#1 2017-04-18 05:03:03

rockinmusicgv
Trusted Member
Registered: 2016-03-11
Posts: 8

Wildcard Reverse Proxy

GestionDBI has a really convenient tool for adding new domains to the reverse proxy.  Is it possible to add a wild card such that *.mydomain.com will be routed to the correct server?

Offline

#2 2017-04-19 14:33:49

WSS
Trusted Member
Registered: 2016-12-22
Posts: 70

Re: Wildcard Reverse Proxy

Calling BackToGeek, since I'm pretty sure he authored the tool.   I doubt you can add wildcards since I'm fairly certain this is based on HAProxy 1.5, but it never hurts to ask!


A signature is a small piece of text that is attached to your posts. In it, you can enter just about anything you like. Perhaps you would like to enter your favourite quote or your star sign.

Offline

#3 2017-04-19 14:48:48

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,210
Website

Re: Wildcard Reverse Proxy

Nope, not for me, GDBI uses their own thing smile


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#4 2017-04-19 14:55:29

DavidGestionDBI
Provider-Moderator
From: Montreal, Canada
Registered: 2015-01-10
Posts: 553
Website

Re: Wildcard Reverse Proxy

I use my own thing since I never play with HAproxy of my life tongue


-----------
David B. |  Technical Director at Gestion DBI ||  Want to receive our promotions?
IT consulting and Hosting Provider | 24/7 Technical Support

Offline

#5 2017-04-19 17:43:51

rockinmusicgv
Trusted Member
Registered: 2016-03-11
Posts: 8

Re: Wildcard Reverse Proxy

Thank you for the replies.  Using the tool provided by GDBI, I cannot add wildcards to the reverse proxy.  (domains need to be numbers and letters only).  Are there any plans to add this functionality?  Is it even possible to add this?

If not, I can try to whip up a custom proxy that runs on a system with a public IPv4, but that would be a significant hassle neutral

Offline

#6 2017-04-19 19:58:03

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,181
Website

Re: Wildcard Reverse Proxy

HAProxy should be able to do it if the ACL is using "hdr_sub(host)" but that could end up with a bunch of other problems.

Offline

#7 2017-04-19 22:14:26

rockinmusicgv
Trusted Member
Registered: 2016-03-11
Posts: 8

Re: Wildcard Reverse Proxy

Thanks for the heads up.  If I do end up rolling my own reverse proxy, what problems will hdr_sub(host) cause?

Offline

#8 2017-04-20 06:31:27

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,210
Website

Re: Wildcard Reverse Proxy

I assume the obvious one is missdirects and invalid session cookies, but really in order to understand it you need to live it i.e. suck it and see!


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#9 2017-04-20 16:15:45

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,181
Website

Re: Wildcard Reverse Proxy

hdr_sub grabs a portion of the domain name and redirects it.

Example: if you want a wildcard you would set .domainname.tld
Because haproxy would take the domain that the user wants to see and match it to your inserted value.
Now the problem is if you enter only "domainname.tld" (without the ") and another user adds "yourdomainname.tld" (eithout the "). Guess what could happen? If the ACL is handled first by haproxy, yourdomainname.tld actually is true since it is the last part of the domain name.

Now, if I enter a value "a.com", with any luck I could end up with traffic for all domains ending with "a.com".

There is another option to get the last part of the domain name when matching against ACL, problem is to sanitize it if you add a port number to the domain name.

It would take alot of tests to configure this "the right way" and make it safe for the users.
There are no problems if you are the only one behind the proxy but here....... naaahhh, could get ugly.

Offline

#10 2017-04-20 19:18:18

WSS
Trusted Member
Registered: 2016-12-22
Posts: 70

Re: Wildcard Reverse Proxy

Backtogeek wrote:

Nope, not for me, GDBI uses their own thing smile

DavidGestionDBI wrote:

I use my own thing since I never play with HAproxy of my life tongue

Eweps.   Not sure why I thought Anthony did the whole LES thing for everyone.  Ignore me (if you haven't already).


A signature is a small piece of text that is attached to your posts. In it, you can enter just about anything you like. Perhaps you would like to enter your favourite quote or your star sign.

Offline

#11 2017-04-21 03:31:35

AuroraZero
Slacker
From: Slacker Labs
Registered: 2017-04-01
Posts: 17
Website

Re: Wildcard Reverse Proxy

He did at first and then it kind of branched out. Which is cool.


Two men enter, One man LEAVES!!!

Offline

Board footer