I'll describe how Ente's ability to serve your albums from your own domains is implemented behind the scenes.
The first thing you need to do is tell Ente that you want to associate a domain with your account. When you link your domain, the client (your Ente app) lets museum (Ente's server) know.
Museum notes this down. We'll come to why later.
The second (and last!) thing you need to do is go to your DNS provider and add a CNAME record from your domain to my.ente.io. A CNAME record is like a pointer, when someone comes looking for your domain, your DNS provider will redirect them to my.ente.io.
That's all you, as a user need to do. If you go and copy a link to any of your public albums, then you will get a link that uses your custom domain instead.
Now let's see what happens when you open this link in your browser. Your browser does a DNS lookup for pics.example.org, gets a DNS (CNAME) redirect to my.ente.io and contacts that instead, asking for the content for the host "pics.example.org". Ente can serve this content as per your wish, since my.ente.io is running on Ente's infrastructure.
There is one problem though. Your browser is making a secure HTTPS connection, and so Ente's infrastructure needs a TLS certificate for pics.ente.io. How does one go about getting it?
Using Let's Encrypt!
my.ente.io runs a Caddy server. When a new request comes in, Caddy checks if it already has a certificate for pics.example.org. Let us assume this is the very first request for this domain, so it doesn't already have the certificate.
So Caddy asks museum - Hey, someone is wanting us to serve pics.example.org, is that all right?
We already told museum in the first step that we'll be using this domain, so museum knows it is all good, and tells Caddy to go ahead.
Caddy then obtains a TLS certificate from Let's Encrypt.
The certificate issuance (and renewal) itself is multiple steps, which you can read about in Let's Encrypt's documentation.
In any case, Caddy automatically takes care of all of that for us.
So at this point, Caddy has a valid TLS certificate for pics.example.org and your browser can successfully complete the connection (Subsequent requests will just use this same certificate, so all of this happens only once).
With the secure connection established, Caddy hands off to the Ente's production albums service by reverse proxying custom-albums.ente.io. From here on, it just works as if you had directly opened the link using albums.ente.io.
That's it. There are a lot of moving parts, but conceptually it is just these four interactions that we went over above.
If you are curious, you can find exact details for all of these things in our GitHub repository (Yes, not only is our source code open and our designs open, our infrastructure provisioning is also open!)
For your own projects, you might find our Caddyfile useful:
{
email custom-domains@ente.io
on_demand_tls {
ask https://api.ente.io/custom-domain
}
}
https:// {
tls {
on_demand
}
reverse_proxy https://custom-albums.ente.io {
header_up Host {upstream_hostport}
}
} Isn't it beautiful, how so much can be done from so little, this multiplicative effect of thoughtful technology? There are a other details, yes, but in some sense this is all there is to it.
If you already have an Ente account, make sure you checkout this ability to use your own domains. And if you don't already have an Ente account, what are you waiting for!?