Rancher with Let's Encrypt Certs, bare metal and limited public IPs

In the process of migrating to 2.1 from 1.6. Currently I use a single public IP that forwards traffic (NGINX) to corresponding services on Rancher 1.6. For 2.1 I’ve created a domain name with another public IP, it launched and created it’s own certificate, but also seems to only respond to Rancher UI on that IP.

|My question is this. Do I need a public IP for each node in order for it to open ports and direct via ingress, or can I use the primary server’s IP address as the IP for all internal projects on this instance?