> ## Documentation Index
> Fetch the complete documentation index at: https://private-7c7dfe99-fix-nav-issues.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a custom DNS alias by setting up a reverse proxy

> Learn how to set up a custom DNS alias for your instance using a reverse proxy

{frontMatter.description}

<br />

<br />

<h1 id="custom-dns-alias">
  Custom DNS alias by setting up reverse proxy
</h1>

> In this knowledgebase article, we will walk you through how you can set up a
> custom DNS alias for your ClickHouse Cloud instance through the use of a reverse
> proxy such as Nginx for ClickHouse native client.

<h2 id="create-certificate">
  Create a self-signed certificate
</h2>

<Note>
  This step is not needed if you are using signed certificates.
</Note>

Create a self-signed certificate with the domain name of your choice.
In this example we will use a domain name `xyz-customdomain.com` and
create a certificate called `MyCertificate.crt`. Refer to ["Create SSL certificates"](/concepts/features/security/tls/configuring-tls#2-create-tls-certificates)
for further details.

Add the certificate to `/etc/clickhouse-client/config.xml`:

```yaml highlight={5} theme={null}
<clickhouse>
    <openSSL>
        <client>
            <loadDefaultCAFile>false</loadDefaultCAFile>
            <caConfig>/etc/ssl/certs/MyCertificate.crt</caConfig>
            <cacheSessions>true</cacheSessions>
            <disableProtocols>sslv2,sslv3</disableProtocols>
            <preferServerCiphers>true</preferServerCiphers>
            <invalidCertificateHandler>
                <name>RejectCertificateHandler</name>
            </invalidCertificateHandler>
        </client>
    </openSSL>
</clickhouse>
```

<h2 id="update-nginx-config">
  Update Nginx configuration
</h2>

Add the following in your `nginx.conf` file:

```text theme={null}
proxy_ssl_name xyz.us-west-2.aws.clickhouse.cloud;
proxy_ssl_server_name on;
```

```text highlight={21-22} theme={null}
stream {
    upstream stream_backend {
         server xyz.us-west-2.aws.clickhouse.cloud:9440;
    }

    server {
        listen                9440 ssl;
        proxy_pass            stream_backend;

        ssl_certificate       /etc/ssl/certs/MyCertificate.crt;
        ssl_certificate_key   /etc/ssl/certs/MyKey.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout   4h;
        ssl_handshake_timeout 30s;
	proxy_ssl on;
	proxy_ssl_trusted_certificate /etc/ssl/certs/isrgrootx1.pem;
	proxy_ssl_session_reuse on;
        proxy_ssl_verify on;
	proxy_ssl_name xyz.us-west-2.aws.clickhouse.cloud;
	proxy_ssl_server_name on;
    }
}
```

Where `isrgrootx1.pem` is the root certificate for ClickHouse Cloud which you
can download [here](https://letsencrypt.org/certs/isrgrootx1.pem).

<h2 id="update-hosts-file">
  Update hosts file
</h2>

<Note>
  The following step is not needed if you are using your own domain controllers
</Note>

Add the following to your `/etc/hosts` file on the Nginx server:

```text title='/etc/hosts' theme={null}
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost6 localhost6.localdomain6
10.X.Y.Z  xyz-customdomain.com
```

Where `10.X.Y.Z` is the IP address of your specific Nginx box.

<h2 id="connect-to-cloud-using-alias">
  Connect to Cloud using alias
</h2>

You are now ready to connect using your custom alias:

```bash theme={null}
clickhouse-client --host xyz.customdomain.com --secure --password 'xxxxxxx'
ClickHouse client version 23.12.1.428 (official build).
Connecting to xyz.customdomain.com:9440 as user default.
Connected to ClickHouse server version 23.9.2.

clickhouse-cloud :)
```