K
Q

Hostname (SNI) missing while using nginx ingress SSL Passtrough to underlying service

6/24/2020

I'm trying to implement SSL Passtrough with nginx-ingress-controller. This is my Ingress Object:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  labels:
    my-label: example
  name: example
  namespace: example
spec:
  rules:
  - host: '*.example.com'
    http:
      paths:
      - backend:
          serviceName: example
          servicePort: 8443
        path: /

The --enable-ssl-passtrough flag is present in the controller args.

When request is coming trough ingress controller to my underlying service I'm trying to parse the SNI to find out what domain was used to find out the certificate I should present, but the service cannot find the SNI and returns this error:

{"level":"debug","ts":1592992137.1836417,"msg":"Error getting server name","error":"No hostname"}

Does nginx-ingress-controller remove the SNI when parsing? Or what may be the reason for such behavior?

Thanks in advance for help

-- Morishiri
kubernetes
nginx
nginx-ingress

Similar Questions

Kubernetes cluster without kubernetes Master
Pod Completion without completing process
GCE, Kubernetes with Socket.IO, NodeJs not enough resources
.NET Core Docker Container won't work in Kubernetes
Kubernetes secrets encryption

1 Answer

6/25/2020

I contacted nginx-ingress developers directly and I got information that the reason this is not working is the wildcard domain, which is not supported by nginx-ingress.

Everything else is configured correctly and when changing *.example.com into something specific (e.g. whatever.example.com) it works correctly.

-- Morishiri
Source: StackOverflow