I have an SSL encrypted traffic. The actual proxy directs the traffic to the destination as expected, but if I can't change the outgoing SNI then the destination won't know how to handle the traffic (it's a Kube cluster). It seems like there are ways of doing this for the HTTP modules, but I don't see a way to change the outgoing SNI of the connection in the streaming modules. The protocol isn't HTTP.
Client -> Foo.com (SNI: Foo.com) -> Foobar.com (SNI: Foobar.com)
stream {
upstream backend {
server foobar.com:443;
}
server {
listen 443;
#TCP traffic will be forwarded to the "stream_backend" upstream group from service.
proxy_ssl_server_name on;
ssl_preread on;
proxy_pass backend;
}
}