junkurihara
commented
1 week ago Hi,
Well, in my understanding, you consider a setup like the following:
- a certificate for wildcard domain (
*.example.com) is used sub.example.comis registered torpxydefault_appis configured forsub.example.com.
Then, you mean that requests for https://other.example.com should be routed to app of sub.example.com. If this is correct, yes, as long asrpxy serves only one apex domain, the policy looks fine!
However, the problem to implement such a catch all domain would be complicated, considering multiple wildcard domain certificates.
Consider the case where another wildcard domain certificate for *.sample.com and some subdomains for sample.com are registered, in addition to *.example.com. Then, how should the routing policy be configured? In such a case, default_app should be set for each apex domain, and it would make the configuration complicated. (Technically possible, but not sure how it should be set in the configuration file)
For HTTPS requests, it will be rejected since the secure connection cannot be established for the unknown server name.
This policy is from the security concern. I just wanted to prevent unintended access with wrong server names in TLS ClientHello.
xkr47
I use rpxy to route certain subdomains to specific apps/pages, but I'd like a catch-all route for
*.my-domain.tldas a fallback so that I can either redirect those back to the main domain or serve them a specific not found page.Today I just get a
503 Service Unavailablefor any subdomain that's not explicitly registered, and I don't see anything in the code that looks like it'd support wildcards. This even happens when I specify adefault_app, both for HTTP and HTTPS. The README seems to indicate that the latter isn't possible:... but I don't understand why ^ is the case when I have a tls cert with a wildcard subdomain. Is there something else that'd prevent that from working?