From 8715a28320c78061b57d1889db8c12ce1ca283a8 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Thu, 10 Oct 2019 17:17:06 -0600
Subject: reverse_proxy: Customize SNI value in upstream request (closes #2483)

---
 modules/caddyhttp/reverseproxy/httptransport.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules/caddyhttp/reverseproxy/httptransport.go')

diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index 4ff9989..fb3ef06 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -147,6 +147,7 @@ type TLSConfig struct {
 	ClientCertificateKeyFile string         `json:"client_certificate_key_file,omitempty"`
 	InsecureSkipVerify       bool           `json:"insecure_skip_verify,omitempty"`
 	HandshakeTimeout         caddy.Duration `json:"handshake_timeout,omitempty"`
+	ServerName               string         `json:"server_name,omitempty"`
 }
 
 // MakeTLSClientConfig returns a tls.Config usable by a client to a backend.
@@ -182,6 +183,9 @@ func (t TLSConfig) MakeTLSClientConfig() (*tls.Config, error) {
 		cfg.RootCAs = rootPool
 	}
 
+	// custom SNI
+	cfg.ServerName = t.ServerName
+
 	// throw all security out the window
 	cfg.InsecureSkipVerify = t.InsecureSkipVerify
 
-- 
cgit v1.2.3