This is just for my home system, so that I can access everything via https without that annoying ssl cert warning. It's all run from a single server in the closet. I have an nginx instance facing outside, with http redirecting to https, and then each individual app accessed based on what subdomain you used (rss.xyz.com to get to my rss reader, vm.xyz.com to access my virtual machine management console, etc). At the moment I have 7 webapps running, and am in the process of adding an 8th.
The subdomains are somewhat dynamic, since I'll add more whenever I add a new webapp to the server.
In that case, sounds like you probably want a wildcard. Also, if this is just your home system and you are the only person who needs access to these machines, why not use a VPN instead? Makes more logical sense, easier to configure, and you can do more than just webapps.
The subdomains are somewhat dynamic, since I'll add more whenever I add a new webapp to the server.