Wildcard cert with remote_ip by subdomain

deip · July 20, 2023, 6:39pm

1. The problem I’m having:

Hi, Im trying to have a custom remote_ip matcher for one of a subdomain in a wildcard setup. So for that specific subdomain I want to restrict access by remote ip.

*.example.com {
         tls {
              dns cloudflare {env.CLOUDFLARE_TOKEN}
         }

	@foo host foo.example.com {
                remote_ip 100.64.0.0/10  // tried this but syntax is wrong
         }
	handle @foo {
		respond "Foo!"
	}

	@bar host bar.example.com
	handle @bar {
		respond "Bar!"
	}

	handle {
		abort
	}
}

But this seems not supported by caddy: “Error during parsing: malformed host matcher: blocks are not supported”
What’s the correct syntax to achieve this please?
Maybe there is no way to do this when using wildcard certs?

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

through docker latest

a. System environment:

host is ArchLinux 6.4.3-arch1-2

Mohammed90 · July 20, 2023, 8:24pm

You need to read the reference documentation page on matchers

To address your issue, the host matcher does not take a block. To use multiple matchers AND-ed together, you need to group them into a named matcher and list the multiple matchers inside the block. Thus you need to convert the following

To

	@foo {
		host foo.example.com
		remote_ip 100.64.0.0/10
	}

deip · July 21, 2023, 8:50am

Yes I missed that part of the doc, thx

system · August 20, 2023, 8:50am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.