TLS lazyweb: does SNI work such that you can proxy it? One process accepts connection, but doesn't have any keys, and forwards to the right backend based on name?
I mean: is there state at this point that would be nontrivial to hand off to the backend? Or can the multiplexing proxy just wait til it's seen the SNI name, then forward everything seen so far and all future traffic to the right backend?
-
-
having not written a load balancer, i'm not sure how trivial that is. It has to wait till it's seen the SNI to decide where to send it? I think cloudflare has done work on this kinda thing?
-
Ok, so a big yes and it's already done. Heavier deps than I'd like but I might just go with it or copy out the concept to a minimal subset.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.