Multi Domain with SSL

evertvh · March 28, 2020, 10:32am

Hi Guys

I recently got my nextcloud server up and running on FreeNAS 11.3 and I can reach it via https from

https://cloud.mydomain1.com

I followed this post:

to get it up and running and do the SSL cert with Cloudflare.

I now need to add another two domains to access this nextcloud instance with
Https://cloud.mydomain2.com
and
Https://cloud.mydomain3.com

Now in the scripted install, it used caddy and I am not familiar with caddy at all.

Can I now just install certbot and let it do HTTP verification for the next two domains and add it on to nextcloud so that I can access it.

if anyone can point me or assist me in the right direction I would gladly appreciate it.

I am also looking into perhaps redoing the server and doing a reverse proxy jail to handle all the certs and domains but can’t find a nice updated post with multiple domains to follow.

I need a bit more love and care as I just started scratching the surface with the servers

Thanks

evertvh · March 29, 2020, 10:36am

Anyone please?

eehmke · March 30, 2020, 10:04am

If you use certbot, it’s easy. Just add all your domains to the command, like

certbot certonly \
   --authenticator (your setting here).... \
   --server https://acme-v02.api.letsencrypt.org/directory \
   -m <your email>\
   -d '<your first domain>' \
   -d '<cloud.yourdmain>'  \
   -d ....

evertvh · March 30, 2020, 2:33pm

Thanks, will look into that with certbot, pretty sure that part im okay with i get stuck with the rest, trying a build now from scratch with appache as i can do apache with certbot just not sure what i need to change for multiple domains in the config files

KarlF12 · March 30, 2020, 2:39pm

You are wanting to access the same instance under multiple domains? Or run more than one instance for different domains on the same server?

evertvh · March 30, 2020, 3:29pm

Connect to the same instance. same folders just under different domains. so I have gotten to the correct point now where i can access via different domains, and they have ssl. did have to set it up from scratch but got that going. so with certbot and apache. having an issue now with creating users but think that’s due to permissions i set because the data folder is outside the local folder.

madmas · March 30, 2020, 3:30pm

@evertvh I’ve a nextcloud - instance running serving multiple domains and I want to advise to NOT DO THIS.

While Nextcloud is very capable to handle this and setup is fairly straight forward (‘trusted_domains’ in config.php and there you go… ) it gets complicated in the long run as everything you to affects all users in different contexts.
Also, the theming is optimized for one domain, there is no such thing like “logo per domain” or something like that.

Performance wise, it should be fine to run 2 or 3 nextcloud instances in parallel.

evertvh · March 30, 2020, 3:35pm

Thanks for the headsup. I want to play around with it just to see what and how it will work or affect and if i do find that it is not worth it I will instead moving to different instances serving different domains with a reverse proxy handling the ssl request.

madmas · March 30, 2020, 3:46pm

I’m not sure if you need a reverse proxy. If you have setup apache now to serve different domins with different certificates, its easy: just let them serve just a instance themself and nur share the same document root

have fun!

evertvh · March 30, 2020, 3:59pm

Thanks for the help and advice will look into it.

Now onto solving the next problem xD

KarlF12 · March 31, 2020, 4:38am

Something else you might consider as an alternative is if you use the Docker version, you could run several separate instances on the same server with a single reverse proxy in front of them, and this leaves open the option to separate them into separate servers later. Food for thought.

evertvh · March 31, 2020, 11:30am

Thanks for the Idea, could you have them share the same folders so that i can access the same data from two dockers or will the data be seperate?

KarlF12 · March 31, 2020, 1:01pm

They would be completely separate NC instances in that case (could even be running different versions). But since each has its own domain, you should be able to set up federated sharing between them.

If you run Docker-compose then you’ll just have to change the port numbers and container and network names in each one so there’s no conflict.

I suppose you could do the same thing without Docker if you set up three different vhosts and run three different DBs in MariaDB.

evertvh · April 3, 2020, 3:06pm

Cool thanks will keep it in mind going forward