How to Host Static Website for users in SaaS app?
I'm wondering if anyone on here can help guide me on this.
I have a Ruby on Rails application which creates websites for users. I'd like to offer hosting for users.
Currently I am compiling the static website into a .zip file putting onto Amazon S3 and then putting it onto Netlify via API for the user. This works great, however I am unsure if I am allowed to do this.
I have tried use Cloudfront for the S3 bucket, but cannot find an API to create the Web Distributions and wasn't able to get the SSL which my app requires since has an API inside the static files with JS.
I know this is fairly standard, just can't seem to find right solution.
Ideally, I'd for users to add a domain name with a CNAME target like:
Or something branded in CNAME and that domain be connected to a static web host.
With Netlify I am able to let users connect their domain using API - although doesn't seem like best option.
Anyways hopefully someone can provide a simple option.
Thanks - keep on rockin' !
We do exactly what you described, except for documentation sites. (My saas in progress is a helpdesk with a documentation site.)
Are you letting users edit content and dynamically change things? You may need to consider using a template language like Liquid.
Will you be hosting assets for them (Eg. Images)?
Hosting on your sub domain will be the easiest, with simply creating a route constraint in Rails.
If you allow your customers use a custom domain, you will need to handle SSL provisioning. You can use something like fly.io.
Some things to consider is to cache things. If you generate a static site every time a user updates something, that might be slow. You will need to think of some way to invalidate caches.
At eager.app, we let users host their documentation site with all three options:
For example: https://eager.app/docs is a hosted site that reverse proxies to the application server.
This is a deep topic, so feel free to ask.
https://fly.io/docs/app-guides/speed-up-a-heroku-app/ (using Heroku myself)
Very interesting.
Also found this for SSL for SaaS without Entreprise account: Qloaked https://www.qloaked.com/
I think I am coming to grasp with the problem to solve more now than when I began.
I forgot to mention -- there's another solution. It's called Nginx Lua auto SSL resty (or something like that). Try Googling it up. Basically you set up a reverse proxy (which will forward requests to your main server). But sitting in front of it all is an instance of Nginx that will automatically provision SSL certs for you. Quite neat.
I actually tested something like this a few years' back and it worked surprisingly well.
Awesome - I was just reading some of what Fly.io can do: https://fly.io/docs/app-guides/openresty-nginx-plus-lua/
This is all new to me and the code especially is new to me haha mostly just JS and Ruby (sparse PHP)
Still very interesting read, debating on Turboku until I fully understand it more.
Keep on rockin' !
Hey there!
Thanks so much for taking the time to reply.
Eager.app is looking very cool, something I will be needing soon for my own project.
To answer some questions:
Yup users are provided with a page builder, which I am writing in VueJS.
Generating static site when user hits "Publish" rather than every change is generated, ideally user would do as much work and publish those changes.
At first I was thinking doing subdomain that is branded, then I just focused on connecting a single domain and get that working haha
I did find just today actually find this, CloudFlare SSL for SaaS https://www.cloudflare.com/en-ca/ssl-for-saas-providers/
This seems to answer part of the whitelabel cname with SSL which my app requires.
Interesting, "reverse proxied" is new to me, I'll spend some time getting to understand that, thanks for the tip on that.
Are your branded helpdesk websites hitting the same server as your main application?
I've been under the impression to try and separate the two if possible, since the frontend helpdesk sites would get far more traffic than the app would.
Thanks again!
Cloudflare enterprise SSL is indeed the solution you're looking for -- it costs $5000 / month or something like that apparently, so quite out of reach for most self-funded startups.
I've also seen some other people manually add certs for clients if they're running things on Amazon AWS (which I think allows 1000 domains or something like that).
In regards to your question of whether the documentation (ie. knowledge base) sites are hitting the main servers -- yes, they are.
What I've done here is this:
That should get you 90% there.
If you need to set cookies and what not (for weird functionalities), what you need to do is you'll need to ensure that you specify a very generous cross domain cookie policy, enable Rails to dynamically set cookies for what you want (eg. env["rack.session.options"][:domain] = "yourclientsdomain.com"), that sort of thing.
There isn't a "right" answer, and you'll find that there's also not a lot of documentation for this. Again, let me know if anything is unclear.
Wow, I suspected Cloudflare SSL would be expensive haha
Its true there is no right answer, what could work now with few users, might not work with hundreds and not work with thousands of users.
I ended up looking at the limits for things like AWS S3 buckets and Heroku Domains per app which is also 1000, I've done heroku domains in an app before no issue, without thinking of limits though.. which is probably for best until actually hit them and calibrate for it.
That's very cool, I appreciate you describing it more.
Will probably do something similar to that.
You can use Hugo the Static Site generator and GitHub Pages to host your static website.
I wrote an tutorial about How to Create a Static Site With A Contact Us form
and host it on GitHub pages.
https://fabform.io/a/create-a-static-website-with-contact-form-on-github-pages
Did you sort this out yet? I'm one of the founders of Qloaked (https://www.qloaked.com) and this is exactly what we do. We can help you setup a custom CNAME target.mysaasapp.com to pass to your clients, when they point their domains at it, we'll secure the domain for you and show your site/app - like magic :)