NotChristianGarcia
commented
1 year ago There's no way to read SNI information. This is a flop for now.
Closed NotChristianGarcia closed 1 year ago
NotChristianGarcia
commented
1 year ago There's no way to read SNI information. This is a flop for now.
Currently TLS is required so we can "ssl_preread" at the nginx level and route according to subdomain. With the bolt driver, user has to have TLS outgoing and incoming if "encrypted" attr is True. Meaning, we need to return TLS, meaning certs.
It might be possible for a user to send us non-TLS TCP, we convert that to TLS compliant TCP, THEN we preread subdomain information? This assumes that ssl_preread just works at this point. Might be possible. Nginx has the certs. We can then go back to sending non-TLS TCP to the pod. Bolt is happy in this case, because non-TLS out and non-TLS back.