~emersion/tlstunnel

b19939408c70bd8e452502c7e93d9bd6e2192ec8 — delthas 6 days ago 18dd507
Add support for wildcard server names in frontend directives

This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
1 files changed, 9 insertions(+), 2 deletions(-)

M server.go
M server.go => server.go +9 -2
@@ 7,6 7,7 @@ import (
	"io"
	"log"
	"net"
	"strings"

	"github.com/caddyserver/certmagic"
	"github.com/pires/go-proxyproto"


@@ 128,10 129,16 @@ func (ln *Listener) handle(conn net.Conn) error {

	tlsState := tlsConn.ConnectionState()

	// TODO: support wildcard certificates. Sadly this requires solving a DNS
	// challenge.
	fe, ok := ln.Frontends[tlsState.ServerName]
	if !ok {
		// match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label
		i := strings.IndexByte(tlsState.ServerName, '.')
		// don't allow wildcards with only a TLD (eg *.com)
		if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 {
			fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]]
		}
	}
	if !ok {
		fe, ok = ln.Frontends[""]
	}
	if !ok {