From 8715a28320c78061b57d1889db8c12ce1ca283a8 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 10 Oct 2019 17:17:06 -0600 Subject: [PATCH] reverse_proxy: Customize SNI value in upstream request (closes #2483) --- modules/caddyhttp/reverseproxy/httptransport.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 4ff9989d..fb3ef061 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -147,6 +147,7 @@ type TLSConfig struct { ClientCertificateKeyFile string `json:"client_certificate_key_file,omitempty"` InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty"` HandshakeTimeout caddy.Duration `json:"handshake_timeout,omitempty"` + ServerName string `json:"server_name,omitempty"` } // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. @@ -182,6 +183,9 @@ func (t TLSConfig) MakeTLSClientConfig() (*tls.Config, error) { cfg.RootCAs = rootPool } + // custom SNI + cfg.ServerName = t.ServerName + // throw all security out the window cfg.InsecureSkipVerify = t.InsecureSkipVerify