[PATCH] New variable: $ssl_sni_host

Maxim Dounin mdounin at mdounin.ru
Wed May 22 17:32:37 UTC 2013


Hello!

On Tue, May 21, 2013 at 01:08:43PM +1000, Christian Marie wrote:

> Patch attached adds a new variable, $ssl_sni_host.
> 
> I would find this quite useful as there is no other way of knowing for sure
> which host a request is directed at (at the SSL layer), as the HTTP HOST header
> can be wrong.
> 
> Possibly somewhat related to: http://trac.nginx.org/nginx/ticket/229
> 
> I should mention that I don't intend for this to be a drop in replacement for
> $http_host, though that could very well work with proxy_pass.

E.g. with SPDY, server name as indicated using SNI in it's turn is 
_expected_ to be wrong, at least with Chrome.  Using such a 
variable with proxy_pass doesn't looks like a good idea.

Such a variable might make sense from logging point of view 
though.  But probably solution suggested by Piotr Sikora is a bit 
better, see here:

http://mailman.nginx.org/pipermail/nginx-devel/2013-May/003745.html
http://mailman.nginx.org/pipermail/nginx-devel/2013-May/003746.html
http://mailman.nginx.org/pipermail/nginx-devel/2013-May/003747.html

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list