add Ploro, App hosting#1344
Open
benarmstead wants to merge 4 commits into
Open
Conversation
New template ploro.dev.hosting.json: one-click custom-subdomain connection for the Ploro app-hosting platform (routing CNAME + Cloudflare-for-SaaS ownership and ACME DCV TXT records). hostRequired; warnPhishing (unsigned synchronous apply). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
✅ JSON Filename Check Passed |
|
✅ JSON Schema Validation Passed |
Linter OK
|
| Level | Code | Note |
|---|---|---|
| info | DCTL1021 | missing from iana definitions |
pawel-kow
requested changes
Jul 8, 2026
| "logoUrl": "https://ploro.dev/favicon.ico", | ||
| "description": "Connects a domain to an app built on Ploro: routes traffic to the app and pre-validates its HTTPS certificate.", | ||
| "variableDescription": "target: the Cloudflare-for-SaaS routing hostname the CNAME points to. owntxt: the custom-hostname ownership token. dcv1/dcv2: the ACME (DCV) certificate-validation tokens. All four values are issued per hostname by Ploro and passed on the apply URL.", | ||
| "warnPhishing": true, |
Member
There was a problem hiding this comment.
Re-consider using syncPubKeyDomain.
Yes, the template has still a lot of variables and some providers require it by policy and the templates need to be updated.
Author
There was a problem hiding this comment.
Thanks for updating me
Done, swapped warnPhishing for syncPubKeyDomain: ploro.dev. Apply URLs are now signed per the spec: RS256 over the full query string (excluding sig/key), with key=_dck1 pointing at the public key TXT records at _dck1.ploro.dev (multi-record p=/a=/t=/d= format). I've also regenerated the Online Editor test link in the description against the updated template.
… of warnPhishing)
PR Description Check PassedAll required sections are filled in correctly. Details |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
New template
ploro.dev.hosting.jsonfor Ploro (ploro.dev), a multi-tenantapp-hosting platform. It connects an operator's external subdomain to their Ploro
app in one click: a routing CNAME to the Cloudflare-for-SaaS custom-hostname
target, plus the custom-hostname ownership TXT (
_cf-custom-hostname) and the ACMEDCV TXTs (
_acme-challenge) that pre-validate the HTTPS certificate. All fourvalues are issued per hostname and passed as template variables on the apply URL.
hostRequiredistruebecause the routing record is a CNAME, which cannot live ata zone apex — the flow is offered for subdomains only.
Synchronous apply requests are signed: the template sets
syncPubKeyDomain: ploro.dev, every apply URL carriessig(RS256 over the fullquery string excluding
sig/key) andkey=_dck1, and the public key ispublished as TXT records at
_dck1.ploro.devin the spec's multi-record format.Type of change
How Has This Been Tested?
Please mark the following checks done
<providerId>.<serviceId>.jsonlogoUrlis actually served by a webserverChecklist of common problems
syncPubKeyDomainis set — set toploro.dev. Apply URLs are signed (RS256)and the verification key is served from
_dck1.ploro.devTXT records.warnPhishingis not set alongsidesyncPubKeyDomain—warnPhishingis not set.syncRedirectDomainis set whenever the template usesredirect_uri— set toploro.dev.txtConflictMatchingModeis set on TXT records that must be unique — set toAllon all three TXT records.%owntxt%,%dcv1%and%dcv2%are opaque tokens whose exact value is dictated verbatim by Cloudflare-for-SaaS ownership verification and by the ACME (DCV) challenge respectively; no fixed prefix is permitted by those protocols.hostlabel — all TXT hosts are fixed (_cf-custom-hostname,_acme-challenge); the CNAME host is@.hostfield to create a subdomain — the subdomain is carried via thehostapply parameter (hostRequired: true).%host%does not appear explicitly in anyhostattribute.essentialis set on records the user may need to modify — N/A; every record is required for the connection to function, none is safe to remove.Online Editor test results
Editor test link(s):
Test ploro.dev/hosting example.com/shop