0

Does Play2.0.x support Server Name Indication?

A pointer to docs or examples would be great.

I have the typical use case: I want to use name-based virtual hosting of "unrelated" Play2 appservers behind a shared load-balancer, doing SSL termination at the individual appservers.

Carlos
  • 1,470
  • 10
  • 18

1 Answers1

1

Java 7 now supports SNI, but only on the client-side. This will be a problem if you want to to handle the connections directly from Java.

However, being behind a load-balancer should help you. If it can handle SNI (which is the case for modern versions of Apache Httpd, for example), you could reverse proxy to a server listening on different ports for each of the host names you want to use.

  • www.domain1.example ---reverse proxy---> 192.168.0.10:8080 (configured for application www.domain1.example)
  • www.domain2.example ---reverse proxy---> 192.168.0.10:8081 (configured for application www.domain2.example)

You'd have to let the load-balancer handle the SSL connection. Alternatively, if the load-balancer is sufficiently clever to dispatch to a different port after looking at the server name extension in the Client Hello initial TLS message, it might be able to do it this way (I'm not sure if any can).

Bruno
  • 119,590
  • 31
  • 270
  • 376
  • 1
    Thank you very much! I'm new here and as soon as I've earned some points I will mod up your reply! – Carlos Jul 20 '12 at 18:06
  • Comment timer expired. :)Thank you very much! I'm new here and as soon as I've earned some points I will mod up your reply! I use lighttpd to loadbalance. I want SNI so that lighttpd can figure out which appserver to forward to, without having to terminate SSL. I want SSL all the way to the appservers since someday I may use a 3rd party loadbalancer. – Carlos Jul 20 '12 at 18:12