LXD container tutorial on creating many HTTPS websites
 

Hi All,

I wrote last year a tutorial on LXD on how to create many HTTPS websites on a single server,
https://blog.simos.info/how-to-set-u...xd-containers/

There is generally some difficulty to have more than one HTTPS website on a single IP. This is resolved nowdays using something called SNI and a TLS Termination Proxy. In this tutorial I use HAProxy as the TLS Termination Proxy.

My next endevour is to write a tutorial on how to install multiple WordPress sites under LXD.
I am still trying to figure out the details on this one.

Running multiple sites with HTTPS on a single IP does not require a proxy - it requires simply the use of TLS as the security component. With TLS, you have access to the SNI extension (this is where TLS is truly different from SSL - extensions) whereby the browser tells the server which site it is trying to connect to BEFORE certificate information is leveraged to create a secure channel. 100% of the required configuration can be done in Apache directly.

In the tutorial I am running HAProxy as a TLS Termination Proxy (https://en.wikipedia.org/wiki/TLS_termination_proxy).

And HAProxy uses SNI in order to direct each client to the correct container. (There is no other way to have HTTPS on a single IP address without SNI).

The benefit of HAProxy is that all Let's Encrypt certificate management happen in the HAProxy container. The websites (nginx in my example) do not need any HTTPS configuration, therefore I do not need to replicate the complex HTTPS settings that can achieve A+ on the Qualys SSL Test (https://www.ssllabs.com/ssltest/).

I fully understand what you're doing. The "secret sauce" here, however, is NOT the proxy - it's the use of SNI which requires TLS.