Hi all, I'm trying to figure out how to set up my application to allow multiple SSL enabled custom domains. I am planning on using UCC certificates (supporting up to 150 hostnames each). However, I'm not sure if the setup I have in mind is possible through Heroku.
Our application allows each of our users to create multiple websites. Each website gets a subdomain under our host name. As an upgrade, users can sign up for a package that allows a custom domain to be attached to the website. As another upgrade, they can add SSL to the site. This is where it gets tricky. I currently have Hostname based SSL with a wildcard certificate to cover the subdomains on our hostname. It's setting up the SSL for the custom domains that I'm trying to figure out. What I'm thinking of doing at this point is to get a UCC certificate for every 150 customers. The problem is hosting the certificate and here is what I'm not sure if is possible or not with Heroku. I thought I could set my SSL addon to IP based (Heroku would then start up a new EC2 instance with a static IP) and mount the UCC certificate on it. This is assuming that my Wildcard certificate is still operational on my original app, which I think is true because at one point we did add the IP based SSL (which we cancelled shortly after because we found an alternative to the problem we had at the time) and the wildcard certificate was still being served, but that could have just been because it got transferred over to the IP addon. At any rate, IF I can keep my wildcard certificate AND put the UCC certificate on the new EC2 instance AND I can fire up more EC2 instances for each additional UCC certificate I need, AND I have access to update the UCC certificates (each time I need to register a domain) through the API, then I think I'm in the clear. I'm not sure if any of this is possible because: - I'm not sure it actually works to have both Hostname and IP based SSL with different certificates - when you run heroku ssl:add, you only pass the PEM and key, you don't get to tell it "add it to the hostname SSL, or add it to the IP based SSL". Is there a way to specify it? - from the web interface, it doesn't seem like you can add multiple IP based SSL addons. If you can, how do you tell the heroku gem to install an updated certificate to IP server 1 or IP server n. If this is not possible, I would have to run my own EC2 instances just so I can host an NGINX or similar and serve the SSL certificates. The problem here is how do I now proxy the request back to my heroku app securely? Is there a way to use an internal DNS name or establish a tunnel to my app? I don't love this solution because it requires managing the instances manually, which is kind of what we love about Heroku: that we don't have to manage them. Another alternative would be to start up a new Heroku app for each of my UCC certificates, each instance with my whole app. The problem here is that costs add up pretty quickly, since we would basically be hosting 150 customers per instance. Additionally now we need to deploy our code to multiple instances, which we would preferably like to avoid. Are there any other alternatives that I am missing? Is my first solution (the most cost effective and easy to implement and maintain, IMO) possible? Regards Ruy -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
