This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Large Number of Domains for One Load Balancer

Posted on 04-11-2022 10:28 AM
brett_myers
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have a multi-tenant, consumer-facing app running on Cloud Run. Each of our customers has an existing website, with their own domain, and I need to send all of the traffic to the same server. The issue that we have is with adding SSL Certs for each of these new domains. 

Currently, I have a Global Forwarding Rule and Target HTTPS Proxy for each customer. The HTTPS Proxy has the cert for that customer's domain. This does not scale, because it requires a separate IP address for each customer and Google cannot provide that many. I could add more certs to the Target HTTPS Proxy, but the limit is 15.

Are there any solutions within Google that would allow for having ~1000 domains running through one load balancer? The traffic to each of these sites is low enough that adding load balancers for each would be very expensive. If Google Load Balancers can't accomplish this, I could run nginx on a GCE instance, but I don't even know if there are issues with having that many domains on an nginx server. Any thoughts on possible solutions would be appreciated. 

0 3 2,129
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Shikar
Staff
Reply posted on --/--/---- --:-- AM

I would like to address your queries and I would inform that you can use a shared cert, then that would cover 1500 domains per IP address. Also please review [1] How To Set Up Multiple SSL Certificates on One IP with Nginx on Ubuntu 12.04.

[1] https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-w...

0 Likes

Posted on --/--/---- --:-- AM
g_krist
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi Brett, Did you ever found a proper solution for this? I'm in the same boat as you actually. 

Posted on --/--/---- --:-- AM
brett_myers
Bronze 1
Bronze 1
In response to g_krist
Reply posted on --/--/---- --:-- AM

Yes, I did find a solution, but we haven't had to implement it just yet. They have a fairly new product called Certificate Manager https://cloud.google.com/certificate-manager/docs/overview which works for up to a million certs in one load balancer that would all run on the same IP address. Scaling our existing setup would require special approval from GCP and likely have performance issues, so cert manager looks like the way to go. Again, I haven't set it up yet, but that was the recommendation I received after discussing the issue with one of their engineers, so it should be the proper way of doing it.

Top Labels in this Space
Top Solution Authors
View all