Is it possible to have a 2nd YH server, running on the same IP?
The reason is that I have one huge website for which I would like to have a dedicated server.
I think the correct answer is “no but yes”
A YunoHost server expect to have it’s own IP, and needs it to generate https certificates for exemple.
But if the second server is only to host a site, or anything in fact, you can always use the redirect app on the front server to reach the second.
This app is quite light, but 100% of the packets going to the second server will be handled by the frontal (which will also manage the https with real certificases, the second one will only be able to use auto-signed, or rome you genirated and put in)
That’s something I was afraid of…
So set the domain on the main server and forward its domain to IP address?
It should work.
But I’ve seen things about duplicates local names recently, but I do not remember where, and it should be checked, just in case.
How to actually set this up?
What DNS rules should be added and how to not conflict with the ports of the main server? Can you create a little tut maybe of how you think that it should be done??
I might be better off with creating an 2nd VPN like I did with my main server: Homemade WireGuard VPN on a VPS server???
Can nobody tell me this? Sad me… Maybe a master and slave server solution? With an app so that the second server tags into the master? I never wrote a YH app but hmmmm…
I think you will not have both servers directly on the Internet.
Only one will be, and will act as a reverse proxy so the other one, which is only on the local network, will be reachable (it will have acess to Internet, but Internet will not have access to it).
Hello,
I have this kind of settings:
- Yuno1 on mydomain.com
- Yuno2 on subdomain.mydomain.com
I’ve been make it work with the following:
On yuno1, domain mydomain.com is set in classic way. Nothing special regarding DNS at the registar: A and AAAA point to IPv4 of the internet box and IPv6 of the yuno.
On yuno2, domain subdomain.com is set also in classic way, DNS A point to the same IPv4 as yuno1 and AAAA to the IPv6 address of the server.
The internet box sets all trafic to Yuno1 local IP.
Now, on yuno1, I have added a nginx file /etc/nginx/conf.d/redirect.subdomain.domain.com.conf with following:
server {
listen 80; #port 80 pour http pour IPv4
listen 443; #port 443 pour https pour IPv4
listen [::]:80; #port 80 pour http pour IPv6
listen [::]:443; # port 443 pour https pour IPv6
server_name subdomain.domain.com;
access_log /var/log/nginx/subdomain_access.log;
error_log /var/log/nginx/subdomain_error.log;
ssl_certificate /etc/yunohost/certs/crt_subdomain.pem;
ssl_certificate_key /etc/yunohost/certs/key_subdomain.pem;
location / {
proxy_pass https://local_IP_of_Yuno2;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Connection “”;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_buffering off;
proxy_read_timeout 36000s;
}
}
This will ensure all trafic for subdomain.domain.com is redirected to Yuno2.
Then, we have to deal with the certificates:
On Yuno2, you have to manually force the letsencrypt certificate generation with
yunohost domain cert-renew --no-checks subdomain.domain.com
The --no-checks is mandatory as the domain is not directly reachable and so yunohost will assume it’s not normal.
Finally, I have a small bash script that copy this certificate from Yuno2 to Yuno1 via scp (this require to have ssh key set up from Yuno2 to Yuno1):
#!/bin/bash
#Check for root
if [[ "$EUID" -ne 0 ]]; then
echo -e "${RED}You must be a root user${NC}" 2>&1
exit 99
fi
#yunohost domain cert-renew --no-checks
scp /etc/yunohost/certs/subdomain.domain.com/crt.pem root@local_IP_Yuno1:/etc/yunohost/certs/crt_subdomain.pem
scp /etc/yunohost/certs/subdomain.domain.com/key.pem root@local_IP_Yuno1:/etc/yunohost/certs/key_subdomain.pem
Ensure that the files belong to root:ssl-cert and are rw for root and r for group.
restart nginx on Yuno1 with sudo systemctl restart nginx
With that, I’m able to access Yuno2 with https://subdomain.domain.com.
Of course, they are a lot of warning in the diagnostics, and only the web interface is working (no mail, no xmpp, etc…) but I never looked into as I don’t need them.
I’m sure they are other ways (maybe using the redirect apps), which may be more efficient, but this settings have been working for me for more than 2 years now.
Hope this help.
1 Like
Thanks,
So that first step you took was exactly what I did myself.
But the seems exactly what I was looking for! I cannot try it right now, but I will a.s.a.p. and get back with the results.
But still, I find that these things should be a part of the YH server settings or a dedicated app. Why you might ask? Well because a lot of server software already come with a similar, connect slave to master feature, and It’s also just a nice thing if YH would be scalable. Also, would be awesome to off load tasks to another machine. So the main one get a lot of resources back.
You can give a try to the redirect_ynh app.
You must also have the domain of the server 2 on the server one. You use redirect_ynh on server one to redirect to the second server. The first server manage the let’s encrypt certificat and you use a self-signed on the second server. It should work.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.