3
6 Comments

Which service can help to implement a "custom domain" feature?

Hi,

I'm working on a SaaS, which is something like a website builder. User's should be able to use their custom domain and not just get a dedicated subdomain from us.

I would like to use a third-party service for that and I could find the following:

Unfortunately, none of them is really convincing as they sometimes don't even have an email address for support and therefore I feel uncomfortable giving them my credit card number.

Can you recommend similar services?

  1. 1

    I run my app (DynaBlogger in Kubernetes so I use cert-manager to issue certificates using Let's Encrypt.

    The way it works is this: when a user adds a custom domain, the app tells the Kubernetes API to create an ingress resource (virtual host in Nginx basically) for the domain; then the app pings the domain until a request to a specific path returns an expected token. This means that the domain is actually pointing to the app / is owned by the user. At that stage, the app tells the Kubernetes API to "upgrade" the ingress resource with some annotations that trigger the issuance of the certificate with cert-manager. If DNS has already been configured for the domain, the process takes under a minute usually.

    This setup in Kubernetes is the best I have used so far for this feature.

    In the past, before Kubernetes, I was using OpenResty as web server, which is a particular version of Nginx with lua scripting built in. Then I would use the lua-autossl extension to issue certificates.

    The way that works is this: the app exposes an API endpoint which accepts a domain as a parameter and returns a 200 status code if the domain is recognized (= added by some user to the system) or 404 status code if not. At the first request with the custom domain, some lua code queries that API endpoint to check if the domain is allowed and if yes, it issues the certificate with Let's Encrypt, otherwise it will ignore it and not issue the certificate, for security reasons. What I don't like of this setup is that the first request that triggers the issuance of the certificate can be very slow depending on whether DNS is fully propagated etc. There are also some limits to the number of certificates that can be managed this way by a single web server. With Kubernetes instead the thing scales together with the cluster, so it's a lot better.

    I have never considered using a third party service for things like certificates because they require a lot of trust and it's one more external dependency.

  2. 1

    You could set up fly.io as a proxy in front of your application. They have the ability to add domains to an application through the API and they handle acquiring a Let's Encrypt certificate for them automatically.

  3. 1

    None of these seem to work with A Records as well.

  4. 1

    Do you need a 3rd party for this?

    I would think that your user could create a CNAME DNS record pointing their custom domain (e.g.theirdomain.com) to their subdomain on your site (e.g. theirsubdomain.yourapp.com).

    Then, your app will handle traffic from their domain the same way as you currently do with their subdomain (by checking the host header, for example).

    I've never done this though, so feel free to tell me that this is wrong and it's actually way harder than I think 🙂

    1. 1

      This is true and seems to work. However, you then don't have SSL without any further setup, which is too much to ask the user for.

      1. 1

        Ah ok I see what you mean.

        I've heard good things about caddy for that, as I think it can obtain certs for you.

        This looks a bit like what you're trying to do?

        https://oliverdunk.com/2018/07/06/https-custom-domains-sass

Trending on Indie Hackers
How I went from 500€ to 5300€ MRR in one month as a UX coach and indie founder 28 comments How I made $10k teaching vim online in one month 9 comments 💯 USERS 💯 DAYS 7 comments Launch went well. Traffic is falling. Now what? 6 comments Using Twitter questions to build a parallel community 6 comments Can you give me some feedback? 5 comments