0

I am building an application which will provide users with custom pages served under the subdomain within my application domain.

What I want to do as next step is to allow users to create CNAME which can point their subdomain. The issue which I see is to serve them with the valid SSL certificate for their domain. The websites are going to be served by the NextJS, but I believe it would make more sense to take this responsibility to separate service which will do the SSL termination as the further part of request will happen inside my k8s cluster.

The challenge which makes it not possible to use e.g. traefik is that I have to make it automatically managed based on clients configuration (handle new domain, get the LetsEncrypt certificate etc) without any manual work.

Is it really good solution or there are easier/ready solutions available?

Marek Urbanowicz
  • 101
  • 3
  • 2
    not sure i understand why there is a difficulty here? if you can automate getting the cert then you just have to update your software routers ssl termination config and hot reload? – Ewan Aug 04 '21 at 18:50
  • I am more asking if this is valid approach or it has some significant downsides or there is just better approach. Sorry if that is not clear. – Marek Urbanowicz Aug 05 '21 at 07:37
  • no prob, difficult to answer if there is a better approach, there might always be one that i havent heard of. I'm guessing the only problem here is whether the hot reload is zero downtime or not? If it is, then you have a working solution, there must be something that you perceive as not quite right for you to ask? – Ewan Aug 05 '21 at 09:15
  • Let's Encrypt might have a maximum number of certificates you can have per account, so don't forget to check that. – user253751 Aug 05 '21 at 10:03

0 Answers0