0

I have an issue where wildcard.domain.com is not working 100%. It appears to fail when going to https://wildcard.domain.com, where as https://www.wildcard.domain.com works. so I have the following pound config:

##
# 1 http://*.test.domain.com
##
ListenHTTP
        Address         10.xx.xx.xx
        Port            80
        HeadRemove      "X-HTTPS-via-LB"
        RewriteLocation 0
    xHTTP           0
    Service "test domain"
      HeadRequire   "^Host:.*test\.domain\.com\s*$"
      Redirect      "https://www.test.domain.com"
    End
End

##
# 2 https://*.test.domain.com
##
ListenHTTPS
        Address                 10.xx.xx.xx
        RewriteLocation 0
        HeadRemove              "X-HTTPS-via-LB"
        AddHeader               "X-HTTPS-via-LB: 1"
        Port                    443
        xHTTP                   0
        Cert                    "/etc/pki/tls/private/wildcard.test.domain.com.combined"
        Ciphers                 "****"
End

Now this almost works, but still fails in certain scenarios:

WORKS: User goes to http://test.domain.com, Pound presents user with https://www.test.domain.com/

WORKS: User goes to http://www.test.domain.com, Pound presents user with https://www.test.domain.com/

WORKS: User goes to https://www.test.domain.com, Pound presents user with https://www.test.domain.com/

FAILS: User goes to https://test.domain.com/, Pound presents user with "Your connection is not Private"

I don't understand how I can fix this issue, do I just need to add a regular expression to the HTTPS listener?

Anthony 'Runt' Cleaves
  • 109
  • 2
  • 15

1 Answers1

1

If your certificate indicate only *.test.domain.com is NOT valid for test.domain.com , only for subdomains (and only for one level).

And there is an error in that line:

HeadRequire "^Host:.test.domain.com\s$"

it redirect anything.test.domain.com but also anythingtest.domain.com (note the missing point). I think it should be

HeadRequire "^Host:..test.domain.com\s$"

And if you want to redirect only one level of subdomains:

HeadRequire "^Host:[^.]+.test.domain.com\s*$"

If you want to redirect test.domain.com too:

HeadRequire "^Host:([^.]+.)?test.domain.com\s*$"

Tom
  • 4,666
  • 2
  • 29
  • 48
  • I think you have hit the nail on the head in regards to the certificate. I need to include the combined file for wildcard.wilcard.domain.com, I can see it accepts multiple Cert parameters so I am trying that now. This has been a great help. – Anthony 'Runt' Cleaves Aug 23 '16 at 14:56
  • It would appear test.domain.com is only covered in a cert which is a wildcard.doman.com certificate, can this be used within the same pound configuration do you think? Would wildcard.test.domain.com work if test is actually a wildcard domain. – Anthony 'Runt' Cleaves Aug 23 '16 at 15:15
  • if you want wildcard.test.domain.com, wildcard.domain.com and domain.com you need *.test.domain.com, *.domain.com and domain.com, it was your question? – Tom Aug 23 '16 at 16:35