a single Files.com site by providing your own SAN (or "multi-domain") SSL certificate that covers all of the domains you want to use.
You will upload and activate your SAN certificate on the SSL Page. To access the SSL Page, type SSL Certificate in the search bar at the top of each page, then click the matching result. The DNS CNAME value to use for your custom domains will be shown in the table under DNS Configuration in the VALUE / ANSWER / DESTINATION column.
While this will allow you to access your Files.com site via any of the domains covered by your SAN certificate, Inboxes, Share Links, and links sent in welcome/signup and password recovery emails for your site will only use the custom domain configured in the Custom domain setup.
NOTE: Multi-Domain SSL is not the same as Wildcard SSL
While you can create multiple custom domains for your site using an SAN certificate, Wildcard SSL certificates are not supported by Files.com. Only domains which are explicitly listed in your certificate can be used as a custom domain for your Files.com site.
HTTP Strict Transport Security (HSTS) is a policy mechanism that allows web servers to declare that web browsers should automatically interact with it using only HTTPS connections. Use of HSTS is a recommended best practice.
We enable HSTS on our *.files.com subdomains by default, and we optionally allow our customers to enable HSTS on custom domains as well.
Type Custom domain in the search bar at the top of each page, then click on the matching result. Click to edit the Custom domain setting, and then Expand advanced settings. The HTTP Strict Transport Security (HSTS) allows you to enable HSTS on your custom domain.
A "CAA" Record is a security feature of the DNS system that allows domain name owners to restrict which issuers are allowed to issue SSL Certificates for a given domain.
If your Custom Domain has a CAA record set in your DNS, you will need to either update your CAA record to allow our Certificate Authority to issue certificates or provide your own certificate.
We issue certificates through a popular Certificate Authority called Let's Encrypt.
If you have a CAA DNS record for your custom domain, you'll need to create another CAA record with the value letsencrypt.org, enabling us to issue the certificate.
If you need any help with this process, just let us know the service you're using to manage your DNS records (e.g. GoDaddy, Namecheap, etc.), and we'd be happy to assist.
It is possible to change an existing custom domain to a different one with minimal downtime, however there will always be a small period (about 5 to 15 minutes) of downtime.
This downtime is due to 2 things: (1) registering your SSL certificate (if we are registering it) and (2) a time delay where some of our edge servers will serve your old domain's certificate and others will serve your new domain's certificate.
We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.
To minimize downtime, perform the steps in the following order:
- If your new domain is already pointed to a location via DNS, update the Time To Live (TTL) values on the existing DNS to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.
- If you will be providing your own SSL certificate, upload your new certificate prior to changing the custom domain. (If you will be using a certificate provided by Files.com, you may skip this step. We will generate the new certificate automatically when you change the custom domain.) This step may also be performed in advance of the move.
- When ready to switch, create DNS records for the new domain at your DNS provider. They will be the same as your existing custom domain DNS records. Then quickly change the domain setting in Files.com.
- Wait for the changes to take effect.
- The following day, you may update the Time To Live (TTL) values on your domain's DNS records to a higher value, such as 86400, or whatever you find appropriate.
If you are using dedicated IP addresses, you'll need to update your DNS entries within 5 days to keep the same dedicated IP addresses. If the DNS entries for your new custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.
If you have a Custom Domain installed be aware that it is tied to your site's subdomain (i.e. the [subdomain].files.com address that every customer gets) via the DNS records used to link your custom domain.
If you want to change your custom subdomain, you should expect downtime due to the DNS propagation needed to effect the change, and you will also need to make changes to your Custom Domain's DNS records contemporaneously with the change.
This downtime is caused by 3 things: (1) re-registering your SSL certificate (if we are registering it), (2) a time delay where some of our edge servers will serve your old subdomain's certificate and others will serve your new subdomain's certificate, and (3) the need to create DNS records in the Files.com DNS for your new subdomain.
We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.
To minimize downtime, perform the steps in the following order:
- Update the Time To Live (TTL) values on the existing DNS records for your custom domain to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.
- When ready to switch, update your subdomain setting in Files.com. Then update the DNS records for your custom domain to use your new subdomain in the files.com CNAME part of the record.
- Wait for the changes to take effect.
- The following day, you may update the Time To Live (TTL) values on your domain's DNS records to a higher value, such as 86400, or whatever you find appropriate.
If you are planning on changing both your custom subdomain and domain, we recommend doing these events on separate days to reduce the risks and make rollback easier.
If you are using dedicated IP addresses, you'll need to update your DNS entries within 5 days to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.
Changing A Custom Domain Affects Users with Yubikey / U2F / FIDO Authentication
These types of two-factor authentication are tied specifically to the login domain of your site. If you change your site's custom domain settings, every user with this type of 2FA enabled will need to remove their existing 2FA settings and re-configure them. This is baked into the U2F / FIDO standards requirement for devices to generate site-specific public/private key pairs, which Files.com follows.
If changing your site settings would impact users, you'll see a message similar to this one when you attempt to change the domain:
Your site has X users using a Yubikey or Webauthn-based two-factor authentication (2FA) method. These methods are tied to the existing domain. As part of a domain change, these 2FA methods will be removed and users will be required to re-register these methods.
When using your own SSL Certificate, the renewal of the certificate is managed by you yourself. You should plan to renew any expiring SSL Certificate prior to its expiration date and time. This applies to all certificate types, including Single Domain, Wildcard, or Multi Domain (SAN/UCC/MDC) certificates. Please contact your SSL Certificate Provider if you have any questions about the process.
Files.com can assist in creating the Certificate Signing Request (CSR) for the renewal.
For a certificate request to an existing certificate, navigate to the SSL page - type SSL Certificate in the search at the top of every page, then click the matching results. In the table of certificates, select the Renew button for the required certificate, complete the form, and select the Generate CSR button.
Once your SSL Certificate Provider has provided you with your renewed SSL Certificate, navigate to the SSL page again, and select the Import button that corresponds to the Certificate Signing Request (CSR) that you created above, complete the form by pasting in your new Certificate and its Intermediate Certificates, then select the Save button.
Applying and activating a renewed SSL Certificate will not change your custom domain or its dedicated IP addresses.
Some customers have discovered that it is possible to configure a CNAME record from a domain they control to their .files.com subdomain without configuring it in Files.com as a custom domain. We strongly recommend against this practice because this will not result in a valid SSL certificate for the custom domain, and it will not provision any dedicated IP addresses.
Regardless, some customers do it anyway because SFTP doesn't use SSL certificates at all. Please be aware that this method of pointing a domain is unsupported.
Some DNS providers, such as Cloudflare, automatically "flatten" CNAMEs to return an IP address rather than a hostname when the CNAME is resolved. You can use a flattened CNAME , but you must disable proxying for your CNAME within your DNS provider in order for Files.com to recognize the custom domain.
To remove your custom domain, remove the current configuration (replace the current custom domain name with a blank) and save the blank configuration.
Web UI
- In the web interface, type Custom domain in the search bar at the top of each page, then click on the matching result.
- Scroll to the setting labeled Custom domain and click to edit.
- Remove all text in the text input field.
- Click Save.
API
Use the Update Site Settings API to configure the domain parameter to a blank value.
CLI APP
The Files.com CLI App can be used to remove your custom domain using this command:
files-cli sites update --domain ""
A note on disabling Custom Domains
If you have enabled a custom domain and you are using a single-sign on provider, you must first disable your SSO integration before you can remove the custom domain. This means you must edit every username associated with an SSO provider to change the authentication method first.
Removing your custom domain has the following effects:
- Your custom domain can no longer be used to connect to your Files.com site by any method. (Note that if you are connected to Files.com using your custom domain then, when the custom domain is removed, your connection will no longer be valid and you will need to re-connect to Files.com using the default site address.)
- Any dedicated IP addresses will be released after 5 days and will no longer function. If you add new custom domain settings and the proper DNS configuration to support your custom domain within those 5 days, your dedicated IP addresses will not change.
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial