I'm about to embark on creating 12000 vhosts

Jeff Dyke jeff.dyke at gmail.com
Mon Feb 11 19:33:27 UTC 2019


I use haproxy in a similar way as stated by Rainer, rather than having
hundreds and hundreds of config files (yes there are other ways), i have 1
for haproxy and 2(on multiple machines defined in HAProxy). One for my main
domain that listens to an "real" server_name and another that listens to
`server_name _;`  All of the nginx servers simply listen on 80 and 81 to
handle non H2 clients and the application does the correct thing with the
domain.  Which is where YMMV as all applications differ.

I found this much simpler and easier to maintain over time.  I got around
the LE limits by a staggered migration, so i was only requesting what was
in the limit each day, then have a custom script that calls LE (which is
also on the same machine as HAProxy) when certs are about 10 days out, so
the staggering stays within the limits.  When i was using custom
configuration, i was build them via python using a yaml file and nginx
would effectively be a jinja2 template.  But even that became onerous.
When going down the nginx path ensure you pay attention to the variables
that control domain hash sizes. http://nginx.org/en/docs/hash.html

HTH, good luck!
Jeff

On Mon, Feb 11, 2019 at 1:58 PM Rainer Duffner <rainer at ultra-secure.de>
wrote:

>
>
> Am 11.02.2019 um 16:16 schrieb rick_pri <nginx-forum at forum.nginx.org>:
>
> However, our customers, with about 12000 domain names at present have
>
>
>
> Let’s Encrypt rate limits will likely make these very difficult to obtain
> and also to renew.
>
> If you own the DNS, maybe using Wildcard DNS entries is more practical.
>
> Then, HAProxy allows to just drop all the certificates in a directory and
> let itself figure out the domain-names it has to answer.
> At least, that’s what my co-worker told me.
>
> Also, there’s the fabio LB with similar goal-posts.
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190211/5d5d5321/attachment.html>


More information about the nginx mailing list