data-plane-api/docs/root/faq/sni.rst

.. _faq_how_to_setup_sni:

How do I setup SNI?
===================

`SNI <https://en.wikipedia.org/wiki/Server_Name_Indication>`_ is only supported in the :ref:`v2
configuration/API <config_overview_v2>`.

The current implementation has the requirement that the :ref:`filters
<envoy_api_field_listener.FilterChain.filters>` in every :ref:`FilterChain <envoy_api_msg_listener.FilterChain>` must
be identical. In a future release, this requirement will be relaxed so that SNI can be used to
choose between completely different filter chains. :ref:`Domain name matching
<envoy_api_field_route.VirtualHost.domains>` can still be used within the HTTP connection manager to
choose different routes. This is by far the most common use case for SNI.

The following is a YAML example of the above requirement.

.. code-block:: yaml

  address:
    socket_address: { address: 127.0.0.1, port_value: 1234 }
  filter_chains:
  - filter_chain_match:
      sni_domains: "example.com"
    tls_context:
      common_tls_context:
        tls_certificates:
          - certificate_chain: { filename: "example_com_cert.pem" }
            private_key: { filename: "example_com_key.pem" }
    filters:
    - name: envoy.http_connection_manager
      config:
        route_config:
          virtual_hosts:
          - routes:
            - match: { prefix: "/" }
              route: { cluster: service_foo }
  - filter_chain_match:
      sni_domains: "www.example.com"
    tls_context:
      common_tls_context:
        tls_certificates:
          - certificate_chain: { filename: "www_example_com_cert.pem" }
            private_key: { filename: "www_example_com_key.pem" }
    filters:
    - name: envoy.http_connection_manager
      config:
        route_config:
          virtual_hosts:
          - routes:
            - match: { prefix: "/" }
              route: { cluster: service_foo }
Lds docs (#295) Signed-off-by: Matt Klein <mklein@lyft.com> 7 years ago			`.. _faq_how_to_setup_sni:`

			`How do I setup SNI?`
			`===================`

			`SNI <https://en.wikipedia.org/wiki/Server_Name_Indication>`_ is only supported in the :ref:`v2
			configuration/API <config_overview_v2>`.

			The current implementation has the requirement that the :ref:`filters
Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov <kuat@google.com> 7 years ago			<envoy_api_field_listener.FilterChain.filters>` in every :ref:`FilterChain <envoy_api_msg_listener.FilterChain>` must
Lds docs (#295) Signed-off-by: Matt Klein <mklein@lyft.com> 7 years ago			`be identical. In a future release, this requirement will be relaxed so that SNI can be used to`
			choose between completely different filter chains. :ref:`Domain name matching
Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov <kuat@google.com> 7 years ago			<envoy_api_field_route.VirtualHost.domains>` can still be used within the HTTP connection manager to
Lds docs (#295) Signed-off-by: Matt Klein <mklein@lyft.com> 7 years ago			`choose different routes. This is by far the most common use case for SNI.`

			`The following is a YAML example of the above requirement.`

			`.. code-block:: yaml`

			`address:`
			`socket_address: { address: 127.0.0.1, port_value: 1234 }`
			`filter_chains:`
			`- filter_chain_match:`
			`sni_domains: "example.com"`
			`tls_context:`
			`common_tls_context:`
			`tls_certificates:`
			`- certificate_chain: { filename: "example_com_cert.pem" }`
			`private_key: { filename: "example_com_key.pem" }`
			`filters:`
			`- name: envoy.http_connection_manager`
			`config:`
			`route_config:`
			`virtual_hosts:`
			`- routes:`
			`- match: { prefix: "/" }`
			`route: { cluster: service_foo }`
			`- filter_chain_match:`
			`sni_domains: "www.example.com"`
			`tls_context:`
			`common_tls_context:`
			`tls_certificates:`
			`- certificate_chain: { filename: "www_example_com_cert.pem" }`
			`private_key: { filename: "www_example_com_key.pem" }`
			`filters:`
			`- name: envoy.http_connection_manager`
			`config:`
			`route_config:`
			`virtual_hosts:`
			`- routes:`
			`- match: { prefix: "/" }`
			`route: { cluster: service_foo }`