Will TLS Proxy support wildcard domains?

Question

I have an older server that needs to be able to post using TLS1.2/1.3.

I have a working TLS Proxy for a specific domain, but the customer has multiple sublevel domains.

Here is a sample of the current config:
name: MYCUSTOMER
in:
port: 83
out:
address: sub1.sub2.customerdomain.com
port: 443
protocol: HTTPS
tlsVersions: TLS12
idleTimeout: 120
httpHostOverride: sub1.sub2.customerdomain.com
httpXForwardedFor: true

If we modify the post to http://localhost:83/someURI, it works great, but while the domain is fixed, the sublevel might change without warning and I'd like to avoid creating dozens of tunnels for the various subs.

Is this config feasible?
name: MYCUSTOMER
in:
port: 83
out:
address: *.customerdomain.com
port: 443
protocol: HTTPS
tlsVersions: TLS12
idleTimeout: 120
httpHostOverride: *.customerdomain.com
httpXForwardedFor: true

Answer 1

Yes, this is planned feature, but the schedule was not decided yet.

There are two possibilities, how to determine address for outbound tunnel:

1. As shown in your case using the HTTP Host header.
2. Using server name provided by SNI extension in case inbound tunnel uses TLS.

Actually, second case based on SNI is quite simple and we can add it soon if needed.
On the other hand, using Host header is much more complicated in our current proxy implementation.

Comments

We offload SSL processing so the SNI isn't passed to the web application. It only sees the address of the load-balancer, not the original SNI extension.

However, based on information received from my customer, it looks we would only see two different domains so I think the solution we have in place now will work, at least for now.