Hello,
I read article The trailing dot in domain names, a detail that is often poorly managed - Xavier Lacot and I can’t find a good way to set this up with haproxy.
Example:
On my server, I have several applications with different domain names.
Haproxy is configured to manage HTTPS certificates, then route the right request to the right application.
This works well for https://www.example1.com or https://www.example2.com, for example.
However, if I go to https://www.example1.com. (with the dot at the end) it no longer works, because haproxy makes a distinction with the dot and without the dot, and doesn’t find the right certificate. It then takes the default certificate, which is certainly not the right one.
The client will then get a TLS error.
I can’t find a way to tell it to ignore the dot at the end.
Do you have a solution for this?
Even with another haproxy in tcp proxy mode in front, I don’t seem to be able to.
I don’t think it’s a big deal, but I don’t have a metric for it either, since it blocks right from the start. 