How do I setup SNI?

SNI is only supported in the v2 configuration/API.

Attention

TLS Inspector listener filter must be configured in order to detect requested SNI.

The following is a YAML example of the above requirement.

  1. address:
  2. socket_address: { address: 127.0.0.1, port_value: 1234 }
  3. listener_filters:
  4. - name: "envoy.listener.tls_inspector"
  5. config: {}
  6. filter_chains:
  7. - filter_chain_match:
  8. server_names: ["example.com", "www.example.com"]
  9. tls_context:
  10. common_tls_context:
  11. tls_certificates:
  12. - certificate_chain: { filename: "example_com_cert.pem" }
  13. private_key: { filename: "example_com_key.pem" }
  14. filters:
  15. - name: envoy.http_connection_manager
  16. config:
  17. stat_prefix: ingress_http
  18. route_config:
  19. virtual_hosts:
  20. - name: default
  21. domains: "*"
  22. routes:
  23. - match: { prefix: "/" }
  24. route: { cluster: service_foo }
  25. - filter_chain_match:
  26. server_names: "api.example.com"
  27. tls_context:
  28. common_tls_context:
  29. tls_certificates:
  30. - certificate_chain: { filename: "api_example_com_cert.pem" }
  31. private_key: { filename: "api_example_com_key.pem" }
  32. filters:
  33. - name: envoy.http_connection_manager
  34. config:
  35. stat_prefix: ingress_http
  36. route_config:
  37. virtual_hosts:
  38. - name: default
  39. domains: "*"
  40. routes:
  41. - match: { prefix: "/" }
  42. route: { cluster: service_foo }