Comment by devpascoe on "How I built a CDN for our multi-tenant app within a day"

I just got off a 2 hour support call to AWS. I am facing a similar scenario: white-label multi-tenant social network platform, need to handle multiple externally mapped domains and SSL. Their recommendation was as you outlined: generate multiple SSL certs along with multiple CloudFront distros. Naturally leading to an outcome of say 1000 customers equals 1000 ACM certs and 1000 CloudFront distributions pointing to the same S3 bucket (sheesh invalidating cache should be fun). FYI i had to request the limit for both be increased.

I also came across traefik.io which looks to have auto SSL handling. I guess if this were easy everyone would be doing it haha.

Exactly! I understand your pain.

I recently created this project called AutoSSL which helps businesses like you serve their customer domains over HTTPS. You might find it interesting: autossl.co

Basically, you just sign up, add your customer domains and we automatically manage the TLS.

Let me know what you think!

Sandeep Panda super interesting. I should probably take this reply offline but who knows folks may benefit. I signed up and am keen to test, what in particular do you suggest for a CDN being the Origin server? In my case i use AWS CloudFront for our wildcard subdomains. Do you recommend my Origin be an S3 bucket?

Sandeep Panda update Signed up for AutoSSL and I pointed an external domain to my CloudFront instance and i don't get a complaint about SSL from CloudFront! Amazing! How are you accessing Origin? Is the flow: request > your edge server with SSL configured > proxy request to Origin ? I just thought for sure CloudFront would complain about the request domain not matching what CF was configured to serve under CF's "Alternate Domain Names (CNAMEs)" setting.

Search Hashnode