How do I specify SNI in reverse_proxy with ntlm module?

I’m using caddy to proxy requests to a AD FS server,

adfs.aaa.com {
tls aaa.cert aaa.key
reverse_proxy https://IP {
transport http_ntlm {
tls_insecure_skip_verify
}
}
}

AD FS server checks SNI before accepting the connection, how can I specify the SNI in http_ntlm transport?

See the docs, you should set the Host header reverse_proxy (Caddyfile directive) — Caddy Documentation

And you can use tls_server_name to set SNI: reverse_proxy (Caddyfile directive) — Caddy Documentation

Next time, please fill out the help topic template as per the forum rules.

And please mind your post’s formatting, use code blocks when posting your config, otherwise it gets messed up.

Hi there, the document you mentioned is for “transport http”, however I have “transport http_ntlm”, should I include these directives under “transport http_ntlm” or add another “transport http” ?

I’m pretty sure http_ntlm supports all the same options as http. It actually just extends/wraps the http transport and has the same config options available.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.