
 How to use multiple IPs on your server, also for your SSL enabled sites?

 You can use a quick and simple recipe, explained below.


 1. Use existing or deploy a new site as usual - don't enable SSL features in Aegir.

 2. Create two extra configuration files with contents as shown further below.

    * Replace YO.UR.AEGIR.IP with your Aegir Hostmaster main IP address.
    * Replace YO.UR.EXTRA.IP1,2,3 etc with correct extra IP addresses.
    * Paste your SSL key in the file /etc/ssl/private/abc-ssl-enabled-domain.key
    * Paste your SSL certificate and all intermediate certificates (bundles)
      in the file /etc/ssl/private/abc-ssl-enabled-domain.crt

 3. Restart Nginx with `service nginx reload` or `service nginx restart`. Done!



###
### Plain HTTP proxy to add more IPs for HTTP connections (START)
###
### CREATE THIS FILE AS: /var/aegir/config/server_master/nginx/pre.d/extra_ip.conf
###
upstream extra_ip {
  server  YO.UR.AEGIR.IP:80;
}
server {
  listen                       YO.UR.EXTRA.IP1:80;
  listen                       YO.UR.EXTRA.IP2:80;
  listen                       YO.UR.EXTRA.IP3:80;
  server_name                  _;
  ###
  ### Optional permanent redirect to HTTPS per domain/regex
  ###
  if ($host ~* ^(www\.)?(foo\.com)$) {
    rewrite ^ https://$host$uri? permanent;
  }
  location / {
    proxy_pass                 http://extra_ip;
    proxy_redirect             off;
    gzip_vary                  off;
    proxy_buffering            off;
    proxy_set_header           Host              $host;
    proxy_set_header           X-Real-IP         $remote_addr;
    proxy_set_header           X-Forwarded-By    $server_addr:$server_port;
    proxy_set_header           X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header           X-Local-Proxy     $scheme;
    proxy_pass_header          Set-Cookie;
    proxy_pass_header          Cookie;
    proxy_pass_header          X-Accel-Expires;
    proxy_pass_header          X-Accel-Redirect;
    proxy_pass_header          X-This-Proto;
    proxy_connect_timeout      180;
    proxy_send_timeout         180;
    proxy_read_timeout         180;
    access_log                 off;
    log_not_found              off;
  }
}
###
### Plain HTTP proxy to add more IPs for HTTP connections (END)
###



###
### Secure HTTPS proxy to add more IPs for HTTPS connections (START)
###
### CREATE THIS FILE AS: /var/aegir/config/server_master/nginx/pre.d/extra_ip_ssl.conf
###
upstream extra_ip_ssl {
  server  YO.UR.AEGIR.IP:80;
}
###
### FOR abc-ssl-enabled-domain.com
###
server {
  listen                       YO.UR.EXTRA.IP1:443;
  server_name                  _;
  ssl                          on;
  ssl_certificate              /etc/ssl/private/abc-ssl-enabled-domain.crt;
  ssl_certificate_key          /etc/ssl/private/abc-ssl-enabled-domain.key;
  ssl_session_timeout          5m;
  ssl_protocols                SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                  RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers    on;
  keepalive_timeout            70;
  ###
  ### Deny known crawlers.
  ###
  if ($is_crawler) {
    return 403;
  }
  location / {
    proxy_pass                 http://extra_ip_ssl;
    proxy_redirect             off;
    gzip_vary                  off;
    proxy_buffering            off;
    proxy_set_header           Host              $host;
    proxy_set_header           X-Real-IP         $remote_addr;
    proxy_set_header           X-Forwarded-By    $server_addr:$server_port;
    proxy_set_header           X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header           X-Local-Proxy     $scheme;
    proxy_set_header           X-Forwarded-Proto $scheme;
    proxy_pass_header          Set-Cookie;
    proxy_pass_header          Cookie;
    proxy_pass_header          X-Accel-Expires;
    proxy_pass_header          X-Accel-Redirect;
    proxy_pass_header          X-This-Proto;
    proxy_connect_timeout      180;
    proxy_send_timeout         180;
    proxy_read_timeout         180;
    access_log                 off;
    log_not_found              off;
  }
}
###
### FOR xyz-ssl-enabled-domain.com
###
server {
  listen                       YO.UR.EXTRA.IP2:443;
  server_name                  _;
  ssl                          on;
  ssl_certificate              /etc/ssl/private/xyz-ssl-enabled-domain.crt;
  ssl_certificate_key          /etc/ssl/private/xyz-ssl-enabled-domain.key;
  ssl_session_timeout          5m;
  ssl_protocols                SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                  RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers    on;
  keepalive_timeout            70;
  ###
  ### Deny known crawlers.
  ###
  if ($is_crawler) {
    return 403;
  }
  location / {
    proxy_pass                 http://extra_ip_ssl;
    proxy_redirect             off;
    gzip_vary                  off;
    proxy_buffering            off;
    proxy_set_header           Host              $host;
    proxy_set_header           X-Real-IP         $remote_addr;
    proxy_set_header           X-Forwarded-By    $server_addr:$server_port;
    proxy_set_header           X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header           X-Local-Proxy     $scheme;
    proxy_set_header           X-Forwarded-Proto $scheme;
    proxy_pass_header          Set-Cookie;
    proxy_pass_header          Cookie;
    proxy_pass_header          X-Accel-Expires;
    proxy_pass_header          X-Accel-Redirect;
    proxy_pass_header          X-This-Proto;
    proxy_connect_timeout      180;
    proxy_send_timeout         180;
    proxy_read_timeout         180;
    access_log                 off;
    log_not_found              off;
  }
}
###
### Secure HTTPS proxy to add more IPs for HTTPS connections (END)
###

