Using CloudFlare to navigate thousands of domains

Hello
Our system has more than 1000 websites and it will have more in the future. Currently, we use Amazon ALB to navigate our sites to containers running on the ECS. We encounter some technical limitation of AWS. Specifically, each ALB has maximum of 25 SSL certificates, and each certificate has maximum of 10 domains. So we can only assign 250 sites each LB, and our system currently uses 10 ALB.
Moreover, we use 1 SSL certificate for 10 domains, so whenever we add new domain to our system, it takes few steps to complete:

  1. create new SSL cert which is based on the old cert having less than 10 domain
  2. update CNAME records in Google domain to validate new cert
  3. add new cert to the ALB
  4. delete the old one.

These steps become ridiculously complicated when they are turned into code.
So, we are considering to migrate our service to CloudFlare. The first idea is configuring our sites so CloudFlare takes over the management of them. Then, we will navigate all sites to only one ALB.
Our concern are

  1. Is there any limit on the number of domains can be added into 1 CloudFlare account
  2. limitation on the number of sub domain
  3. limitation on the certificate of domain
  4. limitation on the API (we will use CloudFlare API to add domains)
  5. the availability of CloudFlare service. I witnessed that CloudFlare experienced some down times in
    particular websites such as https://community.cloudflare.com https://dash.cloudflare.com

Last but not least, do you have any recommendation for our system?
Thanks

From what other community members have shared earlier, there’s no limit.

Someone mentioned previously that one domain can contain up to 3000 DNS records, but it’s really rare to see someone creates 3000 DNS records in one account.

Cloudflare provides one wildcard Universal SSL certificate e.g. *.example.com, as long as your web applications are using one-level deep subdomain e.g. www.example.com then you’ll be alright. If you need to cover more than one-level deep of subdomain e.g. www.foo.example.com then you need to purchase Advanced Certificate Manager from Cloudflare which costs you 10 USD per month & per domain.

Although Cloudflare provides SSL certificate on the edge, it doesn’t mean that you do not need SSL certificate on your ALB. You still need that to provide full encryption end-to-end.

1200 API requests per 5 minute.

The downtime experienced in community.cloudflare.com or dash.cloudflare.com doesn’t mean that the entire Cloudflare CDN network is down. The reliability of the Cloudflare network also depends on what plan you are using. For instance, there were a lot of Error 520 observed by Free plan users few months ago, but it was not happening on higher plans e.g. Pro and Enterprise.

3 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.