Support for wildcard domains (not necessarily wildcard certificates)

[bandleader]

Thanks @SteveLTN for the great project!

We are trying to use it for a "multitenant" app, meaning that one running copy of the app serves many different customers who license it, each with their own subdomain (customer1.ourservice.com, cust2.ourservice.com, etc.).

I tried the following but obviously it didn't work:

DOMAINS: '*.ourservice.com -> http://app:80'

Is there any way we can do this?

Possibly we can do it already by overriding the NGINX config file. But that would just handle HTTP, but the software would still not know to request a new LetsEncrypt certificate whenever someone visits a particular subdomain for the first time, right?

(Another way to do it would be with a wildcard certificate, but in #122 apparently you say there are issues with this.)

Thanks in advance.

[SteveLTN]

I would actually get a wildcard certificate for this. If you get a certificate for your subdomain for each customer, you will very soon run into the rate limitation of Let's Encrypt.

Unfortunately due to the way wildcard certificates are obtained, there isn't much point using HTTPS-PORTAL. You need to manually change your DNS anyway, the benefit of using HTTPS-PORTAL is minimal.

And last time I checked ACME.sh is a great project to obtain the certificates (supports wildcard, but the DNS records needs to be set by yourself). Feel free to checkout the source of HTTPS-PORTAL for Nginx configuration. Then you just need to write some glue code.

[bandleader]

You might be right about the rate limits, good point. But I would ask:

1) if we ignore HTTPS and just focus on HTTP, is there a way to have HTTPS-PORTAL nevertheless configure nginx to respond to all subdomains?
2) in this case, would it automatically request SSL certificates, if we ignore the problem of the rate limits?

[SteveLTN]

The answer is no. At least not using your own Nginx configuration.

[bandleader]

Nginx does support wildcard domains, but I guess you mean that HTTPS-PORTAL's LetsEncrypt script won't work for requesting the certs, correct?

Thank you very much anyway. We'll have to see how to best solve the problem...

[SteveLTN]

Of course Nginx does support it. But HTTPS-PORTAL is a pre-configured Nginx plus some scripts to obtain certificates.

Well, if obtaining certificates doesn't work, and you need to re-configure Nginx, I don't know what else HTTPS-PORTAL offers to you. Of course you can configure your Nginx to do so, but then, it's not HTTPS-PORTAL ...

I guess you mean that HTTPS-PORTAL's LetsEncrypt script won't work for requesting the certs, correct? Yes. The reason is because obtaining wildcard certificates requires manual intervention, and that nullifies the purpose of HTTPS-PORTAL.

You are welcome, and wish you a good luck!

[MarcelWaldvogel]

297, which I created for entirely different reasons, would also allow a solution for this: You could use the new variable CUSTOM_NGINX_GLOBAL_HTTP_CONFIG_BLOCK to create your own server blocks. Of course, the certificates would not be managed by https-portal, but you could put your own certificates in the correct directories, as explained in #274.