help request: Unable to connect ApiSix DataPlane with ALB with HTTPS

[meektechie]

Description

Hi Team,

I have been working to configure ApiSix as a gateway for my applications. I want the end to end communication to be HTTPS. So i set ALB (via alb-loadbalancer-controller) with HTTPS target and added the ApiSix dataplance service with 443 port (backend it will connect to 9443). While i am trying to connect to the service it throws me error as

On the POD side:

2024/08/23 07:22:24 [error] 7#7: 7992 [lua] init.lua:191: http_ssl_client_hello_phase(): failed to find SNI: please check if the client requests via IP or uses an outdated protocol. If you need to report an issue, provide a packet capture file of the TLS handshake., context: ssl_client_hello_by_lua, client: 171.6.0.49, server: 0.0.0.0:9443

On the browser end:

<title>502 Bad Gateway</title>

502 Bad Gateway

I have added the necessary ssl certificate, but still it was showing "failed to find SNI"

Environment

• APISIX version (run apisix version):
• Operating system (run uname -a):
• OpenResty / Nginx version (run openresty -V or nginx -V):
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):

[zeritti]

What might be worth a try is setting fallback_sni in your dataplane's configuration (Ref.):

Fallback SNI to be used if the client does not send SNI during
the handshake.

apisix:
  ssl:
    fallback_sni: "YOUR_SAN_DOMAIN_NAME"

[meektechie]

Awesome, It works well. Is it possible to use multiple domains here?.

[zeritti]

Awesome, It works well. Is it possible to use multiple domains here?.

I doubt that, it does not seem to be an array.

[meektechie]

Thanks Zeritti. I have been seeking the support for the couple of weeks.

[meektechie]

How can i raise a request to enable this feature?