Lua-resty-auto-ssl: Multiple domains
Would it be possible to use this solution with a single nginx hosting several domains that each require an SSL cert from Let's Encrypt?
Thanks! And the project looks awesome!
jmvbxx
All 6 comments
Yes, this is possible with SNI (which is supported by this project).
gjongenelen
on 20 Jul 2016
Yup, as @gjongenelen mentioned, SNI provides this functionality. Easily handling lots of domains through a single nginx instance or cluster is one of the primary aims of this projects.
Feel free to reach out if you have any further questions.
GUI
on 21 Jul 2016
I had a question similar in this vein - apologies in advance if I should instead open a separate issue instead of piggybacking here:
Other than the rate limits specified by Let's Encrypt, are there are any known caps or limits on the number of domains hosted from the same server? I'm not too much of a server guy myself, so I'm never sure if being able to handle "lots" of domains means a few dozen, a few hundred, or tens of thousands :)
I've tested this tool out on a small scale and it seems perfect for our needs, but I just wanted to make sure I wasn't missing some concerns that would pop up at scale.
And thanks for such a great tool!
ejonasson
on 28 Jul 2016
@ejonasson: There should be no real restrictions to the number of separate domains this can handle (aside from Let's Encrypt rate limits, as you noted). The primary consideration for handling more domains would be adjusting the size of the lua_shared_dict auto_ssl setting in the nginx config. You'll need about 1MB for every 100 separate domains you want to handle (in some quick testing, it actually looked like 1MB was able to handle 110 domains, so 100 should be a more conservative estimate that leaves a bit of buffer).
If you exceed the available memory with too many domains, things will continue to work, but the certificate data will have to be fetched from the slower storage, rather than the in-memory cache. So for optimal performance, you really want to ensure you have enough memory allocated to this setting to handle the number of domains you expect.
But thanks for bringing this up, since I realized we were missing any guidance on how much memory you might need for this setting. I've updated the README's example with some additional comments explaining the recommended sizing for this setting.
GUI
on 30 Jul 2016
Great! Thanks for the info
ejonasson
on 30 Jul 2016
Sorry to dig this back up, but looking at my config, I have it set at:
lua_shared_dict auto_ssl 1m;
I'm confused by the lowercase 'm'. Does that mean the setting is 1 MegaByte (~100 domains)?
Update: Found someone else's config and the comments around it stated it was 1MB, or ~100 domains!
bryanus
on 28 Jun 2018
Related issues
jasonbouffard
·
6Comments
danDanV1
·
7Comments
arya6000
·
11Comments
ronaldgrn
·
8Comments
serathius
·
21Comments
Most helpful comment
@ejonasson: There should be no real restrictions to the number of separate domains this can handle (aside from Let's Encrypt rate limits, as you noted). The primary consideration for handling more domains would be adjusting the size of the
lua_shared_dict auto_sslsetting in the nginx config. You'll need about 1MB for every 100 separate domains you want to handle (in some quick testing, it actually looked like 1MB was able to handle 110 domains, so 100 should be a more conservative estimate that leaves a bit of buffer).If you exceed the available memory with too many domains, things will continue to work, but the certificate data will have to be fetched from the slower storage, rather than the in-memory cache. So for optimal performance, you really want to ensure you have enough memory allocated to this setting to handle the number of domains you expect.
But thanks for bringing this up, since I realized we were missing any guidance on how much memory you might need for this setting. I've updated the README's example with some additional comments explaining the recommended sizing for this setting.