OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: CeeMac on February 18, 2020, 08:26:21 pm

Title: nginx 1.17 plugin SNI proxy_ssl_server_name
Post by: CeeMac on February 18, 2020, 08:26:21 pm

Hi,

I'm on 19.7.10 with nginx plugin and have an issue with TLS decrypt / recrypt using http server -> location - > backend. The upstream server terminates TLS and performs SNI matching to route traffic into a kubernetes cluster. The Ingress is not matching anything and during debugging it was noticed that the 'Server Name Indicator' header was empty post nginx plugin. Performing a curl directly to the upstream shows a complete SNI header.

Looking at the core nginx documentation I would need to set 'proxy_ssl_server_name = on' however there doesn't appear to be an equivalent setting in the plugin UI. Is this something that is planned to be added at all or is there a way I can customise the configuration to inject this value?

Thanks


Sent from my ONEPLUS A5000 using Tapatalk

Title: Re: nginx 1.17 plugin SNI proxy_ssl_server_name
Post by: fabian on February 18, 2020, 08:34:44 pm

Can you create a ticket with that feature request on GitHub please?

Title: Re: nginx 1.17 plugin SNI proxy_ssl_server_name
Post by: CeeMac on February 18, 2020, 08:47:46 pm

Sure, can you link me to the correct place?

Sent from my ONEPLUS A5000 using Tapatalk

Title: Re: nginx 1.17 plugin SNI proxy_ssl_server_name
Post by: CeeMac on February 18, 2020, 09:14:47 pm

Nvm found it:

https://github.com/opnsense/plugins/issues/1703

Sent from my ONEPLUS A5000 using Tapatalk