1

I have several sites running on different (virtual) ubuntu servers, something like this:

  • mysite.mydomain.com (10.3.0.5)
  • another.mydomain.com (10.3.0.7)
  • siteabc.differentdomain.eu (10.3.0.16)

I had paying certificates for all of them, and was using MUP (Meteor-up) to deploy them:

proxy: {
    domains: 'mysite.mydomain.com',
    ssl: {
        crt: './mysite_mydomain_com.crt',
        key: './mysite_mydomain_com.key',
        forceSSL: true
    }
}

Now I want to use Lets Encrypt for all of them. I forwarded port 80 to 10.3.0.5 (the first site), and this works (MUP creates nginx docker containers automatically etc..), but the others don't work because they need port 80 which is already used for the first one.

proxy: {
    domains: 'mysite.mydomain.com',
    ssl: {
        letsEncryptEmail: 'mysite@mydomain.com'
        forceSSL: true
    }
}

Is it possible to have multiple domains behind the same ip, and still use Lets Encrypt? And how would I do that for Meteor applications and Meteor-up deployments?

TomTem
  • 89
  • 9

1 Answers1

0

Yes is the short answer. MUP installs a docker image running nginx proxy https://github.com/nginx-proxy/nginx-proxy

nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.

See Automated Nginx Reverse Proxy for Docker for why you might want to use this.

You don't need to worry about the details, it automatically directs traffic based on the target URL to the correct docker instance. I run several staging/demo servers on the same EC2 instance using it, Easy :)

Mikkel
  • 7,693
  • 3
  • 17
  • 31
  • I can see the jwilder/nginx-proxy docker containers generated by MUP for all of the applications. And I can deploy the first application because port 80 is forwarded to its internal ip (10.3.0.5), but now when I deploy the others it fails (error in browser = NET::ERR_CERT_AUTHORITY_INVALID) which makes sense to me because port 80 is pointing to 10.3.0.5. Do I need to add something to the mup.js config file? – TomTem Aug 10 '20 at 14:53
  • Mikkel, how does this work with the actual certificate generated by Let's Encrypt? I thought SSL certificates are valid only for one domain (plus potentially subdomains), but TomTem lists two different domains. Does mup create two separate Let's Encrypt certificates automatically? – Christian Fritz Aug 10 '20 at 15:53
  • Each docker image listens on port 80. nginx-proxy forwards incoming traffic on https: to the appropriate docker image to process the requests, and yes, there are multiple lets-encrypt certs, one for each name that's mentioned – Mikkel Aug 11 '20 at 07:55
  • you have many apps in many docker containers on only 1 VM, but I have many VM's each running 1 meteor application, so in my case only 1 works as described (the one to which my router is forwarding port 80), so I'm still looking for a solution... – TomTem Aug 11 '20 at 16:33
  • If you want to set them all up on one IP, you will either need a load balancer, or you can use NGINX to forward the requests based on the incoming URL. I don't think MUP has an option to do this. If you want to keep using MUP with letsencrypt, you can just have each VM have it's own public IP - or can't you get more IP's? – Mikkel Aug 18 '20 at 20:22