Show HN: An API to provision custom hostnames with SSL
When we started building Fly, we figured it was too late to "make SSL easy and the customers will come". Lets Encrypt changed the world, and we knew many companies rolling their own SSL support with nginx, Traefik, etc, etc. It seemed like a solved problem.
It turns out that SSL is still a pain, particularly companies with lots of hostnames pointed at them ... anyone hosting apps/content on behalf of their own customers. Distributing certificates, keeping them renewed, and — most of all‚ making https fast is still hard. Devs can solve the basic problem in a week or so with a proxy, but then it sits, and no one feels very comfy with untouched infrastructure. And it's usually something distracting devs from more important work that's core to their own customers.
So this is our way of solving that problem. We can handle any number of hostnames for applications, devs can spend more timeon what makes their apps special. It's a relatively "simple" use of what we've built, but solves a really fundamental problem for a many companies. It's the most fun thing we've discovered this year.
So, if you're building an app, and serve stuff on behalf of your users, we can make your life easier:
37 comments
[ 2.6 ms ] story [ 83.3 ms ] threadActually I lied, it's probably a little easier than a wildcard cert. :D But not enough to matter. People who just need wildcard subdomains might want to use us for other reasons. We handle all load balancing, global SSL termination, etc. These things are stuff you'd use even if you were just using a wildcard cert.
https://letsencrypt.org/docs/rate-limits/
If you're getting certificates issued for subdomains of your domain, you're limited to 20 certificates per week of up to 100 SANs per certificate.
Are you just not hitting this limit yet, or do you load balance certificate requests across a pool of domains?
I'm guessing they're using a wildcard certificate for the temporary hostname.
I didn't even consider that third parties such as yourself might offer a solution.
Edit: I tried to sign up. I have to already choose lots of detailed config options? No option for AWS elastic beanstalk or EC? Asking for my AWS secret key without explaining why?
It should be obvious when and what we need AWS keys for. We only need those for private S3 buckets and to invoke Lambda functions. We don't want full access keys, just scoped IAM stuff!
And to be clear, we don't need s3 access unless you want to serve files from a private s3 bucket. Most sites don't use that at all.
Intead, you should be providing your users with instructions to create an IAM role for cross-account utilization. Ideally in addition to the instructions, you'd provide a minimal CloudFormation template defining such a role, with your minimum required permissions.
Asking a customer to create a user and ship you a secret is asking for trouble.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_cre...
The problem is that a junior level of exposure may result in access+secrets being mistakenly given out.
Yeah - they should be looking into say, cloudability, or any number of thousands of offerings ding just this.
I have some Lambda funcs running and just today starting looking into this AWS combination to access Lambda from the outside world. So I wonder if Fly would do the same.
If its the same then it certainly is simpler to set up. And might be cheaper as well, but the pricing of AWS is unclear as always (meaning always having some unexpected aspects).
And yes, AWS pricing is a monstrous headache. I'm really not sure if we're cheaper at scale, but we're easy to predict at the very least (and the first 2 million requests are free).
1- https://www.cloudflare.com/lp/sector/saas/
You can probably do a complete Fly implementation in the time it takes to setup a call with one of their sales folks.
So I recently made https://www.ManagedAlias.com/ as an experiment to see if there is demand.
I avoided the bulk/business route because you essentially have to be a CDN to pull that off (since you are doing the TLS termination).
This is just geared towards non-technical people who need a pretty name for a site without fuss and they don't want to mess with anything technical.
It was only "launched" recently and as an experiment.
Don't have a cheap way of getting traffic really.
I ran an AdWords campaign, grand total of 1 signup out of it, and they haven't done anything with it.
I have a basic form for someone to create their alias, the rest of it is just manual setup now as I didn't want to waste time before validating.
Not getting any clicks/signups since it's not linked from anywhere.
Oh this is cool, you've got me intrigued there.
> Google Auth -- ... Do you want to gate off a static page so that only your Google Org may see it? We make it easy!
So does it integrate with G Suite?
Edit: Answered my own question by testing - Yes it does work but with a suspicion it may break if shw.io ever splits off into more IPs instead of all resolving to the IP I'm given now