From b19939408c70bd8e452502c7e93d9bd6e2192ec8 Mon Sep 17 00:00:00 2001
From: delthas <delthas@dille.cc>
Date: Sat, 12 Sep 2020 19:43:16 +0200
Subject: [PATCH] Add support for wildcard server names in frontend directives

This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
---
 server.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server.go b/server.go
index 40c9854..8aecf5c 100644
--- a/server.go
+++ b/server.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"log"
 	"net"
+	"strings"
 
 	"github.com/caddyserver/certmagic"
 	"github.com/pires/go-proxyproto"
@@ -128,9 +129,15 @@ func (ln *Listener) handle(conn net.Conn) error {
 
 	tlsState := tlsConn.ConnectionState()
 
-	// TODO: support wildcard certificates. Sadly this requires solving a DNS
-	// challenge.
 	fe, ok := ln.Frontends[tlsState.ServerName]
+	if !ok {
+		// match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label
+		i := strings.IndexByte(tlsState.ServerName, '.')
+		// don't allow wildcards with only a TLD (eg *.com)
+		if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 {
+			fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]]
+		}
+	}
 	if !ok {
 		fe, ok = ln.Frontends[""]
 	}