subject:"Re\: Is multiple subdomains fully supported\?"

Re: Is multiple subdomains fully supported?

2017-09-03 Thread Zhilin Huang (zhilhuan)

Hey Dave,

Thanks a lot for your clarification!

And FYI, a github issue is created: 
https://github.com/apache/incubator-trafficcontrol/issues/1123 .

Thanks,
Zhilin



On 9/1/17, 10:54 PM, "Dave Neuman"  wrote:

No problem.

```1) HOST_REGEXP 1 will be: “.*\.foo.bar.com”?  Or explicitly “
movie.foo.bar.com”?```
It will need to explicitly need to be a FQDN of a CNAME so `
movie.foo.bar.com`


```2) I think currently the certificate generated by Traffic Ops not
supported SAN. Does this mean we need to generate the SSL certificate from
another place, and paste it to Traffic Ops only?```

Yeah, if you want to create it will a SAN you will need to do it manually.
You can do it using the Openssl command.

Can you open a ticket to update the docs for HOST_REGEXP and also to add
SAN support to Traffic Ops?  I think that's something that we need to
support.


Thanks,
Dave

On Thu, Aug 31, 2017 at 9:35 PM, Zhilin Huang (zhilhuan)  wrote:

> Hey Dave,
>
> Yes, it is much clearer for me now. Thank you very much for the
> clarification!
>
> BTW, based on your example, how could we do the configuration?
>
> 1) HOST_REGEXP 1 will be: “.*\.foo.bar.com”?  Or explicitly “
> movie.foo.bar.com”?
>
> 2) I think currently the certificate generated by Traffic Ops not
> supported SAN. Does this mean we need to generate the SSL certificate from
> another place, and paste it to Traffic Ops only?
>
> It would be much helpful if we can reword in the document for HOST_REGEXP
> > 1. How could we open a ticket? Create a github issue?
>
> Thanks,
> Zhilin
>
>
>
> On 8/31/17, 10:37 PM, "Dave Neuman"  wrote:
>
> Hey Zhilin,
>
> The HOST_REGEXP > 0 is not used the same as HOST_REGEXP = 0.  I
> understand
> this is confusing, but it is what it is.  We should probably get a
> ticket
> in to change the behavior or wording so that it is less confusing.
> The HOST_REGEXP > 0 is meant to be a CNAME.  So, if you have a CDN
> with the
> domain name `example.com` and a HOST_REGEXP 0 of `.*\.movies\.*` you
> could
> have a HOST_REGEXP 1 of `movies.foo.bar.com` which will be a CNAME to
> `
> movies.example.com`.  This will need to be configured in a different
> DNS
> server (the one for `bar.com`) and will also need to be a SAN in the
> DS
> certificate.  Then when the client looks up `different.domain.com`
> they
> will be pointed  at `tr.movies.example.com` and TR will do the right
> thing.
>
> I hope that helps?  If not, let me know.
>
>
> Thanks,
> Dave
>
>
>
> On Tue, Aug 29, 2017 at 10:52 PM, Zhilin Huang (zhilhuan) <
> zhilh...@cisco.com> wrote:
>
> > BTW, would you mind to give an example on how you are using
> HOST_REGEXP >
> > 0 in your production?
> >
> > We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP =
> 0, but
> > sounds like it is not the case.
> >
> > Thanks,
> > Zhilin
> >
> >
> > On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" 
> > wrote:
> >
> > Hi Dave,
> >
> > Thanks a lot for your response!
> >
> > Sorry, I am not quite catch up with you. I am still confused
> about how
> > HOST_REGEXP will work in the production, may need more 
clarification:
> >
> > 1)  “To support CNAMES from domains outside of the Traffic
> Control top
> > level DNS domain, enter multiple HOST_REGEXP lines”:
> >
> > What does this mean about “outside of the Traffic Control top
> level
> > DNS domain”, will the CNAME still be response by Traffic Router?
> >
> > If yes, then looks like it could only work to replace “tr” or
> “edge”
> > field. For example, a CDN with domain name “example.com”, and  DS
> with
> > HOST_REGEXP 0 “.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a
> zone
> > file “movie.example.com.” will be created. So traffic router could
> only
> > serve DNS request for “*.movie.example.com”. Does this mean “
> > aliens.movie.example.com” will be a CNAME for 
“tr.movie.example.com”?
> I
> > think domain name like “tr.aliens.example.com” could not be
> resolved by
> > Traffic Router, correct?
> >
> > 2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we
> are not
> > authoritative for and we don't control.”:
> > Does this mean the CNAMES are not managed by Traffic Router, and

Re: Is multiple subdomains fully supported?

2017-08-31 Thread Zhilin Huang (zhilhuan)

Hey Dave,

Yes, it is much clearer for me now. Thank you very much for the clarification!

BTW, based on your example, how could we do the configuration?

1) HOST_REGEXP 1 will be: “.*\.foo.bar.com”?  Or explicitly “movie.foo.bar.com”?

2) I think currently the certificate generated by Traffic Ops not supported 
SAN. Does this mean we need to generate the SSL certificate from another place, 
and paste it to Traffic Ops only?

It would be much helpful if we can reword in the document for HOST_REGEXP > 1. 
How could we open a ticket? Create a github issue?

Thanks,
Zhilin

On 8/31/17, 10:37 PM, "Dave Neuman"  wrote:

Hey Zhilin,

The HOST_REGEXP > 0 is not used the same as HOST_REGEXP = 0.  I understand
this is confusing, but it is what it is.  We should probably get a ticket
in to change the behavior or wording so that it is less confusing.
The HOST_REGEXP > 0 is meant to be a CNAME.  So, if you have a CDN with the
domain name `example.com` and a HOST_REGEXP 0 of `.*\.movies\.*` you could
have a HOST_REGEXP 1 of `movies.foo.bar.com` which will be a CNAME to `
movies.example.com`.  This will need to be configured in a different DNS
server (the one for `bar.com`) and will also need to be a SAN in the DS
certificate.  Then when the client looks up `different.domain.com` they
will be pointed  at `tr.movies.example.com` and TR will do the right thing.

I hope that helps?  If not, let me know.

Thanks,
Dave

On Tue, Aug 29, 2017 at 10:52 PM, Zhilin Huang (zhilhuan) <
zhilh...@cisco.com> wrote:

> BTW, would you mind to give an example on how you are using HOST_REGEXP >
> 0 in your production?
>
> We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but
> sounds like it is not the case.
>
> Thanks,
> Zhilin
>
>
> On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" 
> wrote:
>
> Hi Dave,
>
> Thanks a lot for your response!
>
> Sorry, I am not quite catch up with you. I am still confused about how
> HOST_REGEXP will work in the production, may need more clarification:
>
> 1)  “To support CNAMES from domains outside of the Traffic Control top
> level DNS domain, enter multiple HOST_REGEXP lines”:
>
> What does this mean about “outside of the Traffic Control top level
> DNS domain”, will the CNAME still be response by Traffic Router?
>
> If yes, then looks like it could only work to replace “tr” or “edge”
> field. For example, a CDN with domain name “example.com”, and  DS with
> HOST_REGEXP 0 “.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone
> file “movie.example.com.” will be created. So traffic router could only
> serve DNS request for “*.movie.example.com”. Does this mean “
> aliens.movie.example.com” will be a CNAME for “tr.movie.example.com”? I
> think domain name like “tr.aliens.example.com” could not be resolved by
> Traffic Router, correct?
>
> 2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not
> authoritative for and we don't control.”:
> Does this mean the CNAMES are not managed by Traffic Router, and need
> be configured in other DNS servers? If yes, how could that work for HTTPS?
> Take the above example, if DNS query for “tr.aliens.example.com” would be
> response as CNAME of “tr.movie.example.com” by outside DNS server, then
> Traffic Router will response for further DNS query for “
> tr.movie.example.com”. The client will still use “tr.aliens.example.com”
> in the HTTPS request, therefore the SSL certificate will still not work
> since no SSL SAN configured.
>
> Thanks,
> Zhilin
>
>
>
> On 8/29/17, 11:32 PM, "Dave Neuman"  wrote:
>
> This doc states To support CNAMES from domains outside of the
> Traffic
> Control top level DNS domain, enter multiple HOST_REGEXP lines,
> which shows
> that we intended HOST_REGEXP > 0 to be for CNAMES.
>
> http://trafficcontrol.apache.org/docs/latest/admin/traffic_
> ops/using.html?highlight=host_regexp#delivery-service-regexp
> 
>
> On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman 
> wrote:
>
> > Hi Zhilin,
> > Sorry for not responding sooner.
> >
> > I answered your questions inline below.  Let me know what other
> questions
> > you have.
> >
> > Thanks,
> > Dave
> >
> > On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> > zhilh...@cisco.com> wrote:
> >
> >> Hmm, no response…
> >>
> >> I think I should suppose no one

Re: Is multiple subdomains fully supported?

2017-08-31 Thread Dave Neuman

Hey Zhilin,

The HOST_REGEXP > 0 is not used the same as HOST_REGEXP = 0.  I understand
this is confusing, but it is what it is.  We should probably get a ticket
in to change the behavior or wording so that it is less confusing.
The HOST_REGEXP > 0 is meant to be a CNAME.  So, if you have a CDN with the
domain name `example.com` and a HOST_REGEXP 0 of `.*\.movies\.*` you could
have a HOST_REGEXP 1 of `movies.foo.bar.com` which will be a CNAME to `
movies.example.com`.  This will need to be configured in a different DNS
server (the one for `bar.com`) and will also need to be a SAN in the DS
certificate.  Then when the client looks up `different.domain.com` they
will be pointed  at `tr.movies.example.com` and TR will do the right thing.

I hope that helps?  If not, let me know.


Thanks,
Dave



On Tue, Aug 29, 2017 at 10:52 PM, Zhilin Huang (zhilhuan) <
zhilh...@cisco.com> wrote:

> BTW, would you mind to give an example on how you are using HOST_REGEXP >
> 0 in your production?
>
> We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but
> sounds like it is not the case.
>
> Thanks,
> Zhilin
>
>
> On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" 
> wrote:
>
> Hi Dave,
>
> Thanks a lot for your response!
>
> Sorry, I am not quite catch up with you. I am still confused about how
> HOST_REGEXP will work in the production, may need more clarification:
>
> 1)  “To support CNAMES from domains outside of the Traffic Control top
> level DNS domain, enter multiple HOST_REGEXP lines”:
>
> What does this mean about “outside of the Traffic Control top level
> DNS domain”, will the CNAME still be response by Traffic Router?
>
> If yes, then looks like it could only work to replace “tr” or “edge”
> field. For example, a CDN with domain name “example.com”, and  DS with
> HOST_REGEXP 0 “.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone
> file “movie.example.com.” will be created. So traffic router could only
> serve DNS request for “*.movie.example.com”. Does this mean “
> aliens.movie.example.com” will be a CNAME for “tr.movie.example.com”? I
> think domain name like “tr.aliens.example.com” could not be resolved by
> Traffic Router, correct?
>
> 2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not
> authoritative for and we don't control.”:
> Does this mean the CNAMES are not managed by Traffic Router, and need
> be configured in other DNS servers? If yes, how could that work for HTTPS?
> Take the above example, if DNS query for “tr.aliens.example.com” would be
> response as CNAME of “tr.movie.example.com” by outside DNS server, then
> Traffic Router will response for further DNS query for “
> tr.movie.example.com”. The client will still use “tr.aliens.example.com”
> in the HTTPS request, therefore the SSL certificate will still not work
> since no SSL SAN configured.
>
> Thanks,
> Zhilin
>
>
>
> On 8/29/17, 11:32 PM, "Dave Neuman"  wrote:
>
> This doc states To support CNAMES from domains outside of the
> Traffic
> Control top level DNS domain, enter multiple HOST_REGEXP lines,
> which shows
> that we intended HOST_REGEXP > 0 to be for CNAMES.
>
> http://trafficcontrol.apache.org/docs/latest/admin/traffic_
> ops/using.html?highlight=host_regexp#delivery-service-regexp
> 
>
> On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman 
> wrote:
>
> > Hi Zhilin,
> > Sorry for not responding sooner.
> >
> > I answered your questions inline below.  Let me know what other
> questions
> > you have.
> >
> > Thanks,
> > Dave
> >
> > On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> > zhilh...@cisco.com> wrote:
> >
> >> Hmm, no response…
> >>
> >> I think I should suppose no one is using multiple subdomains in
> >> production. Please response if I am wrong.
> >>
> >> Thanks,
> >> Zhilin
> >>
> >>
> >> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" <
> zhilh...@cisco.com>
> >> wrote:
> >>
> >> Hi folks,
> >>
> >> The multiple subdomain (HOST_REGEXP) looks not working in
> TC version
> >> we are using. However, after checking the code in latest master
> branch, I
> >> would suspect if this is fully supported:
> >>
> >> 1. Based on the code, Traffic Router may not fully support
> >> HOST_REGEXP with “set_number” not equal 0. The cr-config
> generated will
> >> only include the first HOST_REGEXP into the “domains” field for
> each
> >> delivery service. So the auto-zones will not be generated for
> other
> >> HOST_REGEXP.
> >>
> >
> > Correct, the regex is in the CrConfig but not in the domains
> section.  The
> > HOST_REGEXP > 0

Re: Is multiple subdomains fully supported?

2017-08-29 Thread Zhilin Huang (zhilhuan)

BTW, would you mind to give an example on how you are using HOST_REGEXP > 0 in 
your production?

We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but 
sounds like it is not the case.

Thanks,
Zhilin

On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)"  wrote:

Hi Dave,

Thanks a lot for your response!

Sorry, I am not quite catch up with you. I am still confused about how 
HOST_REGEXP will work in the production, may need more clarification:

1)  “To support CNAMES from domains outside of the Traffic Control top 
level DNS domain, enter multiple HOST_REGEXP lines”: 

What does this mean about “outside of the Traffic Control top level DNS 
domain”, will the CNAME still be response by Traffic Router?

If yes, then looks like it could only work to replace “tr” or “edge” field. 
For example, a CDN with domain name “example.com”, and  DS with HOST_REGEXP 0 
“.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone file 
“movie.example.com.” will be created. So traffic router could only serve DNS 
request for “*.movie.example.com”. Does this mean “aliens.movie.example.com” 
will be a CNAME for “tr.movie.example.com”? I think domain name like 
“tr.aliens.example.com” could not be resolved by Traffic Router, correct?

2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not 
authoritative for and we don't control.”:
Does this mean the CNAMES are not managed by Traffic Router, and need be 
configured in other DNS servers? If yes, how could that work for HTTPS? Take 
the above example, if DNS query for “tr.aliens.example.com” would be response 
as CNAME of “tr.movie.example.com” by outside DNS server, then Traffic Router 
will response for further DNS query for “tr.movie.example.com”. The client will 
still use “tr.aliens.example.com” in the HTTPS request, therefore the SSL 
certificate will still not work since no SSL SAN configured.

Thanks,
Zhilin

On 8/29/17, 11:32 PM, "Dave Neuman"  wrote:

This doc states To support CNAMES from domains outside of the Traffic
Control top level DNS domain, enter multiple HOST_REGEXP lines, which 
shows
that we intended HOST_REGEXP > 0 to be for CNAMES.

http://trafficcontrol.apache.org/docs/latest/admin/traffic_ops/using.html?highlight=host_regexp#delivery-service-regexp

On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman  wrote:

> Hi Zhilin,
> Sorry for not responding sooner.
>
> I answered your questions inline below.  Let me know what other 
questions
> you have.
>
> Thanks,
> Dave
>
> On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> zhilh...@cisco.com> wrote:
>
>> Hmm, no response…
>>
>> I think I should suppose no one is using multiple subdomains in
>> production. Please response if I am wrong.
>>
>> Thanks,
>> Zhilin
>>
>>
>> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" 
>> wrote:
>>
>> Hi folks,
>>
>> The multiple subdomain (HOST_REGEXP) looks not working in TC 
version
>> we are using. However, after checking the code in latest master 
branch, I
>> would suspect if this is fully supported:
>>
>> 1. Based on the code, Traffic Router may not fully support
>> HOST_REGEXP with “set_number” not equal 0. The cr-config generated 
will
>> only include the first HOST_REGEXP into the “domains” field for each
>> delivery service. So the auto-zones will not be generated for other
>> HOST_REGEXP.
>>
>
> Correct, the regex is in the CrConfig but not in the domains section. 
 The
> HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on
> other domains.  Since the CNAMEs are not on the domain the TR is
> authoritative for, the TR cannot manage zones for them.
>
>
>>
>> 2. For HTTPS delivery service, the SSL certificate will only be
>> generated for the first HOST_REGEXP.
>>
>
> Correct, again we use HOST_REGEXP > 0 as CNAMES which would be 
domains we
> are not authoritative for and we don't control.
>
>
>> Have anyone of you are using multiple HOST_REGEXP in your 
delivery
>> services? Please correct me if my understanding is wrong.
>>
>> If we want to fully support multiple subdomain (HOST_REGEXP), 
should
>> we do:
>>
>> For item 1) above, expand all HOST_REGEXP and add into “domains”
>> field for each delivery service in “cr-config”. Is there any special 
reason
>> to only include

Re: Is multiple subdomains fully supported?

2017-08-29 Thread Zhilin Huang (zhilhuan)

Hi Dave,

Thanks a lot for your response!

Sorry, I am not quite catch up with you. I am still confused about how 
HOST_REGEXP will work in the production, may need more clarification:

1)  “To support CNAMES from domains outside of the Traffic Control top level 
DNS domain, enter multiple HOST_REGEXP lines”: 

What does this mean about “outside of the Traffic Control top level DNS 
domain”, will the CNAME still be response by Traffic Router?

If yes, then looks like it could only work to replace “tr” or “edge” field. For 
example, a CDN with domain name “example.com”, and  DS with HOST_REGEXP 0 
“.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone file 
“movie.example.com.” will be created. So traffic router could only serve DNS 
request for “*.movie.example.com”. Does this mean “aliens.movie.example.com” 
will be a CNAME for “tr.movie.example.com”? I think domain name like 
“tr.aliens.example.com” could not be resolved by Traffic Router, correct?

2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not 
authoritative for and we don't control.”:
Does this mean the CNAMES are not managed by Traffic Router, and need be 
configured in other DNS servers? If yes, how could that work for HTTPS? Take 
the above example, if DNS query for “tr.aliens.example.com” would be response 
as CNAME of “tr.movie.example.com” by outside DNS server, then Traffic Router 
will response for further DNS query for “tr.movie.example.com”. The client will 
still use “tr.aliens.example.com” in the HTTPS request, therefore the SSL 
certificate will still not work since no SSL SAN configured.

Thanks,
Zhilin

On 8/29/17, 11:32 PM, "Dave Neuman"  wrote:

This doc states To support CNAMES from domains outside of the Traffic
Control top level DNS domain, enter multiple HOST_REGEXP lines, which shows
that we intended HOST_REGEXP > 0 to be for CNAMES.

http://trafficcontrol.apache.org/docs/latest/admin/traffic_ops/using.html?highlight=host_regexp#delivery-service-regexp

On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman  wrote:

> Hi Zhilin,
> Sorry for not responding sooner.
>
> I answered your questions inline below.  Let me know what other questions
> you have.
>
> Thanks,
> Dave
>
> On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> zhilh...@cisco.com> wrote:
>
>> Hmm, no response…
>>
>> I think I should suppose no one is using multiple subdomains in
>> production. Please response if I am wrong.
>>
>> Thanks,
>> Zhilin
>>
>>
>> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" 
>> wrote:
>>
>> Hi folks,
>>
>> The multiple subdomain (HOST_REGEXP) looks not working in TC version
>> we are using. However, after checking the code in latest master branch, I
>> would suspect if this is fully supported:
>>
>> 1. Based on the code, Traffic Router may not fully support
>> HOST_REGEXP with “set_number” not equal 0. The cr-config generated will
>> only include the first HOST_REGEXP into the “domains” field for each
>> delivery service. So the auto-zones will not be generated for other
>> HOST_REGEXP.
>>
>
> Correct, the regex is in the CrConfig but not in the domains section.  The
> HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on
> other domains.  Since the CNAMEs are not on the domain the TR is
> authoritative for, the TR cannot manage zones for them.
>
>
>>
>> 2. For HTTPS delivery service, the SSL certificate will only be
>> generated for the first HOST_REGEXP.
>>
>
> Correct, again we use HOST_REGEXP > 0 as CNAMES which would be domains we
> are not authoritative for and we don't control.
>
>
>> Have anyone of you are using multiple HOST_REGEXP in your delivery
>> services? Please correct me if my understanding is wrong.
>>
>> If we want to fully support multiple subdomain (HOST_REGEXP), should
>> we do:
>>
>> For item 1) above, expand all HOST_REGEXP and add into “domains”
>> field for each delivery service in “cr-config”. Is there any special 
reason
>> to only include the first one?
>>
>
> Yes, we put CNAMEs in this field so TR could not be authoritative for
> those zones.  You would need to do some check to make sure that TR can
> actually manage the zone before adding including it in the domains 
section.
>
>
>>
>> For item 2) above, add SAN in SSL certificate for all HOST_REGEXP
>> other than the first one (set_number == 0)?
>>
>
> See above.
>
>
>> Thanks,
>> Zhilin
>>
>>
>>
>>
>>
>

Re: Is multiple subdomains fully supported?

2017-08-29 Thread Dave Neuman

This doc states To support CNAMES from domains outside of the Traffic
Control top level DNS domain, enter multiple HOST_REGEXP lines, which shows
that we intended HOST_REGEXP > 0 to be for CNAMES.

http://trafficcontrol.apache.org/docs/latest/admin/traffic_ops/using.html?highlight=host_regexp#delivery-service-regexp


On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman  wrote:

> Hi Zhilin,
> Sorry for not responding sooner.
>
> I answered your questions inline below.  Let me know what other questions
> you have.
>
> Thanks,
> Dave
>
> On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> zhilh...@cisco.com> wrote:
>
>> Hmm, no response…
>>
>> I think I should suppose no one is using multiple subdomains in
>> production. Please response if I am wrong.
>>
>> Thanks,
>> Zhilin
>>
>>
>> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" 
>> wrote:
>>
>> Hi folks,
>>
>> The multiple subdomain (HOST_REGEXP) looks not working in TC version
>> we are using. However, after checking the code in latest master branch, I
>> would suspect if this is fully supported:
>>
>> 1. Based on the code, Traffic Router may not fully support
>> HOST_REGEXP with “set_number” not equal 0. The cr-config generated will
>> only include the first HOST_REGEXP into the “domains” field for each
>> delivery service. So the auto-zones will not be generated for other
>> HOST_REGEXP.
>>
>
> Correct, the regex is in the CrConfig but not in the domains section.  The
> HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on
> other domains.  Since the CNAMEs are not on the domain the TR is
> authoritative for, the TR cannot manage zones for them.
>
>
>>
>> 2. For HTTPS delivery service, the SSL certificate will only be
>> generated for the first HOST_REGEXP.
>>
>
> Correct, again we use HOST_REGEXP > 0 as CNAMES which would be domains we
> are not authoritative for and we don't control.
>
>
>> Have anyone of you are using multiple HOST_REGEXP in your delivery
>> services? Please correct me if my understanding is wrong.
>>
>> If we want to fully support multiple subdomain (HOST_REGEXP), should
>> we do:
>>
>> For item 1) above, expand all HOST_REGEXP and add into “domains”
>> field for each delivery service in “cr-config”. Is there any special reason
>> to only include the first one?
>>
>
> Yes, we put CNAMEs in this field so TR could not be authoritative for
> those zones.  You would need to do some check to make sure that TR can
> actually manage the zone before adding including it in the domains section.
>
>
>>
>> For item 2) above, add SAN in SSL certificate for all HOST_REGEXP
>> other than the first one (set_number == 0)?
>>
>
> See above.
>
>
>> Thanks,
>> Zhilin
>>
>>
>>
>>
>>
>

Re: Is multiple subdomains fully supported?

2017-08-29 Thread Dave Neuman

Hi Zhilin,
Sorry for not responding sooner.

I answered your questions inline below.  Let me know what other questions
you have.

Thanks,
Dave

On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan)  wrote:

> Hmm, no response…
>
> I think I should suppose no one is using multiple subdomains in
> production. Please response if I am wrong.
>
> Thanks,
> Zhilin
>
>
> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)"  wrote:
>
> Hi folks,
>
> The multiple subdomain (HOST_REGEXP) looks not working in TC version
> we are using. However, after checking the code in latest master branch, I
> would suspect if this is fully supported:
>
> 1. Based on the code, Traffic Router may not fully support HOST_REGEXP
> with “set_number” not equal 0. The cr-config generated will only include
> the first HOST_REGEXP into the “domains” field for each delivery service.
> So the auto-zones will not be generated for other HOST_REGEXP.
>

Correct, the regex is in the CrConfig but not in the domains section.  The
HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on
other domains.  Since the CNAMEs are not on the domain the TR is
authoritative for, the TR cannot manage zones for them.

>
> 2. For HTTPS delivery service, the SSL certificate will only be
> generated for the first HOST_REGEXP.
>

Correct, again we use HOST_REGEXP > 0 as CNAMES which would be domains we
are not authoritative for and we don't control.

> Have anyone of you are using multiple HOST_REGEXP in your delivery
> services? Please correct me if my understanding is wrong.
>
> If we want to fully support multiple subdomain (HOST_REGEXP), should
> we do:
>
> For item 1) above, expand all HOST_REGEXP and add into “domains” field
> for each delivery service in “cr-config”. Is there any special reason to
> only include the first one?
>

Yes, we put CNAMEs in this field so TR could not be authoritative for those
zones.  You would need to do some check to make sure that TR can actually
manage the zone before adding including it in the domains section.

>
> For item 2) above, add SAN in SSL certificate for all HOST_REGEXP
> other than the first one (set_number == 0)?
>

See above.

> Thanks,
> Zhilin
>
>
>
>
>

Re: Is multiple subdomains fully supported?

2017-08-28 Thread Zhilin Huang (zhilhuan)

Hmm, no response…

I think I should suppose no one is using multiple subdomains in production. 
Please response if I am wrong.

Thanks,
Zhilin


On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)"  wrote:

Hi folks,

The multiple subdomain (HOST_REGEXP) looks not working in TC version we are 
using. However, after checking the code in latest master branch, I would 
suspect if this is fully supported:

1. Based on the code, Traffic Router may not fully support HOST_REGEXP with 
“set_number” not equal 0. The cr-config generated will only include the first 
HOST_REGEXP into the “domains” field for each delivery service. So the 
auto-zones will not be generated for other HOST_REGEXP.

2. For HTTPS delivery service, the SSL certificate will only be generated 
for the first HOST_REGEXP.

Have anyone of you are using multiple HOST_REGEXP in your delivery 
services? Please correct me if my understanding is wrong.

If we want to fully support multiple subdomain (HOST_REGEXP), should we do:

For item 1) above, expand all HOST_REGEXP and add into “domains” field for 
each delivery service in “cr-config”. Is there any special reason to only 
include the first one?

For item 2) above, add SAN in SSL certificate for all HOST_REGEXP other 
than the first one (set_number == 0)?


Thanks,
Zhilin

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

Re: Is multiple subdomains fully supported?

8 matches

Site Navigation

Mail list logo

Footer information