Re: If you reserve full instance for custom SSL - why don't I get more dynos?
David- Thanks for the clarification. I was not aware of the AWS restriction on one IP per EC2 instance. -Kelly On Dec 10, 2009, at 5:13 PM, David Dollar wrote: > The core of the problem is that Amazon only allows one IP per EC2 > instance, which is why we have to spin up a dedicated instance for > SSL at all. If Amazon ever starts allowing that, we'd be able to re- > evaluate our options for providing SSL. Until then, this is a pretty > decent workaround. I probably wouldn't recommend trying to share it > across people as that seems destined to lead to heartache somewhere, > but if you want to get custom SSL on multiple apps under one cert, > this seems like the way to do it. > > - David Dollar > > On Thu, Dec 10, 2009 at 6:06 PM, Kelly Heikkila > wrote: > Maybe I'm missing something and I'm not an SSL expert, but couldn't > Heroku allow customers to purchase more than one IP for an SSL > instance? Then they could apply multiple domains without a multi- > domain cert and without constantly having to keep applying/managing a > single cert when it's changed. The customer would obviously need to > make sure to keep the traffic low, as Morten points out. There would > be an expense for the IP, but that should be much lower than a > dedicated instance. > > I'm sure there are technical hurdles, but he custom SSL issue is a hot > topic as evidenced by the length of this thread/similar ones. Also, > I've had a number of conversations with different developers and when > the topic turns to heroku they say "Great platform, but did you hear > SSL costs $100/month?" > > -Kelly > > On Dec 10, 2009, at 4:22 PM, Wojciech Kruszewski wrote: > > > On Dec 10, 11:06 pm, Morten Bagai wrote: > >> Yeah, I didn't catch the multi-domain part. > > > > Well, wildcard is still interesting for me. I could replace > > *.heroku.com with my own wildcard as a piggyback. I'd prefer to > serve > > sites admin/user panels of my clients from my own domain. > > > >> Theoretically it might be possible. I don't think we have ever seen > >> a multi-domain cert in the > >> wild at Heroku. > > > > Actually I already tried this with two dummy apps and a multi-domain > > certificate taken from production site - worked like a charm. Will > > show you the apps once they are migrated (if I remember of course). > > > >> Also, the solution we have in place now isn't designed > >> for this in a couple of ways: > >> > >> 1) You would have to redeploy the cert every time it changed > >> 2) With multiple busy apps, you might max out the resources of the > >> SSL > >> routing instance > > > > Good points. As for the resources, such a feature would be useful > > mostly for smaller sites. > > > >> > >> On Dec 10, 2:01 pm, Wojciech Kruszewski wrote: > >> > >>> Yes I believe it would be possible. > >> > >>> You could even create a service that would to the pooling: "I'll > add > >>> your domain to my multi-domain certificate for a yearly fee". > >>> Theoretically this business model should > >>> work... > >>> although I'd much prefer Heroku coming up with their solution. > >> > >>> Do you know is it easy to add new domains to existing multi- > domain > >>> certificates? > >> > >>> Regards, > >>> Wojciech > >> > >>> --http://twitter.com/WojciechK > >> > >>> On Dec 10, 10:44 pm, Doug Petkanics wrote: > >> > If I am following your approach correctly, then I believe it > would be > possible for multiple Heroku users to "cooperate" on a single > custom SSL > addon using the following steps. > >> > 1. Alice and Bob agree to cooperate and split the costs between > one another > outside of the scope of Heroku's billing. > 2. Alice buys a multi domain SSL cert covering her domain and > Bob's domain. > Alice also buys the custom SSL addon, and applies the certificate > to her > app. > 3. Alice and Bob edit their domain's DNS settings to point to the > dedicated > IP. > 4. Bob enables piggyback ssl on his app, and gets the benefit of > Alice's > custom ssl addon. The multi-domain cert they bought includes both > their > domains. > >> > Heroku guys, if this approach would work, would you take issue > with some > users pooling together to reduce the cost? I don't ask in the > spirit of > taking advantage of your platform, but instead ask because the > current price > of custom SSL is prohibitive from running smaller apps on the > service right > now. > >> > Thoughts? > >> > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski > wrote: > >> > > In fact this is possible with their current environment: > > http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > >> > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > >> This is theoretically possible with their architecture, but > >> they are > >> currently reviewing how easy it would be
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
The core of the problem is that Amazon only allows one IP per EC2 instance, which is why we have to spin up a dedicated instance for SSL at all. If Amazon ever starts allowing that, we'd be able to re-evaluate our options for providing SSL. Until then, this is a pretty decent workaround. I probably wouldn't recommend trying to share it across people as that seems destined to lead to heartache somewhere, but if you want to get custom SSL on multiple apps under one cert, this seems like the way to do it. - David Dollar On Thu, Dec 10, 2009 at 6:06 PM, Kelly Heikkila wrote: > Maybe I'm missing something and I'm not an SSL expert, but couldn't > Heroku allow customers to purchase more than one IP for an SSL > instance? Then they could apply multiple domains without a multi- > domain cert and without constantly having to keep applying/managing a > single cert when it's changed. The customer would obviously need to > make sure to keep the traffic low, as Morten points out. There would > be an expense for the IP, but that should be much lower than a > dedicated instance. > > I'm sure there are technical hurdles, but he custom SSL issue is a hot > topic as evidenced by the length of this thread/similar ones. Also, > I've had a number of conversations with different developers and when > the topic turns to heroku they say "Great platform, but did you hear > SSL costs $100/month?" > > -Kelly > > On Dec 10, 2009, at 4:22 PM, Wojciech Kruszewski wrote: > > > On Dec 10, 11:06 pm, Morten Bagai wrote: > >> Yeah, I didn't catch the multi-domain part. > > > > Well, wildcard is still interesting for me. I could replace > > *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve > > sites admin/user panels of my clients from my own domain. > > > >> Theoretically it might be possible. I don't think we have ever seen > >> a multi-domain cert in the > >> wild at Heroku. > > > > Actually I already tried this with two dummy apps and a multi-domain > > certificate taken from production site - worked like a charm. Will > > show you the apps once they are migrated (if I remember of course). > > > >> Also, the solution we have in place now isn't designed > >> for this in a couple of ways: > >> > >> 1) You would have to redeploy the cert every time it changed > >> 2) With multiple busy apps, you might max out the resources of the > >> SSL > >> routing instance > > > > Good points. As for the resources, such a feature would be useful > > mostly for smaller sites. > > > >> > >> On Dec 10, 2:01 pm, Wojciech Kruszewski wrote: > >> > >>> Yes I believe it would be possible. > >> > >>> You could even create a service that would to the pooling: "I'll add > >>> your domain to my multi-domain certificate for a yearly fee". > >>> Theoretically this business model should > >>> work... > >>> although I'd much prefer Heroku coming up with their solution. > >> > >>> Do you know is it easy to add new domains to existing multi-domain > >>> certificates? > >> > >>> Regards, > >>> Wojciech > >> > >>> --http://twitter.com/WojciechK > >> > >>> On Dec 10, 10:44 pm, Doug Petkanics wrote: > >> > If I am following your approach correctly, then I believe it > would be > possible for multiple Heroku users to "cooperate" on a single > custom SSL > addon using the following steps. > >> > 1. Alice and Bob agree to cooperate and split the costs between > one another > outside of the scope of Heroku's billing. > 2. Alice buys a multi domain SSL cert covering her domain and > Bob's domain. > Alice also buys the custom SSL addon, and applies the certificate > to her > app. > 3. Alice and Bob edit their domain's DNS settings to point to the > dedicated > IP. > 4. Bob enables piggyback ssl on his app, and gets the benefit of > Alice's > custom ssl addon. The multi-domain cert they bought includes both > their > domains. > >> > Heroku guys, if this approach would work, would you take issue > with some > users pooling together to reduce the cost? I don't ask in the > spirit of > taking advantage of your platform, but instead ask because the > current price > of custom SSL is prohibitive from running smaller apps on the > service right > now. > >> > Thoughts? > >> > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski > wrote: > >> > > In fact this is possible with their current environment: > > > http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > >> > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > >> This is theoretically possible with their architecture, but > >> they are > >> currently reviewing how easy it would be to implement it and if > >> it's > >> worth the trouble. > >> > >> I created a public feature request: > > http://support.heroku.com/forums/42310/entries/87156 > >> - would you care to add your vot
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Maybe I'm missing something and I'm not an SSL expert, but couldn't Heroku allow customers to purchase more than one IP for an SSL instance? Then they could apply multiple domains without a multi- domain cert and without constantly having to keep applying/managing a single cert when it's changed. The customer would obviously need to make sure to keep the traffic low, as Morten points out. There would be an expense for the IP, but that should be much lower than a dedicated instance. I'm sure there are technical hurdles, but he custom SSL issue is a hot topic as evidenced by the length of this thread/similar ones. Also, I've had a number of conversations with different developers and when the topic turns to heroku they say "Great platform, but did you hear SSL costs $100/month?" -Kelly On Dec 10, 2009, at 4:22 PM, Wojciech Kruszewski wrote: > On Dec 10, 11:06 pm, Morten Bagai wrote: >> Yeah, I didn't catch the multi-domain part. > > Well, wildcard is still interesting for me. I could replace > *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve > sites admin/user panels of my clients from my own domain. > >> Theoretically it might be possible. I don't think we have ever seen >> a multi-domain cert in the >> wild at Heroku. > > Actually I already tried this with two dummy apps and a multi-domain > certificate taken from production site - worked like a charm. Will > show you the apps once they are migrated (if I remember of course). > >> Also, the solution we have in place now isn't designed >> for this in a couple of ways: >> >> 1) You would have to redeploy the cert every time it changed >> 2) With multiple busy apps, you might max out the resources of the >> SSL >> routing instance > > Good points. As for the resources, such a feature would be useful > mostly for smaller sites. > >> >> On Dec 10, 2:01 pm, Wojciech Kruszewski wrote: >> >>> Yes I believe it would be possible. >> >>> You could even create a service that would to the pooling: "I'll add >>> your domain to my multi-domain certificate for a yearly fee". >>> Theoretically this business model should >>> work... >>> although I'd much prefer Heroku coming up with their solution. >> >>> Do you know is it easy to add new domains to existing multi-domain >>> certificates? >> >>> Regards, >>> Wojciech >> >>> --http://twitter.com/WojciechK >> >>> On Dec 10, 10:44 pm, Doug Petkanics wrote: >> If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to "cooperate" on a single custom SSL addon using the following steps. >> 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. >> Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. >> Thoughts? >> On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wrote: >> > In fact this is possible with their current environment: > http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons >> > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: >> This is theoretically possible with their architecture, but >> they are >> currently reviewing how easy it would be to implement it and if >> it's >> worth the trouble. >> >> I created a public feature request: > http://support.heroku.com/forums/42310/entries/87156 >> - would you care to add your vote? >> >> Cheers, >> Wojciech >> >> On Dec 8, 11:47 pm, Chris Hanks >> wrote: >> >>> Wojciech, if you ask support about that and get some good >>> news, would >>> you report back? I'm curious about this too. >> >>> Thanks! >> >>> Chris >> >>> On Dec 8, 2:05 pm, Oren Teich wrote: >> I don't know if that's possible or not it's probably a function of > the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. >> Oren >> On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > wojci...@oxos.pl>
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
On Dec 10, 11:06 pm, Morten Bagai wrote: > Yeah, I didn't catch the multi-domain part. Well, wildcard is still interesting for me. I could replace *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve sites admin/user panels of my clients from my own domain. > Theoretically it might be possible. I don't think we have ever seen a > multi-domain cert in the > wild at Heroku. Actually I already tried this with two dummy apps and a multi-domain certificate taken from production site - worked like a charm. Will show you the apps once they are migrated (if I remember of course). > Also, the solution we have in place now isn't designed > for this in a couple of ways: > > 1) You would have to redeploy the cert every time it changed > 2) With multiple busy apps, you might max out the resources of the SSL > routing instance Good points. As for the resources, such a feature would be useful mostly for smaller sites. > > On Dec 10, 2:01 pm, Wojciech Kruszewski wrote: > > > Yes I believe it would be possible. > > > You could even create a service that would to the pooling: "I'll add > > your domain to my multi-domain certificate for a yearly fee". > > Theoretically this business model should work... > > although I'd much prefer Heroku coming up with their solution. > > > Do you know is it easy to add new domains to existing multi-domain > > certificates? > > > Regards, > > Wojciech > > > --http://twitter.com/WojciechK > > > On Dec 10, 10:44 pm, Doug Petkanics wrote: > > > > If I am following your approach correctly, then I believe it would be > > > possible for multiple Heroku users to "cooperate" on a single custom SSL > > > addon using the following steps. > > > > 1. Alice and Bob agree to cooperate and split the costs between one > > > another > > > outside of the scope of Heroku's billing. > > > 2. Alice buys a multi domain SSL cert covering her domain and Bob's > > > domain. > > > Alice also buys the custom SSL addon, and applies the certificate to her > > > app. > > > 3. Alice and Bob edit their domain's DNS settings to point to the > > > dedicated > > > IP. > > > 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's > > > custom ssl addon. The multi-domain cert they bought includes both their > > > domains. > > > > Heroku guys, if this approach would work, would you take issue with some > > > users pooling together to reduce the cost? I don't ask in the spirit of > > > taking advantage of your platform, but instead ask because the current > > > price > > > of custom SSL is prohibitive from running smaller apps on the service > > > right > > > now. > > > > Thoughts? > > > > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski > > > wrote: > > > > > In fact this is possible with their current environment: > > > >http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > > > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > > > > > This is theoretically possible with their architecture, but they are > > > > > currently reviewing how easy it would be to implement it and if it's > > > > > worth the trouble. > > > > > > I created a public feature request: > > > >http://support.heroku.com/forums/42310/entries/87156 > > > > > - would you care to add your vote? > > > > > > Cheers, > > > > > Wojciech > > > > > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > > > > > Wojciech, if you ask support about that and get some good news, > > > > > > would > > > > > > you report back? I'm curious about this too. > > > > > > > Thanks! > > > > > > > Chris > > > > > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > > > > > I don't know if that's possible or not it's probably a function of > > > > the > > > > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > > > > say. They'll be able to dig into the details for you. > > > > > > > > Oren > > > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > > > > wojci...@oxos.pl> wrote: > > > > > > > > Thanks Oren, this makes sense. > > > > > > > > > So can that one mostly idle server handle SSL requests for > > > > > > > > multiple > > > > > > > > applications? > > > > > > > > > I mean I tried Heroku and was very happy with the experience - > > > > looks > > > > > > > > like it needs little to no maintenance on my part. I'd wish to > > > > > > > > host > > > > a > > > > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > > > > certificate. > > > > > > > > > - Wojciech > > > > > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > > > > > >> They are totally independent. The way our architecture works, > > > > dynos > > > > > > > >> run on machines called railguns, which are specially set up for > > > > the > > > > > > > >> job. We have to setup a special (and yes, mostly idle) server > > > > just to > > > > > > >
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Yeah, I didn't catch the multi-domain part. Theoretically it might be possible. I don't think we have ever seen a multi-domain cert in the wild at Heroku. Also, the solution we have in place now isn't designed for this in a couple of ways: 1) You would have to redeploy the cert every time it changed 2) With multiple busy apps, you might max out the resources of the SSL routing instance /M On Dec 10, 2:01 pm, Wojciech Kruszewski wrote: > Yes I believe it would be possible. > > You could even create a service that would to the pooling: "I'll add > your domain to my multi-domain certificate for a yearly fee". > Theoretically this business model should work... > although I'd much prefer Heroku coming up with their solution. > > Do you know is it easy to add new domains to existing multi-domain > certificates? > > Regards, > Wojciech > > --http://twitter.com/WojciechK > > On Dec 10, 10:44 pm, Doug Petkanics wrote: > > > If I am following your approach correctly, then I believe it would be > > possible for multiple Heroku users to "cooperate" on a single custom SSL > > addon using the following steps. > > > 1. Alice and Bob agree to cooperate and split the costs between one another > > outside of the scope of Heroku's billing. > > 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. > > Alice also buys the custom SSL addon, and applies the certificate to her > > app. > > 3. Alice and Bob edit their domain's DNS settings to point to the dedicated > > IP. > > 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's > > custom ssl addon. The multi-domain cert they bought includes both their > > domains. > > > Heroku guys, if this approach would work, would you take issue with some > > users pooling together to reduce the cost? I don't ask in the spirit of > > taking advantage of your platform, but instead ask because the current price > > of custom SSL is prohibitive from running smaller apps on the service right > > now. > > > Thoughts? > > > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski > > wrote: > > > > In fact this is possible with their current environment: > > >http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > > > > This is theoretically possible with their architecture, but they are > > > > currently reviewing how easy it would be to implement it and if it's > > > > worth the trouble. > > > > > I created a public feature request: > > >http://support.heroku.com/forums/42310/entries/87156 > > > > - would you care to add your vote? > > > > > Cheers, > > > > Wojciech > > > > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > > > > Wojciech, if you ask support about that and get some good news, would > > > > > you report back? I'm curious about this too. > > > > > > Thanks! > > > > > > Chris > > > > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > > > > I don't know if that's possible or not it's probably a function of > > > the > > > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > > > say. They'll be able to dig into the details for you. > > > > > > > Oren > > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > > > wojci...@oxos.pl> wrote: > > > > > > > Thanks Oren, this makes sense. > > > > > > > > So can that one mostly idle server handle SSL requests for > > > > > > > multiple > > > > > > > applications? > > > > > > > > I mean I tried Heroku and was very happy with the experience - > > > looks > > > > > > > like it needs little to no maintenance on my part. I'd wish to > > > > > > > host > > > a > > > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > > > certificate. > > > > > > > > - Wojciech > > > > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > > > > >> They are totally independent. The way our architecture works, > > > dynos > > > > > > >> run on machines called railguns, which are specially set up for > > > the > > > > > > >> job. We have to setup a special (and yes, mostly idle) server > > > just to > > > > > > >> handle the SSL requests. It's not possible with the product we > > > have > > > > > > >> today to run dynos on that server. > > > > > > > >> Oren > > > > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski < > > > wojci...@oxos.pl> wrote: > > > > > > >> > Hi, > > > > > > > >> > I've read your explanation about why you charge $100/mo for > > > custom SSL > > > > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > > > > >> > assigns only one IP for an instance, so you need to reserve > > > > > > >> > full > > > > > > >> > instance just to use one SSL cert - seems fair. > > > > > > > >> > Ok, but if you reserve full EC2 instance just for me... then > > > > > > >> > why > > > do I > > > > > > >> > have to pay
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Yes I believe it would be possible. You could even create a service that would to the pooling: "I'll add your domain to my multi-domain certificate for a yearly fee". Theoretically this business model should work... although I'd much prefer Heroku coming up with their solution. Do you know is it easy to add new domains to existing multi-domain certificates? Regards, Wojciech -- http://twitter.com/WojciechK On Dec 10, 10:44 pm, Doug Petkanics wrote: > If I am following your approach correctly, then I believe it would be > possible for multiple Heroku users to "cooperate" on a single custom SSL > addon using the following steps. > > 1. Alice and Bob agree to cooperate and split the costs between one another > outside of the scope of Heroku's billing. > 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. > Alice also buys the custom SSL addon, and applies the certificate to her > app. > 3. Alice and Bob edit their domain's DNS settings to point to the dedicated > IP. > 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's > custom ssl addon. The multi-domain cert they bought includes both their > domains. > > Heroku guys, if this approach would work, would you take issue with some > users pooling together to reduce the cost? I don't ask in the spirit of > taking advantage of your platform, but instead ask because the current price > of custom SSL is prohibitive from running smaller apps on the service right > now. > > Thoughts? > > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wrote: > > > In fact this is possible with their current environment: > >http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > > > This is theoretically possible with their architecture, but they are > > > currently reviewing how easy it would be to implement it and if it's > > > worth the trouble. > > > > I created a public feature request: > >http://support.heroku.com/forums/42310/entries/87156 > > > - would you care to add your vote? > > > > Cheers, > > > Wojciech > > > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > > > Wojciech, if you ask support about that and get some good news, would > > > > you report back? I'm curious about this too. > > > > > Thanks! > > > > > Chris > > > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > > > I don't know if that's possible or not it's probably a function of > > the > > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > > say. They'll be able to dig into the details for you. > > > > > > Oren > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > > wojci...@oxos.pl> wrote: > > > > > > Thanks Oren, this makes sense. > > > > > > > So can that one mostly idle server handle SSL requests for multiple > > > > > > applications? > > > > > > > I mean I tried Heroku and was very happy with the experience - > > looks > > > > > > like it needs little to no maintenance on my part. I'd wish to host > > a > > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > > certificate. > > > > > > > - Wojciech > > > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > > > >> They are totally independent. The way our architecture works, > > dynos > > > > > >> run on machines called railguns, which are specially set up for > > the > > > > > >> job. We have to setup a special (and yes, mostly idle) server > > just to > > > > > >> handle the SSL requests. It's not possible with the product we > > have > > > > > >> today to run dynos on that server. > > > > > > >> Oren > > > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski < > > wojci...@oxos.pl> wrote: > > > > > >> > Hi, > > > > > > >> > I've read your explanation about why you charge $100/mo for > > custom SSL > > > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > > > >> > assigns only one IP for an instance, so you need to reserve full > > > > > >> > instance just to use one SSL cert - seems fair. > > > > > > >> > Ok, but if you reserve full EC2 instance just for me... then why > > do I > > > > > >> > have to pay for extra dynos? Aren't you double-billing for this > > > > > >> > instance? > > > > > > >> > I believe it's "just against your architecture" but still I'd > > like to > > > > > >> > know the explanation. > > > > > > >> > Regards, > > > > > >> > Wojciech > > > > > > >> > -- > > > > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment > > > > > > >> > -- > > > > > > >> > You received this message because you are subscribed to the > > Google Groups "Heroku" group. > > > > > >> > To post to this group, send email to her...@googlegroups.com. > > > > > >> > To unsubscribe from this group, send email to > > heroku+unsubscr...@googlegroups.com > > . > > > > > >> > For more opt
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Hey, I don't think this would work. Not in a very meaningful way, at least. Keep in mind that you can still only host one cert on a single IP. So, even with a wildcard cert, all apps getting SSL through that instance would have to run on *.ssldomain.com. /Morten On Dec 10, 1:44 pm, Doug Petkanics wrote: > If I am following your approach correctly, then I believe it would be > possible for multiple Heroku users to "cooperate" on a single custom SSL > addon using the following steps. > > 1. Alice and Bob agree to cooperate and split the costs between one another > outside of the scope of Heroku's billing. > 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. > Alice also buys the custom SSL addon, and applies the certificate to her > app. > 3. Alice and Bob edit their domain's DNS settings to point to the dedicated > IP. > 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's > custom ssl addon. The multi-domain cert they bought includes both their > domains. > > Heroku guys, if this approach would work, would you take issue with some > users pooling together to reduce the cost? I don't ask in the spirit of > taking advantage of your platform, but instead ask because the current price > of custom SSL is prohibitive from running smaller apps on the service right > now. > > Thoughts? > > On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wrote: > > > In fact this is possible with their current environment: > >http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > > > This is theoretically possible with their architecture, but they are > > > currently reviewing how easy it would be to implement it and if it's > > > worth the trouble. > > > > I created a public feature request: > >http://support.heroku.com/forums/42310/entries/87156 > > > - would you care to add your vote? > > > > Cheers, > > > Wojciech > > > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > > > Wojciech, if you ask support about that and get some good news, would > > > > you report back? I'm curious about this too. > > > > > Thanks! > > > > > Chris > > > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > > > I don't know if that's possible or not it's probably a function of > > the > > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > > say. They'll be able to dig into the details for you. > > > > > > Oren > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > > wojci...@oxos.pl> wrote: > > > > > > Thanks Oren, this makes sense. > > > > > > > So can that one mostly idle server handle SSL requests for multiple > > > > > > applications? > > > > > > > I mean I tried Heroku and was very happy with the experience - > > looks > > > > > > like it needs little to no maintenance on my part. I'd wish to host > > a > > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > > certificate. > > > > > > > - Wojciech > > > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > > > >> They are totally independent. The way our architecture works, > > dynos > > > > > >> run on machines called railguns, which are specially set up for > > the > > > > > >> job. We have to setup a special (and yes, mostly idle) server > > just to > > > > > >> handle the SSL requests. It's not possible with the product we > > have > > > > > >> today to run dynos on that server. > > > > > > >> Oren > > > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski < > > wojci...@oxos.pl> wrote: > > > > > >> > Hi, > > > > > > >> > I've read your explanation about why you charge $100/mo for > > custom SSL > > > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > > > >> > assigns only one IP for an instance, so you need to reserve full > > > > > >> > instance just to use one SSL cert - seems fair. > > > > > > >> > Ok, but if you reserve full EC2 instance just for me... then why > > do I > > > > > >> > have to pay for extra dynos? Aren't you double-billing for this > > > > > >> > instance? > > > > > > >> > I believe it's "just against your architecture" but still I'd > > like to > > > > > >> > know the explanation. > > > > > > >> > Regards, > > > > > >> > Wojciech > > > > > > >> > -- > > > > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment > > > > > > >> > -- > > > > > > >> > You received this message because you are subscribed to the > > Google Groups "Heroku" group. > > > > > >> > To post to this group, send email to her...@googlegroups.com. > > > > > >> > To unsubscribe from this group, send email to > > heroku+unsubscr...@googlegroups.com > > . > > > > > >> > For more options, visit this group athttp:// > > groups.google.com/group/heroku?hl=en. > > > > > > > -- > > > > > > > You received this message because you are sub
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to "cooperate" on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wrote: > In fact this is possible with their current environment: > http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > > This is theoretically possible with their architecture, but they are > > currently reviewing how easy it would be to implement it and if it's > > worth the trouble. > > > > I created a public feature request: > http://support.heroku.com/forums/42310/entries/87156 > > - would you care to add your vote? > > > > Cheers, > > Wojciech > > > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > > > Wojciech, if you ask support about that and get some good news, would > > > you report back? I'm curious about this too. > > > > > Thanks! > > > > > Chris > > > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > > > I don't know if that's possible or not it's probably a function of > the > > > > SSL protocol and our routing mesh, but it's beyond my technical > > > > knowledge. Best bet is to drop support@ a line, and see what they > > > > say. They'll be able to dig into the details for you. > > > > > > Oren > > > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski < > wojci...@oxos.pl> wrote: > > > > > Thanks Oren, this makes sense. > > > > > > > So can that one mostly idle server handle SSL requests for multiple > > > > > applications? > > > > > > > I mean I tried Heroku and was very happy with the experience - > looks > > > > > like it needs little to no maintenance on my part. I'd wish to host > a > > > > > handful smaller web apps, each with 1-3 dynos. > > > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > > certificate. > > > > > > > - Wojciech > > > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > > >> They are totally independent. The way our architecture works, > dynos > > > > >> run on machines called railguns, which are specially set up for > the > > > > >> job. We have to setup a special (and yes, mostly idle) server > just to > > > > >> handle the SSL requests. It's not possible with the product we > have > > > > >> today to run dynos on that server. > > > > > > >> Oren > > > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski < > wojci...@oxos.pl> wrote: > > > > >> > Hi, > > > > > > >> > I've read your explanation about why you charge $100/mo for > custom SSL > > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > > >> > assigns only one IP for an instance, so you need to reserve full > > > > >> > instance just to use one SSL cert - seems fair. > > > > > > >> > Ok, but if you reserve full EC2 instance just for me... then why > do I > > > > >> > have to pay for extra dynos? Aren't you double-billing for this > > > > >> > instance? > > > > > > >> > I believe it's "just against your architecture" but still I'd > like to > > > > >> > know the explanation. > > > > > > >> > Regards, > > > > >> > Wojciech > > > > > > >> > -- > > > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment > > > > > > >> > -- > > > > > > >> > You received this message because you are subscribed to the > Google Groups "Heroku" group. > > > > >> > To post to this group, send email to her...@googlegroups.com. > > > > >> > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com > . > > > > >> > For more options, visit this group athttp:// > groups.google.com/group/heroku?hl=en. > > > > > > > -- > > > > > > > You received this message because you are subscribed to the Google > Groups "Heroku" group. > > > > > To post to this group, send email to her...@googlegroups.com. > > > > > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com > . > > > > > For more options, visit this group athttp:// > groups.google.com/group/heroku?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email t
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Thank you for writing this up! On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wrote: > In fact this is possible with their current environment: > http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons > > On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: >> This is theoretically possible with their architecture, but they are >> currently reviewing how easy it would be to implement it and if it's >> worth the trouble. >> >> I created a public feature >> request:http://support.heroku.com/forums/42310/entries/87156 >> - would you care to add your vote? >> >> Cheers, >> Wojciech >> >> On Dec 8, 11:47 pm, Chris Hanks wrote: >> >> > Wojciech, if you ask support about that and get some good news, would >> > you report back? I'm curious about this too. >> >> > Thanks! >> >> > Chris >> >> > On Dec 8, 2:05 pm, Oren Teich wrote: >> >> > > I don't know if that's possible or not it's probably a function of the >> > > SSL protocol and our routing mesh, but it's beyond my technical >> > > knowledge. Best bet is to drop support@ a line, and see what they >> > > say. They'll be able to dig into the details for you. >> >> > > Oren >> >> > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski >> > > wrote: >> > > > Thanks Oren, this makes sense. >> >> > > > So can that one mostly idle server handle SSL requests for multiple >> > > > applications? >> >> > > > I mean I tried Heroku and was very happy with the experience - looks >> > > > like it needs little to no maintenance on my part. I'd wish to host a >> > > > handful smaller web apps, each with 1-3 dynos. >> >> > > > I could live with piggyback ssl, if it was my own wildcard >> > > > certificate. >> >> > > > - Wojciech >> >> > > > On Dec 8, 8:58 pm, Oren Teich wrote: >> > > >> They are totally independent. The way our architecture works, dynos >> > > >> run on machines called railguns, which are specially set up for the >> > > >> job. We have to setup a special (and yes, mostly idle) server just to >> > > >> handle the SSL requests. It's not possible with the product we have >> > > >> today to run dynos on that server. >> >> > > >> Oren >> >> > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski >> > > >> wrote: >> > > >> > Hi, >> >> > > >> > I've read your explanation about why you charge $100/mo for custom >> > > >> > SSL >> > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon >> > > >> > assigns only one IP for an instance, so you need to reserve full >> > > >> > instance just to use one SSL cert - seems fair. >> >> > > >> > Ok, but if you reserve full EC2 instance just for me... then why do >> > > >> > I >> > > >> > have to pay for extra dynos? Aren't you double-billing for this >> > > >> > instance? >> >> > > >> > I believe it's "just against your architecture" but still I'd like >> > > >> > to >> > > >> > know the explanation. >> >> > > >> > Regards, >> > > >> > Wojciech >> >> > > >> > -- >> > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRails development >> >> > > >> > -- >> >> > > >> > You received this message because you are subscribed to the Google >> > > >> > Groups "Heroku" group. >> > > >> > To post to this group, send email to her...@googlegroups.com. >> > > >> > To unsubscribe from this group, send email to >> > > >> > heroku+unsubscr...@googlegroups.com. >> > > >> > For more options, visit this group >> > > >> > athttp://groups.google.com/group/heroku?hl=en. >> >> > > > -- >> >> > > > You received this message because you are subscribed to the Google >> > > > Groups "Heroku" group. >> > > > To post to this group, send email to her...@googlegroups.com. >> > > > To unsubscribe from this group, send email to >> > > > heroku+unsubscr...@googlegroups.com. >> > > > For more options, visit this group >> > > > athttp://groups.google.com/group/heroku?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to her...@googlegroups.com. > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wrote: > This is theoretically possible with their architecture, but they are > currently reviewing how easy it would be to implement it and if it's > worth the trouble. > > I created a public feature > request:http://support.heroku.com/forums/42310/entries/87156 > - would you care to add your vote? > > Cheers, > Wojciech > > On Dec 8, 11:47 pm, Chris Hanks wrote: > > > Wojciech, if you ask support about that and get some good news, would > > you report back? I'm curious about this too. > > > Thanks! > > > Chris > > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > > I don't know if that's possible or not it's probably a function of the > > > SSL protocol and our routing mesh, but it's beyond my technical > > > knowledge. Best bet is to drop support@ a line, and see what they > > > say. They'll be able to dig into the details for you. > > > > Oren > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski > > > wrote: > > > > Thanks Oren, this makes sense. > > > > > So can that one mostly idle server handle SSL requests for multiple > > > > applications? > > > > > I mean I tried Heroku and was very happy with the experience - looks > > > > like it needs little to no maintenance on my part. I'd wish to host a > > > > handful smaller web apps, each with 1-3 dynos. > > > > > I could live with piggyback ssl, if it was my own wildcard > > > > certificate. > > > > > - Wojciech > > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > > >> They are totally independent. The way our architecture works, dynos > > > >> run on machines called railguns, which are specially set up for the > > > >> job. We have to setup a special (and yes, mostly idle) server just to > > > >> handle the SSL requests. It's not possible with the product we have > > > >> today to run dynos on that server. > > > > >> Oren > > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski > > > >> wrote: > > > >> > Hi, > > > > >> > I've read your explanation about why you charge $100/mo for custom > > > >> > SSL > > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > > >> > assigns only one IP for an instance, so you need to reserve full > > > >> > instance just to use one SSL cert - seems fair. > > > > >> > Ok, but if you reserve full EC2 instance just for me... then why do I > > > >> > have to pay for extra dynos? Aren't you double-billing for this > > > >> > instance? > > > > >> > I believe it's "just against your architecture" but still I'd like to > > > >> > know the explanation. > > > > >> > Regards, > > > >> > Wojciech > > > > >> > -- > > > >> >http://twitter.com/WojciechKhttp://oxos.pl-RubyonRails development > > > > >> > -- > > > > >> > You received this message because you are subscribed to the Google > > > >> > Groups "Heroku" group. > > > >> > To post to this group, send email to her...@googlegroups.com. > > > >> > To unsubscribe from this group, send email to > > > >> > heroku+unsubscr...@googlegroups.com. > > > >> > For more options, visit this group > > > >> > athttp://groups.google.com/group/heroku?hl=en. > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > Groups "Heroku" group. > > > > To post to this group, send email to her...@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > > heroku+unsubscr...@googlegroups.com. > > > > For more options, visit this group > > > > athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks wrote: > Wojciech, if you ask support about that and get some good news, would > you report back? I'm curious about this too. > > Thanks! > > Chris > > On Dec 8, 2:05 pm, Oren Teich wrote: > > > I don't know if that's possible or not it's probably a function of the > > SSL protocol and our routing mesh, but it's beyond my technical > > knowledge. Best bet is to drop support@ a line, and see what they > > say. They'll be able to dig into the details for you. > > > Oren > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski > > wrote: > > > Thanks Oren, this makes sense. > > > > So can that one mostly idle server handle SSL requests for multiple > > > applications? > > > > I mean I tried Heroku and was very happy with the experience - looks > > > like it needs little to no maintenance on my part. I'd wish to host a > > > handful smaller web apps, each with 1-3 dynos. > > > > I could live with piggyback ssl, if it was my own wildcard > > > certificate. > > > > - Wojciech > > > > On Dec 8, 8:58 pm, Oren Teich wrote: > > >> They are totally independent. The way our architecture works, dynos > > >> run on machines called railguns, which are specially set up for the > > >> job. We have to setup a special (and yes, mostly idle) server just to > > >> handle the SSL requests. It's not possible with the product we have > > >> today to run dynos on that server. > > > >> Oren > > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski > > >> wrote: > > >> > Hi, > > > >> > I've read your explanation about why you charge $100/mo for custom SSL > > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > >> > assigns only one IP for an instance, so you need to reserve full > > >> > instance just to use one SSL cert - seems fair. > > > >> > Ok, but if you reserve full EC2 instance just for me... then why do I > > >> > have to pay for extra dynos? Aren't you double-billing for this > > >> > instance? > > > >> > I believe it's "just against your architecture" but still I'd like to > > >> > know the explanation. > > > >> > Regards, > > >> > Wojciech > > > >> > -- > > >> >http://twitter.com/WojciechKhttp://oxos.pl-Rubyon Rails development > > > >> > -- > > > >> > You received this message because you are subscribed to the Google > > >> > Groups "Heroku" group. > > >> > To post to this group, send email to her...@googlegroups.com. > > >> > To unsubscribe from this group, send email to > > >> > heroku+unsubscr...@googlegroups.com. > > >> > For more options, visit this group > > >> > athttp://groups.google.com/group/heroku?hl=en. > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > > "Heroku" group. > > > To post to this group, send email to her...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > heroku+unsubscr...@googlegroups.com. > > > For more options, visit this group > > > athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
For dedicated SSL you only need to reserve port 443. You can still use other ports for all other stuff as long as you accept the instance has multiple purposes. I would think that most customers would welcome the price reduction caused by using the dedicated IP instance for for example processing background workers / whatever. On Dec 8, 9:58 pm, Oren Teich wrote: > They are totally independent. The way our architecture works, dynos > run on machines called railguns, which are specially set up for the > job. We have to setup a special (and yes, mostly idle) server just to > handle the SSL requests. It's not possible with the product we have > today to run dynos on that server. > > Oren > -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich wrote: > I don't know if that's possible or not it's probably a function of the > SSL protocol and our routing mesh, but it's beyond my technical > knowledge. Best bet is to drop support@ a line, and see what they > say. They'll be able to dig into the details for you. > > Oren > > > > On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wrote: > > Thanks Oren, this makes sense. > > > So can that one mostly idle server handle SSL requests for multiple > > applications? > > > I mean I tried Heroku and was very happy with the experience - looks > > like it needs little to no maintenance on my part. I'd wish to host a > > handful smaller web apps, each with 1-3 dynos. > > > I could live with piggyback ssl, if it was my own wildcard > > certificate. > > > - Wojciech > > > On Dec 8, 8:58 pm, Oren Teich wrote: > >> They are totally independent. The way our architecture works, dynos > >> run on machines called railguns, which are specially set up for the > >> job. We have to setup a special (and yes, mostly idle) server just to > >> handle the SSL requests. It's not possible with the product we have > >> today to run dynos on that server. > > >> Oren > > >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski > >> wrote: > >> > Hi, > > >> > I've read your explanation about why you charge $100/mo for custom SSL > >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > >> > assigns only one IP for an instance, so you need to reserve full > >> > instance just to use one SSL cert - seems fair. > > >> > Ok, but if you reserve full EC2 instance just for me... then why do I > >> > have to pay for extra dynos? Aren't you double-billing for this > >> > instance? > > >> > I believe it's "just against your architecture" but still I'd like to > >> > know the explanation. > > >> > Regards, > >> > Wojciech > > >> > -- > >> >http://twitter.com/WojciechKhttp://oxos.pl-Ruby on Rails development > > >> > -- > > >> > You received this message because you are subscribed to the Google > >> > Groups "Heroku" group. > >> > To post to this group, send email to her...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > heroku+unsubscr...@googlegroups.com. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/heroku?hl=en. > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Heroku" group. > > To post to this group, send email to her...@googlegroups.com. > > To unsubscribe from this group, send email to > > heroku+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wrote: > Thanks Oren, this makes sense. > > So can that one mostly idle server handle SSL requests for multiple > applications? > > I mean I tried Heroku and was very happy with the experience - looks > like it needs little to no maintenance on my part. I'd wish to host a > handful smaller web apps, each with 1-3 dynos. > > I could live with piggyback ssl, if it was my own wildcard > certificate. > > - Wojciech > > On Dec 8, 8:58 pm, Oren Teich wrote: >> They are totally independent. The way our architecture works, dynos >> run on machines called railguns, which are specially set up for the >> job. We have to setup a special (and yes, mostly idle) server just to >> handle the SSL requests. It's not possible with the product we have >> today to run dynos on that server. >> >> Oren >> >> On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wrote: >> > Hi, >> >> > I've read your explanation about why you charge $100/mo for custom SSL >> > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon >> > assigns only one IP for an instance, so you need to reserve full >> > instance just to use one SSL cert - seems fair. >> >> > Ok, but if you reserve full EC2 instance just for me... then why do I >> > have to pay for extra dynos? Aren't you double-billing for this >> > instance? >> >> > I believe it's "just against your architecture" but still I'd like to >> > know the explanation. >> >> > Regards, >> > Wojciech >> >> > -- >> >http://twitter.com/WojciechKhttp://oxos.pl- Ruby on Rails development >> >> > -- >> >> > You received this message because you are subscribed to the Google Groups >> > "Heroku" group. >> > To post to this group, send email to her...@googlegroups.com. >> > To unsubscribe from this group, send email to >> > heroku+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/heroku?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to her...@googlegroups.com. > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich wrote: > They are totally independent. The way our architecture works, dynos > run on machines called railguns, which are specially set up for the > job. We have to setup a special (and yes, mostly idle) server just to > handle the SSL requests. It's not possible with the product we have > today to run dynos on that server. > > Oren > > On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wrote: > > Hi, > > > I've read your explanation about why you charge $100/mo for custom SSL > > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > > assigns only one IP for an instance, so you need to reserve full > > instance just to use one SSL cert - seems fair. > > > Ok, but if you reserve full EC2 instance just for me... then why do I > > have to pay for extra dynos? Aren't you double-billing for this > > instance? > > > I believe it's "just against your architecture" but still I'd like to > > know the explanation. > > > Regards, > > Wojciech > > > -- > >http://twitter.com/WojciechKhttp://oxos.pl- Ruby on Rails development > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Heroku" group. > > To post to this group, send email to her...@googlegroups.com. > > To unsubscribe from this group, send email to > > heroku+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wrote: > Hi, > > I've read your explanation about why you charge $100/mo for custom SSL > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > assigns only one IP for an instance, so you need to reserve full > instance just to use one SSL cert - seems fair. > > Ok, but if you reserve full EC2 instance just for me... then why do I > have to pay for extra dynos? Aren't you double-billing for this > instance? > > I believe it's "just against your architecture" but still I'd like to > know the explanation. > > Regards, > Wojciech > > -- > http://twitter.com/WojciechK http://oxos.pl - Ruby on Rails development > > -- > > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to her...@googlegroups.com. > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Hi, In general I am very happy with Heroku and their rates but I think Wojciech has a reasonable point. Yours, Husain On Tue, Dec 8, 2009 at 10:48 AM, Wojciech Kruszewski wrote: > Hi, > > I've read your explanation about why you charge $100/mo for custom SSL > (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon > assigns only one IP for an instance, so you need to reserve full > instance just to use one SSL cert - seems fair. > > Ok, but if you reserve full EC2 instance just for me... then why do I > have to pay for extra dynos? Aren't you double-billing for this > instance? > > I believe it's "just against your architecture" but still I'd like to > know the explanation. > > Regards, > Wojciech > > -- > http://twitter.com/WojciechK http://oxos.pl - Ruby on Rails development > > -- > > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to her...@googlegroups.com. > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
If you reserve full instance for custom SSL - why don't I get more dynos?
Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's "just against your architecture" but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechK http://oxos.pl - Ruby on Rails development -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
