What is the best practice for having VPS with multiple domains (different unrelated to each other accounts) some of which may require SSL certificates?
This VPS has IPv4 and IPv6.
I usually was using IPv4 and buying extra IPv4 on demand per domain (around 2 EURO per month extra) and using LetsEncrypt or commercial SSLs, but recently was told this is not the best practice and i should also use Nginx for this.
And of course SSL per domain is understandably good for mail and ftp also.
Could someone explain what’s the best way to have it? I have a bad feeling about using extra IPv4 (apart from one shared for entire server) as not many IPv4s left in the World, also IPv6 are cheaper.
Thank you.
For years both Apache and Nginx have supported what is referred to as name-based hosting. With this model, you can use a “single” shared IP address for multiple domains hosted. This also supports the use of individual SSL certificates while using the shared IP address for all of them.
From a technical point of view, the way it works is…
Domain resolves to IP address via DNS
Web Server (Apache or Nginx) looks up the domain in it’s configuration, then serves up the appropriate “virtual host” for that domain.
The model was designed to address the shortage of IPv4 addresses available on the market, so you absolutely should NOT get unique IP addresses unless there are very specific requirements that justify this.
Hope this helps!
If you have further questions about this, please reply.
I don’t know if this was ever a best practice but there are many advantages of having a dedicated IP for a domain. If you can afford the 2 Euro per month cost, you should continue with this practice. See https://www.bluehost.com/blog/benefits-dedicated-ip/
But you don’t have to spend extra every month for IP addresses, if you don’t want to. For many years now there are available techniques and technology that have made it possible to share an IP address and share the resources of a single server to host multiple websites and domains. This is commonly referred to as shared hosting.
As @tpnsolutions explained, Apache as well as Nginx web servers (and even others) offer the functionality to host multiple websites on a single IP address. You could, if you wanted to, use the free IPv4 address that is offered with your server to host a potentially unlimited number of websites and domains using Apache or Nginx or any of the other web servers that are commonly used. Virtualmin is the ideal web hosting control panel for shared hosting - i.e. hosting multiple websites on a single server and single IP address.
While some ISPs, and hosting companies will sell you ipv4 addresses without requiring justification, it is a general rule that using them where a shared ipv4 address is possible as is the case per my former response, it is considered irresponsible as ipv4 addresses are in short supply.
Not only will you be saving a few bucks, but you will be a much more responsible web citizen by taking the advice of industry experts including but not limited to ARIN and RIPE (two of the world’s largest organizations responsible for issuing Ipv4 subnets to ISPs and data centers)
*** Sorry @calport, I did feel the needs to clarify this as misuse of the IP space is not a “best practice”. ***
@rulez22, if you feel you’ve ever got a justified use of dedicated IPs, feel free to ask to make sure it makes sense. There are a lot of myths regarding the alleged necessity of them.
I am glad that you brought up the issue of IPv4 address exhaustion. I had worked with Internet Society ( isoc.org ) almost ten years ago to launch IPv6 in India and globally. I believe ours was among the first 100 websites to adopt IPv6 at that time.
So I am with you all the way in raising awareness about IPv6 and the optimal use of available IPv4 addresses. I would also like to balance that with laissez-faire and free market mechanisms in determining price and availability. In my previous message I highlighted the fact that it is now possible to host multiple websites on a single IPv4 address and the OP need not pay additional monthly charges for additional IPv4 addresses if he did not wish to do so. However the fact remains that there are thought to be advantages to having an IPv4 dedicated to a particular website / domain - and this cannot be denied.
In a free market if a person is ready to pay, let him have more than one IPv4. There is no sin in that.
But there is. ARIN and RIPE for instance who manage the delegation of IPv4 address delegation to a good portion of the internet’s providers will for instance deny delegation if they find the provider requesting them is not promoting a conservative delegation model themselves.
People may get away with utilizing IPs inappropriately, but the provider and ultimately the user could end up paying for it later if the governing body audits and finds they have been getting used inappropriately.
I feel it’s important for people to be aware of this factor because your statement IMHO is like saying…
“In a free world if a person is prepared to pay, not following the law is acceptable.” The reality is it’s never appropriate to break the law as they are ultimately set by the people directly or indirectly who must follow them.