I host all of my sites/services via Cloudflare, using their SSL. Every time I spin up a new service, I have to manually add its domain pointed at my load balancer. I’d hoped to automate this via Rancher so that, should the LB ever move, its DNS assignment would move with it.
Except, all of the DNS providers seem to create sites at ...root.domain. My sites/services all have different FQDNs, each pointed at the same LB. I guess what I’d really hoped for was a way to assign multiple FQDNs to my load balancer and have an external DNS service keep those names pointed at the LB. I’d also not mind switching to Let’s Encrypt and having that as an option separate from Cloudflare.
Is there any way to do this that I’m missing? I suppose I could CNAME my public-facing domains to the load balancer, but wouldn’t that break SSL when the Let’s Encrypt module only fetches a cert for the load balancer domain?
Using CNAMEs is the intention. Doing it this way allows us to manage a single zone in a single provider rather than potentially many in many, with access to lots of unrelated records that we don’t need but need to be careful not to affect. Also some providers (Route53) charge by the zone so it can be cheaper as well.
SSL (and VHosts for web servers, etc) works with the hostname requested, it doesn’t care what CNAMEs that name goes through to ultimately resolve to IP address(es).
Got it, thanks. Turns out there was an error in my Cloudflare DNS configuration where it wasn’t redirecting cnames correctly, and I thought that maybe the cnames were breaking because of SSL and Cloudflare’s proxying. Turned out that was a red herring, and once I fixed the config everything worked nicely.