{"id":4752,"date":"2026-02-08T15:20:46","date_gmt":"2026-02-08T12:20:46","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/multi-tenant-saas-uygulamalarinda-musteri-alan-adi-yonetimi-dns-ssl-ve-yonlendirme-mimarisi\/"},"modified":"2026-02-08T15:20:46","modified_gmt":"2026-02-08T12:20:46","slug":"multi-tenant-saas-uygulamalarinda-musteri-alan-adi-yonetimi-dns-ssl-ve-yonlendirme-mimarisi","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/multi-tenant-saas-uygulamalarinda-musteri-alan-adi-yonetimi-dns-ssl-ve-yonlendirme-mimarisi\/","title":{"rendered":"Multi\u2011Tenant SaaS Uygulamalar\u0131nda M\u00fc\u015fteri Alan Ad\u0131 Y\u00f6netimi: DNS, SSL ve Y\u00f6nlendirme Mimarisi"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#MultiTenant_SaaSte_Musteri_Alan_Adi_Neden_Bu_Kadar_Onemli\"><span class=\"toc_number toc_depth_1\">1<\/span> Multi\u2011Tenant SaaS\u2019te M\u00fc\u015fteri Alan Ad\u0131 Neden Bu Kadar \u00d6nemli?<\/a><\/li><li><a href=\"#MultiTenant_SaaSte_Domain_Mimarisi_Subdomain_Path_ve_Custom_Domain\"><span class=\"toc_number toc_depth_1\">2<\/span> Multi\u2011Tenant SaaS\u2019te Domain Mimarisi: Subdomain, Path ve Custom Domain<\/a><\/li><li><a href=\"#DNS_Tarafi_Musteriden_Ne_Istemeli_Siz_Ne_Yonetmelisiniz\"><span class=\"toc_number toc_depth_1\">3<\/span> DNS Taraf\u0131: M\u00fc\u015fteriden Ne \u0130stemeli, Siz Ne Y\u00f6netmelisiniz?<\/a><ul><li><a href=\"#Temel_DNS_Modelleri\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Temel DNS Modelleri<\/a><\/li><li><a href=\"#Apex_Kok_Alan_Adi_Sorunu\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Apex (K\u00f6k) Alan Ad\u0131 Sorunu<\/a><\/li><li><a href=\"#Alan_Adi_Sahipligini_Dogrulama_TXT_mi_HTTP_mi\"><span class=\"toc_number toc_depth_2\">3.3<\/span> Alan Ad\u0131 Sahipli\u011fini Do\u011frulama: TXT mi HTTP mi?<\/a><\/li><li><a href=\"#DNS_TTL_Stratejisi\"><span class=\"toc_number toc_depth_2\">3.4<\/span> DNS TTL Stratejisi<\/a><\/li><\/ul><\/li><li><a href=\"#SSLTLS_Mimarisi_Otomasyonsuz_SaaS_Uzun_Vadede_Yurumez\"><span class=\"toc_number toc_depth_1\">4<\/span> SSL\/TLS Mimarisi: Otomasyonsuz SaaS, Uzun Vadede Y\u00fcr\u00fcmez<\/a><ul><li><a href=\"#Temel_Sertifika_Modelleri\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Temel Sertifika Modelleri<\/a><\/li><li><a href=\"#ACME_HTTP01_ve_DNS01_MultiTenant_Icin_Hangisi\"><span class=\"toc_number toc_depth_2\">4.2<\/span> ACME, HTTP\u201101 ve DNS\u201101: Multi\u2011Tenant \u0130\u00e7in Hangisi?<\/a><\/li><li><a href=\"#Lets_Encrypt_ve_Wildcard_Coklu_Domain_Senaryolari\"><span class=\"toc_number toc_depth_2\">4.3<\/span> Let\u2019s Encrypt ve Wildcard \/ \u00c7oklu Domain Senaryolar\u0131<\/a><\/li><li><a href=\"#Tek_IP_Uzerinde_Yuzlerce_Musteri_Alan_Adi_SNInin_Gucu\"><span class=\"toc_number toc_depth_2\">4.4<\/span> Tek IP \u00dczerinde Y\u00fczlerce M\u00fc\u015fteri Alan Ad\u0131: SNI\u2019nin G\u00fcc\u00fc<\/a><\/li><li><a href=\"#Sertifika_Sure_Sonu_ve_Izleme\"><span class=\"toc_number toc_depth_2\">4.5<\/span> Sertifika S\u00fcre Sonu ve \u0130zleme<\/a><\/li><\/ul><\/li><li><a href=\"#Yonlendirme_ve_Uygulama_Katmani_Host_Header_ile_Tenant_Secimi\"><span class=\"toc_number toc_depth_1\">5<\/span> Y\u00f6nlendirme ve Uygulama Katman\u0131: Host Header ile Tenant Se\u00e7imi<\/a><ul><li><a href=\"#Edge_Katmani_Reverse_Proxy_veya_Load_Balancer\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Edge Katman\u0131: Reverse Proxy veya Load Balancer<\/a><\/li><li><a href=\"#301_Canonical_ve_HTTP_HTTPS_Yonlendirmeleri\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 301, Canonical ve HTTP \u2192 HTTPS Y\u00f6nlendirmeleri<\/a><\/li><li><a href=\"#Cok_Bolgeli_ve_Cok_Sunuculu_Senaryolar\"><span class=\"toc_number toc_depth_2\">5.3<\/span> \u00c7ok B\u00f6lgeli ve \u00c7ok Sunuculu Senaryolar<\/a><\/li><\/ul><\/li><li><a href=\"#Tenant_Yasam_Dongusu_Domain_Ekleme_Dogrulama_SSL_ve_Cutover\"><span class=\"toc_number toc_depth_1\">6<\/span> Tenant Ya\u015fam D\u00f6ng\u00fcs\u00fc: Domain Ekleme, Do\u011frulama, SSL ve Cutover<\/a><ul><li><a href=\"#1_Adim_Musteriden_Domain_Bilgisi_Almak\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1. Ad\u0131m: M\u00fc\u015fteriden Domain Bilgisi Almak<\/a><\/li><li><a href=\"#2_Adim_DNS_Dogrulamasi_ve_Otomatik_Kontrol\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2. Ad\u0131m: DNS Do\u011frulamas\u0131 ve Otomatik Kontrol<\/a><\/li><li><a href=\"#3_Adim_Sertifika_Uretimi\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3. Ad\u0131m: Sertifika \u00dcretimi<\/a><\/li><li><a href=\"#4_Adim_Cutover_ve_Saglik_Kontrolleri\"><span class=\"toc_number toc_depth_2\">6.4<\/span> 4. Ad\u0131m: Cutover ve Sa\u011fl\u0131k Kontrolleri<\/a><\/li><\/ul><\/li><li><a href=\"#Operasyonel_Gercekler_Loglar_Izleme_Guvenlik\"><span class=\"toc_number toc_depth_1\">7<\/span> Operasyonel Ger\u00e7ekler: Loglar, \u0130zleme, G\u00fcvenlik<\/a><ul><li><a href=\"#Loglama_ve_Gozlemlenebilirlik\"><span class=\"toc_number toc_depth_2\">7.1<\/span> Loglama ve G\u00f6zlemlenebilirlik<\/a><\/li><li><a href=\"#Guvenlik_ve_Izolasyon\"><span class=\"toc_number toc_depth_2\">7.2<\/span> G\u00fcvenlik ve \u0130zolasyon<\/a><\/li><\/ul><\/li><li><a href=\"#Bu_Mimariyi_DCHost_Uzerinde_Nasil_Kurabilirsiniz\"><span class=\"toc_number toc_depth_1\">8<\/span> Bu Mimariyi DCHost \u00dczerinde Nas\u0131l Kurabilirsiniz?<\/a><\/li><li><a href=\"#Ozet_ve_Son_Soz_Custom_Domaini_Sonraya_Birakmayin\"><span class=\"toc_number toc_depth_1\">9<\/span> \u00d6zet ve Son S\u00f6z: Custom Domain\u2019i Sonraya B\u0131rakmay\u0131n<\/a><\/li><\/ul><\/div>\n<h2><span id=\"MultiTenant_SaaSte_Musteri_Alan_Adi_Neden_Bu_Kadar_Onemli\">Multi\u2011Tenant SaaS\u2019te M\u00fc\u015fteri Alan Ad\u0131 Neden Bu Kadar \u00d6nemli?<\/span><\/h2>\n<p>Multi\u2011tenant bir SaaS \u00fcr\u00fcn\u00fc geli\u015ftirirken bir noktada \u015fu talep mutlaka gelir: \u201cUygulama adresi <strong>firma.adiniz.com<\/strong> de\u011fil, kendi alan ad\u0131m\u0131z \u00fczerinden \u00e7al\u0131\u015fs\u0131n; \u00f6rne\u011fin <strong>panel.musteri.com<\/strong>.\u201d \u0130lk bak\u0131\u015fta sadece basit bir CNAME kayd\u0131 gibi g\u00f6r\u00fcnen bu konu, \u00f6l\u00e7ek b\u00fcy\u00fcd\u00fck\u00e7e DNS, SSL otomasyonu, y\u00f6nlendirme ve g\u00f6zlemlenebilirlik taraf\u0131nda ciddi bir mimari karara d\u00f6n\u00fc\u015f\u00fcyor. DCHost taraf\u0131nda onlarca SaaS m\u00fc\u015fterisinin bu e\u015fi\u011fe geldi\u011fine, gecikmi\u015f mimari kararlar y\u00fcz\u00fcnden g\u00fcnler s\u00fcren refactor ve ta\u015f\u0131ma operasyonlar\u0131 ya\u015fad\u0131\u011f\u0131na defalarca \u015fahit olduk.<\/p>\n<p>Bu yaz\u0131da, <strong>multi\u2011tenant SaaS uygulamalar\u0131nda m\u00fc\u015fteri alan ad\u0131 (custom domain) y\u00f6netimini<\/strong> ba\u015ftan sona, operasyonel ger\u00e7eklerle birlikte ele alaca\u011f\u0131z. DNS kay\u0131t tasar\u0131m\u0131ndan ACME tabanl\u0131 SSL otomasyonuna, tek IP \u00fczerinde y\u00fczlerce tenant\u2019\u0131 SNI ile bar\u0131nd\u0131rmaktan, y\u00f6nlendirme ve 301 mimarisine kadar ad\u0131m ad\u0131m ilerleyece\u011fiz. Amac\u0131m\u0131z, ilk g\u00fcnden do\u011fru temeli kurup; ileride \u201cbu mimariyi y\u0131kmadan \u00f6l\u00e7ekleyemiyoruz\u201d c\u00fcmlesini duymayaca\u011f\u0131n\u0131z bir yap\u0131 kurman\u0131za yard\u0131mc\u0131 olmak. Yaz\u0131 boyunca, DCHost altyap\u0131s\u0131nda s\u0131k kulland\u0131\u011f\u0131m\u0131z pratiklerden ve sahada kar\u015f\u0131la\u015ft\u0131\u011f\u0131m\u0131z tipik tuzaklardan da bahsedece\u011fiz.<\/p>\n<h2><span id=\"MultiTenant_SaaSte_Domain_Mimarisi_Subdomain_Path_ve_Custom_Domain\">Multi\u2011Tenant SaaS\u2019te Domain Mimarisi: Subdomain, Path ve Custom Domain<\/span><\/h2>\n<p>\u00d6nce temel terminolojiyi netle\u015ftirelim. \u00c7o\u011fu SaaS \u00fcr\u00fcn\u00fc, en az \u00fc\u00e7 domain stratejisinden birini kullan\u0131r:<\/p>\n<ul>\n<li><strong>Subdomain tabanl\u0131:<\/strong> <code>musteri1.uygulama.com<\/code>, <code>musteri2.uygulama.com<\/code><\/li>\n<li><strong>Path tabanl\u0131:<\/strong> <code>uygulama.com\/musteri1<\/code>, <code>uygulama.com\/musteri2<\/code><\/li>\n<li><strong>Custom domain tabanl\u0131:<\/strong> <code>panel.musteri.com<\/code>, <code>app.musteri2.com.tr<\/code><\/li>\n<\/ul>\n<p>Subdomain ve path mimarileri kendi i\u00e7inde yeterince konu, fakat bu yaz\u0131n\u0131n oda\u011f\u0131 <strong>custom domain<\/strong>, yani m\u00fc\u015fterinin kendi alan ad\u0131n\u0131 kulland\u0131\u011f\u0131 senaryolar. Bu modelin tipik kazan\u0131mlar\u0131:<\/p>\n<ul>\n<li><strong>Marka uyumu:<\/strong> Kullan\u0131c\u0131lar, \u00fc\u00e7\u00fcnc\u00fc parti bir SaaS yerine do\u011frudan kendi markalar\u0131 \u00fczerinden giri\u015f yapar.<\/li>\n<li><strong>SEO ve analitik:<\/strong> Baz\u0131 B2B\/B2C SaaS senaryolar\u0131nda, m\u00fc\u015fterinin son kullan\u0131c\u0131ya a\u00e7t\u0131\u011f\u0131 sayfalar do\u011frudan kendi alan ad\u0131ndan indekslenir.<\/li>\n<li><strong>G\u00fcven alg\u0131s\u0131:<\/strong> \u00d6zellikle finans, hukuk, sa\u011fl\u0131k sekt\u00f6rlerinde \u201ckendi alan ad\u0131m\u201d ko\u015fulu neredeyse standartt\u0131r.<\/li>\n<\/ul>\n<p>Bizim tarafta g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en kritik nokta \u015fu: Multi\u2011tenant veritaban\u0131 mimarinizi ne kadar g\u00fczel kurarsan\u0131z kurun, <strong>domain, SSL ve y\u00f6nlendirme mimarisini<\/strong> do\u011fru tasarlamazsan\u0131z b\u00fcy\u00fcd\u00fck\u00e7e y\u00f6netimi i\u015fkenceye d\u00f6n\u00fc\u015f\u00fcr. Bu y\u00fczden, veritaban\u0131 taraf\u0131n\u0131 tasarlarken mutlaka e\u015f zamanl\u0131 olarak a\u011f ve sertifika mimarisini de planlamak gerekir. E\u011fer multi\u2011tenant veritaban\u0131 stratejisini h\u00e2l\u00e2 netle\u015ftirmediyseniz, \u00f6nce <a href=\"https:\/\/www.dchost.com\/blog\/kucuk-saas-ve-api-projeleri-icin-multi-tenant-veritabani-ve-hosting-rehberi\/\">multi\u2011tenant veritaban\u0131 ve hosting rehberi<\/a> yaz\u0131m\u0131za da g\u00f6z atman\u0131z\u0131 \u00f6neririz.<\/p>\n<h2><span id=\"DNS_Tarafi_Musteriden_Ne_Istemeli_Siz_Ne_Yonetmelisiniz\">DNS Taraf\u0131: M\u00fc\u015fteriden Ne \u0130stemeli, Siz Ne Y\u00f6netmelisiniz?<\/span><\/h2>\n<h3><span id=\"Temel_DNS_Modelleri\">Temel DNS Modelleri<\/span><\/h3>\n<p>M\u00fc\u015fterinin kendi alan ad\u0131n\u0131 SaaS uygulaman\u0131za y\u00f6nlendirmesi i\u00e7in genelde iki pratik model kullan\u0131l\u0131r:<\/p>\n<ol>\n<li><strong>CNAME ile y\u00f6nlendirme<\/strong> (en yayg\u0131n model)<\/li>\n<li><strong>A\/AAAA ile do\u011frudan IP\u2019ye y\u00f6nlendirme<\/strong> (daha az tercih edilen, ama baz\u0131 durumlarda gerekli)<\/li>\n<\/ol>\n<p><strong>CNAME modeli<\/strong>nde m\u00fc\u015fteriden genelde \u015fu kayd\u0131 girmesini istersiniz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">panel.musteri.com.  CNAME  custom.your-saas.com.\n<\/code><\/pre>\n<p>Bu durumda <code>custom.your-saas.com<\/code> adresinin A\/AAAA kay\u0131tlar\u0131 sizin kontrol\u00fcn\u00fczdedir ve arka tarafta IP de\u011fi\u015ftirmeniz gerekti\u011finde m\u00fc\u015fterilere dokunmadan, sadece kendi DNS kay\u0131tlar\u0131n\u0131zda g\u00fcncelleme yapars\u0131n\u0131z. \u00d6l\u00e7ekleme, ta\u015f\u0131ma ve felaket kurtarma senaryolar\u0131nda bu, b\u00fcy\u00fck avantajd\u0131r.<\/p>\n<p><strong>A\/AAAA modeli<\/strong>nde ise m\u00fc\u015fteri do\u011frudan IP\u2019ye y\u00f6nlendirir:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">panel.musteri.com.  A     203.0.113.10\npanel.musteri.com.  AAAA  2001:db8::10\n<\/code><\/pre>\n<p>Bu model, \u00f6zellikle k\u00f6k (apex) alan ad\u0131nda CNAME kullanamamaktan veya baz\u0131 eski DNS sa\u011flay\u0131c\u0131 k\u0131s\u0131tlar\u0131ndan dolay\u0131 tercih edilebilir. Dezavantaj\u0131, IP de\u011fi\u015fikli\u011fi gerekti\u011finde t\u00fcm m\u00fc\u015fterileri tek tek bilgilendirmeniz ve g\u00fcncelleme yapmalar\u0131n\u0131 beklemenizdir.<\/p>\n<h3><span id=\"Apex_Kok_Alan_Adi_Sorunu\">Apex (K\u00f6k) Alan Ad\u0131 Sorunu<\/span><\/h3>\n<p>Bir\u00e7ok m\u00fc\u015fteri <code>app.musteri.com<\/code> yerine do\u011frudan <code>musteri.com<\/code> adresini kullanmak ister. DNS standartlar\u0131 gere\u011fi apex (k\u00f6k) d\u00fczeyinde CNAME kullanmak problemlidir, bu y\u00fczden baz\u0131 sa\u011flay\u0131c\u0131lar \u00f6zel \u00e7\u00f6z\u00fcmler (ALIAS, ANAME, flattening vb.) sunar. Ancak siz SaaS sa\u011flay\u0131c\u0131s\u0131 olarak:<\/p>\n<ul>\n<li>M\u00fc\u015fteriye <strong>subdomain kullanmas\u0131n\u0131<\/strong> \u00f6nerebilir (bizim sahada en stabil g\u00f6rd\u00fc\u011f\u00fcm\u00fcz model),<\/li>\n<li>Ya da apex i\u00e7in A\/AAAA, alt alanlar i\u00e7in CNAME kombinasyonu kullanmas\u0131n\u0131 tarif edebilirsiniz.<\/li>\n<\/ul>\n<p>Hem yay\u0131l\u0131m s\u00fcrelerini hem de de\u011fi\u015fiklik senaryolar\u0131n\u0131 do\u011fru planlamak i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/dns-ttl-degerlerini-dogru-ayarlamak-a-mx-cname-ve-txt-kayitlari-icin-stratejik-rehber\/\">DNS TTL de\u011ferlerini do\u011fru ayarlama rehberi<\/a> ile birlikte bu konuyu masaya yat\u0131rman\u0131z\u0131 \u00f6neririz.<\/p>\n<h3><span id=\"Alan_Adi_Sahipligini_Dogrulama_TXT_mi_HTTP_mi\">Alan Ad\u0131 Sahipli\u011fini Do\u011frulama: TXT mi HTTP mi?<\/span><\/h3>\n<p>Custom domain ekleme s\u00fcrecinde iki farkl\u0131 do\u011frulama deseni s\u0131k kullan\u0131l\u0131r:<\/p>\n<ul>\n<li><strong>TXT do\u011frulamas\u0131:<\/strong> M\u00fc\u015fteriden <code>_verify.musteri.com<\/code> veya do\u011frudan <code>panel.musteri.com<\/code> i\u00e7in rastgele bir token i\u00e7eren TXT kayd\u0131 eklemesini istersiniz.<\/li>\n<li><strong>HTTP do\u011frulamas\u0131:<\/strong> M\u00fc\u015fterinin DNS\u2019i sizin IP\u2019nize y\u00f6nlendirir, siz de belirli bir path alt\u0131nda (\u00f6r. <code>\/.well-known\/your-saas-verify.txt<\/code>) token \u00fcretip do\u011frulars\u0131n\u0131z.<\/li>\n<\/ul>\n<p>Biz sahada TXT modelini daha esnek buluyoruz, \u00e7\u00fcnk\u00fc HTTP do\u011frulamas\u0131 i\u00e7in \u00f6nce y\u00f6nlendirme, sonra do\u011frulama, sonra SSL alma gibi ad\u0131mlar aras\u0131nda \u201ctavuk-yumurta\u201d d\u00f6ng\u00fcleri olu\u015fabiliyor. TXT ile \u00f6nce alan ad\u0131n\u0131n ger\u00e7ekten m\u00fc\u015fteriye ait oldu\u011funu do\u011frulay\u0131p, ard\u0131ndan y\u00f6nlendirme ve SSL s\u00fcre\u00e7lerini g\u00fcvenle tetikleyebilirsiniz.<\/p>\n<h3><span id=\"DNS_TTL_Stratejisi\">DNS TTL Stratejisi<\/span><\/h3>\n<p>Custom domain taraf\u0131nda en s\u0131k yap\u0131lan hata, t\u00fcm kay\u0131tlar\u0131n TTL de\u011ferlerini rastgele se\u00e7mek. \u00d6nerdi\u011fimiz pratik yakla\u015f\u0131m:<\/p>\n<ul>\n<li>Do\u011frulama ve ilk kurulum s\u00fcrecinde <strong>daha d\u00fc\u015f\u00fck TTL<\/strong> (300\u2013600 sn) kullan\u0131n.<\/li>\n<li>Kurulum stabille\u015ftikten sonra <strong>orta seviye TTL<\/strong> (1800\u20133600 sn) ile hem cache verimlili\u011fini hem de esnekli\u011fi dengeleyin.<\/li>\n<li>\u00c7ok b\u00f6lgeli, Anycast veya aktif\u2011aktif mimarilerde TTL\u2019leri, failover senaryolar\u0131n\u0131z\u0131 da d\u00fc\u015f\u00fcnerek belirleyin.<\/li>\n<\/ul>\n<p>TTL konusu, s\u0131f\u0131r kesinti ta\u015f\u0131ma senaryolar\u0131nda da kritik. Bu konuyu derinlemesine ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/zero-downtime-tasima-icin-ttl-stratejileri-dns-yayilimini-gercekten-nasil-hizlandirirsin\/\">zero\u2011downtime ta\u015f\u0131ma i\u00e7in TTL stratejileri<\/a> yaz\u0131s\u0131ndaki teknik detaylar\u0131, SaaS custom domain mimarinize birebir uygulayabilirsiniz.<\/p>\n<h2><span id=\"SSLTLS_Mimarisi_Otomasyonsuz_SaaS_Uzun_Vadede_Yurumez\">SSL\/TLS Mimarisi: Otomasyonsuz SaaS, Uzun Vadede Y\u00fcr\u00fcmez<\/span><\/h2>\n<h3><span id=\"Temel_Sertifika_Modelleri\">Temel Sertifika Modelleri<\/span><\/h3>\n<p>Multi\u2011tenant SaaS\u2019te y\u00fczlerce, hatta binlerce m\u00fc\u015fteri alan ad\u0131n\u0131 g\u00fcvenli (HTTPS) olarak sunman\u0131z gerekir. Bu noktada \u00fc\u00e7 temel SSL modeliyle kar\u015f\u0131la\u015f\u0131rs\u0131n\u0131z:<\/p>\n<ul>\n<li><strong>Tekil sertifikalar:<\/strong> Her custom domain i\u00e7in ayr\u0131 bir DV sertifika.<\/li>\n<li><strong>Wildcard sertifikalar:<\/strong> Sizin alan adlar\u0131n\u0131z i\u00e7in (<code>*.app.uygulama.com<\/code>) kullan\u0131\u015fl\u0131, ama m\u00fc\u015fterinin kendi alan ad\u0131 i\u00e7in genelde uygun de\u011fil.<\/li>\n<li><strong>SAN (Multi\u2011Domain) sertifikalar:<\/strong> Bir sertifikada birden fazla FQDN, ama b\u00fcy\u00fck SaaS\u2019ler i\u00e7in y\u00f6netimi zor, limitli ve pahal\u0131 bir model.<\/li>\n<\/ul>\n<p>M\u00fc\u015fteri alan adlar\u0131 i\u00e7in pratik ve \u00f6l\u00e7eklenebilir yakla\u015f\u0131m, her domain i\u00e7in <strong>otomatik DV sertifika \u00fcretimi<\/strong> ve yenilemesidir. Burada oyunun kurallar\u0131n\u0131 ACME protokol\u00fc belirler.<\/p>\n<h3><span id=\"ACME_HTTP01_ve_DNS01_MultiTenant_Icin_Hangisi\">ACME, HTTP\u201101 ve DNS\u201101: Multi\u2011Tenant \u0130\u00e7in Hangisi?<\/span><\/h3>\n<p>ACME istemcileri (certbot, acme.sh vb.) sertifika do\u011frulamas\u0131n\u0131 tipik olarak iki challenge t\u00fcr\u00fcyle yapar:<\/p>\n<ul>\n<li><strong>HTTP\u201101:<\/strong> Belirli bir URL alt\u0131nda dosya\/yan\u0131t sunars\u0131n\u0131z; CA bu URL\u2019yi \u00e7a\u011f\u0131rarak kontrol eder.<\/li>\n<li><strong>DNS\u201101:<\/strong> Belirli bir TXT kayd\u0131n\u0131 DNS\u2019e eklersiniz; CA DNS \u00fczerinden do\u011frular.<\/li>\n<\/ul>\n<p>Subdomain a\u011f\u0131rl\u0131kl\u0131 mimarilerde HTTP\u201101 pratik olabilir, ancak <strong>custom domain + \u00e7ok kirac\u0131l\u0131<\/strong> yap\u0131larda DNS\u201101 uzun vadede \u00e7ok daha esnek ve g\u00fcvenlidir. DNS\u201101 ile:<\/p>\n<ul>\n<li>Hen\u00fcz trafik almayan, sadece do\u011frulama a\u015famas\u0131ndaki domainler i\u00e7in bile sertifika \u00fcretebilirsiniz.<\/li>\n<li>Edge\/CDN katman\u0131nda \u00f6zel routing kurman\u0131za gerek kalmadan, arka planda DNS API\u2019leriyle otomasyonu \u00e7\u00f6zebilirsiniz.<\/li>\n<li>Wildcard sertifikalar dahil geni\u015f bir senaryoyu destekleyebilirsiniz.<\/li>\n<\/ul>\n<p>Bu konuyu pratik \u00f6rneklerle detayland\u0131rd\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/saaste-ozel-alan-adlari-ve-otomatik-ssl-dns%e2%80%9101-ile-cok-kiracili-mimarini-nasil-tatli-tatli-olceklersin\/\">SaaS\u2019te \u00f6zel alan adlar\u0131 ve otomatik SSL<\/a> yaz\u0131s\u0131ndaki ak\u0131\u015f\u0131, burada anlatt\u0131\u011f\u0131m\u0131z multi\u2011tenant mimarinin tamamlay\u0131c\u0131 par\u00e7as\u0131 olarak d\u00fc\u015f\u00fcnebilirsiniz.<\/p>\n<h3><span id=\"Lets_Encrypt_ve_Wildcard_Coklu_Domain_Senaryolari\">Let\u2019s Encrypt ve Wildcard \/ \u00c7oklu Domain Senaryolar\u0131<\/span><\/h3>\n<p>Bir noktadan sonra \u015fu soru mutlaka gelir: \u201cLet\u2019s Encrypt rate limit\u2019lerine tak\u0131lmadan y\u00fczlerce custom domain i\u00e7in nas\u0131l sertifika \u00fcretece\u011fim?\u201d Burada yapabilece\u011finiz optimizasyonlar:<\/p>\n<ul>\n<li>Gerekti\u011fi yerde <strong>wildcard<\/strong> kullanmak (kendi alan adlar\u0131n\u0131z i\u00e7in),<\/li>\n<li>M\u00fc\u015fteri alan adlar\u0131nda sertifika yenileme pencerelerini <strong>rastgele da\u011f\u0131tmak<\/strong> (hepsini ayn\u0131 g\u00fcn\/saate y\u0131\u011fmamak),<\/li>\n<li>ACME istemcinizi <strong>yeniden deneme ve yedek CA<\/strong> deste\u011fiyle tasarlamak.<\/li>\n<\/ul>\n<p>Let\u2019s Encrypt\u2019in DNS\u201101 ile wildcard otomasyonu ve rate limit stratejilerini ad\u0131m ad\u0131m anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-wildcard-ssl-otomasyonu-dns-01-ile-cpanel-plesk-ve-nginxte-zahmetsiz-kurulum-ve-yenileme-nasil-yapilir\/\">Let\u2019s Encrypt wildcard SSL otomasyonu rehberi<\/a> ve <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-rate-limitlerine-takilmadan-cok-alan-adinda-ssl-san-wildcard-acme-challenge-ve-tatli-stratejiler\/\">Let\u2019s Encrypt rate limit\u2019lerine tak\u0131lmadan \u00e7ok alan ad\u0131nda SSL kullanma stratejileri<\/a>, SaaS senaryolar\u0131nda birebir i\u015finize yarayacak.<\/p>\n<h3><span id=\"Tek_IP_Uzerinde_Yuzlerce_Musteri_Alan_Adi_SNInin_Gucu\">Tek IP \u00dczerinde Y\u00fczlerce M\u00fc\u015fteri Alan Ad\u0131: SNI\u2019nin G\u00fcc\u00fc<\/span><\/h3>\n<p>Modern taray\u0131c\u0131lar ve istemciler, <strong>SNI (Server Name Indication)<\/strong> deste\u011fine sahip oldu\u011fu i\u00e7in, ayn\u0131 IP\/port \u00fczerinde y\u00fczlerce farkl\u0131 alan ad\u0131 i\u00e7in ayr\u0131 SSL sertifikalar\u0131 sunabilirsiniz. Web sunucusu (Nginx, Caddy, Apache veya bir L7 load balancer) TLS handshake esnas\u0131nda gelen alan ad\u0131n\u0131 g\u00f6r\u00fcr ve ilgili sertifikay\u0131 se\u00e7er.<\/p>\n<p>Bu sayede DCHost taraf\u0131nda tek bir g\u00fc\u00e7l\u00fc <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a> \u00fczerinde:<\/p>\n<ul>\n<li>Ortak IP: 203.0.113.10<\/li>\n<li>Y\u00fczlerce <code>panel.musteri.com<\/code>, <code>app.musteri2.net<\/code> vb. domain<\/li>\n<li>Her biri i\u00e7in ayr\u0131 sertifika ve ayr\u0131 tenant routingi<\/li>\n<\/ul>\n<p>mimarisi kurmak son derece m\u00fcmk\u00fcn ve sa\u011fl\u0131kl\u0131d\u0131r. Kritik olan, <strong>sertifika deposunu ve konfig\u00fcrasyonunu otomatik y\u00f6netmek<\/strong>, manuel dosya kopyalamay\u0131 tamamen hayat\u0131n\u0131zdan \u00e7\u0131karmakt\u0131r.<\/p>\n<h3><span id=\"Sertifika_Sure_Sonu_ve_Izleme\">Sertifika S\u00fcre Sonu ve \u0130zleme<\/span><\/h3>\n<p>Custom domain say\u0131s\u0131 artt\u0131k\u00e7a, sertifika s\u00fcre sonu takip etmek manuel olarak imk\u00e2ns\u0131z h\u00e2le gelir. Burada \u00fc\u00e7 katmanl\u0131 bir yakla\u015f\u0131m \u00f6neriyoruz:<\/p>\n<ul>\n<li><strong>Kontrol paneli\/DB taraf\u0131:<\/strong> Her domain i\u00e7in sertifika biti\u015f tarihini saklay\u0131p, yenileme pencerelerini (\u00f6r. T\u201130 g\u00fcn) sistematik olarak planlamak.<\/li>\n<li><strong>ACME istemcisi log\u2019lar\u0131:<\/strong> Ba\u015far\u0131s\u0131z challenge, rate limit veya DNS hatalar\u0131n\u0131 merkezi loglama ile izlemek.<\/li>\n<li><strong>D\u0131\u015f izleme:<\/strong> D\u0131\u015far\u0131dan bakan bir izleme arac\u0131yla sertifika s\u00fcresi ve HTTPS durumunu takip etmek.<\/li>\n<\/ul>\n<p>Bu noktada, onlarca alan ad\u0131 i\u00e7in s\u00fcre sonu izleme ve otomasyon ihtiyac\u0131n\u0131 detayland\u0131rd\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/onlarca-alan-adi-icin-ssl-sertifika-sure-sonu-izleme-ve-otomatik-yenileme-stratejisi\/\">SSL sertifika s\u00fcre sonu izleme stratejisi<\/a> yaz\u0131s\u0131ndaki pratikleri SaaS mimarinize entegre etmenizi \u00f6zellikle tavsiye ederiz.<\/p>\n<h2><span id=\"Yonlendirme_ve_Uygulama_Katmani_Host_Header_ile_Tenant_Secimi\">Y\u00f6nlendirme ve Uygulama Katman\u0131: Host Header ile Tenant Se\u00e7imi<\/span><\/h2>\n<h3><span id=\"Edge_Katmani_Reverse_Proxy_veya_Load_Balancer\">Edge Katman\u0131: Reverse Proxy veya Load Balancer<\/span><\/h3>\n<p>DNS ve SSL taraf\u0131n\u0131 \u00e7\u00f6zd\u00fcn\u00fcz; s\u0131ra geldi iste\u011fi do\u011fru tenant\u2019a y\u00f6nlendirmeye. Tipik ak\u0131\u015f \u015f\u00f6yle \u00e7al\u0131\u015f\u0131r:<\/p>\n<ol>\n<li>Kullan\u0131c\u0131 <code>https:\/\/panel.musteri.com<\/code> adresine gider.<\/li>\n<li>DNS, iste\u011fi sizin edge IP\u2019nize y\u00f6nlendirir.<\/li>\n<li>Edge (Nginx, HAProxy, Caddy, vb.) do\u011fru sertifikay\u0131 se\u00e7erek TLS\u2019i sonland\u0131r\u0131r.<\/li>\n<li>Host header (<code>panel.musteri.com<\/code>) uygulama sunucusuna veya multi\u2011tenant API\u2019ye iletilir.<\/li>\n<li>Uygulama, bu host bilgisini kullanarak hangi tenant\u2019\u0131n context\u2019inde \u00e7al\u0131\u015faca\u011f\u0131n\u0131 belirler.<\/li>\n<\/ol>\n<p>Buradaki kritik tasar\u0131m karar\u0131: <strong>tenant se\u00e7imini domain \u00fczerinden mi, path \u00fczerinden mi, yoksa JWT\/oturum bilgisi \u00fczerinden mi yapaca\u011f\u0131n\u0131z.<\/strong> Custom domain senaryosunda genellikle \u015fu pattern kullan\u0131l\u0131r:<\/p>\n<ul>\n<li>Veritaban\u0131nda <code>domains<\/code> tablosu (veya benzeri) tutulur.<\/li>\n<li>Her kay\u0131t, <code>domain \u2192 tenant_id<\/code> e\u015fle\u015fmesini i\u00e7erir.<\/li>\n<li>Request ba\u015flang\u0131c\u0131nda Host header okunur, bu tablo \u00fczerinden tenant bulunur ve request lifecycle boyunca bu context ta\u015f\u0131n\u0131r.<\/li>\n<\/ul>\n<h3><span id=\"301_Canonical_ve_HTTP_HTTPS_Yonlendirmeleri\">301, Canonical ve HTTP \u2192 HTTPS Y\u00f6nlendirmeleri<\/span><\/h3>\n<p>Custom domain kullanan SaaS\u2019lerde y\u00f6nlendirme hatalar\u0131 SEO, g\u00fcvenlik ve kullan\u0131c\u0131 deneyimi a\u00e7\u0131s\u0131ndan ciddi sorunlar yaratabiliyor. \u00d6nerdi\u011fimiz temel kurallar:<\/p>\n<ul>\n<li>T\u00fcm HTTP istekleri i\u00e7in <strong>kal\u0131c\u0131 301 y\u00f6nlendirme<\/strong> ile HTTPS\u2019e ge\u00e7in.<\/li>\n<li><strong>www \/ \u00e7\u0131plak alan ad\u0131<\/strong> karar\u0131 m\u00fc\u015fteriye ait olsa da, siz bu tercihe sayg\u0131 duyup di\u011fer varyant\u0131 301 ile canonical domaine y\u00f6nlendirin.<\/li>\n<li>Uygulama i\u00e7inde <code>canonical<\/code> meta etiketlerini ve <code>base URL<\/code> ayarlar\u0131n\u0131 m\u00fc\u015fterinin domainine g\u00f6re dinamik belirleyin.<\/li>\n<\/ul>\n<p>HTTP\u2019den HTTPS\u2019ye ge\u00e7i\u015fte 301, HSTS ve canonical ayarlar\u0131n\u0131 detayl\u0131 ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/httpden-httpse-gecis-rehberi-301-yonlendirme-hsts-ve-seoyu-korumak\/\">HTTPS ge\u00e7i\u015f rehberi<\/a>, burada in\u015fa edece\u011finiz custom domain mimarisinin de SEO ve g\u00fcven taraf\u0131n\u0131 sa\u011flamla\u015ft\u0131rman\u0131za yard\u0131mc\u0131 olacakt\u0131r.<\/p>\n<h3><span id=\"Cok_Bolgeli_ve_Cok_Sunuculu_Senaryolar\">\u00c7ok B\u00f6lgeli ve \u00c7ok Sunuculu Senaryolar<\/span><\/h3>\n<p>Custom domain say\u0131s\u0131 ve trafik artt\u0131\u011f\u0131nda, tek sunucudan \u00e7oklu sunucu\/\u00e7ok b\u00f6lgeli mimariye ge\u00e7i\u015f g\u00fcndeme gelir. Bu durumda:<\/p>\n<ul>\n<li>DNS taraf\u0131nda <strong>GeoDNS<\/strong> veya a\u011f\u0131rl\u0131kl\u0131 y\u00f6nlendirme ile kullan\u0131c\u0131y\u0131 en yak\u0131n edge\u2019e \u00e7ekebilirsiniz.<\/li>\n<li>Edge katman\u0131nda <strong>ayn\u0131 sertifika ve domain mapping<\/strong> konfig\u00fcrasyonunu t\u00fcm b\u00f6lgelere kopyalaman\u0131z gerekir.<\/li>\n<li>Veritaban\u0131 taraf\u0131nda replikasyon veya aktif\u2011aktif mimarilerle tenant verisini senkron tutmal\u0131s\u0131n\u0131z.<\/li>\n<\/ul>\n<p>Bu konuyu geni\u015f perspektiften ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/cok-bolgeli-mimariler-nasil-kurulur-dns-geo%e2%80%91routing-ve-veritabani-replikasyonu-ile-korkusuz-felaket-dayanikliligi\/\">\u00e7ok b\u00f6lgeli mimariler ve felaket dayan\u0131kl\u0131l\u0131\u011f\u0131<\/a> yaz\u0131s\u0131ndaki DNS ve veritaban\u0131 stratejilerini, SaaS custom domain yap\u0131n\u0131za uygulayarak k\u00fcresel \u00f6l\u00e7ekte kesintisiz bir mimari kurgulayabilirsiniz.<\/p>\n<h2><span id=\"Tenant_Yasam_Dongusu_Domain_Ekleme_Dogrulama_SSL_ve_Cutover\">Tenant Ya\u015fam D\u00f6ng\u00fcs\u00fc: Domain Ekleme, Do\u011frulama, SSL ve Cutover<\/span><\/h2>\n<h3><span id=\"1_Adim_Musteriden_Domain_Bilgisi_Almak\">1. Ad\u0131m: M\u00fc\u015fteriden Domain Bilgisi Almak<\/span><\/h3>\n<p>Panel taraf\u0131nda genelde \u015fu ak\u0131\u015f\u0131 tasarl\u0131yoruz:<\/p>\n<ol>\n<li>M\u00fc\u015fteri panelde \u201c\u00d6zel alan ad\u0131 ekle\u201d butonuna t\u0131klar.<\/li>\n<li><code>app.musteri.com<\/code> veya <code>subdomain.musteri.com.tr<\/code> gibi istedi\u011fi adresi girer.<\/li>\n<li>Sistem, bu domaini tenant ile ili\u015fkilendirir ve do\u011frulama i\u00e7in gerekli DNS\/TXT kay\u0131tlar\u0131n\u0131 g\u00f6sterir.<\/li>\n<\/ol>\n<p>Bu a\u015famada m\u00fcmk\u00fcn oldu\u011funca <strong>net ve kopyalanabilir y\u00f6nergeler<\/strong> vermek, destek taleplerini ciddi oranda azalt\u0131r.<\/p>\n<h3><span id=\"2_Adim_DNS_Dogrulamasi_ve_Otomatik_Kontrol\">2. Ad\u0131m: DNS Do\u011frulamas\u0131 ve Otomatik Kontrol<\/span><\/h3>\n<p>M\u00fc\u015fteriye g\u00f6sterdi\u011finiz TXT veya CNAME kayd\u0131n\u0131 periyodik olarak kontrol eden bir arka plan i\u015fi (queue\/job\/cron) \u00e7al\u0131\u015ft\u0131rmak idealdir. DCHost m\u00fc\u015fterilerinin b\u00fcy\u00fck k\u0131sm\u0131 burada:<\/p>\n<ul>\n<li>Her 5\u201310 dakikada DNS lookup yapan bir job,<\/li>\n<li>Belirli bir s\u00fcre i\u00e7inde (\u00f6r. 48\u201372 saat) do\u011frulanmayan domainleri pasif duruma alma,<\/li>\n<li>Ba\u015far\u0131l\u0131 do\u011frulamada otomatik SSL s\u00fcrecini tetikleme<\/li>\n<\/ul>\n<p>gibi bir ak\u0131\u015f kullan\u0131yor. Zamanlay\u0131c\u0131lar taraf\u0131nda sa\u011fl\u0131kl\u0131 bir kurgu i\u00e7in, <a href=\"https:\/\/www.dchost.com\/blog\/linux-crontab-en-iyi-uygulamalar-rehberi-yedek-rapor-ve-bakim-isleri-icin-guvenli-zamanlama\/\">Linux crontab en iyi uygulamalar rehberindeki<\/a> pratikleri arka plan i\u015flerinizde de uygulaman\u0131z\u0131 \u00f6neririz.<\/p>\n<h3><span id=\"3_Adim_Sertifika_Uretimi\">3. Ad\u0131m: Sertifika \u00dcretimi<\/span><\/h3>\n<p>DNS do\u011frulamas\u0131 ba\u015far\u0131yla sonu\u00e7land\u0131\u011f\u0131nda ACME istemcisini tetikleyip sertifikay\u0131 \u00fcretirsiniz. Burada dikkat edilmesi gerekenler:<\/p>\n<ul>\n<li>Her domain i\u00e7in sertifika ve private key\u2019i g\u00fcvenli \u015fekilde saklamak (diskte \u015fifreleme, yetki s\u0131n\u0131rl\u0131 klas\u00f6rler).<\/li>\n<li>Web sunucusu veya reverse proxy konfig\u00fcrasyonunu yeniden y\u00fcklemek (reload) ama <strong>ba\u011flant\u0131lar\u0131 kesmeden<\/strong>.<\/li>\n<li>Sertifika yenilemelerini, trafi\u011fin daha d\u00fc\u015f\u00fck oldu\u011fu saatlerde planlamak.<\/li>\n<\/ul>\n<p>G\u00fcvenlik perspektifinden bakt\u0131\u011f\u0131m\u0131zda, sertifika ve anahtar y\u00f6netimini, genel <a href=\"https:\/\/www.dchost.com\/blog\/vpste-env-ve-gizli-anahtar-yonetimi\/\">gizli anahtar y\u00f6netimi<\/a> stratejinizle uyumlu kurgulamak uzun vadede avantaj sa\u011flayacakt\u0131r.<\/p>\n<h3><span id=\"4_Adim_Cutover_ve_Saglik_Kontrolleri\">4. Ad\u0131m: Cutover ve Sa\u011fl\u0131k Kontrolleri<\/span><\/h3>\n<p>Domain do\u011fruland\u0131, sertifika haz\u0131r; \u015fimdi s\u0131ra ger\u00e7ek trafi\u011fi SaaS uygulaman\u0131za y\u00f6nlendirmeye geldi. Burada \u00f6nerdi\u011fimiz yakla\u015f\u0131m:<\/p>\n<ul>\n<li>\u00d6nce <strong>sa\u011fl\u0131k kontrol\u00fc<\/strong> (health check) yapan bir endpoint \u00fczerinden yeni domainde 200\/OK al\u0131nd\u0131\u011f\u0131n\u0131 do\u011frulay\u0131n.<\/li>\n<li>Ard\u0131ndan m\u00fc\u015fteriye \u201cDNS de\u011fi\u015fikli\u011finizi tamamlayabilirsiniz\u201d mesaj\u0131n\u0131 verin.<\/li>\n<li>DNS ge\u00e7i\u015fi s\u0131ras\u0131nda hem eski hem yeni domaini bir s\u00fcre paralel olarak destekleyin (301 y\u00f6nlendirme ile).<\/li>\n<\/ul>\n<p>Bu sayede, m\u00fc\u015fterinin DNS\u2019i gecikmeli de g\u00fcncellense, uygulama taraf\u0131nda kontroll\u00fc bir ge\u00e7i\u015f d\u00f6neminiz olur ve son kullan\u0131c\u0131lar minimum sorunla kar\u015f\u0131la\u015f\u0131r.<\/p>\n<h2><span id=\"Operasyonel_Gercekler_Loglar_Izleme_Guvenlik\">Operasyonel Ger\u00e7ekler: Loglar, \u0130zleme, G\u00fcvenlik<\/span><\/h2>\n<h3><span id=\"Loglama_ve_Gozlemlenebilirlik\">Loglama ve G\u00f6zlemlenebilirlik<\/span><\/h3>\n<p>Custom domain trafi\u011fini y\u00f6netirken g\u00f6zden ka\u00e7an noktalardan biri, <strong>hangi tenant\u2019\u0131n hangi domain \u00fczerinden ne kadar trafik ald\u0131\u011f\u0131<\/strong> bilgisini log\u2019larda do\u011fru yakalamak. \u00d6nerilerimiz:<\/p>\n<ul>\n<li>Reverse proxy log\u2019lar\u0131nda <strong>Host header<\/strong> ve <strong>tenant_id<\/strong> bilgilerini birlikte tutun.<\/li>\n<li>SSL handshake ve sertifika hatalar\u0131n\u0131 ayr\u0131 log\u2019larda toplaman\u0131z, hatal\u0131 domain\/sertifika kombinasyonlar\u0131n\u0131 h\u0131zl\u0131ca tespit etmenizi sa\u011flar.<\/li>\n<li>404\/5xx oranlar\u0131n\u0131 tenant ve domain baz\u0131nda takip edin; bu, hem m\u00fc\u015fteri deneyimi hem de debug s\u00fcre\u00e7lerinde hayat kurtar\u0131r.<\/li>\n<\/ul>\n<p>Sunucu log\u2019lar\u0131n\u0131 do\u011fru okumak ve 4xx\u20135xx hatalar\u0131n\u0131 te\u015fhis etmek i\u00e7in haz\u0131rlad\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/hosting-sunucu-loglarini-okumayi-ogrenin-apache-ve-nginx-ile-4xx-5xx-hatalarini-teshis-rehberi\/\">Apache ve Nginx log te\u015fhis rehberi<\/a>, custom domain trafi\u011fini analiz ederken de do\u011frudan i\u015finize yarayacakt\u0131r.<\/p>\n<h3><span id=\"Guvenlik_ve_Izolasyon\">G\u00fcvenlik ve \u0130zolasyon<\/span><\/h3>\n<p>Multi\u2011tenant SaaS\u2019te custom domain deste\u011fi verirken \u015fu g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 da hesaba katmal\u0131s\u0131n\u0131z:<\/p>\n<ul>\n<li><strong>Subdomain takeover<\/strong> riskleri: Bo\u015fta kalan CNAME hedefleri, yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f CDN\/edge kay\u0131tlar\u0131.<\/li>\n<li><strong>HSTS ve g\u00fcvenlik ba\u015fl\u0131klar\u0131:<\/strong> Her tenant\u2019\u0131n domaininde do\u011fru HSTS, CSP, X\u2011Frame\u2011Options vb. ba\u015fl\u0131klar\u0131 sunmak.<\/li>\n<li><strong>Rate limiting:<\/strong> Tek bir tenant veya domain \u00fczerinden gelen sald\u0131rgan trafi\u011fin di\u011fer tenant\u2019lar\u0131 etkilemesini engellemek.<\/li>\n<\/ul>\n<p>Bo\u015fta kalan DNS kay\u0131tlar\u0131 ve alt alan ad\u0131 ele ge\u00e7irme risklerini anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber\/\">subdomain takeover rehberi<\/a> ve <a href=\"https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-ve-digerlerini-ne-zaman-nasil-uygulamalisin\/\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberi<\/a>, SaaS \u00fcr\u00fcn\u00fcn\u00fcz\u00fc \u00e7ok kirac\u0131l\u0131 ortamda daha g\u00fcvenli h\u00e2le getirmenize yard\u0131mc\u0131 olacakt\u0131r.<\/p>\n<h2><span id=\"Bu_Mimariyi_DCHost_Uzerinde_Nasil_Kurabilirsiniz\">Bu Mimariyi DCHost \u00dczerinde Nas\u0131l Kurabilirsiniz?<\/span><\/h2>\n<p>\u0130\u015f multi\u2011tenant SaaS olunca, \u201cHangi sunucu t\u00fcr\u00fcyle ba\u015flamal\u0131y\u0131m?\u201d sorusunu do\u011fal olarak \u00e7ok duyuyoruz. DCHost taraf\u0131nda sahada g\u00f6rd\u00fc\u011f\u00fcm\u00fcz tipik yol haritas\u0131 \u015f\u00f6yle:<\/p>\n<ul>\n<li><strong>Erken a\u015fama \/ MVP:<\/strong> Tek g\u00fc\u00e7l\u00fc VPS \u00fczerinde uygulama, veritaban\u0131, reverse proxy ve ACME otomasyonunu birlikte \u00e7al\u0131\u015ft\u0131rmak.<\/li>\n<li><strong>\u00dcr\u00fcn\/pazar uyumu sonras\u0131:<\/strong> Uygulama ve veritaban\u0131n\u0131 ayr\u0131 VPS\u2019lere ay\u0131rmak; reverse proxy ve SSL katman\u0131n\u0131 \u00f6ne al\u0131p \u00e7oklu uygulama sunucusuna y\u00f6nlendirmek.<\/li>\n<li><strong>\u0130leri a\u015fama:<\/strong> Y\u00fcksek trafikli tenant\u2019lar i\u00e7in ayr\u0131 node\u2019lar, arka planda replikasyon ve \u00e7ok b\u00f6lgeli DNS ile aktif\u2011aktif\/aktif\u2011pasif mimariler.<\/li>\n<\/ul>\n<p>Bu ge\u00e7i\u015fleri planlarken, <a href=\"https:\/\/www.dchost.com\/blog\/kucuk-saas-uygulamalari-icin-en-dogru-hosting-mimarisi-tek-vps-coklu-vps-ve-yonetilen-bulut\/\">k\u00fc\u00e7\u00fck SaaS uygulamalar\u0131 i\u00e7in en do\u011fru hosting mimarisi<\/a> yaz\u0131s\u0131ndaki tek VPS \u2192 \u00e7oklu VPS \u2192 daha geli\u015fmi\u015f mimari ge\u00e7i\u015f yol haritas\u0131n\u0131 referans alabilirsiniz. DCHost olarak; domain, DNS, VPS, dedicated sunucu ve gerekirse colocation taraf\u0131nda bu mimariyi u\u00e7tan uca kurarken yan\u0131n\u0131zda oluyoruz.<\/p>\n<h2><span id=\"Ozet_ve_Son_Soz_Custom_Domaini_Sonraya_Birakmayin\">\u00d6zet ve Son S\u00f6z: Custom Domain\u2019i Sonraya B\u0131rakmay\u0131n<\/span><\/h2>\n<p>Multi\u2011tenant SaaS \u00fcr\u00fcn geli\u015ftirirken feature listesinde \u201cm\u00fc\u015fteri kendi alan ad\u0131n\u0131 ba\u011flayabilsin\u201d maddesi \u00e7o\u011fu zaman \u201cileriki s\u00fcr\u00fcmlerde gelir\u201d diye erteleniyor. Ancak ger\u00e7ek d\u00fcnya deneyimi bize \u015funu g\u00f6sterdi: E\u011fer ilk g\u00fcnden <strong>DNS, SSL\/TLS ve y\u00f6nlendirme mimarisini<\/strong> multi\u2011tenant ve custom domain g\u00f6zl\u00fc\u011f\u00fcyle tasarlamazsan\u0131z, \u00fcr\u00fcn\u00fcn\u00fcz b\u00fcy\u00fcd\u00fck\u00e7e bu eksik mimari sizi yava\u015flat\u0131yor. Domain sahipli\u011fi do\u011frulamas\u0131, DNS TTL stratejileri, ACME tabanl\u0131 otomatik sertifika y\u00f6netimi, SNI ile tek IP \u00fczerinde \u00e7oklu domain, 301\u2011HSTS\u2011canonical kurgular\u0131 ve sa\u011flam log\/izleme mimarisi bir araya geldi\u011finde, ger\u00e7ekten \u00f6l\u00e7eklenebilir bir SaaS altyap\u0131n\u0131z oluyor.<\/p>\n<p>E\u011fer \u015fu an elinizde \u00e7al\u0131\u015fan bir SaaS \u00fcr\u00fcn\u00fc var ve custom domain deste\u011fini yeni yeni d\u00fc\u015f\u00fcnmeye ba\u015flad\u0131ysan\u0131z, panik yapmaya gerek yok; ama <strong>bir mimari tasar\u0131m oturumu<\/strong> yapman\u0131n zaman\u0131 gelmi\u015f demektir. DCHost ekibi olarak, bu yaz\u0131da anlatt\u0131\u011f\u0131m\u0131z desenleri g\u00fcnl\u00fck i\u015fimizde uyguluyor; DNS, SSL ve routing taraf\u0131nda s\u00fcrd\u00fcr\u00fclebilir, otomasyona dayal\u0131 yap\u0131lar kuruyoruz. Kendi SaaS projeniz i\u00e7in benzer bir mimariyi nereden ba\u015flatman\u0131z gerekti\u011fini netle\u015ftirmek isterseniz, mevcut sunucu\/domin durumunuzu birlikte analiz edip size \u00f6zel bir yol haritas\u0131 \u00e7\u0131karabiliriz. Custom domain\u2019i sonradan eklenen bir \u00f6zellik de\u011fil, <strong>mimari tasar\u0131m\u0131n ilk vatanda\u015f\u0131<\/strong> olarak d\u00fc\u015f\u00fcnmek hem sizi hem de m\u00fc\u015fterilerinizi uzun vadede ciddi anlamda rahatlatacakt\u0131r.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Multi\u2011Tenant SaaS\u2019te M\u00fc\u015fteri Alan Ad\u0131 Neden Bu Kadar \u00d6nemli?2 Multi\u2011Tenant SaaS\u2019te Domain Mimarisi: Subdomain, Path ve Custom Domain3 DNS Taraf\u0131: M\u00fc\u015fteriden Ne \u0130stemeli, Siz Ne Y\u00f6netmelisiniz?3.1 Temel DNS Modelleri3.2 Apex (K\u00f6k) Alan Ad\u0131 Sorunu3.3 Alan Ad\u0131 Sahipli\u011fini Do\u011frulama: TXT mi HTTP mi?3.4 DNS TTL Stratejisi4 SSL\/TLS Mimarisi: Otomasyonsuz SaaS, Uzun Vadede Y\u00fcr\u00fcmez4.1 Temel Sertifika [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4753,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4752"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4752\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4753"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}