Wildcard cert with remote_ip by subdomain

1. The problem I’m having:

Hi, Im trying to have a custom remote_ip matcher for one of a subdomain in a wildcard setup. So for that specific subdomain I want to restrict access by remote ip.

*.example.com {
         tls {
              dns cloudflare {env.CLOUDFLARE_TOKEN}

	@foo host foo.example.com {
                remote_ip  // tried this but syntax is wrong
	handle @foo {
		respond "Foo!"

	@bar host bar.example.com
	handle @bar {
		respond "Bar!"

	handle {

But this seems not supported by caddy: “Error during parsing: malformed host matcher: blocks are not supported”
What’s the correct syntax to achieve this please?
Maybe there is no way to do this when using wildcard certs?

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

through docker latest

a. System environment:

host is ArchLinux 6.4.3-arch1-2

You need to read the reference documentation page on matchers

To address your issue, the host matcher does not take a block. To use multiple matchers AND-ed together, you need to group them into a named matcher and list the multiple matchers inside the block. Thus you need to convert the following


	@foo {
		host foo.example.com

Yes I missed that part of the doc, thx

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.