Scaling with Ease: Multi-Domain Integration on a Single-Server Architecture (2025)

Date: December 27, 2025

In late 2025, as digital presence became increasingly fragmented across specialized domains, the need for efficient, centralized infrastructure reached a peak. Our recent implementation for a .bg domain demonstrated how to seamlessly integrate a new country-specific domain into an existing server architecture, sharing core services like WordPress, Email, and Identity Management without increasing operational complexity or hardware costs.

The Challenge
The organization, already operating on .ltd domain, required the addition of a .bg domain to better serve the Bulgarian market. The technical requirements were stringent:

• Service Parity: The new domain needed to mirror all existing services (Website, Webmail, Nextcloud, LDAP, Autodiscover).
• Infrastructure Consolidation: All services had to run on the same VM to minimize overhead.
• Email Deliverability: the new .bg domain required its own unique DKIM, SPF, and DMARC signatures despite sharing the same mail stack.
• Zero Downtime: The migration and integration had to happen without interrupting existing .com operations.
• Repository-Server Sync: Local development repositories needed to be perfectly aligned with the server’s running state to ensure long-term maintainability.

The Solution: Unified Multi-Domain Reverse Proxy and Identity Integration
We implemented a multi-layered integration strategy centered around Caddy’s dynamic routing and docker-mailserver’s multi-domain support.

Dynamic Web Routing (Caddy)

• Multi-Host Site Blocks: Updated the Caddyfile to handle both .com and .bg domains within the same reverse proxy blocks, leveraging Caddy’s automatic SSL for all subdomains.
• Subdomain Synchronization: Configured cloud, mail, ldap, and autodiscover subdomains for the new domain, routing them accurately to existing backend containers.
• Symlink Management: Consolidated configuration files into /etc/caddy/Caddyfile with robust symlinking to the user’s configuration directory for easier management.

Multi-Domain Email Security (opendkim)

• Unique DKIM Key Generation: Generated distinct 2048-bit RSA keys for .bg domain using docker-mailserver‘s setup utilities.
• Internal Table Reconstruction: Rebuilt OpenDKIM’s KeyTable and SigningTable via a controlled stack restart, ensuring the server correctly signs outgoing mail for both domains.
• SnappyMail Domain Mapping: Created specialized JSON configuration templates to allow one webmail instance to serve multiple domains with localized settings.

Identity and Access Management (LDAP)

• Domain-Agnostic Authentication: Refined Dovecot and Postfix LDAP filters to dynamically query users based on their full email address, allowing user@xxxx.com and user@xxxx.bg to coexist in the same directory.
• Attribute Mapping: Utilized the mail attribute as the primary identifier, ensuring seamless integration with existing Nextcloud and LAM instances.

Repository-to-Server Validation

• Configuration Auditing: Performed a full MD5-based checksum comparison between local docker-compose.yml files and the server’s production environment.
• Environment Normalization: Synchronized the local repository to match the server’s state, removing legacy configurations (such as bgoal.hk fallbacks) to maintain a single source of truth.

Key Features Delivered

1. Unified Reverse Proxy: Single Caddy instance managing HTTPS for 10+ subdomains across two root domains.
2. Transparent Email Integration: Shared mailserver stack with domain-specific DKIM signing.
3. Synchronized Documentation: Updated flex-i.ltd.md with detailed DNS, SPF, and DMARC requirements for the new domain.
4. Maintenance-Ready Repo: Clean, server-matched local configuration files for future scaling.

Technical Implementation

• Web Layer: Caddy 2.x with automatic Let’s Encrypt / ZeroSSL.
• Mail Layer: docker-mailserver with OpenDKIM and Dovecot-LDAP.
• Webmail: SnappyMail with multi-domain JSON backends.
• Sync Tools: SCP, SSH, and MD5 checksum verification.

Results Achieved

• 100% Service Parity: .bg domain users have access to the exact same suite of tools as .com domain ones.
• Pass DMARC/DKIM: Verified “PASS” results for both domains on external mail testers.
• Zero Cost Increase: Successfully hosted two distinct brand identities on a single VM.
• Maintainability: Reduced configuration drift to zero through repository synchronization.

Client Impact
“The ability to spin up a new regional domain in hours rather than days is a game changer,” noted the lead administrator. “By sharing the existing infrastructure, we kept our costs flat while doubling our brand footprint in Eastern Europe.”

Why This Project Matters
This 2025 integration proves that “small server” doesn’t mean “small capability.” By leveraging modern container orchestration and smart reverse proxying, we demonstrated that a single VM can robustly handle multiple professional identities, setting the stage for even further regional expansion.

Lessons Learned

• DKIM tables in docker-mailserver require a restart to rebuild, even after keys are generated.
• Repository-to-server synchronization is the most effective way to prevent “it works on my machine” issues in deployment.
• Centralizing DNS documentation for both domains in a single file reduces administrative errors during provider updates.
• Caddy’s simplicity in handling multiple hostnames in a single block significantly reduces the risk of configuration errors compared to traditional web servers.