Support for wildcard domains

README.adoc

@@ -52,6 +52,10 @@ Location to write the templated configuration file to. Defaults to `/data/output
 Path to a template to use to generate configuration. Defaults to `./templates/haproxy.cfg.tpl`,
 which is a bundled basic template for generating HAProxy configurations.
 
+`DOTEGE_WILDCARD_DOMAINS`::
+A space or comma separated list of domains that should use wildcard certificates.
+Defaults to an empty list.
+
 === Docker labels
 
 Dotege operates by parsing labels applied to docker containers. It understands the following:

config.go

@@ -5,6 +5,7 @@ import (
 	"github.com/xenolf/lego/certcrypto"
 	"github.com/xenolf/lego/lego"
 	"os"
+	"strings"
 )
 
 const (
@@ -25,6 +26,8 @@ const (
 	envTemplateDestinationDefault = "/data/output/haproxy.cfg"
 	envTemplateSourceKey          = "DOTEGE_TEMPLATE_SOURCE"
 	envTemplateSourceDefault      = "./templates/haproxy.cfg.tpl"
+	envWildcardDomainsKey         = "DOTEGE_WILDCARD_DOMAINS"
+	envWildcardDomainsDefault     = ""
 )
 
 // Config is the user-definable configuration for Dotege.
@@ -34,6 +37,7 @@ type Config struct {
 	Labels                 LabelConfig
 	DefaultCertDestination string
 	Acme                   AcmeConfig
+	WildCardDomains        []string
 }
 
 // TemplateConfig configures a single template for the generator.
@@ -114,5 +118,16 @@ func createConfig() *Config {
 		},
 		Signals:                createSignalConfig(),
 		DefaultCertDestination: optionalVar(envCertDestinationKey, envCertDestinationDefault),
+		WildCardDomains:        splitList(optionalVar(envWildcardDomainsKey, envWildcardDomainsDefault)),
 	}
 }
+
+func splitList(input string) (result []string) {
+	result = []string{}
+	for _, part := range strings.Split(strings.ReplaceAll(input, " ", ","), ",") {
+		if len(part) > 0 {
+			result = append(result, part)
+		}
+	}
+	return
+}

dotege.go

@@ -175,17 +175,52 @@ func signalContainer() {
 
 func getHostnamesForContainer(container *Container) []string {
 	if label, ok := container.Labels[config.Labels.Hostnames]; ok {
-		return strings.Split(strings.Replace(label, ",", " ", -1), " ")
+		return applyWildcards(splitList(label), config.WildCardDomains)
 	} else {
 		return []string{}
 	}
 }
 
+func applyWildcards(domains []string, wildcards []string) (result []string) {
+	result = []string{}
+	required := make(map[string]bool)
+	for _, domain := range domains {
+		found := false
+		for _, wildcard := range wildcards {
+			if wildcardMatches(wildcard, domain) {
+				if !required["*."+wildcard] {
+					result = append(result, "*."+wildcard)
+					required["*."+wildcard] = true
+				}
+				found = true
+				break
+			}
+		}
+
+		if !found && !required[domain] {
+			result = append(result, domain)
+			required[domain] = true
+		}
+	}
+	return
+}
+
+func wildcardMatches(wildcard, domain string) bool {
+	if len(domain) <= len(wildcard) {
+		return false
+	}
+
+	pivot := len(domain) - len(wildcard) - 1
+	start := domain[:pivot]
+	end := domain[pivot+1:]
+	return domain[pivot] == '.' && end == wildcard && !strings.ContainsRune(start, '.')
+}
+
 func getHostnames(containers map[string]*Container) (hostnames map[string]*Hostname) {
 	hostnames = make(map[string]*Hostname)
 	for _, container := range containers {
 		if label, ok := container.Labels[config.Labels.Hostnames]; ok {
-			names := strings.Split(strings.Replace(label, ",", " ", -1), " ")
+			names := splitList(label)
 			if hostname, ok := hostnames[names[0]]; ok {
 				hostname.Containers = append(hostname.Containers, container)
 			} else {
@@ -230,7 +265,8 @@ func deployCertForContainer(container *Container) bool {
 }
 
 func deployCert(certificate *SavedCertificate) bool {
-	target := path.Join(config.DefaultCertDestination, fmt.Sprintf("%s.pem", certificate.Domains[0]))
+	name := fmt.Sprintf("%s.pem", strings.ReplaceAll("*", "_", certificate.Domains[0]))
+	target := path.Join(config.DefaultCertDestination, name)
 	content := append(certificate.Certificate, certificate.PrivateKey...)
 
 	buf, _ := ioutil.ReadFile(target)