Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Nginx SNI Upstream Maps with wildcard?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Nginx SNI Upstream Maps with wildcard? (Read 1802 times)
Krischan
Newbie
Posts: 7
Karma: 0
Nginx SNI Upstream Maps with wildcard?
«
on:
August 28, 2021, 04:57:21 pm »
I have been trying to configure SNI Upstream Maps as explained here:
https://docs.opnsense.org/manual/how-tos/nginx_streams.html#sni-upstream-maps
And with regular domain names it works great, but to simplify the setup it would be nice to just set something like *.example.com for a mapping.
However when trying this I get an error about this not being possible.
Is this not supported, or did I do something wrong? Thanks for the help!
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Nginx SNI Upstream Maps with wildcard?
«
Reply #1 on:
August 28, 2021, 06:28:45 pm »
It was never intended to support that. So I guess that this might be a validation problem only. However I don't really see the advantage, since it would make only sense if you have multiple kubernetes clusters, but they have their own load balancers.
«
Last Edit: August 28, 2021, 06:31:14 pm by fabian
»
Logged
Krischan
Newbie
Posts: 7
Karma: 0
Re: Nginx SNI Upstream Maps with wildcard?
«
Reply #2 on:
August 29, 2021, 12:57:06 am »
Huh, I don't follow at all why this would only make sense for Kubernetes???
I have a rather simple home-lab where I don't want to terminate all the SSL connections on the firewall but rather pass them through to various servers that terminate the SSL connection themselves. That way I don't have the load on the OPNsense firewall that already does the heavy load of routing etc. and internal connections are still encrypted to the end-point.
The only way I found to do that is with SNI, and it works very nicely using the build in Nginx in OPNsense.
But since I have multiple services in various subdomains the list has grown very unwieldy and I also have to manually add a subdomain for every service. If wildcards were supported the list would shrink by at least 3/4 in size and I could easily spin up new subdomains on the servers without having to touch the OPNsense config.
Does that make sense?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Nginx SNI Upstream Maps with wildcard?
«
Reply #3 on:
August 29, 2021, 06:46:44 am »
The reason for my thought is that if you want to forward everything to a single node, you can use a port forwarding as well. So this would make only sense if you have multiple domains that point to different clusters.
Logged
Krischan
Newbie
Posts: 7
Karma: 0
Re: Nginx SNI Upstream Maps with wildcard?
«
Reply #4 on:
August 30, 2021, 03:57:46 am »
Yes I want to separate out different domain names to different backend servers/clusters.
Like having domain1.com point to one upstream server/cluster and domain2.com point to another.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Nginx SNI Upstream Maps with wildcard?