[Yandex Cloud documentation](../../index.md) > [Yandex Smart Web Security](../index.md) > [Step-by-step guides](index.md) > Domains > Creating a domain

# Adding a domain

To add a domain you will need:

* Address of the domain on which the web application is running. You need access to the domain management interface to update the A record.
* (For HTTPS) Valid private key and TLS certificate for this domain in [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail)-encoded format. Certificates with RSA-2048 and RSA-4096 keys are supported.
* (Optional) Valid private key and TLS certificate to secure the connection between the proxy server and the server hosting your web application.

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder).
  1. Navigate to **Smart Web Security**.
  1. In the left-hand panel, select ![domain-protection-icon](../../_assets/smartwebsecurity/domain-protection-icon.svg) **Domain security** and select the proxy server you want to add a domain for.
  1. In the left-hand menu, go to the ![globe](../../_assets/console-icons/globe.svg) **Domains** tab and click **Add domain**.
  1. Enter the address of the domain your web application is in.
   
     You can add a [wildcard domain](https://en.wikipedia.org/wiki/Wildcard_DNS_record), e.g., `*.example.com`. In which case requests to all subdomains of the specified domain will be processed.

  1. Optionally, enter a domain description.
  1. Click **Continue**.
  
  1. Specify the protocol for your web application to communicate with its users as well as additional parameters:
  
      * **HTTPS and HTTP**: Encrypted HTTPS connection and HTTP support for rare use cases. For example, for a transition period or to support legacy equipment.

         * Optionally, enable **Redirect HTTP to HTTPS** to send HTTP requests over HTTPS.
         * Optionally, expand the **Connection settings** section and change the numbers of used ports and the HTTPS version.

             By default, the HTTP/2 version, HTTP port `80`, and HTTPS port `443` are used.
      * **HTTPS**: Encrypted HTTPS connection.

         * Optionally, expand the **Connection settings** section and change number of the used port and the HTTPS version.

             By default, the HTTP/2 version and HTTPS port `443` are used.
      * **HTTP**: Unencrypted connection. We recommend using it for test purposes only. You do not need a certificate for this option, but traffic between the user and your application will be transmitted in plain text.

         * Optionally, expand the **Connection settings** section and change the number of the used port.

             HTTP port `80` is used by default.
  1. If using HTTPS, select a certificate from [Certificate Manager](../../certificate-manager/index.md) issued for the specified domain or click **Create** and select:

       * **Custom certificate**: If your web application already has a TLS certificate.

          1. Enter a name and description for the certificate.
          1. Optionally, enable deletion protection to prevent the certificate from being deleted.
          1. Copy or upload the certificate, intermediate certificate chain, and your private key in PEM format.
          1. Click **Create certificate**.

       * **Let's Encrypt certificate**: If your web application does not have a TLS certificate.

          1. Enter a name and description for the certificate.
          1. Optionally, enable deletion protection to prevent the certificate from being deleted.
          1. Click **Create certificate**. The interface will prompt you to create a [CNAME resource record](../../dns/concepts/resource-record.md#cname) in the [public DNS zone](../../dns/concepts/dns-zone.md#public-zones) of your domain. You need this record to [verify your domain rights](../../certificate-manager/concepts/challenges.md#dns).

              {% note info %}

              You can [create](../../dns/operations/resource-record-create.md) the record manually or, if your domain is delegated to Yandex Cloud DNS, use [this guide](../../certificate-manager/concepts/challenges.md#cname) to automatically create a resource record.

              {% endnote %}
          
             Wait until your rights for the domain are confirmed. It usually takes a few minutes to complete the check.
          1. To view the check status, click **Show logs**.

             After the check status changes to `Valid`, the certificate will be issued and its status will change to `Issued`. Until the certificate is issued, you will not be able to proceed with adding the domain.
  1. Click **Continue**.
  1. Under **Target resources**, set up the targets:

      1. Enter the server IP address and port your web application runs on.
      1. Optionally, enter a comment for the server.
      1. Optionally, click **Add resource** to add connections to any additional targets.
      1. Optionally, expand the **Connect target resources** section to configure additional connection settings:

          * In the **Protocol** field, select the connection protocol, `HTTPS` or `HTTP`.
          * Optionally, if you selected `HTTPS` and have multiple domain names and certificates, in the **SNI** field, add a [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) handler to route traffic based on the domain name.
          * If you selected `HTTPS`, upload the TLS certificate file.
          * Select the protocol version, `HTTP/2` or `HTTP/1.1`.
  1. Click **Add domain**.

{% endlist %}

After adding a domain [create a security profile](profile-create.md) and [connect](host-connect.md) it to the domain.

### Useful links {#see-also}

* [Creating a proxy server](proxy-create.md)
* [Creating a security profile](profile-create.md)
* [Setting up the infrastructure](setup-infrastructure.md)
* [Checking resource availability](validate-availability.md)
* [Connecting a security profile to a resource](host-connect.md)