OpenWRT – Redirect All Subdomains to Same Host for Reverse Proxy

domain-name-systemopenwrtreverse-proxyroutingsubdomain

I have an OpenWRT router setup, 192.168.1.1, with search domain, local (as opposed to the default lan).

I have a server setup, 192.168.1.200, with hostname, server.local.

I have a workstation, 192.168.1.10, with hostname, workstation.local.

server.local also operates an NGINX reverse proxy, to provide subdomains such as, sub.server.local.

If my workstation tries to access, server.local, it is resolved correctly to point at 192.168.1.200.

However, if my workstation tries to access, sub.server.local, it can't resolve to 192.168.1.200.

If my workstation has 192.168.1.200 sub.server.local, added to its hosts file, it resolves correctly, and the servers reverse proxy routes the incoming connection to the correct port.

How do I fix this, so that all subdomains of server.local resolve to 192.168.1.200? Without having to add a hosts record to every workstation, for every subdomain on the server, which is obviously not sustainable.

I'm assuming that I need to alter some DNS records on my OpenWRT router, but looking through the settings in Luci (the web interface), nothing sticks out as being capable of achieving this.

Any ideas?

Best Answer

I sorted it out eventually.

According to:

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#a_and_aaaa_rr

Which states:

This is an implementation of the --address option. Return 10.10.10.1 on query domain home and subdomain *.home.

I was able to login to OpenWRT (using ssh root@192.168.1.1), and running:

uci add_list dhcp.@dnsmasq[0].address="/server.local/192.168.1.200"
uci commit dhcp
/etc/init.d/dnsmasq restart

Which then allows the following to work:

~$ ping www.server.local

PING www.server.local (192.168.1.200) 56(84) bytes of data.
64 bytes from server.local (192.168.1.200): icmp_seq=1 ttl=63 time=55.4 ms
64 bytes from server.local (192.168.1.200): icmp_seq=2 ttl=63 time=77.3 ms

And anything else for that matter:

~$ ping hdsjdjk.server.local

PING hdsjdjk.server.local (192.168.1.200) 56(84) bytes of data.
64 bytes from server.local (192.168.1.200): icmp_seq=1 ttl=63 time=101 ms
64 bytes from server.local (192.168.1.200): icmp_seq=2 ttl=63 time=124 ms

As I understand it, this creates an A record in DNSMasq, which automatically includes all subdomains.

The changes can be seen in /etc/config/dhcp, which now looks (partially) like:

config dnsmasq
        [...]
        option domain 'local'
        option local '/local/'
        list address '/server.local/192.168.1.200'

[...]

Hopefully this helps someone else in the future!

Solution

Here is what I finally came up with after being set in the right direction by Miles Erickson. I wanted the address bar to reflect the original subdomain/domain of the request and not the redirected server and port, but he put me on the right path to Google up a solution using VirtualHost and I finally found a solution that included the use of mod_proxy.

First, make sure mod_proxy is enabled:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo systemctl restart apache2

Next, add the following to your site config (e.g., /etc/apache2/sites-available/000-default.conf):

<VirtualHost *:80>
    ServerAdmin me@mydomain.com
    ServerName dev.mydomain.com
    ProxyPreserveHost On

    # setup the proxy
    <Proxy *>
        Order allow,deny
        Allow from all
    </Proxy>
    ProxyPass / http://localhost:8888/
    ProxyPassReverse / http://localhost:8888/
</VirtualHost>

Redirect all subdomains to subfolders

Which DNS providers allow me to do this?

All competent ones. It doesn't even need to be a DNS-specific providing, most good hosts will help you with this too. There are two stages:

A DNS entry is added for *.example.com
The host's web server (e.g. Apache) is setup to respond to *.example.com by routing it to example.com's VirtualHost.

Then, at your end, you add a .htaccess entry that uses a RewriteRule to catch each subdomain, and redirect it to a folder using the HTTP_HOST variable.

Untested, but something like this:

RewriteEngine on
RewriteCond   %{HTTP_HOST}                 ^[^.]+\.example\.com$
RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
RewriteRule   ^([^.]+)\.example\.com(.*)   http://example.com/$1/$2

Suppose that the user requests app1.example.com/bob.

Line 2

This will catch app1.example.com in the HTTP_HOST - it'll match the RewriteCond.

Line 3

Normally, Apache will only pass /bob to be checked against the RewriteRule. To use the subdomain, we exploit Chaining by forcing the next rule to match

${HTTP_HOST}$1
|           ^ /bob
^ app1.example.com

Line 4

The final RewriteRule is now matching against app1.example.com/bob and not just /bob. As a result, it can have a 'full' regular expression to match both this subdomain and the path, and perform the desired redirect.

If you don't want this feature, you can simplify the rules.

Are these alternatives feasible? Redirect them all to a special webapp with a static IP that redirects to the proper subfolder. How can I know from which subdomain they came from?

There is no sure-fire way of doing this. You could try the HTTP Referer, but it's not always sent by all browsers, some firewalls remove the header, etc.

Programatically create each rule when I need it. Which DNS providers have API access to add rules? I think Amazon Route 53 might be the answer here.

This would actually result in a more complex solution to the above, so I wouldn't recommend it. It would also create a delay: DNS caches would need to update and certain visitors wouldn't be able to use the subdomain immediately until they do. At least with my suggestion above, they'd be able to get going instantly.

Best Answer

Related Solutions

Apache – Redirect Subdomains to a Different Port on the Same Server

Solution

Redirect all subdomains to subfolders

Line 2

Line 3

Line 4

Related Topic