tandem
/
tlstunnel
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add support for wildcard server names in frontend directives 

This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
This commit is contained in:
delthas 2020-09-12 19:43:16 +02:00 committed by Simon Ser
parent 18dd507ea5
commit b19939408c
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server.go
View File

@ -7,6 +7,7 @@ import (
"io" "io"
"log" "log"
"net" "net"
"strings"
"github.com/caddyserver/certmagic" "github.com/caddyserver/certmagic"
"github.com/pires/go-proxyproto" "github.com/pires/go-proxyproto"
@ -128,9 +129,15 @@ func (ln *Listener) handle(conn net.Conn) error {
tlsState := tlsConn.ConnectionState() tlsState := tlsConn.ConnectionState()
// TODO: support wildcard certificates. Sadly this requires solving a DNS
// challenge.
fe, ok := ln.Frontends[tlsState.ServerName] fe, ok := ln.Frontends[tlsState.ServerName]
if !ok {
// match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label
i := strings.IndexByte(tlsState.ServerName, '.')
// don't allow wildcards with only a TLD (eg *.com)
if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 {
fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]]
}
}
if !ok { if !ok {
fe, ok = ln.Frontends[""] fe, ok = ln.Frontends[""]
} }