traefik · traefiker · Jul 3, 2018 · May 27, 2018 · May 28, 2018 · May 28, 2018
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -256,3 +256,7 @@
   non-go = true
   go-tests = true
   unused-packages = true
+
+[[constraint]]
+  name = "github.com/patrickmn/go-cache"
+  version = "2.1.0"
diff --git a/cmd/configuration.go b/cmd/configuration.go
@@ -268,6 +268,12 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 		},
 	}
 
+	defaultResolver := configuration.HostResolverConfig{
+		CnameFlattening: false,
+		ResolvConfig:    "/etc/resolv.conf",
+		ResolvDepth:     5,
+	}
+
 	defaultConfiguration := configuration.GlobalConfiguration{
 		Docker:             &defaultDocker,
 		File:               &defaultFile,
@@ -296,6 +302,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 		API:                &defaultAPI,
 		Metrics:            &defaultMetrics,
 		Tracing:            &defaultTracing,
+		HostResolver:       &defaultResolver,
 	}
 
 	return &TraefikConfiguration{

diff --git a/configuration/configuration.go b/configuration/configuration.go
@@ -104,6 +104,7 @@ type GlobalConfiguration struct {
 	API                       *api.Handler            `description:"Enable api/dashboard" export:"true"`
 	Metrics                   *types.Metrics          `description:"Enable a metrics exporter" export:"true"`
 	Ping                      *ping.Handler           `description:"Enable ping" export:"true"`
+	HostResolver              *HostResolverConfig     `description:"Enable CNAME Flattening" export:"true"`
 }
 
 // WebCompatibility is a configuration to handle compatibility with deprecated web provider options
@@ -508,3 +509,10 @@ type LifeCycle struct {
 	RequestAcceptGraceTimeout flaeg.Duration `description:"Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure"`
 	GraceTimeOut              flaeg.Duration `description:"Duration to give active requests a chance to finish before Traefik stops"`
 }
+
+// HostResolverConfig contain configuration for CNAME Flattening
+type HostResolverConfig struct {
+	CnameFlattening bool   `description:"A flag to enable/disable CNAME flattening" export:"true"`
+	ResolvConfig    string `description:"resolv.conf used for DNS resolving" export:"true"`
+	ResolvDepth     int    `description:"The maximal depth of DNS recursive resolving" export:"true"`
+}
diff --git a/docs/configuration/commons.md b/docs/configuration/commons.md
@@ -415,6 +415,35 @@ If no units are provided, the value is parsed assuming seconds.
 idleTimeout = "360s"
 ```
 
+## Host Resolver
+
+`hostResolver` are used for request host matching process.
+
+```toml
+[hostResolver]
+
+# cnameFlattening is a trigger to flatten request host, assuming it is a CNAME record
+#
+# Optional
+# Default : false
+cnameFlattening = true
+
+# resolvConf is dns resolving configuration file, the default is /etc/resolv.conf
+#
+# Optional
+# Default : "/etc/resolv.conf"
+resolvConf = "/etc/resolv.conf"
+
+# resolvDepth is the maximum CNAME recursive lookup
+#
+# Optional
+# Default : 5
+resolvDepth = 5
+
+```
+
+- To allow serving secure https request and generate the SSL using ACME while `cnameFlattening` is set to `true`. The `acme` configuration 
+for `HTTP-01` challenge and `onDemand` is mandatory. Refer to [ACME configuration](/configuration/acme) for more information.
 
 ## Override Default Configuration Template
 

diff --git a/hostresolver/hostresolver.go b/hostresolver/hostresolver.go
@@ -0,0 +1,89 @@
+package hostresolver
+
+import (
+	"net"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/containous/traefik/log"
+	"github.com/miekg/dns"
+	"github.com/patrickmn/go-cache"
+)
+
+// HostResolver used for host resolver
+type HostResolver struct {
+	Enabled      bool
+	Cache        *cache.Cache
+	ResolvConfig string
+	ResolvDepth  int
+}
+
+// CNAMEResolv used for storing CNAME result
+type CNAMEResolv struct {
+	TTL    int
+	Record string
+}
+
+// CNAMEFlatten check if CNAME records is exists, flatten if possible
+func (hr *HostResolver) CNAMEFlatten(host string) (string, string) {
+	var result []string
+	result = append(result, host)
+	request := host
+	if hr.Cache == nil {
+		hr.Cache = cache.New(30*time.Minute, 5*time.Minute)
+	}
+	rst, found := hr.Cache.Get(host)
+	if found {
+		result = strings.Split(rst.(string), ",")
+	} else {
+		var cacheDuration = 0 * time.Second
+		for i := 0; i < hr.ResolvDepth; i++ {
+			r := hr.CNAMEResolve(request)
+			if r != nil {
+				result = append(result, r.Record)
+				if i == 0 {
+					cacheDuration = time.Duration(r.TTL) * time.Second
+				}
+				request = r.Record
+			} else {
+				break
+			}
+		}
+		hr.Cache.Add(host, strings.Join(result, ","), cacheDuration)
+	}
+	return result[0], result[len(result)-1]
+}
+
+// CNAMEResolve resolve CNAME if exists, and return with the highest TTL
+func (hr *HostResolver) CNAMEResolve(host string) *CNAMEResolv {
+	config, _ := dns.ClientConfigFromFile(hr.ResolvConfig)
+	c := dns.Client{Timeout: 30 * time.Second}
+	c.Timeout = 30 * time.Second
+	m := &dns.Msg{}
+	m.SetQuestion(dns.Fqdn(host), dns.TypeCNAME)
+	var result []*CNAMEResolv
+	for i := 0; i < len(config.Servers); i++ {
+		r, _, err := c.Exchange(m, net.JoinHostPort(config.Servers[i], config.Port))
+		if err != nil {
+			log.Errorf("Failed to resolve host %s with server %s", host, config.Servers[i])
+		}
+		if r != nil && len(r.Answer) > 0 {
+			temp := strings.Fields(r.Answer[0].String())
+			ttl, _ := strconv.Atoi(temp[1])
+			tempRecord := &CNAMEResolv{
+				TTL:    ttl,
+				Record: strings.TrimSuffix(strings.TrimSpace(temp[len(temp)-1]), "."),
+			}
+			result = append(result, tempRecord)
+		}
+	}
+	if len(result) > 0 {
+		sort.Slice(result, func(i, j int) bool {
+			return result[i].TTL > result[j].TTL
+		})
+		return result[0]
+	}
+	return nil
+}
diff --git a/hostresolver/hostresolver_test.go b/hostresolver/hostresolver_test.go
@@ -0,0 +1,52 @@
+package hostresolver
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestCNAMEFlatten(t *testing.T) {
+	hostResolver := &HostResolver{
+		Enabled:      false,
+		ResolvConfig: "/etc/resolv.conf",
+		ResolvDepth:  5,
+	}
+
+	testCase := []struct {
+		desc           string
+		domain         string
+		expectedDomain string
+		isCNAME        bool
+	}{
+		{
+			desc:           "host request is CNAME record",
+			domain:         "www.github.com",
+			expectedDomain: "github.com",
+			isCNAME:        true,
+		},
+		{
+			desc:           "host request is not CNAME record",
+			domain:         "github.com",
+			expectedDomain: "github.com",
+			isCNAME:        false,
+		},
+	}
+	for _, test := range testCase {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			reqH, flatH := hostResolver.CNAMEFlatten(test.domain)
+			if test.isCNAME {
+				assert.Equal(t, test.domain, reqH)
+				assert.Equal(t, test.expectedDomain, flatH)
+				assert.NotEqual(t, test.expectedDomain, reqH)
+			} else {
+				assert.Equal(t, test.domain, reqH)
+				assert.Equal(t, test.expectedDomain, flatH)
+				assert.Equal(t, test.expectedDomain, reqH)
+			}
+		})
+
+	}
+}
diff --git a/integration/fixtures/simple_hostresolver.toml b/integration/fixtures/simple_hostresolver.toml
@@ -0,0 +1,16 @@
+logLevel = "DEBUG"
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+[api]
+
+[docker]
+exposedByDefault = false
+domain = "docker.local"
+watch = true
+
+[hostResolver]
+cnameFlattening = true
diff --git a/integration/hostresolver_test.go b/integration/hostresolver_test.go
@@ -0,0 +1,35 @@
+package integration
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/containous/traefik/integration/try"
+	"github.com/go-check/check"
+	checker "github.com/vdemeester/shakers"
+)
+
+type HostResolverSuite struct{ BaseSuite }
+
+func (s *HostResolverSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "hostresolver")
+
+	s.composeProject.Start(c)
+	s.composeProject.Container(c, "server1")
+}
+
+func (s *HostResolverSuite) TestSimpleConfig(c *check.C) {
+	cmd, display := s.traefikCmd(withConfigFile("fixtures/simple_hostresolver.toml"))
+	defer display(c)
+
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "frontend1.docker.local"
+
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
+	c.Assert(err, checker.IsNil)
+}
diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -50,6 +50,7 @@ func init() {
 		check.Suite(&FileSuite{})
 		check.Suite(&GRPCSuite{})
 		check.Suite(&HealthCheckSuite{})
+		check.Suite(&HostResolverSuite{})
 		check.Suite(&HTTPSSuite{})
 		check.Suite(&LogRotationSuite{})
 		check.Suite(&MarathonSuite{})

diff --git a/integration/resources/compose/hostresolver.yml b/integration/resources/compose/hostresolver.yml
@@ -0,0 +1,8 @@
+server1:
+  image: emilevauge/whoami
+  labels:
+    - traefik.enable=true
+    - traefik.port=80
+    - traefik.backend=backend1
+    - traefik.frontend.entryPoints=http
+    - traefik.frontend.rule=Host:frontend1.docker.local
diff --git a/rules/rules.go b/rules/rules.go
@@ -11,13 +11,15 @@ import (
 
 	"github.com/BurntSushi/ty/fun"
 	"github.com/containous/mux"
+	"github.com/containous/traefik/hostresolver"
 	"github.com/containous/traefik/types"
 )
 
 // Rules holds rule parsing and configuration
 type Rules struct {
-	Route *types.ServerRoute
-	err   error
+	Route        *types.ServerRoute
+	err          error
+	HostResolver *hostresolver.HostResolver
 }
 
 func (r *Rules) host(hosts ...string) *mux.Route {
@@ -26,9 +28,18 @@ func (r *Rules) host(hosts ...string) *mux.Route {
 		if err != nil {
 			reqHost = req.Host
 		}
-		for _, host := range hosts {
-			if types.CanonicalDomain(reqHost) == types.CanonicalDomain(host) {
-				return true
+		if r.HostResolver != nil && r.HostResolver.Enabled {
+			reqH, flatH := r.HostResolver.CNAMEFlatten(types.CanonicalDomain(reqHost))
+			for _, host := range hosts {
+				if types.CanonicalDomain(reqH) == types.CanonicalDomain(host) || types.CanonicalDomain(flatH) == types.CanonicalDomain(host) {
+					return true
+				}
+			}
+		} else {
+			for _, host := range hosts {
+				if types.CanonicalDomain(reqHost) == types.CanonicalDomain(host) {
+					return true
+				}
 			}
 		}
 		return false