I have been trying to configure SNI Upstream Maps as explained here: https://docs.opnsense.org/manual/how-tos/nginx_streams.html#sni-upstream-maps
And with regular domain names it works great, but to simplify the setup it would be nice to just set something like *.example.com for a mapping.
However when trying this I get an error about this not being possible.
Is this not supported, or did I do something wrong? Thanks for the help!
It was never intended to support that. So I guess that this might be a validation problem only. However I don't really see the advantage, since it would make only sense if you have multiple kubernetes clusters, but they have their own load balancers.
Huh, I don't follow at all why this would only make sense for Kubernetes???
I have a rather simple home-lab where I don't want to terminate all the SSL connections on the firewall but rather pass them through to various servers that terminate the SSL connection themselves. That way I don't have the load on the OPNsense firewall that already does the heavy load of routing etc. and internal connections are still encrypted to the end-point.
The only way I found to do that is with SNI, and it works very nicely using the build in Nginx in OPNsense.
But since I have multiple services in various subdomains the list has grown very unwieldy and I also have to manually add a subdomain for every service. If wildcards were supported the list would shrink by at least 3/4 in size and I could easily spin up new subdomains on the servers without having to touch the OPNsense config.
Does that make sense?
The reason for my thought is that if you want to forward everything to a single node, you can use a port forwarding as well. So this would make only sense if you have multiple domains that point to different clusters.
Yes I want to separate out different domain names to different backend servers/clusters.
Like having domain1.com point to one upstream server/cluster and domain2.com point to another.