How do I setup SNI?

SNI is only supported in the v2 configuration/API.

Attention

TLS Inspector listener filter must be configured in order to detect requested SNI.

The following is a YAML example of the above requirement.

  1. address:
  2.   socket_address: { address: 127.0.0.1, port_value: 1234 }
  3. listener_filters:
  4. - name: "envoy.listener.tls_inspector"
  5.   typed_config: {}
  6. filter_chains:
  7. - filter_chain_match:
  8.     server_names: ["example.com", "www.example.com"]
  9.   tls_context:
  10.     common_tls_context:
  11.       tls_certificates:
  12.       - certificate_chain: { filename: "example_com_cert.pem" }
  13.         private_key: { filename: "example_com_key.pem" }
  14.   filters:
  15.   - name: envoy.http_connection_manager
  16.     typed_config:
  17.       "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
  18.       stat_prefix: ingress_http
  19.       route_config:
  20.         virtual_hosts:
  21.         - name: default
  22.           domains: "*"
  23.           routes:
  24.           - match: { prefix: "/" }
  25.             route: { cluster: service_foo }
  26. - filter_chain_match:
  27.     server_names: "api.example.com"
  28.   tls_context:
  29.     common_tls_context:
  30.       tls_certificates:
  31.       - certificate_chain: { filename: "api_example_com_cert.pem" }
  32.         private_key: { filename: "api_example_com_key.pem" }
  33.   filters:
  34.   - name: envoy.http_connection_manager
  35.     typed_config:
  36.       "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
  37.       stat_prefix: ingress_http
  38.       route_config:
  39.         virtual_hosts:
  40.         - name: default
  41.           domains: "*"
  42.           routes:
  43.           - match: { prefix: "/" }
  44.             route: { cluster: service_foo }