Setup home network with multiple SSL devices on one IP

networking ssl dns nas router

Is it possible in some way to use multiple SSL devices (Raspberry PI and Synology) behind a router with only one incoming IP? My wish is to use it with subdomains. I can point both subdomains to the incoming IP, but how do I split them behind the router? Could it help with a local DNS server? I know that the Synology can act as a DNS server but would that help me?

The devices both uses SSL certificates from Let's Encrypt.

Big thanks in advance!


Solution 1:

Is it possible in some way to use multiple SSL devices (Raspberry PI and Synology) behind a router with only one incoming IP?

Yes. What you are talking about requires setting up a reverse proxy. Basically, you need to make e.g. subdomain s1.abc.com and subdomain s2.abc.com point to a web server (reverse proxy) such as Apache or Nginx on your network and then have that web server forward incoming requests to the appropriate devices:

Reverse Proxy Diagram

I can point both subdomains to the incoming IP but how do I split them behind the router?

The reverse proxy will need virtual hosts (for Apache) or server blocks (Nginx) for both subdomains. Any appropriate HTTPS or proxy directives will generally live under these entries.

I know that the Synology can act as a DNS server but would that help me?

DNS is not a solution in this case, so no, not for "splitting" incoming requests (though having a DNS server could be helpful generally outside of this).

Both devices uses SSL certificates from Let's Encrypt.

The easiest thing to do would be to transfer these certificates to the reverse proxy and use HTTP on your internal network. HTTPS forwarding internally is possible but potentially more of a headache and less necessary for simple home use.

Notes

  • I would suggest initially setting up your reverse proxy as HTTP-only for testing, then add the certificates afterwards.

  • Let's Encrypt now offers wildcard domain certificates (since approximately January 2018). This could be useful if you have a number of subdomains and wish to minimize the number of certificates you need to keep track of. Note that wildcard domains require verification through DNS TXT records (this might be where the Synology could come in handy, at least under certain circumstances).

Related

What is causing the atrocious performance of my Macbook pro?
My Android camera Uri is returning a null value, but the Samsung fix is in place, help?
Auto-Full Screen for a Youtube embed
Android App Integrated with OK Google
Add a delay after executing each iteration with forEach loop
QR Code possible data types or standards
Efficiently Calculating a Euclidean Distance Matrix Using Numpy
Check if a string is a palindrome
Methods that Clear the Thread.interrupt() flag
How to convert from (x, y) screen coordinates to LatLng (Google Maps)
ACCESS_COARSE_LOCATION permission gives a cell tower precision on Android
With a private modifier, why can the member in other objects be accessed directly?