diff --git a/Sandstorm.md b/Sandstorm.md
index f01edb0..01bbbf4 100644
--- a/Sandstorm.md
+++ b/Sandstorm.md
@@ -2,6 +2,9 @@
 
 ### Sandstorm CloudFlare DNS settings
 
+Sandstorm works when configured to full domain, with CloudFlare SSL/TLS, with Caddy.
+Not subdomain, not sub-url, and not with Let's Encrypt that AFAIK does not support wildcard SSL/TLS.
+
 Source: https://github.com/sandstorm-io/sandstorm/issues/3714#issuecomment-2366866243
 
 For me, it works at CloudFlare DNS using TLS Strict checking and DNS setting clicking to orange cloud icon to make TLS proxy with Origin certificate, that is at /etc/caddy/certs/example.com.pem with above private key and below cert.
@@ -18,12 +21,44 @@ Caddyfile, proxy to KVM VM that is running Debian and Sandstorm:
                 load /etc/caddy/certs
                 alpn http/1.1
         }
+        # If KVM VM, it's IP address:
+        #reverse_proxy 123.123.123.123:80
+        # Localhost port 81, when not in KVM VM 
+        reverse_proxy 127.0.0.1:81
+}
 
-        reverse_proxy 123.123.123.123:80
+blog.somecompany.com {
+        tls {
+                load /etc/caddy/certs
+                alpn http/1.1
+        }
+        # Blog hosted at Sandstorm WordPress
+        reverse_proxy 127.0.0.1:81
+}
+
+othercompany.com {
+        tls {
+                load /etc/caddy/certs
+                alpn http/1.1
+        }
+        # Website hosted at Sandstorm Hacker CMS
+        reverse_proxy 127.0.0.1:81
 }
 ```
-At /opt/sandstorm/sandstorm.conf is domain, http port etc.
-
+At /opt/sandstorm/sandstorm.conf is domain where Sandstorm login is, http port etc.
+```
+SERVER_USER=sandstorm
+PORT=81
+MONGO_PORT=6081
+BIND_IP=127.0.0.1
+BASE_URL=https://example.com
+WILDCARD_HOST=*.example.com
+UPDATE_CHANNEL=dev
+ALLOW_DEV_ACCOUNTS=false
+SMTP_LISTEN_PORT=25
+#SANDCATS_BASE_DOMAIN=sandcats.io
+#HTTPS_PORT=443
+```
 Some related info at:
 
 https://github.com/wekan/wekan/wiki/Caddy-Webserver-Config