proxy_ssl_name
The proxy_ssl_name directive specifies the SSL hostname for the proxied request.
Description
The proxy_ssl_name directive is used in the NGINX HTTP module to set the value of the 'Host' header in the proxied SSL requests. This host value is critical when the backend server uses the SNI (Server Name Indication) extension for SSL, which allows multiple SSL certificates to be served from the same IP address.
By configuring proxy_ssl_name, you can ensure the correct hostname is sent to the backend server when making a request. The directive accepts a single argument, which is the hostname that NGINX will use when forwarding SSL requests. It can be placed at the http, server, or location context levels, thus allowing fine-grained control over SSL behavior in various scopes of the configuration.
For instance, if you have multiple upstream servers that require different SSL settings or hostnames for successful TLS handshakes, you can specify proxy_ssl_name appropriately for each context. If not set, NGINX will send the original Host header from the client's request, which may not always be correct for upstream server settings, leading to potential failures in connecting securely.
Config Example
location /api {
proxy_pass https://backend.example.com;
proxy_ssl_name backend.example.com;
}Ensure the provided hostname matches one of the SSL certificates on the backend server to prevent SSL handshake failures.
Misconfiguration may lead to security vulnerabilities if incorrect hostnames are used in SSL communication.