Re: If you reserve full instance for custom SSL - why don't I get more dynos?
In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request:http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-RubyonRails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Thank you for writing this up! On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request:http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-RubyonRails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group athttp:// groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group athttp:// groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Hey, I don't think this would work. Not in a very meaningful way, at least. Keep in mind that you can still only host one cert on a single IP. So, even with a wildcard cert, all apps getting SSL through that instance would have to run on *.ssldomain.com. /Morten On Dec 10, 1:44 pm, Doug Petkanics petkan...@gmail.com wrote: If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group athttp:// groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group athttp://
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Yeah, I didn't catch the multi-domain part. Theoretically it might be possible. I don't think we have ever seen a multi-domain cert in the wild at Heroku. Also, the solution we have in place now isn't designed for this in a couple of ways: 1) You would have to redeploy the cert every time it changed 2) With multiple busy apps, you might max out the resources of the SSL routing instance /M On Dec 10, 2:01 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: Yes I believe it would be possible. You could even create a service that would to the pooling: I'll add your domain to my multi-domain certificate for a yearly fee. emphasisTheoretically/emphasis this business model should work... although I'd much prefer Heroku coming up with their solution. Do you know is it easy to add new domains to existing multi-domain certificates? Regards, Wojciech --http://twitter.com/WojciechK On Dec 10, 10:44 pm, Doug Petkanics petkan...@gmail.com wrote: If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-RubyonRailsdevelopment
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
On Dec 10, 11:06 pm, Morten Bagai mor...@heroku.com wrote: Yeah, I didn't catch the multi-domain part. Well, wildcard is still interesting for me. I could replace *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve sites admin/user panels of my clients from my own domain. Theoretically it might be possible. I don't think we have ever seen a multi-domain cert in the wild at Heroku. Actually I already tried this with two dummy apps and a multi-domain certificate taken from production site - worked like a charm. Will show you the apps once they are migrated (if I remember of course). Also, the solution we have in place now isn't designed for this in a couple of ways: 1) You would have to redeploy the cert every time it changed 2) With multiple busy apps, you might max out the resources of the SSL routing instance Good points. As for the resources, such a feature would be useful mostly for smaller sites. On Dec 10, 2:01 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: Yes I believe it would be possible. You could even create a service that would to the pooling: I'll add your domain to my multi-domain certificate for a yearly fee. emphasisTheoretically/emphasis this business model should work... although I'd much prefer Heroku coming up with their solution. Do you know is it easy to add new domains to existing multi-domain certificates? Regards, Wojciech --http://twitter.com/WojciechK On Dec 10, 10:44 pm, Doug Petkanics petkan...@gmail.com wrote: If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Maybe I'm missing something and I'm not an SSL expert, but couldn't Heroku allow customers to purchase more than one IP for an SSL instance? Then they could apply multiple domains without a multi- domain cert and without constantly having to keep applying/managing a single cert when it's changed. The customer would obviously need to make sure to keep the traffic low, as Morten points out. There would be an expense for the IP, but that should be much lower than a dedicated instance. I'm sure there are technical hurdles, but he custom SSL issue is a hot topic as evidenced by the length of this thread/similar ones. Also, I've had a number of conversations with different developers and when the topic turns to heroku they say Great platform, but did you hear SSL costs $100/month? -Kelly On Dec 10, 2009, at 4:22 PM, Wojciech Kruszewski wrote: On Dec 10, 11:06 pm, Morten Bagai mor...@heroku.com wrote: Yeah, I didn't catch the multi-domain part. Well, wildcard is still interesting for me. I could replace *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve sites admin/user panels of my clients from my own domain. Theoretically it might be possible. I don't think we have ever seen a multi-domain cert in the wild at Heroku. Actually I already tried this with two dummy apps and a multi-domain certificate taken from production site - worked like a charm. Will show you the apps once they are migrated (if I remember of course). Also, the solution we have in place now isn't designed for this in a couple of ways: 1) You would have to redeploy the cert every time it changed 2) With multiple busy apps, you might max out the resources of the SSL routing instance Good points. As for the resources, such a feature would be useful mostly for smaller sites. On Dec 10, 2:01 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: Yes I believe it would be possible. You could even create a service that would to the pooling: I'll add your domain to my multi-domain certificate for a yearly fee. emphasisTheoretically/emphasis this business model should work... although I'd much prefer Heroku coming up with their solution. Do you know is it easy to add new domains to existing multi-domain certificates? Regards, Wojciech --http://twitter.com/WojciechK On Dec 10, 10:44 pm, Doug Petkanics petkan...@gmail.com wrote: If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
The core of the problem is that Amazon only allows one IP per EC2 instance, which is why we have to spin up a dedicated instance for SSL at all. If Amazon ever starts allowing that, we'd be able to re-evaluate our options for providing SSL. Until then, this is a pretty decent workaround. I probably wouldn't recommend trying to share it across people as that seems destined to lead to heartache somewhere, but if you want to get custom SSL on multiple apps under one cert, this seems like the way to do it. - David Dollar On Thu, Dec 10, 2009 at 6:06 PM, Kelly Heikkila ke...@coderow.com wrote: Maybe I'm missing something and I'm not an SSL expert, but couldn't Heroku allow customers to purchase more than one IP for an SSL instance? Then they could apply multiple domains without a multi- domain cert and without constantly having to keep applying/managing a single cert when it's changed. The customer would obviously need to make sure to keep the traffic low, as Morten points out. There would be an expense for the IP, but that should be much lower than a dedicated instance. I'm sure there are technical hurdles, but he custom SSL issue is a hot topic as evidenced by the length of this thread/similar ones. Also, I've had a number of conversations with different developers and when the topic turns to heroku they say Great platform, but did you hear SSL costs $100/month? -Kelly On Dec 10, 2009, at 4:22 PM, Wojciech Kruszewski wrote: On Dec 10, 11:06 pm, Morten Bagai mor...@heroku.com wrote: Yeah, I didn't catch the multi-domain part. Well, wildcard is still interesting for me. I could replace *.heroku.com with my own wildcard as a piggyback. I'd prefer to serve sites admin/user panels of my clients from my own domain. Theoretically it might be possible. I don't think we have ever seen a multi-domain cert in the wild at Heroku. Actually I already tried this with two dummy apps and a multi-domain certificate taken from production site - worked like a charm. Will show you the apps once they are migrated (if I remember of course). Also, the solution we have in place now isn't designed for this in a couple of ways: 1) You would have to redeploy the cert every time it changed 2) With multiple busy apps, you might max out the resources of the SSL routing instance Good points. As for the resources, such a feature would be useful mostly for smaller sites. On Dec 10, 2:01 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: Yes I believe it would be possible. You could even create a service that would to the pooling: I'll add your domain to my multi-domain certificate for a yearly fee. emphasisTheoretically/emphasis this business model should work... although I'd much prefer Heroku coming up with their solution. Do you know is it easy to add new domains to existing multi-domain certificates? Regards, Wojciech --http://twitter.com/WojciechK On Dec 10, 10:44 pm, Doug Petkanics petkan...@gmail.com wrote: If I am following your approach correctly, then I believe it would be possible for multiple Heroku users to cooperate on a single custom SSL addon using the following steps. 1. Alice and Bob agree to cooperate and split the costs between one another outside of the scope of Heroku's billing. 2. Alice buys a multi domain SSL cert covering her domain and Bob's domain. Alice also buys the custom SSL addon, and applies the certificate to her app. 3. Alice and Bob edit their domain's DNS settings to point to the dedicated IP. 4. Bob enables piggyback ssl on his app, and gets the benefit of Alice's custom ssl addon. The multi-domain cert they bought includes both their domains. Heroku guys, if this approach would work, would you take issue with some users pooling together to reduce the cost? I don't ask in the spirit of taking advantage of your platform, but instead ask because the current price of custom SSL is prohibitive from running smaller apps on the service right now. Thoughts? On Thu, Dec 10, 2009 at 12:00 PM, Wojciech Kruszewski wojci...@oxos.plwrote: In fact this is possible with their current environment: http://wojciech.oxos.pl/post/277669886/save-on-herokus-custom-ssl-addons On Dec 9, 7:58 pm, Wojciech Kruszewski wojci...@oxos.pl wrote: This is theoretically possible with their architecture, but they are currently reviewing how easy it would be to implement it and if it's worth the trouble. I created a public feature request: http://support.heroku.com/forums/42310/entries/87156 - would you care to add your vote? Cheers, Wojciech On Dec 8, 11:47 pm, Chris Hanks christopher.m.ha...@gmail.com wrote: Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote:
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
For dedicated SSL you only need to reserve port 443. You can still use other ports for all other stuff as long as you accept the instance has multiple purposes. I would think that most customers would welcome the price reduction caused by using the dedicated IP instance for for example processing background workers / whatever. On Dec 8, 9:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Hi, In general I am very happy with Heroku and their rates but I think Wojciech has a reasonable point. Yours, Husain On Tue, Dec 8, 2009 at 10:48 AM, Wojciech Kruszewski wojci...@oxos.plwrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechK http://oxos.pl - Ruby on Rails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.comheroku%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechK http://oxos.pl - Ruby on Rails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl- Ruby on Rails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl- Ruby on Rails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
Re: If you reserve full instance for custom SSL - why don't I get more dynos?
Wojciech, if you ask support about that and get some good news, would you report back? I'm curious about this too. Thanks! Chris On Dec 8, 2:05 pm, Oren Teich o...@heroku.com wrote: I don't know if that's possible or not it's probably a function of the SSL protocol and our routing mesh, but it's beyond my technical knowledge. Best bet is to drop support@ a line, and see what they say. They'll be able to dig into the details for you. Oren On Tue, Dec 8, 2009 at 12:42 PM, Wojciech Kruszewski wojci...@oxos.pl wrote: Thanks Oren, this makes sense. So can that one mostly idle server handle SSL requests for multiple applications? I mean I tried Heroku and was very happy with the experience - looks like it needs little to no maintenance on my part. I'd wish to host a handful smaller web apps, each with 1-3 dynos. I could live with piggyback ssl, if it was my own wildcard certificate. - Wojciech On Dec 8, 8:58 pm, Oren Teich o...@heroku.com wrote: They are totally independent. The way our architecture works, dynos run on machines called railguns, which are specially set up for the job. We have to setup a special (and yes, mostly idle) server just to handle the SSL requests. It's not possible with the product we have today to run dynos on that server. Oren On Tue, Dec 8, 2009 at 7:48 AM, Wojciech Kruszewski wojci...@oxos.pl wrote: Hi, I've read your explanation about why you charge $100/mo for custom SSL (http://docs.heroku.com/ssl#faq). You need exclusive IP, Amazon assigns only one IP for an instance, so you need to reserve full instance just to use one SSL cert - seems fair. Ok, but if you reserve full EC2 instance just for me... then why do I have to pay for extra dynos? Aren't you double-billing for this instance? I believe it's just against your architecture but still I'd like to know the explanation. Regards, Wojciech -- http://twitter.com/WojciechKhttp://oxos.pl-Ruby on Rails development -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/heroku?hl=en. -- You received this message because you are subscribed to the Google Groups Heroku group. To post to this group, send email to her...@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.