I'm investigating a feature to allow users to point their own domain names at our service to provide a more complete white-lable offering. So, I end up with multiple domains hitting the same IP.
How do I provide SSL security for this? Do I need a cert per domain? UC certs? How would you deploy and manage this in a rails app?
You need an IP per certificate.
I don't think this will be easy, even sites like Shopify have to have the site's SSL pages on a part of the shopify domain to offer SSL, so unless you want to set up an IP address and certificate per domain, I don't think you can do this.
We do this with one of our apps (which provides ecommerce). Most customers just have a sub-domain specific account. For those, we have a wildcard certificate.
Some customers have, like you mentioned, custom domains. For those, we require that they purchase the certificate (we recommend GoDaddy because they are cheapest) for their domain. We then provision a new IP address and configure nginx accordingly.
You also have to make sure they are pointing their domain via an A RECORD and not a CNAME (otherwise, it won't hit the right IP).
We host are app on EngineYard so they help out quite a bit.
But, yes, if you're planning on having hundreds or thousands of users with custom domains, that could become a hassle. You may want to look into some type of hybrid setup where non-SSL pages are served via the custom domain but use a generic application domain (with subdomain) for SSL stuff. Like:
http://customdomain.com and http://customdomain.com/contact
and then
You can either buy a new IP address and SSL certificate for each domain (since each SSL certificate requires its own IP address) or buy a UC certificate with all of the domains in one certificate and use it on just one IP address.