I am working on a multi-tenant web application that is hosted on AWS. It is written in Ruby on Rails, and each app server runs Nginx. We have an EC2 instance that runs HAProxy. We originally set up HAProxy because some of our customers could only set up A records on their root domain (pointing to a static IP), and ELB only offers dynamic IPs.
So our requests look like: HAProxy => Nginx => Rails
Our customers can configure a custom domain, so they can access our service via their own domain (through A or CNAME DNS records.) We will need to support around 1,000 domains.
I was planning to write a script that would request SSL certificates from LetsEncrypt for all of our custom domains. Then I would configure either Nginx or HAProxy to use these SSL certificates (they can use the right one based on SNI).
Would it better/easier to terminate SSL at HAProxy or Nginx? Will loading 1,000 SSL certificates impact performance?
Finally, are there any open-source projects that can accomplish some or all of what I'm looking for?
0 Answers