Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://bsd.network/users/solene/statuses/113791623931418462">Solène :flan_hacker: (solene@bsd.network)'s status on Wednesday, 08-Jan-2025 16:47:01 JST</a><a href="https://bsd.network/@solene" title="solene@bsd.network"><img src="https://gnusocial.jp/avatar/6273-48-20220828132537.webp" width="48" height="48" alt="Solène :flan_hacker:" style="position: absolute; left: 0; top: 0;">Solène :flan_hacker:</a></section><article><p>I needed a TLS wildcard certificate but it's always a pain to handle, I just found way better!</p><p>Caddy web server can generate TLS certificates on demand, so I can make it listen on *.foobar.com and when a new subdomain is requested, it will generate a new ACME certificate for this.</p><p><a href="https://caddyserver.com/docs/automatic-https#on-demand-tls" rel="nofollow noreferrer">https://caddyserver.com/docs/automatic-https#on-demand-tls</a></p><p>It has limitations though, it can be easy to DOS the system by requesting a lot of subdomains. That's why it's possible to add a mechanism "ask" as a safe-guard. The implementation is up to you, but a simple solution could be a persistent timer that would only allow a new certificate every minute.</p><p>See the following link for the "ask" option <a href="https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179" rel="nofollow noreferrer">https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4333514#notice-8471684">In conversation</a><time datetime="2025-01-08T16:47:01+09:00" title="Wednesday, 08-Jan-2025 16:47:01 JST">about a month ago</time> <span>from <span><a href="https://bsd.network/@solene/113791623931418462" rel="external" title="Sent from bsd.network via ActivityPub">bsd.network</a></span></span><a href="https://bsd.network/@solene/113791623931418462">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: dqah5woojdp50.cloudfront.net</div><h5><a href="https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179">Serving tens of thousands of domains over HTTPS with Caddy</a></h5><div></div></header><div>This guide is a free sample of what is available exclusively for sponsors in my Expert Caddy series, where I help you master the ways of the Caddy web server.  (This guide is still WIP.)  Many online businesses have invested thousands, even millions, of dollars for custom software and proprietary solutions to serve their customers’ websites over HTTPS. These traditional methods then cost thousands of dollars per year to maintain it in infrastructure, engineering, and payroll.  I’ll show you how ...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Solène :flan_hacker: (solene@bsd.network)'s status on Wednesday, 08-Jan-2025 16:47:01 JST Solène :flan_hacker:
I needed a TLS wildcard certificate but it's always a pain to handle, I just found way better!
Caddy web server can generate TLS certificates on demand, so I can make it listen on *.foobar.com and when a new subdomain is requested, it will generate a new ACME certificate for this.
https://caddyserver.com/docs/automatic-https#on-demand-tls
It has limitations though, it can be easy to DOS the system by requesting a lot of subdomains. That's why it's possible to add a mechanism "ask" as a safe-guard. The implementation is up to you, but a simple solution could be a persistent timer that would only allow a new certificate every minute.
See the following link for the "ask" option https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179
In conversationabout a month ago from bsd.networkpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: dqah5woojdp50.cloudfront.net
  Serving tens of thousands of domains over HTTPS with Caddy
  This guide is a free sample of what is available exclusively for sponsors in my Expert Caddy series, where I help you master the ways of the Caddy web server. (This guide is still WIP.) Many online businesses have invested thousands, even millions, of dollars for custom software and proprietary solutions to serve their customers’ websites over HTTPS. These traditional methods then cost thousands of dollars per year to maintain it in infrastructure, engineering, and payroll. I’ll show you how ...

Public

Embed Notice

HTML Code

Corresponding Notice