I would like to serve multiple domains with one server, e.g. a.example.com
and b.example.com
. And I would like to run a separate nginx service in separate containers for this.
My current config is:
{ config, pkgs, ... }:
{
networking.hostName = "<myhostname>";
networking.nat = {
enable = true;
externalInterface = "enp3s0";
internalInterfaces = [ "ve-+" ];
};
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
};
containers.nextcloud = {
config = {
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "mail@example.com";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"a.example.com" = {
root = "/var/www";
forceSSL = true;
enableACME = true;
};
};
};
};
autoStart = true;
privateNetwork = true;
hostAddress = "10.250.0.2";
localAddress = "10.0.0.2";
forwardPorts = [{
protocol = "tcp";
hostPort = 80;
containerPort = 80;
} {
protocol = "tcp";
hostPort = 443;
containerPort = 443;
}];
};
containers.somethingelse = {
config = {
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "mail@example.com";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"b.example.com" = {
root = "/var/www";
forceSSL = true;
enableACME = true;
};
};
};
};
autoStart = true;
privateNetwork = true;
hostAddress = "10.250.0.3";
localAddress = "10.0.0.3";
forwardPorts = [{
protocol = "tcp";
hostPort = 80;
containerPort = 80;
} {
protocol = "tcp";
hostPort = 443;
containerPort = 443;
}];
};
}
The server at a.example.com
is reachable via the internet and works (obviously all names have been changed). When I try to reach https://b.example.com
, I get an SSL certificate error in my browser saying that the certificate refers to a.example.com
and if I continue in insecure mode I get the content of a.example.com
served.
Probably, I misunderstand how the port forwarding works. Is it possible to forward one port twice? Probably not. But if I remove the port forwarding, both web servers cannot be reached.
Is my whole approach even valid? Or am I misunderstand something fundamental?
Any help is very much appreciated. I also volunteer to write the respective entry in the nix wiki or the nix manual to help future users.