From a794fcc8b50ddcba8fea4e000fb5f2d33084e7f9 Mon Sep 17 00:00:00 2001
From: James <barnes.james@gmail.com>
Date: Sun, 4 Jan 2026 13:14:29 -0500
Subject: [PATCH] fix(namecheap): use full app domain for CNAME instead of
 underscore wildcard

Namecheap's DNS servers don't serve CNAME records pointing to underscore-prefixed
domains (e.g., _.dstack-pha-prod9.phala.network). The record appears in the
Namecheap API but isn't visible in public DNS queries.

This fix detects when DNS_PROVIDER=namecheap and GATEWAY_DOMAIN starts with an
underscore, then substitutes the full app-specific domain instead:
  Before: _.dstack-pha-prod9.phala.network
  After:  {app_id}-{port}.dstack-pha-prod9.phala.network

Both resolve to the same IP, and the TXT records handle app routing, so
functionality is preserved.

Tested with hermes.teleport.computer - custom domain now resolves correctly.
---
 .../dstack-ingress/scripts/entrypoint.sh      | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/custom-domain/dstack-ingress/scripts/entrypoint.sh b/custom-domain/dstack-ingress/scripts/entrypoint.sh
index cc608c7..83a13f5 100644
--- a/custom-domain/dstack-ingress/scripts/entrypoint.sh
+++ b/custom-domain/dstack-ingress/scripts/entrypoint.sh
@@ -179,10 +179,27 @@ EOF
 
 set_alias_record() {
     local domain="$1"
+    local cname_target="$GATEWAY_DOMAIN"
+
+    # Namecheap DNS servers don't serve CNAME records pointing to underscore-prefixed domains.
+    # The record appears in the Namecheap API but isn't visible in public DNS.
+    # Workaround: use the full app-specific domain instead (resolves to the same IP).
+    if [[ "$DNS_PROVIDER" == "namecheap" && "$cname_target" == _* ]]; then
+        local app_id
+        if [[ -S /var/run/dstack.sock ]]; then
+            app_id=$(curl -s --unix-socket /var/run/dstack.sock http://localhost/Info | jq -j .app_id)
+        else
+            app_id=$(curl -s --unix-socket /var/run/tappd.sock http://localhost/prpc/Tappd.Info | jq -j .app_id)
+        fi
+        # Replace _.domain with appid-port.domain
+        cname_target="${app_id}-${PORT}.${cname_target#_.}"
+        echo "Namecheap workaround: using $cname_target instead of $GATEWAY_DOMAIN"
+    fi
+
     echo "Setting alias record for $domain"
     dnsman.py set_alias \
         --domain "$domain" \
-        --content "$GATEWAY_DOMAIN"
+        --content "$cname_target"
 
     if [ $? -ne 0 ]; then
         echo "Error: Failed to set alias record for $domain"