If you have a git directive on a tentant Caddy instance, and the front-end Caddy is faithfully proxying all requests to it properly, the webhooks should function just fine. I’ve done this myself in the past. If you can give us a real example of one of your attempts to do this that didn’t work, maybe we can take a look at that?
If I were going to set up a massively multi-tenanted fully-HTTPS shared hosting service, I would probably put Caddy in front with a really simple file:
:80, 443 {
tls {
max_certs [some large number]
}
proxy / http://haproxy:80 {
transparent
}
}
This would make startup pretty fast. I expect I would set [some large number] to the weekly rate-limit of LetsEncrypt and restart Caddy once a week.
Then I would use jwilder/docker-gen to template out HAProxy’s configuration and do graceful reloads on the fly in reaction to me (or my client management portal) spinning up docker containers. I wouldn’t need to write a single scrap of tenant-specific code that way. They could probably even write their own Caddyfiles (or I could template that too based on some options they could select from the portal).
I’d love other people’s opinions on this concept, too.