listen my_cf
bind :80
mode http
reqadd X-Forwarded-Proto:\ https
http-request set-header Host dsomehost.cloudfront.net
server my_cf_pt dsomehost.cloudfront.net:443 ssl sni req.hdr(Host)

Few quick notes: the port can be anything you like, the connection must be made via HTTP; tcp won’t work due to the SNI requirement.

The important part here is feeding the SNI to cloudfront ala sni req.hdr(Host)

An extra thing you may wish to do, depends on your resolver setup. IP ranges are pretty broad and non-static for cloudfront so you can set the resolver to use resolver myresolvername at the end of the server line and setup your resolver to allow more frequent dynamic prodding of the cf dns record. …


Chris McKee

Engineer. (archived blog posts https://bit.ly/30qrna1)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store