Catch wildcard subdomains

Hey,

I’ve added a custom domain to a netlify site https://musing-rosalind-eedabd.netlify.app, the custom domain is https://saleh.sh. I’ve purchased the domain from AWS and set up the name servers to point to netlify’s NS. I’m trying to redirect all subdomains to the apex domain. For example [variable].saleh.sh --> saleh.sh.

Is this possible on the free plan?

Thanks!

@saleh You must have figured this out because this is the way it works for me when I visit your custom domain.

hey @gregraven thanks for seeing the post. so www.saleh.sh is hardcoded in the dns settings. And I know I can hard code specific subdomains, but I would like to set up a wildcard catch all so that [any subdomain].saleh.sh will redirect to saleh.sh.

Which subdomain did you try?

Just the www sub-domain.

aaah yeah that’s hardocded :slight_smile:

I don’t know how to do this, or even if it is possible. You could manually add other sub-domains via the DNS panel or through the _redirect file, but wildcarding this is a whole different matter. Maybe the crew at Netlify will have some thoughts.

1 Like

Hey Saleh,

At present, wildcard subdomain SSL certs are offered on our Pro plan and above. However, you could work around this by creating separate Netlify sites, each with one of the subdomains.

I hope this helps!

1 Like

Hi @saleh :wave:t2:

Internet routing is fun :grin:

I want to take a second and say that I do think I understand your question and I want to clarify the specific intent you have. When I was first getting into dev and made a personal site, I too setup routing to redirect all subdomains to my root domain. I believe you’re trying to do the same; such that foo.saleh.sh automatically redirects to saleh.sh and bar.saleh.sh directs to saleh.sh and any hypothetical other subdomain you type into a browser would redirect to saleh.sh.

@gregraven is totally spot on about the process for specific sub-domains and Netlify has made that process pretty darn easy, but the ability to add a splat-subdomain and have it redirect to the root domain is altogether different :thinking:

Everything beyond this line is super important but lengthy. I apologize for the length but I promise it’s worth the read.



I took a few minutes and played around with some of my sites and domains here on the platform to see if I could get this rolling. Long story short, I don’t think it’s possible right now. You can add a splat CNAME record that resolves to your root domain, or you can add an ALIAS record for similar, or you can even add a splat apex record that resolves to the Netlify load balancer IP address, but none of those would resolve the architectural issue in what you’re looking for.

At the end of the day, we have to think through the request process to understand what’s going on and why it isn’t working. With a CNAME, ALIAS, or even splat-Apex record, ultimately your request is going to an IP address with a host header defined (this is just one of those “this is how the internet works” things). This is super important to understand, so let’s walk through it. First, I’m going to find out what the IP address of my website is.

dev@machine$ nslookup jon.fm

  Non-authoritative answer:
  Name:	jon.fm
  Address: 192.81.212.192

Now, using httpie as my command-line tool of choice, I’m going to manually send an HTTPS GET request to that IP address with the header “Host: jon.fm”. Netlify enforces strong HTTPS requirements (which is great) so I will use https://<ip_address> and --verify=no for the sake of the example. Don’t worry about those. Idea here is: request directly to IP address with header.

Here’s what that command looks like with httpie.

http https://192.81.212.192 Host:jon.fm --verify=no

Here’s what happens when I hit ‘go’:

GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: jon.fm
User-Agent: HTTPie/2.1.0



HTTP/1.1 200 OK
Age: 376616
Cache-Control: public, max-age=0, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 18431
Content-Type: text/html; charset=UTF-8
Date: Sat, 06 Jun 2020 05:16:13 GMT
Etag: "a45efd0fa7aa23781e3005cb1b109bd2-ssl-df"
Server: Netlify
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-NF-Request-ID: 6706c778-47d6-4d84-be5d-69bfce1d4cfe-917401

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><meta na ... lots of HTML that doesn't matter for the example.....

Netlify’s server sent back a 200 (it worked) and the HTML content of my website :grin:. Put in other terms: I reached out to a server by IP address then told it which website I was requesting via the Host: header, and it correctly sent back my website.

Well so it’s a Netlify server, can I just change my request a little bit to get a fully different website even though it’s the same IP address?

http https://192.81.212.192 Host:sargesites.com --verify=no

:arrow_down:

GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: sargesites.com
User-Agent: HTTPie/2.1.0



HTTP/1.1 200 OK
Age: 1
Cache-Control: public, max-age=0, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 10 Jun 2020 13:57:38 GMT
Etag: "3b9e8a11e0989488a99b14aae2fb76ba-ssl-df"
Server: Netlify
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-NF-Request-ID: 6706c778-47d6-4d84-be5d-69bfce1d4cfe-1091482

<!DOCTYPE HTML> <html> <head> <title>Sarge Sites</title> <meta charset="utf-8" /> <meta name="viewport" content="width=devic ... lots of HTML that doesn't matter for the example.....

Yes. And here’s the fundamental lesson: Netlify’s servers serve a ton of websites all from the same underlying IP address (as far as the requestor knows). The only way for that server to differentiate which website the user is actually wanting is the Host: header.

CNAME, ALIAS, and splat-Apex records all give you a similar problem: they will all get your request to the correct IP address, but none of them will change the Host: you’re requesting. Meaning that even if you have a CNAME record of *.foo.com => foo.com, that record won’t change the fact that your request to something.foo.com has the Host: header Host: something.foo.com.

That’s where the problem lies: even though the CNAME, etc. records will get you to the right IP address, Netlify’s servers don’t know of any site with that Host name. When you add an alias domain in the Netlify UI it does create that mapping, but there’s no current way to tell Netlify servers that you want to map all possible subdomains in any possible Host: to map to your site. You cannot currently add a * subdomain Domain Alias to a site in the Netlify UI. There are performance implications with a feature like that, so long term I think you’ll be glad Netlify built the platform this way.


Outside of that, and as a personal recommendation, I’d encourage you to not worry about subdomains. They’re more of an opt-in process than a guard-for process – ‘normal’ users aren’t going around checking for random subdomains off a root and unless you have a specific redirect case you’re looking for (which Netlify does support), generally redirecting all possible subdomains to the root doesn’t really add value. http://foo.jon.fm doesn’t load. There’s no such site. But that’s okay because nobody’s actually trying to go there and I’ve never actually hyperlinked to there before :slight_smile:

I hope all of that’s helpful. Got much longer than I thought it would but hopefully it’ll help someone else in the future too :grin:


Jon

1 Like

wow @jonsully thank you so much, your reply is very informative and ver well written!! This answers my question, appreciate you!

1 Like