Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
nginx 1.17 plugin SNI proxy_ssl_server_name
« previous
next »
Print
Pages: [
1
]
Author
Topic: nginx 1.17 plugin SNI proxy_ssl_server_name (Read 5027 times)
CeeMac
Newbie
Posts: 7
Karma: 0
nginx 1.17 plugin SNI proxy_ssl_server_name
«
on:
February 18, 2020, 08:26:21 pm »
Hi,
I'm on 19.7.10 with nginx plugin and have an issue with TLS decrypt / recrypt using http server -> location - > backend. The upstream server terminates TLS and performs SNI matching to route traffic into a kubernetes cluster. The Ingress is not matching anything and during debugging it was noticed that the 'Server Name Indicator' header was empty post nginx plugin. Performing a curl directly to the upstream shows a complete SNI header.
Looking at the core nginx documentation I would need to set 'proxy_ssl_server_name = on' however there doesn't appear to be an equivalent setting in the plugin UI. Is this something that is planned to be added at all or is there a way I can customise the configuration to inject this value?
Thanks
Sent from my ONEPLUS A5000 using Tapatalk
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx 1.17 plugin SNI proxy_ssl_server_name
«
Reply #1 on:
February 18, 2020, 08:34:44 pm »
Can you create a ticket with that feature request on GitHub please?
Logged
CeeMac
Newbie
Posts: 7
Karma: 0
Re: nginx 1.17 plugin SNI proxy_ssl_server_name
«
Reply #2 on:
February 18, 2020, 08:47:46 pm »
Sure, can you link me to the correct place?
Sent from my ONEPLUS A5000 using Tapatalk
Logged
CeeMac
Newbie
Posts: 7
Karma: 0
Re: nginx 1.17 plugin SNI proxy_ssl_server_name
«
Reply #3 on:
February 18, 2020, 09:14:47 pm »
Nvm found it:
https://github.com/opnsense/plugins/issues/1703
Sent from my ONEPLUS A5000 using Tapatalk
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
nginx 1.17 plugin SNI proxy_ssl_server_name