Serve many CMS-powered websites from one Netlify deploy

Hey I’m in the early stages of building a lightweight CMS that I’d like to host on Netlify. It’s a Vue.js SPA and I’m trying to determine the best way to configure redirects so I can include the “site ID” in each request without having to hit the API before pageload on each request. An idea I had was something like https://cms.com/*?site=1 would translate to something like https://custom-domain.com/:splat. To illustrate further:

https://cms.com/about-us/our-founder/?site=1
could lead to
https://custom-domain.com/about-us/our-founder

and this way when I make requests to my API, I can merge { site : 1 } into all the requests so my API can return scoped data results.

I’ve read over the redirect docs/query params – as well as similar community topics – and still don’t know my best course of action with Netlify. Thanks in advance!

Hi @Resto. That doesn’t sound like something you can do with our redirects, since there is no conditional rule for site-id's. You could probably redirect using a client-side router, in conjunction with pulling the site-id from one of our API endpoints. Hopefully that helps give you an idea on your best course of action.

Hey @Dennis thanks for getting back to me. Since I posted this question I was advised by some other JS devs that agree this isn’t something Netlify was really designed to do. So, yea, the new approach is to use client side routing. How do you imagine I would benefit from calling Netlify’s API? Maybe I’m misunderstanding your recommendation here.

Dennis was just suggesting that you could find the site ID’s programatically if you needed to (for instance you had a ton of sites that changed often). There is no need to use our API to find those details, though, as they are in your site dashboard in general settings if you only have a couple sites.

I think (I didn’t talk with Dennis about it) that he was suggesting you could pull that ID programatically form our API at browse time, and react differently based on that.

However PLEASE don’t do that naively - you need to keep your API token secure, so that would probably mean writing a function to make the call for you - something like this that Dennis himself wrote would help you :slight_smile:

Thanks @fool.

I think I understand your suggestion here, and I just implemented a project that relied heavily on functions, so I know how to get that rolling. However, my whole idea was to prevent the need for a call to a backend service to fetch the corresponding account ID. Having to call functions would pretty much be doing that; adding an initial request in my SPA that would happen immediately on page load before anything other cascading requests could happen. Instead of doing that I’m going to modify my API to return data based on the domain as a unique ID. See any security issues with that approach, like spoofing? (I know its a bit out of scope for Netlify, but yall seem to know what you’re doing, in genereal). Thanks!

At a high level, that sounds like a fine pattern to me. How you implement it is of course important as to how secure it is. There is clearly a range of implementations from:

“tell me your hostname and I’ll act on it regardless of what you type”

to

“I have detected the hostname you accessed the site via, and have programatically confirmed it is a valid hostname I intend to handle, and then acted on it transparently, using functionality like the signed proxy redirect documented here: https://www.netlify.com/docs/redirects/#structured-configuration to further confirm that the request is via netlify and not an unauthorized 3rd party”

So - you can do it well or poorly via most paths is the best answer I can give without more implementation details.

Thanks for taking the time to understand my problem, @fool, and for the solid advice. I’ll dig into it more on my own.

1 Like

let us know what you come up with, @Resto! I am sure others would also like to know, too!