Support server_name_indication for ssl (#3497)

* Support server_name_indication for ssl * update format
teslamate-org · Nov 26, 2023 · 7329b2b · 7329b2b
1 parent e7e410a
commit 7329b2b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -107,7 +107,14 @@ case System.get_env("DATABASE_SSL") do
   "noverify" ->
     config :teslamate, TeslaMate.Repo,
       ssl: true,
-      ssl_opts: [verify: :verify_none]
+      ssl_opts: [
+        server_name_indication:
+          to_charlist(
+            System.get_env("DATABASE_SSL_SNI") ||
+              Util.fetch_env!("DATABASE_HOST", all: "localhost")
+          ),
+        verify: :verify_none
+      ]
 
   _false ->
     config :teslamate, TeslaMate.Repo, ssl: false

diff --git a/website/docs/configuration/environment_variables.md b/website/docs/configuration/environment_variables.md
@@ -18,6 +18,7 @@ TeslaMate accepts the following environment variables for runtime configuration:
 | **DATABASE_TIMEOUT**              | The time in milliseconds to wait for database query calls to finish                                                                                                                                                                                                                                              | 60000                         |
 | **DATABASE_SSL**                  | Set to `true` if SSL should be enabled or `noverify` if certificate verification should not be performed.                                                                                                                                                                                                        | false                         |
 | **DATABASE_SSL_CA_CERT_FILE**     | Path to a file containing PEM-encoded CA certificates (required if `DATABASE_SSL` is set to `true`)                                                                                                                                                                                                              |                               |
+| **DATABASE_SSL_SNI**     | set SNI for host undel ssl mode                                                                                                                                                                                                              |                               |
 | **DATABASE_IPV6**                 | Set to `true` if IPv6 should be used                                                                                                                                                                                                                                                                             | false                         |
 | **VIRTUAL_HOST**                  | Host part used for generating URLs throughout the app                                                                                                                                                                                                                                                            | localhost                     |
 | **CHECK_ORIGIN**                  | Configures whether to check the origin header or not. May be `true` (**recommended**), `false` (_default_) or a comma-separated list of hosts that are allowed (e.g. `https://example.com,//another.com:8080`). Hosts also support wildcards. If `true`, it will check against the host value in `VIRTUAL_HOST`. | false                         |