6 lines
333 B
Text
6 lines
333 B
Text
# Enable SNI when proxy_pass targets an HTTPS origin by hostname. Without this,
|
|
# multi-tenant upstreams can return the wrong certificate or application.
|
|
proxy_ssl_server_name on;
|
|
|
|
# Do not force proxy_ssl_name or proxy_ssl_verify here. Those depend on whether
|
|
# the caller proxies to a hostname, an upstream block, or a private CA.
|