Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/schm1tz1/sni-routing-examples

Last synced: 14 days ago
JSON representation

Host: GitHub
URL: https://github.com/schm1tz1/sni-routing-examples
Owner: Schm1tz1
Created: 2023-04-24T20:53:34.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-07-16T11:24:17.000Z (over 1 year ago)
Last Synced: 2024-10-31T09:52:34.151Z (3 months ago)
Language: Shell
Size: 93.8 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Docker and Kubernetes Examples for SNI-Routing

**NOTE:** This repo is still WIP - please use with care!

*A typical use case*: You are using a single proxy/ingress service and need to access different backend services via different DNS / host names. You need two thigs to do the job:
- Some kind of router that will route the backend traffic
- A DNS entry that is pointing to the router

In HTTP traffic this is done using the header information. For TCP traffic there is a different possibility if using TCP over TLS called SNI routing. Here traffic is routed to backend servers / endpoints using the *server_name* in the SNI extension in TLS.

![SNI Routing](./assets/SNI-Routing.svg)

This is a collection of working examples with some common ingress / proxy services. For local testing, we are using host name overrides in docker (i.e. creating `/etc/hosts`entries) with `extra_hosts` instead of a DNS server.

## Working Examples
- **nginx-tls-passthrough** - NGINX OSS example on docker compose
- **nginx-tls-termination** - NGINX OSS example on docker compose

## WIP
- **haproxy-tls-passthrough** - HAProxy example with docker compose

## TODO
- **Caddy**:
- https://caddyserver.com/docs/modules/tls.handshake_match.sni
- https://caddy.community/t/how-can-i-use-proxy-ssl-name-for-sni-in-caddy-2/7739
- https://medium.com/@panda1100/how-to-setup-layer-4-reverse-proxy-to-multiplex-tls-traffic-with-sni-routing-a226c8168826
- https://caddyserver.com/docs/json/apps/http/servers/routes/match/host/
- https://caddyserver.com/docs/caddyfile/concepts#addresses
- **Traefik**:
- https://kupczynski.info/posts/traefik-sni/
- https://traefik.io/blog/traefik-proxy-kubernetes-101/