How HostiFi handles 4000+ custom domains with AppMasker
Who is HostiFi?
HostiFi, founded by CEO Reilly Chase, is a rapidly growing SaaS company that faced a familiar devops dilemma: provisioning custom domains and TLS certificates at scale. Reilly's company manages over 2,000 Linux servers for their clients, each running Ubiquiti's UniFi or UISP applications (IT hardware management apps). Their users have over 4,300 custom domains across these servers. HostiFi's customers are managed service providers that manage IT infrastructure on behalf of restaurants, offices, and similar businesses.
The Challenge
Before AppMasker, HostiFi used a variety of custom Python scripts to retrieve, renew and monitor TLS certificates (by Let’s Encrypt, which expire every 90 days) on behalf of their clients. Unfortunately, the scripts would often fail, leaving dozens of support tickets for Reilly’s team each day.
AppMasker to the Rescue
AppMasker, at its core, is a web service that orchestrates remote reverse proxy servers through its simple REST API. At HostiFi, we deployed a reverse proxy (Caddy with a custom module) on each client’s Debian server. Reilly's team required that AppMasker be self-hosted, and so the central web service was deployed in HostiFi’s Digital Ocean VPC.
The web service exposes several API endpoints to HostiFi's existing infrastructure. This allows HostiFi to notify AppMasker when new customers are created, when they add custom domains, when customers leave, and more.
Instead of exposing the Ubiquiti applications directly, Caddy, with its robust TLS stack, handles inbound HTTPS and forwards the connection. As HostFi’s customers change their custom domain and other server settings, HostiFi calls AppMasker’s API, which in turn reconfigures the customer’s proxy instance remotely. HostiFi's customers can now request a new custom domain for their UniFi app and it’s up and running with a fully-managed TLS certificate in milliseconds.
Bonus Benefits
A lot of doors open up when you put a dynamically configurable proxy in front of your application servers. For example, HostiFi, who does not control the UniFi / UISP applications, is able to inject Javascript into the dashboard web UI to add the Intercom chat and hide the SSL settings since AppMasker takes care of that. Here are some other possibilities:
- Dynamic port configuration
- DDOS protection
- Rate limiting
- IP Address Filtering
Wrapping it up
If your business requires dynamically changing many web / proxy servers, AppMasker can help you scale, hassle-free. AppMasker painlessly manages custom domains, TLS certificates, and reverse proxies at scale. Let us know your use case!