[FEATURE REQUEST]Muti-Domains TLS Support

[Little-YangYang]

Is your feature request related to a problem? Please describe. I want use muti-domains bind to port 443 and use domain to defined the api service endpoint, in one domain like "domain.com" I can use wildcard cert to make subdomain support, however, I can not use muti-domain for TLS support. Yes, maybe looked like a TLS supported virtualhost, or a gateway-like service. For example:

First, I want use iris to build my blog use domain1.com, this will taken my 80 and 443 ports left.

Second, I want build another website in same server to show my product in domain domain2.com.

If I want users can access my product website easily, I should reuse ports 80, 443, whatever, I don't think start a new iris service in other ports is a good idea, because user do not like type ports in domain normally.

Describe the solution you'd like Support muti-domain TLS in one iris application.

Describe alternatives you've considered

• Make Nginx or Apache to be an agent support tls virtual host and proxy to service api.
• Use SNI to defined which domain accessed and return target domain certificate and make connection.
• Listen 80 and 443 in one iris application, then check host and redirect to target domain defined service with other ports(running other iris application).

Additional context Nil

[kataras]

Hello @Little-YangYang, I think it's better to use Nginx or Caddy for that scenarios but if you just want two Iris application running under the same process with two different subdomains/domains on the same host:port, you may want to check out the apps package or/and the rewrite middleware. Waiting for your response.

[Little-YangYang]

Hello @kataras , thank you for your reply, if I use apps , is there any method to defined tls certificate for each application alone?

[kataras]

But you wanted one certificate for all domains, right? If not, TLS certificates can only be registered per listener, there is an alternative of constructing a custom GetCertificate function and choose what to use dynamically.

[Little-YangYang]

Happy Chinese new year! Sorry for reply so late. I just come back from my Spring Festival holiday.

There is a scene.

---

I build a SaaS service website (1.1.1.1) .

User can let there own domain direct to my website.

Beside, these changes are dynamic adding for my SaaS service.

User bought my SaaS service (Maybe a tunnel transfer proxy service or a virtualhost).

User make an A record ( a.userowndomain.com ) to my SaaS service ip 1.1.1.1

User upload own domain certificate ( a.userowndomain.com ) in admin area.

User can access my service over https://a.userowndomain.com

Now I should make a TLS support to a.userowndomain.com (single domain)

Can I make a map[hostname] certificate to store certificate which user uploaded, then use custom GetCertificate function to dynamic return TLS certificate?

[zyxgad]

I think you can use app.Shutdown(ctx) shutdown server first, and then you can use app.Run(iris.TLS(userkcmap[username].key, userckmap[username].cer)) restart it