You are going to run into a couple of issues here.
-
Certifying your responses - Gateways try to make sure your responses are certified by the canister. I know this has changed a bit, but I’m pretty sure you’ll still get non-certification errors if you try to serve a web resource not from the canister_id.raw.ic0.app endpoint. Origyn did a custom proxy at one point to get around this, but when you do that you open up users to a man-in-the-middle attack. Because canisters have to sign a certificate with your dynamic content you are looking at extended latency and likely having to upgrade each request to go through the http_request_update pathway with a redirect to the certified page. This isn’t going to be a great experience.
-
The newly surfaced subnet issue will make this very interesting. Right now queries(serving most web resources) is a query op and doesn’t really get affected by a bob/yral subnet attack, but once you have to dynamically generate and certify the content your requests become updates and will require you to increase your compute allocation significantly to experience anything close to acceptable web experience(likely close to 100 if you want 2 - 4 second response) which is a commitment of ~$3,500 a month.
We would need some kind of query-only certification process to make it realistic. In the past I’ve thought a good bit about this, but haven’t done much work on it recently.
See Certification v2 Questions - #2 by NathanosDev for more info.
And this bounty which is still open: Assigned: BNT-13 - Motoko Certified Assets Canister - #3 by domwoe