How to manage config for large number of domains

Very interresting reading. Thanks a lot for it.

We are using caddy as SSL terminator for our shared hosting and actually we have a config file for each customer “virtualhost”.

By config file i mean we include config files this:

cat /etc/caddy/customers/cybermind.ch.conf

cybermind.ch, www.cybermind.ch, 276668.web23.swisscenter.com {
        import common
        tls {
                on_demand
        }
}

I went this path because we wanted to be able to granulary enable/disable options per virtual host, for example such as automatic https redirect. In that case we would generate the same file but with:

 http://cybermind.ch, http://www.cybermind.ch, http://276668.web23.swisscenter.com {
        import common
 }
 https://cybermind.ch, https://www.cybermind.ch, https://276668.web23.swisscenter.com {
        import common
        tls {
                on_demand
        }

So it results in a very huge json configuration where a lot of things are repeated for each virtualhost.

After reading your post here I think we really should go the way with a “catch all” configuration like:

https:// {
    tls {
        on_demand
    }
    reverse_proxy localhost:9000
}

and remove each virtualhost configuration block.

But then there is the issue when customer doesn’t want to have automatic ssl redirection (for somewhat reason).
So we need a way to disable it per domain basis.

In this case, if I understand correctly, we would only need to generate a custom config only for the domains that want some specific options disabled/enabled ?

Another example would be to enable rate some rate limit to protect websites, how would we configure it so it separate each customer sites in different limit ‘buckets’.

So many questions, sorry for this :slight_smile:

Other than that I think it would immensely decrease the json configuration size/complexity in our case :slight_smile:

Kind regards

In your JSON config, I believe you can just add port 80 to the listen field to disable auto https redirects. Only listing 443 will enable automatic https redirects.