Hey, I don't think this would work. Not in a very meaningful way, at least. Keep in mind that you can still only host one cert on a single IP. So, even with a wildcard cert, all apps getting SSL through that instance would have to run on *.ssldomain.com.
/Morten On Dec 10, 1:44 pm, Doug Petkanics <[email protected]> wrote: > If I am following your approach correctly, then I believe it would be > possible for multiple Heroku users to "cooperate" on a single custom SSL > addon using the following steps. > > 1. Alice and Bob agree to cooperate and split the costs between one another > outside of the scope of Heroku's billing. > 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. > Alice also buys the custom SSL addon, and applies the certificate to her > app. > 3. Alice and Bob edit their domain's DNS settings to point to the dedicated > IP. > 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's > custom ssl addon. The multi-domain cert they bought includes both their > domains. > > Heroku guys, if this approach would work, would you take issue with some > users pooling together to reduce the cost? I don't ask in the spirit of > taking advantage of your platform, but instead ask because the current price > of custom SSL is prohibitive from running smaller apps on the service right > now. > > Thoughts? > > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski <[email protected]>wrote: > > > In fact this is possible with their current environment: > >http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > > On Dec 9, 7:58 pm, Wojciech Kruszewski <[email protected]> wrote: > > > This is theoretically possible with their architecture, but they are > > > currently reviewing how easy it would be to implement it and if it's > > > worth the trouble. > > > > I created a public feature request: > >http://support.heroku.com/forums/42310/entries/87156 > > > - would you care to add your vote? > > > > Cheers, > > > Wojciech > > > > On Dec 8, 11:47 pm, Chris Hanks <[email protected]> wrote: > > > > > Wojciech, if you ask support about that and get some good news, would > > > > you report back? I'm curious about this too. > > > > > Thanks! > > > > > Chris > > > > > On Dec 8, 2:05 pm, Oren Teich <[email protected]> wrote: > > > > > > I don't know if that's possible or not it's probably a function of > > the > > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > > say. They'll be able to dig into the details for you. > > > > > > Oren > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > > [email protected]> wrote: > > > > > > Thanks Oren, this makes sense. > > > > > > > So can that one mostly idle server handle SSL requests for multiple > > > > > > applications? > > > > > > > I mean I tried Heroku and was very happy with the experience - > > looks > > > > > > like it needs little to no maintenance on my part. I'd wish to host > > a > > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > > certificate. > > > > > > > - Wojciech > > > > > > > On Dec 8, 8:58 pm, Oren Teich <[email protected]> wrote: > > > > > >> They are totally independent. The way our architecture works, > > dynos > > > > > >> run on machines called railguns, which are specially set up for > > the > > > > > >> job. We have to setup a special (and yes, mostly idle) server > > just to > > > > > >> handle the SSL requests. It's not possible with the product we > > have > > > > > >> today to run dynos on that server. > > > > > > >> Oren > > > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski < > > [email protected]> wrote: > > > > > >> > Hi, > > > > > > >> > I've read your explanation about why you charge $100/mo for > > custom SSL > > > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > > > >> > assigns only one IP for an instance, so you need to reserve full > > > > > >> > instance just to use one SSL cert - seems fair. > > > > > > >> > Ok, but if you reserve full EC2 instance just for me... then why > > do I > > > > > >> > have to pay for extra dynos? Aren't you double-billing for this > > > > > >> > instance? > > > > > > >> > I believe it's "just against your architecture" but still I'd > > like to > > > > > >> > know the explanation. > > > > > > >> > Regards, > > > > > >> > Wojciech > > > > > > >> > -- > > > > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment > > > > > > >> > -- > > > > > > >> > You received this message because you are subscribed to the > > Google Groups "Heroku" group. > > > > > >> > To post to this group, send email to [email protected]. > > > > > >> > To unsubscribe from this group, send email to > > [email protected]<heroku%[email protected]> > > . > > > > > >> > For more options, visit this group athttp:// > > groups.google.com/group/heroku?hl=en. > > > > > > > -- > > > > > > > You received this message because you are subscribed to the Google > > Groups "Heroku" group. > > > > > > To post to this group, send email to [email protected]. > > > > > > To unsubscribe from this group, send email to > > [email protected]<heroku%[email protected]> > > . > > > > > > For more options, visit this group athttp:// > > groups.google.com/group/heroku?hl=en. > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Heroku" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<heroku%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
