Okay, in that case On-Demand TLS does make sense for you. But I still strongly recommend using a wildcard cert for *.jatra.app instead of On-Demand TLS, it’ll reduce the amount of certs you need to have maintained, and reduce pressure on ACME issuers.
It’s possible, but I recommend against it. Instead, have your customers point a subdomain of theirs like community.clientdomain.com to your server. Much simpler.
See this article:
You’ll need to make your backend aware of the subpath in its routing. You’d probably need to store a mapping of domain + subpath they use, and then ensure that your router and URL builder in your app is aware of the subpath so that URLs to assets in your shipped HTML has the path prefix (otherwise CSS, JS etc will not load correctly).
This won’t work. * only matches a single domain label (a label is the parts between dots in a domain). Remove the * to match the entire domain, like https:// only.
You’d need to use a named matcher. See the Request Matching docs which explain. You’d use the path_regexp matcher.
This doesn’t really make sense. You can’t use a path segment in a proxy upstream address. If you need to change the URL, you need to use the rewrite or uri directives.
Anyway like I said I strongly suggest you avoid going down that path, it’s not worth it. Subdomains are much simpler and cleaner, and require no extra logic to handle.