Any experience with SNIProxy & Nginx?


#1

Hi,
has anyone experience with SNI proxy configuration? I would like to issue and use certificates behind a “firewall server” which uses Nginx and passes connections to different backend servers via. proxy_pass. Since Nginx is a SSL endpoint I somehow have to forward TLS sessions based on the hostname to different servers.
I guess this project would do the job: https://github.com/dlundquist/sniproxy
But it somehow lacks configuration examples in combination with Nginx.

Best regards,
Jonas Heinrich


#2

Hi Jonas,

you don’t need additional software to do that job. You setup a server context for each of your virtual servers within NGINX. Each server context needs these three directives to work with SNI:

Based on the value(s) of server_name NGINX then decides which virtual server context is the right one. Note that you don’t need different certificates for each virtual server. If a certificate matches the server_name of multiple contexts you can specify the cert and the key multiple times.

Also: Let’s Encrypt allows you to put up to 100 FQDN into the subjectAltName of each certificate. So in most cases you actually don’t need SNI at all!