In fact this is possible with their current environment:
http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons
On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote:
This is theoretically possible with their architecture, but they are
currently reviewing how easy it
Thank you for writing this up!
On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.pl wrote:
In fact this is possible with their current environment:
http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons
On Dec 9, 7:58 pm, Wojciech Kruszewski
If I am following your approach correctly, then I believe it would be
possible for multiple Heroku users to cooperate on a single custom SSL
addon using the following steps.
1. Alice and Bob agree to cooperate and split the costs between one another
outside of the scope of Heroku's billing.
2.
Hey,
I don't think this would work. Not in a very meaningful way, at least.
Keep in mind that you can still only host one cert on a single IP. So,
even with a wildcard cert, all apps getting SSL through that instance
would have to run on *.ssldomain.com.
/Morten
On Dec 10, 1:44 pm, Doug
Yeah, I didn't catch the multi-domain part. Theoretically it might be
possible. I don't think we have ever seen a multi-domain cert in the
wild at Heroku. Also, the solution we have in place now isn't designed
for this in a couple of ways:
1) You would have to redeploy the cert every time it
On Dec 10, 11:06 pm, Morten Bagai mor...@heroku.com wrote:
Yeah, I didn't catch the multi-domain part.
Well, wildcard is still interesting for me. I could replace
*.heroku.com with my own wildcard as a piggyback. I'd prefer to serve
sites admin/user panels of my clients from my own domain.
Maybe I'm missing something and I'm not an SSL expert, but couldn't
Heroku allow customers to purchase more than one IP for an SSL
instance? Then they could apply multiple domains without a multi-
domain cert and without constantly having to keep applying/managing a
single cert when it's
The core of the problem is that Amazon only allows one IP per EC2 instance,
which is why we have to spin up a dedicated instance for SSL at all. If
Amazon ever starts allowing that, we'd be able to re-evaluate our options
for providing SSL. Until then, this is a pretty decent workaround. I
For dedicated SSL you only need to reserve port 443. You can still use
other ports for all other stuff as long as you accept the instance has
multiple
purposes. I would think that most customers would welcome the price
reduction
caused by using the dedicated IP instance for for example processing
Hi,
I've read your explanation about why you charge $100/mo for custom SSL
(http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon
assigns only one IP for an instance, so you need to reserve full
instance just to use one SSL cert - seems fair.
Ok, but if you reserve full EC2 instance
Hi,
In general I am very happy with Heroku and their rates but I think Wojciech
has a reasonable point.
Yours,
Husain
On Tue, Dec 8, 2009 at 10:48 AM, Wojciech Kruszewski wojci...@oxos.plwrote:
Hi,
I've read your explanation about why you charge $100/mo for custom SSL
They are totally independent. The way our architecture works, dynos
run on machines called railguns, which are specially set up for the
job. We have to setup a special (and yes, mostly idle) server just to
handle the SSL requests. It's not possible with the product we have
today to run dynos on
Thanks Oren, this makes sense.
So can that one mostly idle server handle SSL requests for multiple
applications?
I mean I tried Heroku and was very happy with the experience - looks
like it needs little to no maintenance on my part. I'd wish to host a
handful smaller web apps, each with 1-3
I don't know if that's possible or not it's probably a function of the
SSL protocol and our routing mesh, but it's beyond my technical
knowledge. Best bet is to drop support@ a line, and see what they
say. They'll be able to dig into the details for you.
Oren
On Tue, Dec 8, 2009 at 12:42 PM,
Wojciech, if you ask support about that and get some good news, would
you report back? I'm curious about this too.
Thanks!
Chris
On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote:
I don't know if that's possible or not it's probably a function of the
SSL protocol and our routing mesh, but
15 matches
Mail list logo
