DigitalOcean

Question

Multiple Django/gunicorn/Nginx sites using different IPv6 addresses on one Droplet

Hello,

I turned on IPv6 on my droplet and followed a couple DigitalOcean docs and was able to get a second site running from the same droplet. So, I have one site running with SSL using the IPv4 address and another site with SSL as well (different certificates) using the IPv6 address shown on the droplet’s control panel.

I want to host one more site using another IPv6 address on the same droplet. I followed the instructions on https://www.digitalocean.com/docs/networking/ipv6/how-to/configure-additional-addresses/#enable-new-addresses-on-boot and setup a second address. I can check using ip -6 addr show eth0 and see my second address there. If I go on a web browser and go directly to that IP I can see the Nginx splash screen.

After that I tried to do another gunicorn socket and service and tested it, it works. Then I created another Nginx config under /etc/nginx/sites-available/ (config file below) and linked it to /etc/nginx/sites-enabled/. I setup my domain to point to the second IPv6 address with my domain registrar and on DigitalOcean.

So, in theory (following what I did for the first IPv6 site) everything should work, but when I go to the second domain/IPv6 address on my web browser I still just get the Nginx splash screen. I personally think it is something wrong with how I setup the Nginx config for both IPv6 sites but after a lot of Googleing I have no idea what is wrong.

Nginx config for FIRST IPv6 site (SSL enabled):

server {
    server_name [Pv6:address:1] exampleSite1.com www.exampleSite1.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /path/to/FIRST/site;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/exampleSite1.sock;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    ssl_certificate /path/to/site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /path/to/site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = www.exampleSite1.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = exampleSite1.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen [::]:80;
    server_name [Pv6:address:1] exampleSite1.com www.exampleSite1.com;
    return 404; # managed by Certbot
}

Nginx config for SECOND IPv6 site (can’t run certbot):

server {
    server_name [Pv6:address:2] exampleSite2.com www.exampleSite2.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /path/to/SECOND/site;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/exampleSite2.sock;
    }
}

I hope this all helps. If any more information is needed please let me know.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
April 4, 2024

Apart from what has been said, Hosting multiple websites on a single server, each with its own domain and SSL certificate, doesn’t necessarily require multiple IP addresses. This is a common misconception, especially with the advent of Server Name Indication (SNI) which allows a web server to safely host multiple TLS certificates at the same IP address.

Using SNI, the client sends the hostname as part of the TLS handshake, enabling the server to present the correct certificate. Modern web servers like Nginx and web browsers all support SNI.

Here’s how you can set up multiple sites on a single IP in Nginx:

  1. Create Separate Server Blocks:

Define a server block for each website in your Nginx configuration. Each server block should specify the domain names it handles and the path to its SSL certificates.

Example for exampleSite1.com:

server {
    listen 443 ssl;
    server_name exampleSite1.com www.exampleSite1.com;

    ssl_certificate /path/to/site1/fullchain.pem;
    ssl_certificate_key /path/to/site1/privkey.pem;

    # The rest of your configuration...
}

Repeat for exampleSite2.com with its own paths to its SSL certificate files.

  1. HTTP to HTTPS Redirect:

For each site, include a server block to handle HTTP requests and redirect them to HTTPS.

server {
    listen 80;
    server_name exampleSite1.com www.exampleSite1.com;
    return 301 https://$host$request_uri;
}

Again, repeat this for exampleSite2.com.

  1. Nginx Configuration:

Place these server blocks in the appropriate Nginx configuration files (/etc/nginx/sites-available/), and create symbolic links to them in the /etc/nginx/sites-enabled/ directory.

  1. DNS Settings:

In your DNS settings (at your domain registrar or DNS provider), point both exampleSite1.com and exampleSite2.com to the same IP address of your server.

  1. Obtain SSL Certificates:

You can use Let’s Encrypt to obtain free SSL certificates for both domains. Run Certbot for each domain separately:

sudo certbot --nginx -d exampleSite1.com -d www.exampleSite1.com
sudo certbot --nginx -d exampleSite2.com -d www.exampleSite2.com

Certbot will automatically modify your Nginx configuration to use the obtained certificates.

  1. Reload Nginx:

After making changes to the configuration, reload Nginx to apply them:

sudo nginx -t
sudo systemctl reload nginx

Advantages of Using a Single IP:

  • Simplifies Configuration: Managing a single IP address is easier than handling multiple IPs for different domains.
  • IPv4 Address Conservation: With the scarcity of IPv4 addresses, it’s practical to host multiple sites on one IP.
  • SNI Support: Modern clients support SNI, which makes hosting multiple TLS-secured websites on one IP feasible.

By following these steps, you can host multiple SSL-enabled websites on a single server using one IP address. The key is to configure each site in its own server block in Nginx and ensure DNS points all your domains to the same server. This is a standard practice and works well in most hosting environments.

Bobby Iliev
Site Moderator
Site Moderator badge
November 18, 2023

Hey,

Running multiple Django sites using different IPv6 addresses on a single Droplet is an efficient use of resources. However, there are a few things to keep in mind when setting this up. I’ll outline the steps below:

  1. For the second site, you’ll need to explicitly set Nginx to listen on the specific IPv6 address assigned to that site, both for HTTP and HTTPS:

    listen [ipv6:address:2]:80 ipv6only=on;
listen [ipv6:address:2]:443 ssl ipv6only=on;

    Replace [ipv6:address:2] with the actual IPv6 address allocated to your second site. This tells Nginx to listen for incoming connections for that site on this specific address.

  2. Since you haven’t run Certbot for the second site, you’ll need to configure SSL manually. Assuming you have the SSL certificates ready:

    ssl_certificate /path/to/second/site/fullchain.pem;
ssl_certificate_key /path/to/second/site/privkey.pem;

    These lines should be within the server block that listens on port 443. If you don’t have the certificates yet, you’ll need to obtain them before you can serve the site over HTTPS.

  3. Verify Nginx and Domain Configuration:

    • Run nginx -t to test your Nginx configuration for syntax errors.
    • Ensure DNS settings for your second domain are correct and propagated by using a tool like dig or visiting an online DNS checker.
    • Check your domain registrar and DigitalOcean’s networking settings to ensure your AAAA records match the IPv6 address configured in Nginx.

  4. Review Logs for Specific Error Messages:

    • Access and error logs for Nginx can offer more insights:
    sudo tail -f /var/log/nginx/error.log
sudo tail -f /var/log/nginx/access.log
    • Look for any messages related to your second site and address any issues that stand out.

  5. Confirm that your firewall isn’t blocking connections to the second IPv6 address. If you’re using DigitalOcean’s Cloud Firewall, ensure the rules allow traffic to the second site.

  6. If you intend to use Certbot for SSL on the second site, make sure your Droplet is configured to handle IPv6 correctly, as Let’s Encrypt will need to validate your domain over IPv6 if an AAAA record exists.

After addressing these points, reload Nginx to apply any changes

sudo systemctl reload nginx

Changes in DNS can take time to propagate, and you might need to wait a bit before your settings take effect.

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.