Adjust on-demand demo

2025-04-24 22:16:15 -04:00 · 2023-11-22 06:31:18 -05:00 · 2023-11-22 06:31:18 -05:00 · 1a5466c9c8
commit 1a5466c9c8
parent 4610d84904
2 changed files with 18 additions and 9 deletions
--- a/new/index.html
+++ b/new/index.html
@ -227,6 +227,15 @@
 						<p>
 							Point any subdomain named <b><code>caddydemo</code></b> to:
 						</p>
+						<!-- <p class="demo-ips">
+							<code>
+								<span class="record-type">CNAME</span>
+								<span class="demo-ip">caddyserver.com</span>
+							</code>
+						</p>
+						<p>
+							Or:
+						</p> -->
 						<p class="demo-ips">
 							<code>
 								<span class="record-type">A</span>
--- a/new/on-demand-tls.html
+++ b/new/on-demand-tls.html
@ -32,7 +32,7 @@
 						What happened?
 					</h2>
 					<p>
-						Caddy automatically obtained a certificate for your domain, <code>{{.Req.Host}}</code>,  without any change to the server's configuration. We call this technology On-Demand TLS, and it's an exclusive feature of Caddy.
+						Caddy automatically obtained a certificate for your domain, <code>{{.Req.Host}}</code>, without any change to the server's configuration. We call this technology On-Demand TLS, and it's an exclusive feature of Caddy.
 					</p>
 					<p>
 						With On-Demand TLS, no config changes are required to serve more domains over HTTPS. This is perfect for servers hosting content or APIs for customer-owned domains because your HTTPS deployment scales as tall and wide as your business does.
@ -60,7 +60,7 @@
 							<div class="rollover" data-rollover="rollover-abuse">
 								<h3 class="purple">1. Prevent abuse</h3>
 								<p>
-									First, you'll configure an internal endpoint that Caddy can "ask" if a certificate should be allowed for a domain. This endpoint usually looks up the domain in a list or database and returns HTTP 200 if it's allowed.
+									First, you'll configure an internal endpoint that Caddy can "ask" if a certificate should be allowed for a domain. This endpoint usually looks up the domain in a list or database and returns <code>HTTP 200</code> if it's allowed. Make sure to reject domains you don't recognize. This means that customers <i>must</i> register their domain with your app first.
 								</p>
 							</div>
 							<div class="rollover" data-rollover="rollover-ondemand">
@ -99,7 +99,7 @@
 							<div>
 								<h3 class="purple">1. Point DNS records</h3>
 								<p>
-									The owner of the domain sets A and/or AAAA records to point to your Caddy instance.
+									The customer sets a CNAME record on a domain or subdomain they control, so that <i>their</i> domain resolves to <i>your</i> domain's IP address.
 								</p>
 							</div>
 							<!-- <div class="rollover" data-rollover="rollover-ondemand">
@ -111,13 +111,13 @@
 						</div>
 						<div>
 							<div class="display right">
-								<code class="light"><span class="comment"># Examples shown. In real life, users
-# point domains to your IP address.</span>
-
-A    -> 203.0.113.42
-
-AAAA -> 2001:db8:900d:1337</code>
+								<code class="light"><span class="comment"># Customer's DNS (example domains)</span>
+your-app.customer.com   CNAME  ->  your-app.com

+<span class="comment"># Your DNS (example IPs)</span>
+your-app.com            A      ->  198.51.100.1
+your-app.com            AAAA   ->  2001:db8:: 
+</code>
 							</div>
 						</div>
 					</div>