[GH-ISSUE #603] Conflicting Rules Between next-router and ws-router in Multi-Domain Setup? #27144

Closed
opened 2026-06-10 22:02:49 -05:00 by GiteaMirror · 7 comments
Owner

Originally created by @lekoOwO on GitHub (Apr 25, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/603

I'm following the official example for traefik setting up with Docker compose:

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

  routers:
    # HTTP to HTTPS redirect router
    main-app-router-redirect:
      rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - web
      middlewares:
        - redirect-to-https

    # Next.js router (handles everything except API and WebSocket paths)
    next-router:
      rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

    # API router (handles /api/v1 paths)
    api-router:
      rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

    # WebSocket router
    ws-router:
      rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

  services:
    next-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3002" # Next.js server

    api-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3000" # API/WebSocket server

However, the rule of next-router and ws-router both match the same host (pangolin.example.com), and since ws-router doesn’t restrict any path, it seems to overlap with next-router.

I'm also trying to expand this to support multi-domain/subdomain routing, like *.example.com and *.example.org. Here's what I'm currently doing:

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

  routers:
    # HTTP to HTTPS redirect router
    main-app-router-redirect:
      rule: "HostRegexp(`{host:^.+\\.(example\\.com|example\\.org)$}`)"
      service: next-service
      entryPoints:
        - web
      middlewares:
        - redirect-to-https

    # Next.js router (handles everything except API and WebSocket paths)
    next-router:
      rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)"
      service: next-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
              - "*.example.org"

    # API router (handles /api/v1 paths)
    api-router:
      rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)"
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

    # WebSocket router
    ws-router:
      rule: "HostRegexp(`{host:^.+\\.(example\\.com|example\\.org)$}`)"
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

  services:
    next-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3002" # Next.js server

    api-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3000" # API/WebSocket server

Questions:

  1. Is the rule overlap between next-router and ws-router problematic in this setup?
  2. Is this a proper way to handle multiple domains and subdomains in Traefik?

Any advice or suggestions would be greatly appreciated. Thank you!

Originally created by @lekoOwO on GitHub (Apr 25, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/603 I'm following the [official example](https://docs.fossorial.io/Getting%20Started/Manual%20Install%20Guides/docker-compose) for traefik setting up with Docker compose: ```yaml http: middlewares: redirect-to-https: redirectScheme: scheme: https routers: # HTTP to HTTPS redirect router main-app-router-redirect: rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN service: next-service entryPoints: - web middlewares: - redirect-to-https # Next.js router (handles everything except API and WebSocket paths) next-router: rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN service: next-service entryPoints: - websecure tls: certResolver: letsencrypt # API router (handles /api/v1 paths) api-router: rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN service: api-service entryPoints: - websecure tls: certResolver: letsencrypt # WebSocket router ws-router: rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN service: api-service entryPoints: - websecure tls: certResolver: letsencrypt services: next-service: loadBalancer: servers: - url: "http://pangolin:3002" # Next.js server api-service: loadBalancer: servers: - url: "http://pangolin:3000" # API/WebSocket server ``` However, the rule of `next-router` and `ws-router` both match the same host (pangolin.example.com), and since `ws-router` doesn’t restrict any path, it seems to overlap with `next-router`. I'm also trying to expand this to support multi-domain/subdomain routing, like `*.example.com` and `*.example.org`. Here's what I'm currently doing: ```yaml http: middlewares: redirect-to-https: redirectScheme: scheme: https routers: # HTTP to HTTPS redirect router main-app-router-redirect: rule: "HostRegexp(`{host:^.+\\.(example\\.com|example\\.org)$}`)" service: next-service entryPoints: - web middlewares: - redirect-to-https # Next.js router (handles everything except API and WebSocket paths) next-router: rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" service: next-service entryPoints: - websecure tls: certResolver: letsencrypt domains: - main: "example.com" sans: - "*.example.com" - "*.example.org" # API router (handles /api/v1 paths) api-router: rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" service: api-service entryPoints: - websecure tls: certResolver: letsencrypt # WebSocket router ws-router: rule: "HostRegexp(`{host:^.+\\.(example\\.com|example\\.org)$}`)" service: api-service entryPoints: - websecure tls: certResolver: letsencrypt services: next-service: loadBalancer: servers: - url: "http://pangolin:3002" # Next.js server api-service: loadBalancer: servers: - url: "http://pangolin:3000" # API/WebSocket server ``` Questions: 1. Is the rule overlap between next-router and ws-router problematic in this setup? 2. Is this a proper way to handle multiple domains and subdomains in Traefik? Any advice or suggestions would be greatly appreciated. Thank you!
GiteaMirror added the stale label 2026-06-10 22:02:49 -05:00
Author
Owner

@spacecake commented on GitHub (Apr 27, 2025):

I am interested too in a multi domain setup for this use case.
Promising project, available for testing 🌞

<!-- gh-comment-id:2833308052 --> @spacecake commented on GitHub (Apr 27, 2025): I am interested too in a multi domain setup for this use case. Promising project, available for testing 🌞
Author
Owner

@miloschwartz commented on GitHub (Apr 28, 2025):

It's a little confusing but because of !PathPrefix('/api/v1') in next-router and PathPrefix('/api/v1') in api-router the result is that ws-router catches requests going to /ws. This is one of those things we did early on and never got around to improving.

<!-- gh-comment-id:2833887734 --> @miloschwartz commented on GitHub (Apr 28, 2025): It's a little confusing but because of `!PathPrefix('/api/v1')` in `next-router` and `PathPrefix('/api/v1')` in `api-router` the result is that `ws-router` catches requests going to `/ws`. This is one of those things we did early on and never got around to improving.
Author
Owner

@github-actions[bot] commented on GitHub (May 13, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2874651688 --> @github-actions[bot] commented on GitHub (May 13, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
Author
Owner

@acedanger commented on GitHub (May 21, 2025):

Don't close this down - multi-domain usage is a hugely beneficial feature. I have multiple domains that I like to spread my stuff over 2 or 3 domains. Cloudflare Tunnels has this ability and It's my one hesitance with using this project.

This was the first project I've sponsored. This is a fantastic project.

<!-- gh-comment-id:2896397511 --> @acedanger commented on GitHub (May 21, 2025): Don't close this down - multi-domain usage is a hugely beneficial feature. I have multiple domains that I like to spread my stuff over 2 or 3 domains. Cloudflare Tunnels has this ability and It's my one hesitance with using this project. This was the first project I've sponsored. This is a fantastic project.
Author
Owner

@miloschwartz commented on GitHub (May 22, 2025):

@acedanger You can use more than on domain for resources. You add them via the config file right now. Check out the domains section: https://docs.fossorial.io/Pangolin/Configuration/config

<!-- gh-comment-id:2899863740 --> @miloschwartz commented on GitHub (May 22, 2025): @acedanger You can use more than on domain for resources. You add them via the config file right now. Check out the domains section: https://docs.fossorial.io/Pangolin/Configuration/config
Author
Owner

@github-actions[bot] commented on GitHub (Jun 6, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2947244779 --> @github-actions[bot] commented on GitHub (Jun 6, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
Author
Owner

@github-actions[bot] commented on GitHub (Jun 20, 2025):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

<!-- gh-comment-id:2989473044 --> @github-actions[bot] commented on GitHub (Jun 20, 2025): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#27144