starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 18:05:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #749] Wildcard Domains (not SSL) #634

New issue
Closed
opened 2026-02-26 06:33:46 +03:00 by kerem · 15 comments
kerem commented 2026-02-26 06:33:46 +03:00
Owner
Copy link

Originally created by @markwylde on GitHub (Dec 1, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/749

Great project, thanks for all your time on this.

This feature may already exist, and I just can't find any documentation for it. I'm happy to create a PR with docs if you can point me in the right direction.

Basically, everything is working perfectly with my new installation. However, I have to put each subdomain in manually. I would like to specify a wildcard domain, and have every subdomain map to a host.

Just to note, this isn't to do with HTTPS or LetsEncrypt.

Is your feature request related to a problem? Please describe.
I would like to be able to map *.mydomain.com to the same IP address.

Describe the solution you'd like
The screen below to accept a wildcard domain
image

Describe alternatives you've considered
Putting in each domain manually

Additional context
Add any other context or screenshots about the feature request here.

Use Case
Maybe a use case would help. Imagine I'm hosting GitLab (or a hypothetical GitHub) on my network with pages (GitHub Pages or GitLab Pages).

I want to let my users expose THEIRORG.pages.gitlab.test .

In my mind, the way to do this is have a wildcard entry: *.pages.gitlab.test

So then if the user comes through to http://testorg.pages.gitlab.test/testrepo, the request automaitcally get's forwarded to the one server.

Originally created by @markwylde on GitHub (Dec 1, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/749 Great project, thanks for all your time on this. This feature may already exist, and I just can't find any documentation for it. I'm happy to create a PR with docs if you can point me in the right direction. Basically, everything is working perfectly with my new installation. However, I have to put each subdomain in manually. I would like to specify a wildcard domain, and have every subdomain map to a host. Just to note, this isn't to do with HTTPS or LetsEncrypt. **Is your feature request related to a problem? Please describe.** I would like to be able to map `*.mydomain.com` to the same IP address. **Describe the solution you'd like** The screen below to accept a wildcard domain ![image](https://user-images.githubusercontent.com/5929807/100749548-85098400-3430-11eb-8c01-74eafed92737.png) **Describe alternatives you've considered** Putting in each domain manually **Additional context** Add any other context or screenshots about the feature request here. **Use Case** Maybe a use case would help. Imagine I'm hosting GitLab (or a hypothetical GitHub) on my network with pages (GitHub Pages or GitLab Pages). I want to let my users expose `THEIRORG.pages.gitlab.test` . In my mind, the way to do this is have a wildcard entry: `*.pages.gitlab.test` So then if the user comes through to `http://testorg.pages.gitlab.test/testrepo`, the request automaitcally get's forwarded to the one server.
kerem 2026-02-26 06:33:46 +03:00
kerem commented 2026-02-26 06:33:46 +03:00
Author
Owner
Copy link

@burkeazbill commented on GitHub (Dec 1, 2020):

Looking for this as well. I can do with Traefik, but want to use NPM for others to more easily do things via UI rather than config files ;)

<!-- gh-comment-id:736663104 --> @burkeazbill commented on GitHub (Dec 1, 2020): Looking for this as well. I can do with Traefik, but want to use NPM for others to more easily do things via UI rather than config files ;)
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@1xPdd commented on GitHub (Dec 5, 2020):

I've had success essentially using 2 certificates: *.example.com for all subdomains and a separate certificate for example.com.

<!-- gh-comment-id:739335327 --> @1xPdd commented on GitHub (Dec 5, 2020): I've had success essentially using 2 certificates: `*.example.com` for all subdomains and a separate certificate for `example.com`.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@markwylde commented on GitHub (Dec 7, 2020):

I've had success essentially using 2 certificates: *.example.com for all subdomains and a separate certificate for example.com.

Just to clarify, this ticket isn't in regards to wildcard SSL certificates. But wildcard domain name matching. Essentially, you could load balance to two http (not https) endpoints. IE:

For the following:
http://test1.example.com -> 192.168.1.10
http://test2.example.com -> 192.168.1.10
http://anything.example.com -> 192.168.1.10

The rule would be:
http://*.example.com -> 192.168.1.10

<!-- gh-comment-id:739631565 --> @markwylde commented on GitHub (Dec 7, 2020): > I've had success essentially using 2 certificates: `*.example.com` for all subdomains and a separate certificate for `example.com`. Just to clarify, this ticket isn't in regards to wildcard SSL certificates. But wildcard domain name matching. Essentially, you could load balance to two http (not https) endpoints. IE: For the following: http://test1.example.com -> 192.168.1.10 http://test2.example.com -> 192.168.1.10 http://anything.example.com -> 192.168.1.10 The rule would be: http://*.example.com -> 192.168.1.10
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@hhannis commented on GitHub (Jan 3, 2021):

yes, want this!

<!-- gh-comment-id:753633258 --> @hhannis commented on GitHub (Jan 3, 2021): yes, want this!
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@mosaati commented on GitHub (Jan 12, 2021):

AFAIK, to be able to ask nginx to route a specific domain to a specific IP address it has to know to which port. Having all domain and subdomains routed to the same IP address wouldn't make sense because they would require different ports for them to function.

You could have them all on the same IP, that doesn't matter much. But let's take your examples http://test1.example.com -> 192.168.1.10 and http://test2.example.com -> 192.168.1.10 are for example running on ports 8080 and 8081 (they cannot have the same port since they are served on the same IP) you would have to add 2 entries in NPM to define those ports separately.

If you mean strictly load balancing, it could be done by having a stream configuration. Although it is an area that might require some further work.

<!-- gh-comment-id:758474803 --> @mosaati commented on GitHub (Jan 12, 2021): AFAIK, to be able to ask nginx to route a specific domain to a specific IP address it has to know to which port. Having all domain and subdomains routed to the same IP address wouldn't make sense because they would require different ports for them to function. You could have them all on the same IP, that doesn't matter much. But let's take your examples http://test1.example.com -> 192.168.1.10 and http://test2.example.com -> 192.168.1.10 are for example running on ports 8080 and 8081 (they cannot have the same port since they are served on the same IP) you would have to add 2 entries in NPM to define those ports separately. If you mean strictly load balancing, it could be done by having a stream configuration. Although it is an area that might require some further work.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@markwylde commented on GitHub (Jan 12, 2021):

Hey @mosaati, thanks for your comment.

That's exactly the scenario I want. I want both test1 and test2 to point to 192.168.1.10:80 (the same port).

Take an example nodejs server:

const http = require('http');

function handler (request, response) {
  if (request.headers.host === 'test1.example.com') {
    response.end('Hi, I am test1');
    return;
  }

  if (request.headers.host === 'test2.example.com') {
    response.end('Hi, I am test2');
    return;
  }

  response.end('There is no website hosted at ' + request.headers.host);
}

const server = http.createServer(handler);

server.listen(8000);

So to clarify: I would like to point a wildcard domain to the same IP and port.

<!-- gh-comment-id:758484405 --> @markwylde commented on GitHub (Jan 12, 2021): Hey @mosaati, thanks for your comment. That's exactly the scenario I want. I want both test1 and test2 to point to 192.168.1.10:80 (the same port). Take an example nodejs server: ```javascript const http = require('http'); function handler (request, response) { if (request.headers.host === 'test1.example.com') { response.end('Hi, I am test1'); return; } if (request.headers.host === 'test2.example.com') { response.end('Hi, I am test2'); return; } response.end('There is no website hosted at ' + request.headers.host); } const server = http.createServer(handler); server.listen(8000); ```` So to clarify: I would like to point a wildcard domain to the same IP **and port**.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@mosaati commented on GitHub (Jan 12, 2021):

Then I think you would need a stream configuration. Have you tried it?

<!-- gh-comment-id:758485793 --> @mosaati commented on GitHub (Jan 12, 2021): Then I think you would need a stream configuration. Have you tried it?
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@schniper commented on GitHub (Feb 8, 2021):

AFAIK, to be able to ask nginx to route a specific domain to a specific IP address it has to know to which port. Having all domain and subdomains routed to the same IP address wouldn't make sense because they would require different ports for them to function.

You could have them all on the same IP, that doesn't matter much. But let's take your examples http://test1.example.com -> 192.168.1.10 and http://test2.example.com -> 192.168.1.10 are for example running on ports 8080 and 8081 (they cannot have the same port since they are served on the same IP) you would have to add 2 entries in NPM to define those ports separately.

If you mean strictly load balancing, it could be done by having a stream configuration. Although it is an area that might require some further work.

This is not accurate. I am currently using the following config to serve websites from all subfolders in a main folder, using something like this:

server {
listen 80 default_server;
server_name ~^(?sname.+).loc$ _;

include nginx-generic;

}
server {
listen 443 default_server;
server_name ~^(?sname.+).loc$ _;

ssl_certificate /etc/nginx/nginx.crt;
ssl_certificate_key /etc/nginx/nginx.key;
include nginx-generic-ssl;

}

sname above actually has to be specified like an html tag, using angular brackets, but the editor stripped them out.
I see backslashes are gone too, but you get the idea.

And then reference the active domain using the $sname variable. So routing based on domain name. All on the same port:

root "/var/www/$sname/public";

location / {
root "/var/www/$sname/public";
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.htm index.php;
}

etc...

This would indeed be a very useful feature.
The regular expression should be editable, so that, for example, we could have a separate route for the admin site on the same domain or different route sets for other specific websites (I am using exclusions to leave out websites which need specific rules, like cms ones with special configs, etc.)

The idea is this is totally doable.

I have tried doing this, but the admin only lets me include a single asterisk and then fails to validate the domain name. So probably someone started testing something like this but eventually quit.

<!-- gh-comment-id:775541664 --> @schniper commented on GitHub (Feb 8, 2021): > AFAIK, to be able to ask nginx to route a specific domain to a specific IP address it has to know to which port. Having all domain and subdomains routed to the same IP address wouldn't make sense because they would require different ports for them to function. > > You could have them all on the same IP, that doesn't matter much. But let's take your examples http://test1.example.com -> 192.168.1.10 and http://test2.example.com -> 192.168.1.10 are for example running on ports 8080 and 8081 (they cannot have the same port since they are served on the same IP) you would have to add 2 entries in NPM to define those ports separately. > > If you mean strictly load balancing, it could be done by having a stream configuration. Although it is an area that might require some further work. This is not accurate. I am currently using the following config to serve websites from all subfolders in a main folder, using something like this: server { listen 80 default_server; server_name ~^(?sname.+)\.loc$ _; include nginx-generic; } server { listen 443 default_server; server_name ~^(?sname.+)\.loc$ _; ssl_certificate /etc/nginx/nginx.crt; ssl_certificate_key /etc/nginx/nginx.key; include nginx-generic-ssl; } sname above actually has to be specified like an html tag, using angular brackets, but the editor stripped them out. I see backslashes are gone too, but you get the idea. And then reference the active domain using the $sname variable. So routing based on domain name. All on the same port: root "/var/www/$sname/public"; location / { root "/var/www/$sname/public"; try_files $uri $uri/ /index.php$is_args$args; autoindex off; index index.html index.htm index.php; } etc... This would indeed be a very useful feature. The regular expression should be editable, so that, for example, we could have a separate route for the admin site on the same domain or different route sets for other specific websites (I am using exclusions to leave out websites which need specific rules, like cms ones with special configs, etc.) The idea is this is totally doable. I have tried doing this, but the admin only lets me include a single asterisk and then fails to validate the domain name. So probably someone started testing something like this but eventually quit.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@hydridity commented on GitHub (Feb 12, 2021):

Indeed would be nice to have support for this, i'm using ngix-proxy-manager as entry point behind NAT for multiple services being accessible via different subdomains pointed to one public ip.

Today i needed to test system that would serve additional resources based on consuming the header containing wildcard subdomain of subdomain (for example *.test.domain.com) and because the nature of this is dynamic, i cannot just set static proxy hosts in ngix-proxy manager because i can never know what the next one will be.
I think the same problem would occur when two reverse proxy layers are required, while the first one would simply redirect all requests of domain or subdomain and all of it's wildcard subdomains, the second one would then do all the required redirection.

Right now it is not possible when the ngix-proxy-manager is the first reverse proxy, or i have missed something important.

<!-- gh-comment-id:778487202 --> @hydridity commented on GitHub (Feb 12, 2021): Indeed would be nice to have support for this, i'm using ngix-proxy-manager as entry point behind NAT for multiple services being accessible via different subdomains pointed to one public ip. Today i needed to test system that would serve additional resources based on consuming the header containing wildcard subdomain of subdomain (for example *.test.domain.com) and because the nature of this is dynamic, i cannot just set static proxy hosts in ngix-proxy manager because i can never know what the next one will be. I think the same problem would occur when two reverse proxy layers are required, while the first one would simply redirect all requests of domain or subdomain and all of it's wildcard subdomains, the second one would then do all the required redirection. Right now it is not possible when the ngix-proxy-manager is the first reverse proxy, or i have missed something important.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@mantasio commented on GitHub (Apr 16, 2021):

This would be a really useful feature. Especially if you are working in development with CI/CD and want to have different environments for, let's say, each git branch. Right now, you would need to add a new entry in NPM each time after deployment is done, which isn't very handy

<!-- gh-comment-id:821112155 --> @mantasio commented on GitHub (Apr 16, 2021): This would be a really useful feature. Especially if you are working in development with CI/CD and want to have different environments for, let's say, each git branch. Right now, you would need to add a new entry in NPM each time after deployment is done, which isn't very handy
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@PraUrb commented on GitHub (May 8, 2021):

I'm not quite sure whether that's exactly what you want, but maybe you could try this:

Create a new Proxy Host with the name "example.org" and assign it the SSL Certificate for *.example.com
In the "Advanced" tab add this: server_name *.example.org;

If you add a new host now, e.g. "test.example.org", Nginx Proxy Manager will pass the request to the IP defined on this specific host, because its server name matches exactly and it therefor has a higher priority. But if you try to access "test2.example.org" (which you haven't explicitly defined!), it will pass the request to the Proxy Host with the name "example.org".

<!-- gh-comment-id:835370481 --> @PraUrb commented on GitHub (May 8, 2021): I'm not quite sure whether that's exactly what you want, but maybe you could try this: Create a new Proxy Host with the name "example.org" and assign it the SSL Certificate for *.example.com In the "Advanced" tab add this: `server_name *.example.org;` If you add a new host now, e.g. "test.example.org", Nginx Proxy Manager will pass the request to the IP defined on this specific host, because its server name matches exactly and it therefor has a higher priority. But if you try to access "test2.example.org" (which you haven't explicitly defined!), it will pass the request to the Proxy Host with the name "example.org".
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@markwylde commented on GitHub (May 9, 2021):

But if you try to access "test2.example.org" (which you haven't explicitly defined!), it will pass the request to the Proxy Host with the name "example.org".

This actually sounds like this could work and not too complicated either. I'll try when I'm next working on this project, and let you know.

<!-- gh-comment-id:835611227 --> @markwylde commented on GitHub (May 9, 2021): > But if you try to access "test2.example.org" (which you haven't explicitly defined!), it will pass the request to the Proxy Host with the name "example.org". This actually sounds like this could work and not too complicated either. I'll try when I'm next working on this project, and let you know.
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@PFindersDomain commented on GitHub (Jul 30, 2021):

How does one enter *.domain.com as this does not show the add option when I type this in, but this screenshot shows it added.
proxy-hosts-add

<!-- gh-comment-id:889952358 --> @PFindersDomain commented on GitHub (Jul 30, 2021): How does one enter *.domain.com as this does not show the add option when I type this in, but this screenshot shows it added. ![proxy-hosts-add](https://user-images.githubusercontent.com/14099213/127672547-3c5a15f4-e716-472b-bee2-a28d20705af0.png)
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@iamkyoumei commented on GitHub (Aug 13, 2021):

Is it possible to extend support for this to sub subdomains? ie. *.test.domain.com ?

<!-- gh-comment-id:898364218 --> @iamkyoumei commented on GitHub (Aug 13, 2021): Is it possible to extend support for this to sub subdomains? ie. *.test.domain.com ?
kerem commented 2026-02-26 06:33:47 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (Aug 13, 2021):

It seems the only issue was the regex pattern. The fix was added in v2.9.5, so from there and up this works. I have tested it on v2.9.6 and both first-level and second-level wildcards for proxy hosts work as expected.

image

<!-- gh-comment-id:898373925 --> @chaptergy commented on GitHub (Aug 13, 2021): It seems the only issue was the regex pattern. The [fix](https://github.com/jc21/nginx-proxy-manager/pull/1181) was added in v2.9.5, so from there and up this works. I have tested it on v2.9.6 and both first-level and second-level wildcards for proxy hosts work as expected. ![image](https://user-images.githubusercontent.com/26956711/129347289-9495e0b5-0f45-484c-8280-9c1286fded6c.png)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#634
No description provided.