due to $reasons we have an nginx-proxy that is a reverse proxy forwarding to Fastly CDN which, in turn, forwards back to our infrastructure.
starting from the 2024-02-27 this stopped working, for some HTTP queries. most notably those using OPTION verb. response that nginx was getting from Fastly had HTTP/421 status code and payload:
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [.........] in use with this connection.
Visit https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request for more information.colleague of mine – Mateusz – has found a workaround which required re-configuration of nginx that was acting as HTTPS client towards Fastly. adding proxy_ssl_server_name on; next to the proxy_pass resolved this issue.
our config looks like:
location / {
proxy_pass https://name.of.origin/;
proxy_set_header Host name.of.origin;
proxy_ssl_server_name on;
}
… i was naively thinking that curl and nginx will behave similarly when acting as client.