Multiple websites on one IP address

-

How to Set Up a Raspberry Pi as a Reverse Proxy for Multiple Domains with SSL

A reverse proxy is a powerful way to route traffic for multiple websites hosted on different machines but accessible through a single public IP. In this guide, we’ll configure a Raspberry Pi to act as a reverse proxy, forwarding requests to different internal servers based on the requested domain name and using Let’s Encrypt SSL certificates for secure connections.

Use Case Example

  • Domain 1: domain1.com → Hosted on Server 1 (192.168.1.75)
  • Domain 2: domain2.com → Hosted on Server 2 (192.168.1.71)
  • Public IP: Same for both domains.

The Raspberry Pi will sit between the internet and your internal web servers to manage incoming requests and securely forward them to the correct backend server.






Step 1: Prerequisites

  1. Raspberry Pi:

    • A Raspberry Pi with Raspbian or Raspberry Pi OS installed.
    • Static internal IP for the Raspberry Pi (e.g., 192.168.1.100).

  2. Web Servers:

    • Two or more web servers running on different internal IPs:
      • Server 1: 192.168.1.75
      • Server 2: 192.168.1.71

  3. Domain Names:

    • Domains pointing to your home’s public IP via DNS.

  4. Router Configuration:

    • Forward port 80 (HTTP) and 443 (HTTPS) to your Raspberry Pi’s internal IP (192.168.1.100).

Step 2: Install Nginx and Certbot

  1. Update and install Nginx and Certbot:

    sudo apt update
sudo apt install nginx certbot python3-certbot-nginx -y

  2. Enable and start Nginx:

    sudo systemctl enable nginx
sudo systemctl start nginx

Step 3: Obtain SSL Certificates with Certbot

  1. Obtain SSL certificates for your domains using Certbot. This command automatically configures SSL for your Nginx server:

    For Domain 1:

    sudo certbot --nginx -d domain1.com -d www.domain1.com

    For Domain 2:

    sudo certbot --nginx -d domain2.com -d www.domain2.com

  2. Verify your domains in a browser to check that SSL is working properly:

    • Visit https://domain1.com and https://domain2.com. You should see a secure connection.

Step 4: Configure Nginx as a Reverse Proxy

  1. Navigate to the Nginx configuration directory:

    cd /etc/nginx/sites-available

  2. Create a new file for your reverse proxy configuration:

    sudo nano /etc/nginx/sites-available/reverse_proxy

  3. Add the following configuration to redirect HTTP to HTTPS and set up reverse proxy for both domains:

    # Redirect HTTP to HTTPS
server {
    listen 80;
    server_name domain1.com www.domain1.com domain2.com www.domain2.com;

    return 301 https://$host$request_uri;
}

# Reverse Proxy for domain1.com
server {
    listen 443 ssl;
    server_name domain1.com www.domain1.com;

    ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;

    location / {
        proxy_pass https://192.168.1.75;  # Forward to Backend Server 1
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Reverse Proxy for domain2.com
server {
    listen 443 ssl;
    server_name domain2.com www.domain2.com;

    ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;

    location / {
        proxy_pass https://192.168.1.71;  # Forward to Backend Server 2
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

  4. Create a symbolic link to enable the configuration:

    sudo ln -s /etc/nginx/sites-available/reverse_proxy /etc/nginx/sites-enabled/

  5. Remove the default Nginx configuration:

    sudo rm /etc/nginx/sites-enabled/default

Step 5: Test and Restart Nginx

  1. Test the Nginx configuration to ensure there are no syntax errors:

    sudo nginx -t

  2. Restart Nginx to apply the changes:

    sudo systemctl restart nginx

Step 6: Configure DNS for Your Domains

  1. Go to your domain registrar’s DNS management panel.

  2. Add an A record for each domain, pointing to your public IP address:

    • domain1.comYour Public IP
    • domain2.comYour Public IP

  3. (Optional) Add CNAME records for subdomains (e.g., www.domain1.comdomain1.com).

Step 7: Verify Connectivity

  1. Test domain resolution using nslookup:

    nslookup domain1.com
nslookup domain2.com

    Both domains should resolve to your public IP.

  2. Open a browser and test the domains:

    • Navigate to https://domain1.com.
    • Navigate to https://domain2.com.

Step 8: Troubleshooting

  • Issue: Default Nginx page appears for the second domain

    • Ensure the server_name values match the exact domain names.
    • Restart Nginx after any changes: 
      sudo systemctl restart nginx

  • Issue: Traffic is not reaching your Raspberry Pi

    • Verify port 80 and 443 are forwarded to the Raspberry Pi’s internal IP in your router.

  • Issue: Logs show errors

    • Check Nginx logs for clues: 
      sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

Step 9: Optional Enhancements

  • Automatic SSL Renewal: Certbot automatically sets up a cron job to renew SSL certificates. You can verify this by running:

    sudo certbot renew --dry-run

  • Monitor Traffic: Install monitoring tools like htop or ngxtop to analyze server performance and traffic.

Conclusion

By using Let’s Encrypt SSL certificates, your Raspberry Pi acts as a secure reverse proxy, forwarding traffic to backend servers based on domain names. This setup ensures that your websites are served over HTTPS with valid, trusted certificates and offers the flexibility to host multiple domains.

Enjoy your enhanced, secure, home-hosted web setup! 🚀


Comments

Post a Comment

Popular posts from this blog

Tutorial: Using Raspberry Pi as an OpenVPN Client Router with Ethernet Sharing

-
Image
Tutorial: Using Raspberry Pi as an OpenVPN Client Router with Ethernet Sharing Tutorial: Using Raspberry Pi as an OpenVPN Client Router with Ethernet Sharing This guide will show you how to configure your Raspberry Pi as an OpenVPN client router. The Raspberry Pi will connect to your home Wi-Fi for internet access, and its Ethernet port ( eth0 ) will be configured to share the VPN connection with a connected device (e.g., a PC). Prerequisites Raspberry Pi 4 with Raspbian OS OpenVPN Configuration File (.ovpn file) from your VPN provider Wi-Fi Connection to your home network Step 1: Connect Raspberry Pi to Your Home Wi-Fi Configure Wi-Fi using raspi-config : Copy sudo raspi-config Navigate to Network Options > Wi-Fi, select your network, and enter the password. Verify the Wi-Fi connection: Copy ip a show wlan0 Step 2: Instal...
Read more

How to Use a Raspberry Pi 4 as a Firewall to Block Adult Content and Protect Your Family

-
Image
  Ensuring your family’s online safety is crucial in today’s digital age. A Raspberry Pi 4 can be transformed into a cost-effective and powerful firewall to block adult content and inappropriate material on your home network. This step-by-step tutorial will guide you through setting up content filtering using Pi-hole and optional advanced proxies like DansGuardian or SquidGuard . Why Use a Raspberry Pi as a Firewall? A Raspberry Pi 4 is small, affordable, and powerful enough to serve as a home firewall. With tools like Pi-hole, it can: Block adult content and inappropriate websites. Provide network-wide protection. Enhance your family’s online safety. What You’ll Need Raspberry Pi 4 (or similar model). MicroSD card (16GB or larger). Power supply for the Raspberry Pi. Ethernet cable (optional for a more stable connection). Home Wi-Fi router. Step 1: Install Raspberry Pi OS Download and Install Raspberry Pi OS : Use Raspberry Pi Imager to install Raspberry P...
Read more

Tutorial: Using Raspberry Pi Pico and HW-488 Infrared Obstacle Avoidance Sensor to Play/Pause a Video on Your PC via USB

-
Image
  In this tutorial, we'll demonstrate how to use the Raspberry Pi Pico and an HW-488 Infrared Obstacle Avoidance Sensor to control video playback on your PC. The setup will allow you to automatically play or pause a video based on your proximity to the sensor. When you are in front of the sensor, the video will play; when you step away, the video will pause. We'll use CircuitPython to achieve this, as it has built-in support for USB Human Interface Devices (HID), allowing the Pico to act like a USB keyboard. Prerequisites Hardware: Raspberry Pi Pico HW-488 Infrared Obstacle Avoidance Sensor Jumper wires USB cable for Pico connection to the PC Software: CircuitPython firmware for Raspberry Pi Pico Adafruit HID Library for CircuitPython Step 1: Setup CircuitPython on Raspberry Pi Pico To begin, we need to install CircuitPython on the Raspberry Pi Pico. Installing CircuitPython: Visit the CircuitPython download page . Download the latest .uf2 file for Raspberry Pi Pico. Hold ...
Read more