Nginx stream block with wildcard filtering of subdomains
I have set up an Nginx server as L4 Proxy(Forward Proxy With Stream Module), with the following configuration in the nginx.conf file;
stream {
resolver 8.8.8.8;
server {
listen 443;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_pass $ssl_preread_server_name:$server_port;
}
}
everything works fine, with the configuration above.
but let's say I want to limit the access of the URLs passing to my proxy server.Not by limiting the IP address but with URL names.
I did a research and setup the following configuration file and somehow I was able to control the URLs passing to my proxy.
But the issue starts from here. If a large website is called, since it has many links or subdomains loaded behind the scene, and knowing that I have limited the URLs allowed to pass, and wildcarding subdomains is not working in stream block, I am not able to load the requested website completely.
Is there a solution to have it used in stream block to support wildcard for subdomain of domain?
my new configuration is as below:
stream {
map $ssl_preread_server_name $name {
ipchicken.com ipchicken.com;
www.bbc.com www.bbc.com;
www.bbc.co.uk www.bbc.co.uk;
bbci.co.uk bbci.co.uk;
}
server {
resolver 8.8.8.8;
listen 443;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_pass $name:$server_port;
}
}
events {
}
You are looking for the hostnames keyword. With this keyword you can use *.example.com as a wildcard entry for example.com domain. Similarly as for server_name directive you can use .example.com for both example.com and *.example.com:
map $ssl_preread_server_name $name {
hostnames;
.ipchicken.com $ssl_preread_server_name;
.bbc.com $ssl_preread_server_name;
.bbc.co.uk $ssl_preread_server_name;
.bbci.co.uk $ssl_preread_server_name;
}
As an alternative you can use any regex within the map block, i.e.
map $ssl_preread_server_name $name {
# covers 'bbc.com', 'www.bbc.com' and 'static.bbc.com':
~^(?:www\.|static\.)?bbc\.com$ $ssl_preread_server_name;
...
}