Handing 15,000+ SSL certs and nginx configuration
Posted by alican
|
Handing 15,000+ SSL certs and nginx configuration October 21, 2016 05:51PM |
Registered: 7 years ago Posts: 3 |
Hello All,
I am running an application that has about 200,000 subdomains and 15,000 custom domains. Each subdomain belongs to a customer and they have an ability to white label my platform by using their own ‘custom domains'
I currently have only 1 nginx configuration file to serve all of these domains. I make use of $http_name variable to dynamically define my websites within single nginx virtual host config but I’d like to implement SSL certificate on all of them.
200,000 subdomains are easy because I can get away with couple of lines of code with a wildcard certificate.
My problem is custom domains. These 15,000 unique domains requires SSL cert and I implemented Let’s encrypt to generate certificate for all of them. It works properly so far.
Here is my question:
My understanding is that I cannot use variables in file paths. Therefore, to be able to point 15k domain to proper SSL cert, I need to create 15,000 nginx configuration. It’s going to be very hard to manage. What can I do to overcome this problem? Is there any other easy way?
Edited 1 time(s). Last edit at 10/21/2016 05:52PM by alican.
I am running an application that has about 200,000 subdomains and 15,000 custom domains. Each subdomain belongs to a customer and they have an ability to white label my platform by using their own ‘custom domains'
I currently have only 1 nginx configuration file to serve all of these domains. I make use of $http_name variable to dynamically define my websites within single nginx virtual host config but I’d like to implement SSL certificate on all of them.
200,000 subdomains are easy because I can get away with couple of lines of code with a wildcard certificate.
My problem is custom domains. These 15,000 unique domains requires SSL cert and I implemented Let’s encrypt to generate certificate for all of them. It works properly so far.
Here is my question:
My understanding is that I cannot use variables in file paths. Therefore, to be able to point 15k domain to proper SSL cert, I need to create 15,000 nginx configuration. It’s going to be very hard to manage. What can I do to overcome this problem? Is there any other easy way?
Edited 1 time(s). Last edit at 10/21/2016 05:52PM by alican.
|
Re: Handing 15,000+ SSL certs and nginx configuration October 22, 2016 04:03AM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Handing 15,000+ SSL certs and nginx configuration October 28, 2016 03:28PM |
Registered: 7 years ago Posts: 3 |
Thanks for the guidance itpp2012
What is your recommendation for terminating 15,000+ SSL certificates?
Nginx takes 2 minutes to reload that many certificate (under 0 load) and because our domains can change at any time, we need to issue nginx reload very frequently.
Also, terminating 2048 bit certs will have some overhead as well...
What is your recommendation for terminating 15,000+ SSL certificates?
Nginx takes 2 minutes to reload that many certificate (under 0 load) and because our domains can change at any time, we need to issue nginx reload very frequently.
Also, terminating 2048 bit certs will have some overhead as well...
|
Re: Handing 15,000+ SSL certs and nginx configuration October 28, 2016 05:40PM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Handing 15,000+ SSL certs and nginx configuration November 01, 2016 07:02PM |
Registered: 7 years ago Posts: 3 |
Sorry, only registered users may post in this forum.
Online Users
Guests:
301
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|