-
Notifications
You must be signed in to change notification settings - Fork 213
Server Name Indication
Illarion Kovalchuk edited this page Mar 20, 2017
·
6 revisions
(since 0.4.0)
Server Name Indication is an extension to the TLS protocol, described in rfc6066, allowing clients to provide server name in extended "client hello" during TLS handshake.
Gobetween can route traffic to different sets of backends, depending on provided server name. Server name is never encrypted in TLS handshake, so that gobetween can extract it from encrypted TLS traffic without any knowledge of certificates and keys used in communication between client and backend.
# [servers.default.sni] # (optional)
# read_timeout = "2s" # (optional) timeout for reading sni from client
# hostname_matching_strategy = "exact" # (optional) "exact" | "regexp" if regexp, then match using regular expression associated with backend.
# unexpected_hostname_strategy = "default" # (optional) "default" | "reject" | "any" strategy for dealing with unknown hostname requests
# # "default" -- forward connections to backends with no sni tag
# # "reject" -- drop connection
# # "any" -- forward to any available backend
read_timeout is used for dealing with clients that fail to provide sni information during handshake.
For more details please refer to Discovery. The common pattern is that each discovery method provides sni field of the backend, if it is available.