Application Gateway: Support wildcard hosts in listeners
Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)
So, to support this, we have a wildcard SSL certificate for each zone e.g. .z1.contoso.com, .z2.contoso.com.
In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear to cover all subdomains on z1.contoso.com.
So, in order to support this flow, we would be forced to to create a new Listener for each customer DNS zone we create. And as I'm sure you're aware, this is a SLOW operation, and presents scaling/throttling issues.
The inability to specify wildcards in the multi-site listener's Host field is preventing us from adopting Application Gateway.
Thank you for all the votes and feedback. We have started work on this and the capability will be supported soon. If you would like to get in touch with us to discuss your scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort
Is there a tentative ETA for this?
We are building our platform using the app gateway right now and this is impacting our solution. I would hate to have to reduce functionality or move away from the app gateway...
Madhusudanan K K C commented
This is something which i too need dearly , especially some of our applicaiton resolves multitenancy thorught he submdomain name e.g customer1.footservice.com , customer2.barservice.com etc
and customers can get added dynamically so i need something like *.fooeservice.com, *.barservice.com etc..
Unfortunately, Application gateway does not support his oob. AWS ALB seems to (through hostname based routing). It will be super cool if we can have this asap.
Any insight when this can be made available?
To which Gateway version are you applying these changes to? V1, V2 or both?
Even for a www. subdomain you need a seperate listener which makes it nearly unusable.
Would appreciate an update on this topic.
Any update on this feature?
Do you have any idea when this will go GA?
Yes. Please provide an update. Also, how long is the integration delay for the AzureGermanCloud once this is implemented for AzureGlobal?
Jesper Krogh commented
Please provide update on this matter. We are keen to have some kind of supported mechanism for wildcard supports.
Benjamin Mitchell commented
Nearly 2 years later and this is only planned.. I'm not sure why you would even release AppGW without this functionality. Like many other commentators - we've ended up on nginx+modsecurity for a working solution.
Fletcher Bayley commented
Is this still not implemented? Sadly, I've just come across the requirement for this feature too.
Martin Francis commented
I completely agree. The lack of wild card support in "hostname" field is a major hindrance.
Here is what I want to use AG for.
I want to front end AG for several AKS (Kubernetes clusters). I want to be able to route http(s) traffic to individual AKS clusters depending on wild card in the hostname.
For instance: I want to
route *.ecom.constoso.com --> AKS Cluster1
*.b2b.constoso.com ---> AKS Cluster 2
currently AG can not do that. So I am having to specify each and every hostname in the Application gateway.
shippingsvc.ecom.contoso.com --> AKS Cluster1
receivingsvc.ecom.contoso.com --> AKS Cluster1
orderingsvc.ecom.contoso.com --> AKS Cluster1
This is painful and not productive.
[Deleted User] commented
Lack of this feature in Application Gateway has forced us to use NGINX+ instead.
Give us a schedule for this show-stopper feature please.
I agree, this is a major blocker and should be prioritized on the product team's backlog.
This is a major blocker to implementing on Azure. We have 100's or 1000's of mini-sites with custom sub-domains to distinguish them. Application Gateway is not scalable - dead in the water.
Similar post that targets a wider scope than Application gateway, in our case we would need this feature on Front door service :
Cesar Laforet commented
Same here... implementation is dead without this.
Satish K Maila commented
It's a major blocker for our implementation. Like to know the status on this.
Any update on the status of this item?
This is a showstopper for us and app gateway. We have a saas app with many subdomains.