Skip to content

Commit 97c37e5

Browse files
salonichf5salonichf5
authored
Add directive for SSL Server block (#1934)
Adds a directive for server's location block when BackendTLS is configured Problem: Users want to configure BackendTLS successfully with NGF. Solution: Adds a directive proxy_ssl_server_name on in the server location block to avoid connection resets during SSL handshake.
1 parent 5581a64 commit 97c37e5

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

internal/mode/static/nginx/config/servers_template.go

+1
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ server {
6060
{{ $proxyOrGRPC }}_pass {{ $l.ProxyPass }};
6161
proxy_http_version 1.1;
6262
{{- if $l.ProxySSLVerify }}
63+
{{ $proxyOrGRPC }}_ssl_server_name on;
6364
{{ $proxyOrGRPC }}_ssl_verify on;
6465
{{ $proxyOrGRPC }}_ssl_name {{ $l.ProxySSLVerify.Name }};
6566
{{ $proxyOrGRPC }}_ssl_trusted_certificate {{ $l.ProxySSLVerify.TrustedCertificate }};

internal/mode/static/nginx/config/servers_test.go

+27
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,32 @@ func TestExecuteServers(t *testing.T) {
4848
KeyPairID: "test-keypair",
4949
},
5050
Port: 8443,
51+
PathRules: []dataplane.PathRule{
52+
{
53+
Path: "/",
54+
PathType: dataplane.PathTypePrefix,
55+
MatchRules: []dataplane.MatchRule{
56+
{
57+
Match: dataplane.Match{},
58+
BackendGroup: dataplane.BackendGroup{
59+
Source: types.NamespacedName{Namespace: "test", Name: "route1"},
60+
RuleIdx: 0,
61+
Backends: []dataplane.Backend{
62+
{
63+
UpstreamName: "test_foo_443",
64+
Valid: true,
65+
Weight: 1,
66+
VerifyTLS: &dataplane.VerifyTLS{
67+
CertBundleID: "test-foo",
68+
Hostname: "test-foo.example.com",
69+
},
70+
},
71+
},
72+
},
73+
},
74+
},
75+
},
76+
},
5177
},
5278
},
5379
}
@@ -61,6 +87,7 @@ func TestExecuteServers(t *testing.T) {
6187
"server_name cafe.example.com;": 2,
6288
"ssl_certificate /etc/nginx/secrets/test-keypair.pem;": 2,
6389
"ssl_certificate_key /etc/nginx/secrets/test-keypair.pem;": 2,
90+
"proxy_ssl_server_name on;": 1,
6491
}
6592
g := NewWithT(t)
6693
serverResults := executeServers(conf)

0 commit comments

Comments
 (0)