Hi.
I would like to configure a reverse-proxy with a wildcard domain and sni support.
Is it possible to use placeholders in tls/server_name, like http.request.host? I really don’t want to configure a route for each backend - it would elemintate all the benefits of the wildcard domain.
{
"@id": "wildcard-apps-mydomain-com",
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"transport": {
"protocol": "http",
"tls": {
"server_name": "{http.request.host}"
}
},
"upstreams": [
{
"dial": "10.0.0.42:443"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"*.apps.mydomain.com"
]
}
]
}
It seems that caddy does not convert the placeholders into their corresponding values. This is an answer of a backend:
{"level":"error","ts":1598120557.7658117,"logger":"http.log.error","msg":"x509: certificate is valid for *.apps.mydomain.com, not {http.request.host}","request":{"method":"HEAD","uri":"/","proto":"HTTP/2.0","remote_addr":"10.0.0.107:64103","host":"abc.apps.mydomain.com","headers":{"User-Agent":["curl/7.64.1"],"Accept":["*/*"]},"tls":{"resumed":false,"version":771,"ciphersuite":52393,"proto":"h2","proto_mutual":true,"server_name":"abc.apps.mydomain.com"}},"duration":0.009521772,"status":502,"err_id":"2ugft70nu","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}