I currently have NextcloudPi running on an Odroid HC-1, I have letsencrypt setup and can access nextcloud perfectly from the wan.
I just installed Home Assistant in a docker container on the same Odroid and want to be able to access it via ssl as well. I have a personal domain that I use for all of it but I need to know if its possible to have multiple ssl connections to the same server.
https://mydomain.com → odroid server port 443 (Nextcloud)
https://mydomain.com:8123 → odroid server port 8123 (Home Assitant)
Any help would be wonderful.
Thanks,
Robert
Hey mate, I hope you are doing well…
As far as I know, yes, that’s possible.
But I can see you are using self-signed CA’s, using let’s encrypt.
And that’s the problem, you need to use two different CA’s, one for each application.
Do you have the same CA or you already knew that?
Let’s try to fix it mate!
Thank you so much. I’m using NextcloudPI which has a built in app to setup LetsEncrypt, I have no idea how to set one up for the Home Assistant application manually.
Edit: So I have used CertBot to create a new certificate for the domain I want to direct to my home assistant application. But I’m not sure where to go to next.
Robert
Absolutely. You can have as many SSL connections as you like. The only thing you need to be aware of is that the SSL certificate has to match all of the domain names for which you want to use it. Sounds to me like you only use one domain name, so that makes things especially easy. Just configure both services to use the same certificate.
Ok, so Certificates are for domains and not for specific Apps. I guess my biggest question is then how would I go about using port 443 for Nextcloud, but having a second port for SSL connection to my Home Assistant. But perhaps thats a question better asked on their forum.
Just to make sure that I am giving you good advice, I looked up home assistant, and it appears that it also uses http(s), so you have two choices;
- Have it listen on a different port (like 4443, note that you already have it on port 8123).
- Provide it with a different domain name, like homeassistant.mydomain.com vs nextcloud being either on the root domain or something more fitting like nextcloud.mydomain.com.
My choice would be option 2. Note that this does NOT prevent you from sharing an SSL certificate (in fact, you then MUST share an SSL certificate!!!), it means that you need to include both domains or a wildcard domain in its configuration.
So then on to the Apache configuration (or whatever web server you use); instead of IP based virtual hosts, you will use NAME based virtual hosts. So your virtual host definition will look something like this;
<VirtualHost ip.add.re.ss:443>
SSLEngine on
# other SSL configs
ServerName nextcloud.mydomain.com
# nextcloud configurations
</VirtualHost>
<VirtualHost ip.add.re.ss:443>
SSLEngine on
# other SSL configs
ServerName homeassistant.mydomain.com
# homeassistant configurations, proxy?
ProxyPass / http://home.assistant.ip.address:8123
ProxyPassReverse / http://home.assistant.ip.address:8123
</VirtualHost>
Basically what that does, is it picks the domain name from the http request and matches it against the appropriate virtualhost. The way I have that example set up (which is meant to be an example or starting point, not ready-to-go) is so that Apache handles the SSL for both domains and proxies the home assistant connections to a different host and/or port. That saves you from mucking with SSL on home assistant.