We will need to use Caddy with 50,000 different domains, can he handle it?

job_noam · September 3, 2017, 11:48am

We will need to use Caddy with 50,000 different domains, can he handle it? does the file can include so many records while he will reload every 1 minute?

matt · September 3, 2017, 1:42pm

Yes, Caddy will be fine. Just don’t blow away the .caddy folder each time. If you’re talking about SIGUSR1, then it will be fine. (Be mindful of the timeouts, or the value of the -grace flag, since that can affect how quickly vs. gracefully you reload.)

fiatjaf · September 4, 2017, 2:21am

In which situation does someone have 50,000 domains to serve?

matt · September 4, 2017, 4:58am

I’m also quite interested to know this.

(One of the reasons it’s so difficult to make Caddy the perfect choice in advanced use cases like these is because nobody tells me what they use Caddy for, they just use it and I have no clue… so please, more details would be really helpful to know and would benefit the community.)

job_noam · September 4, 2017, 5:21am

No problem
We have a CMS (something like Wordpress.com) that we give our users a free sub-domain and to some users we give an option to connect a unique domain name.
Because we want to give our users (with unique domain) an option to set a free SSL under their domain name we like to use Caddy because it’s easy to manage it. So we use Caddy as PROXY to our own servers.
The problem with Caddy is, that for SSL we must declare the domain in the CaddyFile, so if we have 50K customers the file will be very very big. If we didn’t need the SSL there will not be any problem and the file will stay small.
Anyway, this is our use case and this way we use Caddy

Hope it’s helped.

Whitestrake · September 4, 2017, 6:47am

I don’t know if you’ve looked into it yet, but On-Demand TLS may be useful to you when designing your solution with Caddy. I’ve never had a real need or opportunity, but I’ve always been interested in deploying something like this:

Best practise for multiple tenant, multiple HTTPS domain server?

If I were going to set up a massively multi-tenanted fully-HTTPS shared hosting service, I would probably put Caddy in front with a really simple file:
:80, 443 {
  tls {
    max_certs [some large number]
  }
  proxy / http://haproxy:80 {
    transparent
  }
}
This would make startup pretty fast. I expect I would set [some large number] to the weekly rate-limit of LetsEncrypt and restart Caddy once a week.

job_noam · September 4, 2017, 7:02am

I think it will not work because I saw I must set the domain name when I want to set him under SSL.
You can see it here:

“The host is not empty, not localhost, not a wildcard, and not an IP address”

It will be great if I didn’t need to set the domain name and use it like you wrote. But I think I checked it and it don’t worked

Whitestrake · September 4, 2017, 7:05am

Read the documentation for On-Demand TLS further:

You will find that with the max_certs subdirective set to some number, Caddy will in fact enable Automatic HTTPS for wildcard domains, requisitioning the needed certificate when the first request comes in for a matched domain name. It will do this for a number of domains up to the number you specify with max_certs.

job_noam · September 4, 2017, 7:17am

Yes but this only for sub-domains. I need it for unique domains

Whitestrake · September 4, 2017, 8:00am

Hmm. The docs don’t have any examples of just *, but you can definitely have a catch-all site.

https://caddyserver.com/docs/http-caddyfile#addresses

I’m pretty sure *, :80, :443, and http://, https:// should all work to match any domain.

job_noam · September 4, 2017, 3:09pm

WOW, I think you right
Big thanks !

system · December 3, 2017, 3:09pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.