From 297e2d53c41a228a6a175f3a18befca8c1b1bd66 Mon Sep 17 00:00:00 2001
From: Steven Kreitzer <skre@skre.me>
Date: Sat, 6 May 2023 09:55:08 -0500
Subject: [PATCH] pass sni to http origins automatically

---
 ingress/origin_service.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ingress/origin_service.go b/ingress/origin_service.go
index f7bcc297..47b28ace 100644
--- a/ingress/origin_service.go
+++ b/ingress/origin_service.go
@@ -376,6 +376,13 @@ func newHTTPTransport(service OriginService, cfg OriginRequestConfig, log *zerol
 			return dialContext(ctx, "unix", service.path)
 		}
 
+	// If this origin is a http service, configure the sni from the host header, if possible.
+	case *httpService:
+		if httpTransport.TLSClientConfig.ServerName == "" && service.hostHeader != "" {
+			httpTransport.TLSClientConfig.ServerName = service.hostHeader
+		}
+		httpTransport.DialContext = dialContext
+
 	// Otherwise, use the regular network config.
 	default:
 		httpTransport.DialContext = dialContext