Migrate to using a wildcard certificate

Help
2

I don’t think map is optimal here because it involves placeholders for the proxy upstreams. There’s some things that aren’t possible when the reverse_proxy handler needs to resolve its upstream addresses from placeholders.

I’d suggest doing it with a snippet with args and handle blocks. This would be more optimal because the JSON config output by the adapter will directly reference the domains due to {args.*} being replaced at adapt time instead of at runtime. Something like this:

(subdomain) {
	@sub-{args.0} host {args.0}.udance.com.au
	handle @sub-{args.0} {
		reverse_proxy http://{args.1}
	}
}

*.udance.com.au {
	encode gzip 
	import tlsdns
	import authproxy /phpmyadmin*
	import logging udance

	import subdomain rslsync      10.1.1.22:8888 # Resilio Sync
	import subdomain cloud        10.1.1.29      # Nextcloud 
	import subdomain heimdall     10.1.1.23      # Heimdall 
	import subdomain blog         10.1.1.54      # blog.udance.com.au
	import subdomain test         10.1.1.50      # test.udance.com.au
	import subdomain basil        10.1.1.56      # basil.udance.com.au
	import subdomain sachika      10.1.1.57      # sachika.udance.com.au

	handle {
		# Fallback for any subdomain not otherwise handled
	}
}

A couple things to note, it’s not possible to have more than one log per site block in the Caddyfile unfortunately, so you can’t split your logs into multiple files when using this pattern. This is a limitation of the Caddyfile adapter at the moment.

In your map approach, you used {hostname} but this wouldn’t work as-is because that would give you the full hostname, not just the subdomain. You would need to use {labels.3} to get the actual subdomain (i.e the 0 indexed 4th host label, starting from the right).

You’ll probably want to move www.dance.com.au into the same site block if you want it to use the wildcard cert. You can do this with another handle block similarly to the snippet above. You can do the same with the main domain as well, like *.example.com, example.com, with another handle for the main one as well.

Yeah. You might not need to do that though since you’ll only have tls defined once if you use a single site block with handle blocks.

Answered :wink: