search

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
BSD 2-Clause "Simplified" License
2.52k stars 397 forks source link

Question: subdomains? #387

Open quillaja opened 1 year ago

quillaja commented 1 year ago

Can sniproxy route subdomains to different addresses? I did attempt to test it and I think my requests to the subdomain were going to the incorrect server (eg sub1.mydomain.net went to 127.0.0.1:8000 mydomain.net), but it's possible I had something else with DNS misconfigured.

Partial config for example:

listen 80 {
    proto http
    table http_hosts

    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
    }
}

table http_hosts {
    mydomain.net 127.0.0.1:8000
    sub1.mydomain.net 127.0.0.1:8001
    sub2.mydomain.net 127.0.0.1:8002
}
erictapen commented 1 year ago

I'm stumbling over the same problem, even though the configuration you are showing fixed it for me. Apparently the order in http_hosts matters for non-regex entries? This is not intuitive imo.

listener 443 {
  protocol dns
  table http_hosts
}

table http_hosts {
  example.com fc00::1
  sub.example.com fc00::2
}

routes all requests to sub.example.com via fc00::1. Switching the order fixed the problem for me:

listener 443 {
  protocol dns
  table http_hosts
}

table http_hosts {
  sub.example.com fc00::2
  example.com fc00::1
}

Unfortunately my configuration generator doesn't easily allow to specify the order in http_hosts and as a user I wouldn't want to care about it for non-regex entries. Would it be possible to change this or at least document the handling of subdomains in big red letters?

quillaja commented 1 year ago

@erictapen I'll try changing the order and see what happens.