I'm working on a Ruby on Rails SaaS app with a custom subdomain for each company. When a company signs up, the user is redirected to her subdomain.myapp.io.
The app is hosted on Heroku and DNS are managed at CloudFlare. I use the free SSL feature provided by CloudFlare, which works as expected for https://myapp.io.
My issue is about having SSL active for the subdomains. I wonder if this is possible without buying a wildcard SSL certificate.
CloudFlare DNS setup:
myapp.io. 300 IN CNAME myapp.herokuapp.com.
*.myapp.io. 300 IN CNAME myapp.herokuapp.com.
Heroku domains setup:
myapp.io
*.myapp.io
This works, but without SSL on subdomains. It is not possible to use CloudFlare features (such as SSL Full) for wildcard subdomains (except for Entreprise plan users).
I think I need to buy a wildcard SSL certificate for my domain ($115/year) and add the SSL Endpoint Heroku add-on ($7/month). Am I wrong?
If you want SSL to work on any of your subdomains with Cloudflare, you will need to have your main domain also enabled on Cloudflare. This is a limitation imposed by the SSL Certificate provider; without the main domain being on Cloudflare, the certificate will not be valid for the subdomains.
Does Cloudflare support wildcard DNS entries? Cloudflare now supports proxying wildcard '*' record for DNS management in all customer plans. This used to only be offered to Enterprise plans.
Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits. Subdomain Support is available for multiple subdomain levels such as www.example.com, dev.www.example.com, etc.
Short answer:
You can't have a free wildcard SSL (Full protection) for subdomains on CloudFlare (Free plan).
Long answer:
I mean using wildcard with CloudFlare (Free plan), CloudFlare proxy protection and acceleration are bypassed (no orange cloud) so your origin server SSL certificate will be used instead. So to enable SSL you need to add a CNAME record for each subdomain (the cloud icon should be orange).
Example:
foo.myapp.io. 300 IN CNAME myapp.herokuapp.com.
bar.myapp.io. 300 IN CNAME myapp.herokuapp.com.
(You don't need to add any record for custom domains in Heroku if you already have *.myapp.io)
[EDIT]
Maybe you can add DNS records dynamically via CloudFlare's API (https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record)
(I didn't try that...)
Workaround:
As you said:
Hope it will help.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With