![]() ![]() Point single wildcard DNS entry to your application. Second option: Subdomain for each tenant. Only issue that we face is login and signup white label, which we may need to have a custom login and signup page for each tenant along with general login and signup page.īenefits is that you don't need to spend much for SSL management or a service that handle SSL. And data access will be done by permission management. Instead of Subdomain, we will have organization pathname for each company. By the way, allocating subdomains for users will be so complex as you need to manage SSL and cross origin login if you have organization switching feature for users. If anyone needs the nginx settings I used or have any other questions, let me know in the comments. ![]() I create/remove domains on Cloudflare on-demand using their Rest API.This means that I'm able to generate certificates for any domain my customers decide to use. But as someone pointed out in a previous comment, Cloudflare support SSL for SaaS for FREE (up to 100 domains - any extra domains will have a $0.10/mo fee). The "challenge" is to generate SSL certificates for each custom domain your customers create.Apache is the "real web server", and I call it real only because it's the one that processes the actual request.Nginx works a reverse proxy that receives ALL requests and forwards them to Apache. I set up an Ubuntu server and installed both Apache and Nginx.My app lets you generate both subdomains such as, or use your own domain such as. I was able to set up custom domains (aka vanity domains) for my SaaS and I want to share how I did it. I’ll see later if I can locate the exact config, but hopefully this gives you a vague idea of how to get it working with nginx. Just add the ssl certs you create to a sensible place in a hostname folder. That makes it dynamic, so 1 config works for all custom domains. the hostname is available in a variable and you use that in the ssl cert path. I found there was a config on the load balancer nginx possible where you can use the hostname in the path to the ssl cert I.e. The tricky part was getting the SSL certs to work for each custom domain. I had an nginx load balancer, that terminated SSL connections using letsencrypt certs, and forwarded the connection to the an application server, re-encrypting the connection using local certs, the application servers each had an nginx installed running as a reverse proxy to direct the connection to the correct port. ![]() I had a quick look through my notes but can’t find the exact config at the minute. ![]() I previously got this working using nginx. These are the two options I have used with success myself. You can use some Lua modules to both verify that the domain points to the app (by using an API call for example that triggers a database lookup or something), and issue the TLS certificate with the very first https request for the custom domain. In a more traditional, non-Kubernetes environment, the easiest solution I have found and used in the past is with OpenResty, a version of Nginx with Lua scripting integrated. cert-manager/Let's Encrypt also do a verification of the domain, but because there are some rate limits on Let's Encrypt side, I prefer doing a verification before hand. When that happens, the app knows that the domain is actually pointing to the app and "upgrades" the ingress resource with some annotations for cert-manager, which will then issue the TLS certificate with Let's Encrypt. The ingress resource for the custom domain points to my app of course, and once it is active, a background job waits until a specific request to a URL with the custom domain returns a special token. The ingress resource is just a virtual host in the Nginx ingress controller. If yes, the way you do it depends on the way you handle web apps generally speaking.įor example I run in Kubernetes, so whenever a user adds a custom domain to one of their blogs, my app creates an "ingress resource" via the Kubernetes API. Not sure if the other answers have helped already, but having had to solve this stuff myself in the recent past, I sense your problems are probably about how to 1) add custom domains dynamically to the web server, 2) issue TLS certificates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |