-
|
hi, trying to reverse proxy multiple sites, using various ports. and also have ssl cert be valid only if the host name matches the request.
using v 2.0.0 any ideas? thanks my appsettings: {
"Logging": {"LogLevel": {"Default": "Information","Microsoft": "Warning","Microsoft.Hosting.Lifetime": "Information"}},
"Kestrel": {
"Endpoints": {"HTTP-wsqa.yarp123.com": {"Url": "http://wsqa.yarp123.com"},
"HTTPS-cgimps01.yarp123.com": {"Url": "https://cgimps01.yarp123.com:8080"},
"HTTPS-avd.yarp123.com": {"Url": "https://avd.yarp123.com","Certificate": {"Path": "certs/avd.pfx","Password": "avd"}}}
},
"AllowedHosts": "*",
"ReverseProxy": {
"Clusters": {
"wsqa.yarp123.com": {"Destinations": {"destination1": {"Address": "10.10.10,10:80"}}},
"cgimps01.yarp123.com": {"Destinations": {"destination2": {"Address": "10.10.10.11:8080"}}},
"avd.yarp123.com": {"Destinations": {"destination3": {"Address": "https://client.wvd.microsoft.com/arm/webclient/index.html"}}}
},
"Routes": {
"route1": {"ClusterId": "wsqa.yarp123.com","Match": {"Path": "wsqa.yarp123.com"},
"route2": {"ClusterId": "cgimps01.yarp123.com","Match": {"Path": "cgimps01.yarp123.com:8080"}},
"route3": {"ClusterId": "avd.yarp123.com","Match": {"Path": "avd.yarp123.com"}}
}
}
}
} |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
You've mostly got it. Some notes: Endpoint HTTPS-cgimps01.yarp123.com will need some kind of certificate, HTTPS must always have one.
|
Beta Was this translation helpful? Give feedback.
-
|
thank though im getting this error, and catch all isnt the intention as it should rev-proxy only requests with the hostanme specified. "The proxy config is invalid. (Route 'route1' requires Hosts or Path specified. Set the Path to '/{**catchall}' to match all requests.)" |
Beta Was this translation helpful? Give feedback.
-
|
Can you share your updated config? |
Beta Was this translation helpful? Give feedback.
-
|
thanks, error is now: {
"Logging": {"LogLevel": {"Default": "Information","Microsoft": "Warning","Microsoft.Hosting.Lifetime": "Information"}},
"Kestrel": {
"Endpoints": {"HTTP-wsqa.yarp123.com": {"Url": "http://wsqa.yarp123.com"},
"HTTPS-avd.yarp123.com": {"Url": "https://avd.yarp123.com","Certificate": {"Path": "certs/cert1.pfx","Password": "pw123123"}}}
},
"AllowedHosts": "*",
"ReverseProxy": {
"Routes": {
"route1": {"ClusterId": "wsqa.yarp123.com","Match": {"Hosts":"wsqa.yarp123.com", "Path":"/{**catch-all}"}},
"route3": {"ClusterId": "avd.yarp123.com","Match": {"Hosts":"avd.yarp123.com", "Path": "/{**catch-all}"}, "Transforms":[{"PathSet": "/arm/webclient/index.html"}]}
},
"Clusters": {
"wsqa.yarp123.com": {"Destinations": {"destination1": {"Address": "10.29.32.25:80"}}},
"avd.yarp123.com": {"Destinations": {"destination3": {"Address": "https://client.wvd.microsoft.com"}}}
}
}
} |
Beta Was this translation helpful? Give feedback.
You've mostly got it. Some notes:
Endpoint HTTPS-cgimps01.yarp123.com will need some kind of certificate, HTTPS must always have one.
"route1": {"ClusterId": "wsqa.yarp123.com","Match": {"Path": "wsqa.yarp123.com"},You need to match the Hosts, not Path.
"route1": {"ClusterId": "wsqa.yarp123.com","Match": {"Hosts" : [ "wsqa.yarp123.com" ]},Note there's an explicit check that this host header matches the certificate, that's handled by SNI at the TLS layer. Per request you could add a middleware to verify the SNI matches the host header. dotnet/aspnetcore#34525 makes this easier, but I think you can get the SslStream from HttpContext.Features and check it that way.
"avd.yarp123.com": {"Des…