I have an issue where wildcard.domain.com is not working 100%. It appears to fail when going to https://wildcard.domain.com, where as https://www.wildcard.domain.com works. so I have the following pound config:
##
# 1 http://*.test.domain.com
##
ListenHTTP
Address 10.xx.xx.xx
Port 80
HeadRemove "X-HTTPS-via-LB"
RewriteLocation 0
xHTTP 0
Service "test domain"
HeadRequire "^Host:.*test\.domain\.com\s*$"
Redirect "https://www.test.domain.com"
End
End
##
# 2 https://*.test.domain.com
##
ListenHTTPS
Address 10.xx.xx.xx
RewriteLocation 0
HeadRemove "X-HTTPS-via-LB"
AddHeader "X-HTTPS-via-LB: 1"
Port 443
xHTTP 0
Cert "/etc/pki/tls/private/wildcard.test.domain.com.combined"
Ciphers "****"
End
Now this almost works, but still fails in certain scenarios:
WORKS: User goes to http://test.domain.com, Pound presents user with https://www.test.domain.com/
WORKS: User goes to http://www.test.domain.com, Pound presents user with https://www.test.domain.com/
WORKS: User goes to https://www.test.domain.com, Pound presents user with https://www.test.domain.com/
FAILS: User goes to https://test.domain.com/, Pound presents user with "Your connection is not Private"
I don't understand how I can fix this issue, do I just need to add a regular expression to the HTTPS listener?
If your certificate indicate only *.test.domain.com is NOT valid for test.domain.com , only for subdomains (and only for one level).
And there is an error in that line:
HeadRequire "^Host:.test.domain.com\s$"
it redirect anything.test.domain.com but also anythingtest.domain.com (note the missing point). I think it should be
HeadRequire "^Host:..test.domain.com\s$"
And if you want to redirect only one level of subdomains:
HeadRequire "^Host:[^.]+.test.domain.com\s*$"
If you want to redirect test.domain.com too:
HeadRequire "^Host:([^.]+.)?test.domain.com\s*$"