Merge pull request #545 from Dstack-TEE/feat/gateway-wildcard-custom-domain

feat: support wildcard custom domains in gateway

Author: kvinwang

gateway/src/proxy/tls_passthough.rs

@@ -58,19 +58,30 @@ async fn resolve_app_address(prefix: &str, sni: &str, compat: bool) -> Result<Ap
             };
             return AppAddress::parse(data).context("failed to parse app address");
         }
-        anyhow::bail!("failed to resolve legacy app address");
-    } else {
+    } else if let Ok(lookup) = resolver.txt_lookup(txt_domain).await {
+        if let Some(txt_record) = lookup.iter().next() {
+            if let Some(data) = txt_record.txt_data().first() {
+                return AppAddress::parse(data).context("failed to parse app address");
+            }
+        }
+    }
+
+    // wildcard fallback: try {prefix}-wildcard.{parent_domain}
+    if let Some((_, parent)) = sni.split_once('.') {
+        let wildcard_domain = format!("{prefix}-wildcard.{parent}");
         let lookup = resolver
-            .txt_lookup(txt_domain)
+            .txt_lookup(wildcard_domain)
             .await
-            .context("failed to lookup app address")?;
+            .context("failed to lookup wildcard app address")?;
         let txt_record = lookup.iter().next().context("no txt record found")?;
         let data = txt_record
             .txt_data()
             .first()
             .context("no data in txt record")?;
-        AppAddress::parse(data).context("failed to parse app address")
+        return AppAddress::parse(data).context("failed to parse app address");
     }
+
+    anyhow::bail!("failed to resolve app address for {sni}");
 }
 
 pub(crate) async fn proxy_with_sni(