First of all, I leave here my congratulations for the Caddy team for the amazing work you are doing!
I already succeeded in deploying a simple site using Caddy without problems.
Now, I’m working for a SaaS company and we want to provide automatic HTTPS for our clients. Today, when they opt for use custom domains, or they have to give to us their certificates in a very manual process, or they will fallback to plain HTTP.
So, the ideia is to use Caddy to provide automatic HTTPS for the customers custom domains. My question is if anybody already used Caddy for doing something like that and if that worked well. Just asking for general guidance.
In my case, my Rails application is served through Nginx on ElasticBeanstalk. I can replace Nginx and use only Caddy, but I’m considering better to deploy it separately.
What is in my mind right now is to build a plugin to monitor requests to domains which doesn’t have certificates and provide it on-demand.
I know of a single Caddy instance that is serving thousands of domains for their customers, including managing the certificates for each one of them. It uses on-demand TLS so they just start working after the handshake. I recommend whitelisting the kinds of domains that can be obtained by specifying them in the Caddyfile first, though (*.domain.com for subdomains, or add each one individually, which means you won’t need on-demand TLS).
Also, we’ll have a commercial package for businesses using Caddy available later this year. Could I message you about that, and get your thoughts on it?
We have recently started using Caddy for exactly this purpose.
We put Caddy behind and IP that we tell our customers to point their DNS at, and then just use Caddy’s automatic TLS feature to manage it all for us. No need for plugins, if tls has max_certs set, it’ll just fetch certs for you.
(80 and 443, because we can’t enforce SSL on all sites yet)
There’s a bit more in there so I can use EV certs for certain domains we have full certificates for, and I’ve been working out some clustering ideas, but that’s the gist of it.