From b19939408c70bd8e452502c7e93d9bd6e2192ec8 Mon Sep 17 00:00:00 2001 From: delthas Date: Sat, 12 Sep 2020 19:43:16 +0200 Subject: [PATCH] Add support for wildcard server names in frontend directives This adds support for matching incoming TLS connections to the corresponding frontend when the frontend has a wildcard server name. This does not add support for generating wildcard certificates from Let's Encrypt, which requires DNS challenges. --- server.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/server.go b/server.go index 40c9854..8aecf5c 100644 --- a/server.go +++ b/server.go @@ -7,6 +7,7 @@ import ( "io" "log" "net" + "strings" "github.com/caddyserver/certmagic" "github.com/pires/go-proxyproto" @@ -128,9 +129,15 @@ func (ln *Listener) handle(conn net.Conn) error { tlsState := tlsConn.ConnectionState() - // TODO: support wildcard certificates. Sadly this requires solving a DNS - // challenge. fe, ok := ln.Frontends[tlsState.ServerName] + if !ok { + // match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label + i := strings.IndexByte(tlsState.ServerName, '.') + // don't allow wildcards with only a TLD (eg *.com) + if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 { + fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]] + } + } if !ok { fe, ok = ln.Frontends[""] }