Skip to content

Add SNI for JWT policy #7427

New issue
New issue
Closed
#7993
Closed
Add SNI for JWT policy#7427
#7993
Assignees
javorszkyhaywoodsh
Labels
area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestrefinedIssues that are ready to be prioritized
Milestone
v5.2.0
@anderius

Description

@anderius
anderius
opened on Feb 28, 2025 · edited by danielnginx

Is your feature request related to a problem? Please describe.

Network rules often rely on SNI to work, and we noticed that Nginx is not always sending the server name.

Describe the solution you'd like

One example is here: https://github.com/nginx/kubernetes-ingress/blob/main/internal/configs/version2/nginx-plus.virtualserver.tmpl#L230

It would be nice if all proxy_pass / external subrequests set SNI, like it is done here:

proxy_ssl_server_name on; # For SNI to the IdP

Describe alternatives you've considered

None. Workaround is to use IP-addresses in firewalls etc.

Additional context

Acceptance Criteria:

Enable users to set:

proxy_ssl_server_name must be off by default, as it is the NGINX default.

proxy_ssl_name should be configurable, and the default value should be the NGINX default value.

Activity

anderius
added
proposalAn issue that proposes a feature request
on Feb 28, 2025
github-actions

github-actions commented on Feb 28, 2025

@github-actions
github-actionsbot
on Feb 28, 2025
Contributor

Hi @anderius thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

shaun-nx
added
needs triageAn issue that needs to be triaged
on Mar 12, 2025
shaun-nx
added this to NGINX Ingress Controlleron Mar 12, 2025
github-project-automation
moved this to Todo ☑ in NGINX Ingress Controlleron Mar 12, 2025
shaun-nx
linked a pull request that will close this issueAdded SNI support for JWT secrets retrieved from HTTPS URL #7500on Mar 12, 2025
shaun-nx
added
ready for refinementAn issue that was triaged and it is ready to be refined
and removed
needs triageAn issue that needs to be triaged
on Mar 24, 2025
shaun-nx
moved this from Todo ☑ to Prioritized backlog in NGINX Ingress Controlleron Mar 28, 2025
shaun-nx
added
area/securityIssues related to security capabilities or concerns
on Mar 28, 2025
danielnginx
moved this from Prioritized backlog to Todo ☑ in NGINX Ingress Controlleron Apr 30, 2025
danielnginx
added
refinedIssues that are ready to be prioritized
and removed
ready for refinementAn issue that was triaged and it is ready to be refined
on Apr 30, 2025
pdabelf5
moved this from Todo ☑ to In Progress 🛠 in NGINX Ingress Controlleron May 1, 2025
vepatel
moved this from In Progress 🛠 to In Review 👀 in NGINX Ingress Controlleron May 1, 2025

1 remaining item

danielnginx
moved this from Todo ☑ to Prioritized backlog in NGINX Ingress Controlleron May 14, 2025
shaun-nx
added this to the v5.2.0 milestone on Jun 10, 2025
danielnginx
moved this from Prioritized backlog to Todo ☑ in NGINX Ingress Controlleron Jun 11, 2025
fabriziofiorucci

fabriziofiorucci commented on Jun 24, 2025

@fabriziofiorucci
fabriziofiorucci
on Jun 24, 2025
Contributor

Should be fixed by #7500

javorszky
moved this from Todo ☑ to In Progress 🛠 in NGINX Ingress Controlleron Jun 24, 2025
javorszky
assigned
shaun-nx
and
javorszky
on Jun 24, 2025
danielnginx
moved this from In Progress 🛠 to Todo ☑ in NGINX Ingress Controlleron Jun 25, 2025
danielnginx
moved this from Todo ☑ to In Progress 🛠 in NGINX Ingress Controlleron Jul 2, 2025
javorszky
mentioned this on Jul 7, 2025
danielnginx
assigned
haywoodsh
and unassigned
shaun-nx
on Jul 9, 2025
danielnginx
moved this from In Progress 🛠 to In Review 👀 in NGINX Ingress Controlleron Jul 9, 2025
haywoodsh
closed this as completedin #7993on Jul 22, 2025
github-project-automation
moved this from In Review 👀 to Done 🚀 in NGINX Ingress Controlleron Jul 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestrefinedIssues that are ready to be prioritized

Type

No type

Projects

NGINX Ingress Controller

Status

Done 🚀

Milestone

Relationships

None yet

    Development

    Participants

    @anderius@javorszky@haywoodsh@fabriziofiorucci@shaun-nx

    Issue actions
      Add SNI for JWT policy · Issue #7427 · nginx/kubernetes-ingress