LXD container tutorial on creating many HTTPS websites
Linux - ContainersThis forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There is generally some difficulty to have more than one HTTPS website on a single IP. This is resolved nowdays using something called SNI and a TLS Termination Proxy. In this tutorial I use HAProxy as the TLS Termination Proxy.
My next endevour is to write a tutorial on how to install multiple WordPress sites under LXD.
I am still trying to figure out the details on this one.
There is generally some difficulty to have more than one HTTPS website on a single IP. This is resolved nowdays using something called SNI and a TLS Termination Proxy. In this tutorial I use HAProxy as the TLS Termination Proxy.
My next endevour is to write a tutorial on how to install multiple WordPress sites under LXD.
I am still trying to figure out the details on this one.
Running multiple sites with HTTPS on a single IP does not require a proxy - it requires simply the use of TLS as the security component. With TLS, you have access to the SNI extension (this is where TLS is truly different from SSL - extensions) whereby the browser tells the server which site it is trying to connect to BEFORE certificate information is leveraged to create a secure channel. 100% of the required configuration can be done in Apache directly.
Running multiple sites with HTTPS on a single IP does not require a proxy - it requires simply the use of TLS as the security component. With TLS, you have access to the SNI extension (this is where TLS is truly different from SSL - extensions) whereby the browser tells the server which site it is trying to connect to BEFORE certificate information is leveraged to create a secure channel. 100% of the required configuration can be done in Apache directly.
And HAProxy uses SNI in order to direct each client to the correct container. (There is no other way to have HTTPS on a single IP address without SNI).
The benefit of HAProxy is that all Let's Encrypt certificate management happen in the HAProxy container. The websites (nginx in my example) do not need any HTTPS configuration, therefore I do not need to replicate the complex HTTPS settings that can achieve A+ on the Qualys SSL Test (https://www.ssllabs.com/ssltest/).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.