In the steaming-map configuration, it should be possible to handle IP addresses:

e.g. a website may be called with
https://example.int
! but also with !
https://public_ip
https://private_ip
https://[privateOrPublic_ipV6]

If it's called by IP address, then $name is BLANK, and one needs to set default to catch this.
That doesn't work as soon as you have an IP address that doesn't resolve to https_default_backend.


map $ssl_preread_server_name $name
{
localhost daniel_backend;
prodesk daniel_backend;
daniel-steiger.ch daniel_backend;
www.daniel-steiger.ch daniel_backend;
default https_default_backend;
}


e.g. in C#, I handle it like this:


public static System.Security.Cryptography.X509Certificates.X509Certificate2 ServerCertificateSelector(
System.Collections.Concurrent.ConcurrentDictionary<string, LetsEncryptData> certs
, Microsoft.AspNetCore.Connections.ConnectionContext connectionContext
, string name)
{
if (certs != null && certs.Count > 0)
{
if (string.IsNullOrEmpty(name))
{
System.Net.IPEndPoint ipe = (System.Net.IPEndPoint)connectionContext.LocalEndPoint;
if (ipe.Address.IsIPv4MappedToIPv6)
name = ipe.Address.MapToIPv4().ToString();
else
name = ipe.Address.ToString();
}

if (certs.ContainsKey(name))
return certs[name].Certificate;

return null;
} // End if (certs != null && certs.Count > 0)

throw new System.IO.InvalidDataException("No certificate for name \"" + name + "\".");
} // End Function ServerCertificateSelector


which means if the name is emply, it takes the IP address as value.



Edited 1 time(s). Last edit at 01/10/2021 05:04AM by schmierfink.