Problem obtaining and assigning a new IP to a web site

livilops said 1 year ago:

We have a web site running on our cloud server with no problem. We now need a second web site running with a different IP as its an SSL only web site. So we added a new IP address (xx.xx.x.106) to the server (via the Cloud Server Manage tool) and we created the new web site and bound the new site to the new IP just received.

But its not working.

We noticed that the original web site that works fine is bound to an internal Private IP address of 10.1.0.2 not an external IP. Maybe thats the issue ?

So to try to fix that … How do we assign our new IP to a new Private IP (say 10.1.0.3) and thus bind our new web site to the new private IP ?

Is there somewhere in the Cloud Manage tool that allows us to assign a new external IP to a new Internal IP ?

Hope all this is clear !

Thanks

Mike

MikeD said 1 year ago:

Unfortunately right now we don’t support multiple private IPs on a single VM.

What you can do, though, is run the second web site on a different port number (e.g. 8443.) Then when you configure the port forward for the second public IP address (x.x.x.106), set up the public port as 443, but the private port as 8443.

That way users will be able to access the two web sites, on the two public IPs (on the regular port 443.) But on the backend VM, you can still serve both sites from the same IP address.

livilops said 1 year ago:

OK …. I can do that BUT … My first web site that is working is already using 443 as that also an SSL encrypted site. If I port forward 8443 to be 443 will that interfere with my first web site that is currently OK ?

Ultimately is it possible to have multiple SSL websites all with their own unique external IP’s running correctly on the VM ?

krisl said 1 year ago:

@Livilops

You current configuration with <primary ip (not x.x.x.106)>:443 -> 10.1.0.2:443 will still continue to work, since the additional configuration will be: <secondary ip (x.x.x.106):443 -> 10.1.0.2:8443. Because the new site is running on 8443 on 8443 nothing will be changed with the existing 443 site.

livilops said 1 year ago:

OK did that and the site works so thats great BUT … on the 2nd site I am now getting a certificate error. I am using one of your wildcard certificates and it SHOULD be fine. Is it failing because I am not using the internal port 443 ? You can see it at https://trial.ebuyerassist.com/ where it works (thats the original first site) and on the second site at https://trial.qbservice.ebuyerassist.com where I get a certificate error. The wildcard cert is correctly installed on the server for *ebuyerassist.com

MikeD said 1 year ago:

The cert the server is sending is the correct one (the *.ebuyerassist.com wildcard cert), so it doesn’t have anything to do with the port numbers.

I am not 100% sure on how wildcard certs work, but it’s possible they only work with a single level subdomain. E.g. sub1.ebuyerassist.com, not sub2.sub1.ebuyerassist.com. Based on what the browser verification message says, that’d be my guess.

But as far as the networking and port forwarding, looks like you’re good to go on that end of it.

vincent said 1 year ago:

Wildcard certs are indeed only good for one subdomain (and no subdomain, https://ebuyerassist.com/). *.ebuyerassist.com does not cover trial.qbservice.ebuyerassist.com.

vincent said 1 year ago:

Maybe you could name them something like trial-qbservice.ebuyerassist.com or qbservice-trial.ebuyerassist.com instead so that you’re only using one level?

livilops said 1 year ago:

Ah OK got it – made the change to a single level domain and now all is working with no errors – thanks so much for the great support – I think Im all Ok now !