Add support for wildcard server names in frontend directives

This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
This commit is contained in:
delthas 2020-09-12 19:43:16 +02:00 committed by Simon Ser
parent 18dd507ea5
commit b19939408c
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
1 changed files with 9 additions and 2 deletions

View File

@ -7,6 +7,7 @@ import (
"io"
"log"
"net"
"strings"
"github.com/caddyserver/certmagic"
"github.com/pires/go-proxyproto"
@ -128,9 +129,15 @@ func (ln *Listener) handle(conn net.Conn) error {
tlsState := tlsConn.ConnectionState()
// TODO: support wildcard certificates. Sadly this requires solving a DNS
// challenge.
fe, ok := ln.Frontends[tlsState.ServerName]
if !ok {
// match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label
i := strings.IndexByte(tlsState.ServerName, '.')
// don't allow wildcards with only a TLD (eg *.com)
if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 {
fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]]
}
}
if !ok {
fe, ok = ln.Frontends[""]
}