Hosting multiple services from home using lets encrypt, port 80 and 443 already used

[NickN85]

I’m looking to host a few different services from home; Next Cloud, Bitwarden, and some photo manager(haven't found one yet). I already have a Windows server essentials 2016 instance running at home with ports 443 and 80 forwarded to that IP. My question is how can I get let’s encrypt certs for Next Cloud and Bitwarden if I already have a windows machine using ports 80 and 443?

I have a PFSense box as my firewall, DHCP and NAT.

This is only a hobby so I am not as preficient as I could be in setting things up. Especially in Linux.

 

Thanks

[Helpful Tech Witch]

you could use a normally unused port......

[NickN85]

Yes but let's encrypt wants to renew accross port 80 and I already have the windows machine using that. I have played around with the DNS challenge but have been unable to get it working and as far as I know that would only get one of the services going. NGINX seems to be a possible solution but I am out of my depth.

[Eigenvektor]

5 minutes ago, NickN85 said:

Yes but let's encrypt wants to renew accross port 80 and I already have the windows machine using that. I have played around with the DNS challenge but have been unable to get it working and as far as I know that would only get one of the services going. NGINX seems to be a possible solution but I am out of my depth.

To host multiple services on port 80/443 you'd normally use subdomains, which is something you can easily configure with nginx. The question is, does your DNS allow you to use subdomains?

 

What I mean is, "mydomain.com", "foo.mydomain.com", "bar.mydomain.com", etc. should all resolve to your IP address.

[Alvin853]

5 minutes ago, NickN85 said:

I’m looking to host a few different services from home; Next Cloud, Bitwarden, and some photo manager(haven't found one yet). I already have a Windows server essentials 2016 instance running at home with ports 443 and 80 forwarded to that IP. My question is how can I get let’s encrypt certs for Next Cloud and Bitwarden if I already have a windows machine using ports 80 and 443?

I have a PFSense box as my firewall, DHCP and NAT.

This is only a hobby so I am not as preficient as I could be in setting things up. Especially in Linux.

 

Thanks

How do you have the server set up? Most webservers allow for vhosts, which means multiple separate services can run on the same webserver, and the server decides, based on the domain used, which root directory of code to route the request to.

Or you could use a reverse proxy, that accepts all incoming requests and routes them to the webserver responsible for each service. For example service 1 runs on ports 81 and 444, service 2 on 82 and 445, and the reverse proxy runs on ports 80 and 443, receives a request, figures out which service is being requested and reroutes the request to the corresponding port. This is typically used with docker containers, because in this case each service is its own server.

 

You may have to look into "Server Name Indication" as well for the certificates, although in the 2nd case you could have the reverse proxy take care of the encryption/decryption and it will reroute the unencrypted traffic to the internal server.