Hi,
Since Let's Encrypt has recently launched wildcard certificates I've decided to set up a subdomain with wildcard certificate for all HTTP services on my LAN. Essentially I have an acme.sh client running as a cron job on a box, configured to perform DNS-based validation for the subdomain via Cloudflare API, renew the certificate and automatically deploy it to all services via SSH, this includes my router for the web-based admin interface, Proxmox and OMV. This allows me not to expose any services externally for domain validation, which is nice. So let's say the subdomain is lan.example.com and the certificate is for *.lan.example.com. My local DNS server is configured to resolve all lan.example.com hosts inside the LAN, OMV being omv.lan.example.com for example.
Now, I figured I could also have separate hosts for all web services running on OMV aside from the admin UI, for example Transmission, so I installed the Nginx plug-in and tried to configure as reverse proxy with name-based server blocks. However, is there a way to have all these hostsreachable on port 443? For example my nginx configuration for transmission looks like this:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/openmediavault-63538c91-1c8a-45b1-b6b4-01aa85fd605b.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-63538c91-1c8a-45b1-b6b4-01aa85fd605b.key;
server_name torrent.lan.example.com;
root /var/www/torrent.lan.example.com;
index index.html;
access_log /var/log/nginx/10a54529-eea8-4ebf-b3ad-514a736893e0-access.log;
error_log /var/log/nginx/10a54529-eea8-4ebf-b3ad-514a736893e0-error.log;
large_client_header_buffers 4 32k;
location ^~ / {
proxy_pass http://127.0.0.1:9091;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 1d;
}
}
Alles anzeigen
This fails. Either the OMV UI stops responding or nginx fails to restart with multiple errors:
Mar 18 21:32:16 omv nginx[17833]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 18 21:32:16 omv nginx[17833]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Is there any way to make this work with different hosts/websites on the same port? If I change the ports to something else, it works, but I'd really like to have clean URLs. For example I'd like https://omv.lan.example.com to point to the OMV UI, while https://torrent.lan.example.com to point to Transmission interface, even though they are both on the same machine/IP address.