Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to setup a custom domain to a SAAS?

I’m building a SAAS product with PHP/HTML on shared hosting on a Linux server and I’m stuck on the domain name part.

Goals

I would host my SAAS app on app.mysaas.com

My customers point their domain name to app.mysaas.com

  • www.customer01.com
  • www.customer02.com
  • www.customer03.com
  • etc…

Any visitors on the customer’s domain should be served content from app.mysaas.com without them noticing, meaning they see www.customer01.com in their browser.

Also when visiting www.customer01.com/contact/ they should be served content from app.mysaas.com/contact/ without them noticing, meaning they see www.customer01.com/contact/ in their browser.

SEO on the customer’s domain should not be affected. So via iframe isn’t an option.

I would need my customer to provide an API key. I thought I let my customer add a TXT record to their DNS containing their API key and pick it up with PHP on my server.

Questions

  • Should they point their domain via DNS using an A record or a CNAME record? (Their e-mail setup should not be affected.)
  • How do I detect the customer’s domain pointing to app.mysaas.com? (I thought with PHP’s var $_SERVER['HTTP_HOST'])

  • If I’m way off, could you provide a step by step guide please?

  • Are there any good online tutorials ?

Thank you for you time.

like image 480
Johan Vranckx Avatar asked Feb 02 '20 17:02

Johan Vranckx


3 Answers

Should they point their domain via DNS using an A record or a CNAME record? (Their e-mail setup should not be affected.)

Yes. When a visitor enter their domain on a browser, a nameserver checks a DNS record and routes to your server.

How do I detect the customer’s domain pointing to app.mysaas.com? (I thought with PHP’s var $_SERVER['HTTP_HOST'])

You're right. You don't need to detect if the customer adds a DNS record. When a request comes your server, you can know which domain the request is from.

If I’m way off, could you provide a step by step guide please?

I have built UserCustomDomain which manages customer domains. There is a step by step tutorial with Node.js.

like image 71
Sangwon Kim Avatar answered Oct 22 '22 07:10

Sangwon Kim


Cloudflare's SSL for SaaS

Another option is an inexpensive service like Cloudflare's SSL for SaaS offering, which gives your customers:

  • Vanity domain support
  • TLS certificate provisioned
  • Built-in DDoS Mitigation
  • Bot Management and Firewall Rules (add-ons)

How it Works ... Easy as 1-2-3

  1. Customer adds CNAME (e.g., app.customer.com => app.mysaas.com)
  2. SaaS calls Cloudflare API to request SSL Cert
  3. Done!

Your customer’s customers can now securely access their white-labeled version of your application over HTTPS and take advantage of all the benefits it enables, such as the HTTP/2 protocol. These certificates and their keys are issued uniquely to your customer’s hostname (i.e., not co-located with any other customers).

Simple Cloudflare API

Just to see how easy it is to set up, here's the API call in the form of a curl request:

curl -sXPOST -H "X-Auth-Key: [YOUR KEY]" -H "X-Auth-Email: [YOUR EMAIL]" -H "Content-Type: application/json" https://www.cloudflare.com/api/v4/zones/[YOUR ZONE ID]/custom_hostnames \
-d '
{ "hostname": "support.yourcustomer.site",                         
      "ssl": {
        "method":"http",
        "type":"dv"
      }
}' 

Cost

Billing for custom hostnames is based on usage, currently at $2 per month for every custom hostname that you create. As of April 2021, this offering is available on all plan levels, not just enterprise.

More Info

Note: much of this answer was excerpted from Cloudflare's website:

  • https://blog.cloudflare.com/introducing-ssl-for-saas/
  • https://developers.cloudflare.com/ssl/ssl-for-saas
  • https://www.cloudflare.com/ssl-for-saas-providers/
  • https://blog.cloudflare.com/cloudflare-for-saas/
like image 1
Jonathan B. Avatar answered Oct 22 '22 06:10

Jonathan B.


To add to Sangwon's answer, one of the challenges you will come across with custom domain functionality is managing certs for all of your customer's domains (assuming you need HTTPS).

I'd suggest looking at Caddy which is an open source web server that can handle this for you. Caddy can serve as a reverse proxy via configuration like the following:

https://<customer-domain>.com> {
    log {
        format json
    }
    reverse_proxy {
        to https://<your-domain>.com/
        header_up Host {http.reverse_proxy.upstream.host}
        header_up X-Real-IP {http.reverse-proxy.upstream.address}
    }
}

Caddy will then handle dynamically acquiring and managing certs for the customer's domain. Once this is setup, ask your customers to CNAME their domain to your domain and HTTPS should "just work".

A benefit to using Caddy over reverse proxies hosted by a third party is that you are still in control of other ports that you may wish to host, such as FTPS, SFTP or SSH, etc.

I recently wrote a blog that goes into a bit more detail. Ravenna Kev wrote another blog that provides more explanation as well.

To quote Revenna's blog, we will want to leverage Caddy's API in a real world SaaS scenario to add a reverse proxy record for each custom domain without having to make manual edits to a config file or restart services.

like image 4
Kevin Coleman Avatar answered Oct 22 '22 08:10

Kevin Coleman