Web app VPS - SSL - multiple clients

Hi guys,

I am having some troubles finding the right way to solve this.
Probably all this was a bad idea since the beginning, but, I am now in the middle, so please help me work it out

I have a web app that I will run for every client on their ownVPS. The idea is when a client want the app/service, I contract a cheap linux VPS for them, and install the web app, and so they have their own VPS with the app only for them

The thing is, I need the apps to be secure (SSL), so… I thought I’d create some sort of general brand portal for all the clients where they would input their business ID and then be redirected to their particular VPS’s or shown in a iframe their particular app ?

So I see three issues that are stopping me…

1-Certificates: I want to avoid buying, setting up, and maintaining ONE certificate for every VPS. Is it possible to avoid this hassle (showing the apps within an iframe)?
2-Domain names. I want to avoid setting up a new domain for every new client (it’s really unnecessary) and…
3-URL direction: I don’t want the IP’s of the VPS to be shown in the URL… I’d rather show a corporate/general URL (or something like that). Showing the webapp in a iframe from a portal would fix this…

Until now I couldn’t find a solution that covers all three points… is it possible ?
What other alternatives do I have ? How would you deal with it ?

(Modifying the webapp to allow multiple clients/databases in the same instance of the app (VPS) is not really an option at this time)

Thanks for your input

Unless you’re doing e-commerce, you can use LetsEncrypt for that. They’re relatively easy to set up, will renew automatically and free.

You could just use subdomains like customer1.example.com, customer2.example.com, customer3.example.com, but you’ll need an SSL Certificate that supports that.

I don’t suggest using iFrames. They have their own set of problems including widely differing browser support and security restrictions.

OK, let me see if I got it straight, Greg…

You say I could get a certificate (either LetsEncrypt os any other) for MyBussiness.com and then set all my clients domian names as subdomains from MyBussiness.com… ?

Like Client1.Mybussines.com, Client2.Mybussines.com, Client3.Mybussines.com ?

Then I would be using the same Mybussines.com certificate… correct ?
And I could set up a portal or welcome page at Mybussines.com where I would redirect every client to its ClientX.mybussines.com… correct ?

That way I would have all three issues fixed… Did i get it right ?

is there any limit on the amount of subdomains/client sites I can have ?

You need what is called a wildcard ssl certificate. That type of certificate allows multiple subdomains with a particular primary domain. Ours is unlimited. I am not sure if other providers place restrictions on the number of subdomains. We got ours from Digicert.

there is a possibility to run your web app with http local on your vps and your web server handle the ssl connection and
is between web client and app.
i believe it was called reverse proxy.

wildcard ssl certificates if you want subdomains are more expensive :frowning:
i am not sure if u really need this.
and without

in the end your app running with a ip and port.

Certificates from LetsEncrypt are entirely free. But last only 90 days – on purpose so that you setup automatic renewals. They have scripts to do that for most environments.

Honestly, I would just do that and setup each VPS with its own free LetsEncrypt certificate. It really doesn’t take that long, then renewals are automated.

Disclaimer: I have not set it up in a multi-hosted VPS, or with Xojo web apps. Just speaking from generic experience with LetsEncrypt. (I use ahead of Aloe Express services, not web apps.)

It is probably WAY to late for this, however, have you thought of a multi-tenant application/SaaS? This is where you have all your customers using the same web application however, their data is separated through additional fields in the database.

A catalogue table entry would be something like the following in a single user application. There is no need to filter out anything from another company as that database is dedicated to a specific company
RowId | ItemName | ItemID | ItemLocation | ItemVendor

Where as, in a multi-tenant environment, there is a need to separate the data by Tenant to ensure that companies can’t see each other’s data.
RowId | ItemName | ItemID | ItemLocation | ItemVendor | TenantID

This is another way to design web applications that can be a little more efficient, especially if you plan on expanding beyond a single customer

  • One code base
  • One code base to debug and enhance
  • Better usage of the hardware
  • Less complex

Thanks everybody…

I could get a wildcard certificate… but looks like I won’t be able to use one subdomain for each customer… my hosting comany will not give me more than 8 subdomains…
I am stuck there…

@Markus Rauch : Could you please elaborate ? Sorry I am not sure I’m following you…

@Robert Litchfield : Yes… I know what you mean… but it’s too late now… I didn’t plan it right. I need a solution involving a VPS per client, and ONE domain… maybe setting up one letsencrypt cert per VPS I could live with, as @Douglas Handy suggested

@Markus Rauch has the best solution and is the one that we use. Install Ngnix on your server and setup redirects to each vps. Ngnix will handle the single cert for your domain. Each customer will use https://www.yourdomain.com/client1 or /client2 and so on. Then Ngnix will redirect to the correct internal vps.

Sorry if I’m being silly… I have next to zero experience with this…

Apart from all the client’s VPS’s I need one server to handle all the redirects… that would be the main access point to the platform, (let’s say)… Then Install Nginx there, right?

Do I need to setup subdomains in mydomain ? because one limitation I have is my hosting company will not allow more than 8 subdomains

I installed Ngnix, looks pretty accessible… (and beautifully lightweight)

I am on the definitive way to understanding it and setting the server up with Nginx.
thumbs up!
Thanks a lot everybody.