0

What would be an appropriate way of load balancing a CMS with about 50000 domains, considering that SSL termination should take place on the LB-side? Having multiple LB sets with each a bunch of SSL certificates or is there any more dynamic way of having just on single cluster of LB (all having the same data) and dynamically assigning it to a specific route/domain?

Or what would be the limit of domains on HAProxy with SSL certificates (when setting up each domain manually or by a script)?

Couldn't actually find any practicable way on the internet.

All of the different domains basically point onto the same set of backend servers, the only thing that is different for each domain will be the certificate.

Improve this question
1
  • You could write the needed functionality yourself, or fund the development of one, since all you need is the certificate path supporting nginx variables. Commented Jan 25, 2017 at 16:52

1 Answer 1

Reset to default
0

With Nginx Lua module you could use the ssl_*_by_lua_block to hook in to the ssl negotiation phase of the request. At that moment you could fetch a ssl certificate from disk or store (database or redis) that corresponds with the domain that has been requested.

https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.