You're building out a SaaS solution and realize for one reason or another supporting custom domains for your customers is a must. There are some pr...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
Very nice article! thanks a lot for the clear explanation.
I am considering implementing this but I am concerned about the limit in distributions per account (200), what if I have thousands of customers? I have read about another solution with just one cname pointing to a load balancer which terminates the SSL connection. Any thoughts?
Thank you!!
That's just the default limit: docs.aws.amazon.com/AmazonCloudFro...
You don't want to spin up a whole load balancer per customer that is super expensive, and actually the default limit for ALBs is much lower at
50
: docs.aws.amazon.com/elasticloadbal...Hi Warren, thanks for the answer.
Let me clarify,
I don't mean one ELB per customer, but one for all customers. Here the limit is the ammount of certificates per rule in ELB (which is 25 default) although one could pack many in one (ELB supports SAN).
There is the possibility of doing this with nginx + certbot and have no limit.
Somehow (independenly of the service, Cfront, ELB, whatever) configuring and mantaining one per customer feels a bit too much for me.
May be I am just scared XD
Just sharing that CloudFlare also offers something similar within their CloudFlare for SaaS offering. It's now available with all plans (including their free plan). Price is 100 custom domains for free, then $0.10/month per additional custom domain. Definitely a no-brainer coming from such a trusted brand.
Absolutely true, although Cloudflare used to charge $5000/month just to get access to the functionality. There are lots of providers for doing it, this is only one valid way and basically free.
What exact offering of cloudflare are you referencing?
cloudflare.com/en-gb/ssl-for-saas-...
it does seem like it starts from free
It does! Cloudflare for Saas has a free plan which includes up to 100 custom domains
yeah, for some reason it is extremely unclear with their pricing page
I think they're in a hurry and have to spend some time and refactor it a bit
Great article! Hereβs how my implementation aligns with what you described: I create CloudFront distributions and SSL certificates for each user as outlined. For domain masking, I use CloudWatch to notify my application when an SSL certificate is issued. My software then automatically updates CloudFront with the custom domain and the newly issued SSL certificate. All values are stored on my server. I would love to here your thoughts on this as well
The trouble with using CloudWatch events is that there are many more states to deal with than just "Issued", and there are likely many more resources than just the certificate. In these circumstances, you might want to perform any number of async retries or updates or notifications for the user to get them to complete the validation. So I don't recommend CloudWatch, but instead a Step Function which controls the exact timing of Wait Steps, Retries, and notification Lambda steps to actually do this.
Just wanted to jump in, as one of the founders from the Indiehackers thread you mentioned.
I run approximated.app, which handles all of this for you for 10 cents per custom domain. We also offer an automatically applied volume discount of 5% for every 1000 custom domains, up to 50% (or 5 cents per domain). You can scale as much as you want, no requirements for enterprise plans or anything like Cloudflare, and all of the features are included, unlike Cloudflare. They seem pretty focused on massive enterprise customers.
We also have 24/7 real human support at Approximated, and if your custom domains have an issue, an engineer will sort it out for you. We have apps of all sizes running anywhere from 10 custom domains to 100k+ through us. Usually you can get it integrated with your app in the same day as signing up.
Feel free to ping me if anyone has any questions, whether they're related to Approximated or not!
We use saascustomdomains.com to add custom domains support at SparkLoop and it works really well.
Custom domains in Cloudflare (SSL for SaaS) can become crazy expensive on Enterprise plan. Also, due to how their solutions works, you get locked in and it becomes hard to migrate away.
We use bunny.net pullzone, works in same concept. Its little bit easy to handle.