Skip to content

Wildcard domain proxy routing

Wildcard domain proxy routing is a networking configuration pattern where a proxy server (such as Nginx) is configured to forward traffic for all subdomains of a specific parent domain to a backend infrastructure, such as a Kubernetes Ingress Controller.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]

This setup typically involves configuring the proxy to listen for a generic domain name (e.g., *.example.com) and defining an upstream group containing the IP addresses and specific ports of the backend services^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Configuration Components

Implementing this pattern requires defining an upstream block in the proxy configuration and a server block that utilizes the wildcard hostname^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

  • Upstream Configuration: The upstream block defines the destination servers. In a Kubernetes environment, these targets are typically the NodePort services exposed by the Ingress Controller (e.g., 10.4.7.21:30035)^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].
  • Server Block: The server_name directive is set to the wildcard domain (e.g., *.od.com). This allows the proxy to handle requests for any subdomain matching that pattern without needing to explicitly list every possible hostname^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].
  • Proxy Settings: The location block proxies requests to the upstream backend. It is standard practice to pass the original Host header and X-Forwarded-For headers to the backend to ensure the application receives the correct client information^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Example Configuration

The following is an example of an Nginx configuration for routing *.od.com to a Kubernetes Ingress Controller on port 30035^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]:

upstream default_backend_nginx {
    server 10.4.7.21:30035    max_fails=3 fail_timeout=10s;
    server 10.4.7.22:30035    max_fails=3 fail_timeout=10s;
}

server {
    server_name *.od.com;

    location / {
        proxy_pass http://default_backend_nginx;
        proxy_set_header Host  $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}

DNS Integration

To function correctly, the wildcard entry must be registered in the Domain Name System (DNS). The DNS record (typically an A record) is created using the asterisk wildcard, which maps the parent domain to the proxy server's IP address^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Sources

^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]