How do I setup SNI?

SNI is only supported in the v2 configuration/API.

Attention

TLS Inspector listener filter must be configured in order to detect requested SNI.

The following is a YAML example of the above requirement.

  1. address:
  2. socket_address: { address: 127.0.0.1, port_value: 1234 }
  3. listener_filters:
  4. - name: "envoy.listener.tls_inspector"
  5. config: {}
  6. filter_chains:
  7. - filter_chain_match:
  8. server_names: "example.com"
  9. tls_context:
  10. common_tls_context:
  11. tls_certificates:
  12. - certificate_chain: { filename: "example_com_cert.pem" }
  13. private_key: { filename: "example_com_key.pem" }
  14. filters:
  15. - name: envoy.http_connection_manager
  16. config:
  17. route_config:
  18. virtual_hosts:
  19. - routes:
  20. - match: { prefix: "/" }
  21. route: { cluster: service_foo }
  22. - filter_chain_match:
  23. server_names: "www.example.com"
  24. tls_context:
  25. common_tls_context:
  26. tls_certificates:
  27. - certificate_chain: { filename: "www_example_com_cert.pem" }
  28. private_key: { filename: "www_example_com_key.pem" }
  29. filters:
  30. - name: envoy.http_connection_manager
  31. config:
  32. route_config:
  33. virtual_hosts:
  34. - routes:
  35. - match: { prefix: "/" }
  36. route: { cluster: service_foo }