Looking for guidance in setting up over 300,000 subdomains
Would you recommend setting them up using just Bind/DNS or using Caddy/Proxy with a single DNS set to *.domain.com
A wildcard subdomain is definitely going to be more performant if you have that many subdomains. It means you would only have a single certificate loaded in memory.
Caddy has a default limit of 10,000 certificate slots for its in-memory certificate cache, so if you were to run with the defaults, you would continually have certificates evicted from cache to make room for the new ones loaded from the configured storage. Not ideal.
There’s no exact science for this. You’ll need to conduct your own tests to determine this.
Your post is very light on details, so it’s hard to really give any additional recommendations. If you could better explain what problems you’re trying to solve, we can probably give you more guidance.
Make sure you’ve read this page in the docs to understand the options Caddy provides:
is it possible to remove the 10,000 certificate limit ?
Yes, the capacity can be modified with the tls.cache.capacity option (JSON config only currently, not available via the Caddyfile yet, but it would be trivial to add).
But like I said before, wildcard certificates would most definitely be more performant if all of the domains you want to manage are subdomains of domains you control.
Please elaborate on what you’re trying to do.
one of our client asked if we would be able to scale a user service in the 100,000xx and we are trying to figure out what to do !
That’s fine. The cache doesn’t limit how many certificates you can use or manage.
This topic was automatically closed after 30 days. New replies are no longer allowed.