How do I setup SNI?¶
SNI is only supported in the v2 configuration/API.
Attention
TLS Inspector listener filter must be configured in order to detect requested SNI.
The following is a YAML example of the above requirement.
address:
socket_address: { address: 127.0.0.1, port_value: 1234 }
listener_filters:
- name: "envoy.listener.tls_inspector"
config: {}
filter_chains:
- filter_chain_match:
server_names: "example.com"
tls_context:
common_tls_context:
tls_certificates:
- certificate_chain: { filename: "example_com_cert.pem" }
private_key: { filename: "example_com_key.pem" }
filters:
- name: envoy.http_connection_manager
config:
route_config:
virtual_hosts:
- routes:
- match: { prefix: "/" }
route: { cluster: service_foo }
- filter_chain_match:
server_names: "www.example.com"
tls_context:
common_tls_context:
tls_certificates:
- certificate_chain: { filename: "www_example_com_cert.pem" }
private_key: { filename: "www_example_com_key.pem" }
filters:
- name: envoy.http_connection_manager
config:
route_config:
virtual_hosts:
- routes:
- match: { prefix: "/" }
route: { cluster: service_foo }