I am developing a SaaS application and i would like to support custom domains on the said application. For example the app will live on app.example.com and customers will have their own domains on customerxyz.example.com that route back to app.example.com. I am going to start our the application small with azure application gateway and a couple of app service instances. I would like to allow customers to have their own custom domain, for example support.customer1.com which would cname to customer1.example.com -> to app.example.com. All of which is fine until SSL comes into play. I understand that app gateway can support 100 ssl certs and that limit can raised but that does not really solve the problem of renewing certs and such.
I am aware of SNI certificates my question is, can application gateway be used as a reverse proxy to an app service that can serve the proper cert based on the host name of the incoming call? I understand that nginx could do something like this is this plan feasible? The application is still in development and can pivot if I am going down the wrong path.
I also know that cloudflare has a hosted option for this. Which allows the certificates to be deployed out to their CDN. Can azure application gateway perform a similar task where I host the public portion of the certificate in a storage account and have the gateway look for the cert in the cdn with a rule? I understand that CDNs are global and Application Gateway is regional. If Application Gateway is the wrong product to use here I would appreciate any advise on which products to go for, front door, etc..