Multiple servers one IP address home setup issue


#1

So Im not sure if this is something that can be done.

I have 3 Raspberry PI’s running 3 different servers.

1 Home Automation (home Assistant)

1 Media (torrents, deluge)

1 Personal website. (nginx port 8080)

Right now I access each server on the same domain. xxx.duckdns.org. To access the media, since its behind a nginx server I use xxx.duckdns.org/deluge or xxx.duckdns.org/sonarr

For the home assistant its xxx.duckdns.org:8123.

For the personal running nginx its xxx.duckdns.org:8080

I use google wifi to fwd the ports. When the Lets encrypt cert expires, I have to run the certbot on each machine. This caused me a few issues and I hit the rate limit a few times.

Is there a way to “share” the certificate across all three machines? Same public IP address


#2

Hi @neuman1812,

The certificate and private key are files that can be copied from one machine to another. You can automate this with a script that runs scp or rsync or something. The certificate doesn’t mention a particular port number and so you can use the same certificate to security services provided on different ports, including services provided on different ports by different machines.

If you only have 3 servers, running certbot renew separately on each server shouldn’t really result in hitting the rate limit because each server will only obtain 1 certificate. If you’re testing your configuration and issuing many test certificates, you can use the staging server (with --staging) so that the test certificates don’t count against your rate limit.

You can also use your nginx server with proxy_pass directives to handle all of the forwarding if you want to use paths instead of port numbers when accessing the services from the Internet. In that case, potentially only the nginx server would need a certificate. However, whatever configuration you choose is valid.


#3

You can also use your nginx server with proxy_pass directives to handle all of the forwarding if you want to use paths instead of port numbers when accessing the services from the Internet. In that case, potentially only the nginx server would need a certificate. However, whatever configuration you choose is valid.

This is possible if they are hosted on different machines? I was unaware of that. It would make this easier.

In my Nginx config for example for Sonarr I have this

location /sonarr {
 proxy_pass http://127.0.0.1:8989;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

How would I get that to point to a different machine? My home assistant machine for example is on 192.168.1.101


#4

Just use the other machine’s IP address instead of 127.0.0.1 :slight_smile: This should work great.

Note that if the other machine uses a particular port number as seen from the LAN (other than the default of 80), you have to also specify that port number.