@@ -1015,20 +1015,22 @@ function checker:run_single_check(ip, port, hostname, hostheader)
1015
1015
end
1016
1016
1017
1017
if self .checks .active .type == " https" then
1018
- local session
1018
+ local https_sni , session , err
1019
+ https_sni = self .checks .active .https_sni or hostheader or hostname
1019
1020
if self .ssl_cert and self .ssl_key then
1020
1021
session , err = sock :tlshandshake ({
1021
1022
verify = self .checks .active .https_verify_certificate ,
1022
1023
client_cert = self .ssl_cert ,
1023
- client_priv_key = self .ssl_key
1024
+ client_priv_key = self .ssl_key ,
1025
+ server_name = https_sni
1024
1026
})
1025
1027
else
1026
- session , err = sock :sslhandshake (nil , hostname ,
1028
+ session , err = sock :sslhandshake (nil , https_sni ,
1027
1029
self .checks .active .https_verify_certificate )
1028
1030
end
1029
1031
if not session then
1030
1032
sock :close ()
1031
- self :log (ERR , " failed SSL handshake with '" , hostname , " (" , ip , " :" , port , " )': " , err )
1033
+ self :log (ERR , " failed SSL handshake with '" , hostname or " " , " (" , ip , " :" , port , " )', using server name (sni) ' " , https_sni , " ': " , err )
1032
1034
return self :report_tcp_failure (ip , port , hostname , " connect" , " active" )
1033
1035
end
1034
1036
@@ -1436,6 +1438,7 @@ local defaults = {
1436
1438
timeout = 1 ,
1437
1439
concurrency = 10 ,
1438
1440
http_path = " /" ,
1441
+ https_sni = NO_DEFAULT ,
1439
1442
https_verify_certificate = true ,
1440
1443
headers = {" " },
1441
1444
healthy = {
@@ -1502,12 +1505,13 @@ end
1502
1505
--
1503
1506
-- * `name`: name of the health checker
1504
1507
-- * `shm_name`: the name of the `lua_shared_dict` specified in the Nginx configuration to use
1505
- -- * `checks.active.type`: "http", "https" or "tcp" (default is "http")
1506
1508
-- * `ssl_cert`: certificate for mTLS connections (string or parsed object)
1507
1509
-- * `ssl_key`: key for mTLS connections (string or parsed object)
1510
+ -- * `checks.active.type`: "http", "https" or "tcp" (default is "http")
1508
1511
-- * `checks.active.timeout`: socket timeout for active checks (in seconds)
1509
1512
-- * `checks.active.concurrency`: number of targets to check concurrently
1510
1513
-- * `checks.active.http_path`: path to use in `GET` HTTP request to run on active checks
1514
+ -- * `checks.active.https_sni`: SNI server name incase of HTTPS
1511
1515
-- * `checks.active.https_verify_certificate`: boolean indicating whether to verify the HTTPS certificate
1512
1516
-- * `checks.active.headers`: one or more lists of values indexed by header name
1513
1517
-- * `checks.active.healthy.interval`: interval between checks for healthy targets (in seconds)
0 commit comments