Kong · Guaris · Jan 10, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
@@ -59,6 +59,7 @@ formats:
       upstream:       '/upstreams/'
       workspace:      '/workspaces/'
       certificate:     '/certificates/'
+      sni:            '/snis/'
     plugin_endpoints:
       consumer:       '/consumers/{consumer}/plugins/'
       consumer_group: '/consumer_groups/{consumer_group}/plugins/'
@@ -84,6 +85,7 @@ formats:
       global:         '/plugins/'
       route:          '/routes/{route}/plugins/'
       service:        '/services/{service}/plugins/'
+      sni:            '/snis/'
     variables:
       <<: *konnect_variables
 

@@ -0,0 +1,46 @@
+---
+title: SNIs
+content_type: reference
+entities:
+  - sni
+
+description: An SNI object represents a many-to-one mapping of hostnames to a certificate.
+
+related_resources:
+  - text: Certificates
+    url: /gateway/entities/certificate
+
+tools:
+    - admin-api
+    - konnect-api
+    - kic
+    - deck
+    - terraform
+
+api_specs:
+    - gateway/admin-oss
+    - gateway/admin-ee
+    - konnect/control-planes-config
+
+schema:
+    api: gateway/admin-ee
+    path: /schemas/SNI
+---
+
+## What is an SNI?
+
+An SNI (Server Name Indication) is used to map multiple hostnames to a [Certificate](/gateway/entities/certificate). It allows {{site.base_gateway}} to select which SSL/TLS Certificate to use based on the hostname in the client request. This feature ensures that multiple domains can be securely served through the same gateway.
+
+## Schema
+
+{% entity_schema %}
+
+## Set up an SNI
+
+{% entity_example %}
+type: sni
+data:
+  name: example-sni
+  certificate:
+    id: 2e013e8-7623-4494-a347-6d29108ff68b
+{% endentity_example %}
@@ -0,0 +1,43 @@
+---
+title: Proxy TLS passthrough traffic using an SNI in {{site.base_gateway}}
+content_type: how_to
+related_resources:
+  - text: SNI entity
+    url: /gateway/entities/snis
+
+products:
+    - gateway
+
+works_on:
+    - on-prem
+    - konnect
+
+entities: 
+  - certificate
+  - sni
+  - route
+  - service
+
+tldr:
+    q: How do I set up {{site.base_gateway}} to proxy TLS passthrough traffic?
+    a: Create a Route with the `tls_passthrough` protocol and add at least one SNI, set the protocol for the corresponding Gateway Service to `tcp`.
+tools:
+    - deck
+
+cleanup:
+  inline:
+    - title: Clean up Konnect environment
+      include_content: cleanup/platform/konnect
+      icon_url: /assets/icons/gateway.svg
+    - title: Destroy the {{site.base_gateway}} container
+      include_content: cleanup/products/gateway
+      icon_url: /assets/icons/gateway.svg
+---
+
+@todo
+
+<!--content notes:
+- Based on this section: https://docs.konghq.com/gateway/latest/how-kong-works/routing-traffic/#proxy-tls-passthrough-traffic
+- Add certificate and SNI prereqs
+
+-->
@@ -60,13 +60,27 @@ The following creates a new Upstream with basic configuration:
 2. Click **New Upstream**.
 3. Enter a unique name for the Upstream. For example: `{{ include.presenter.data['name'] }}`.
 4. Click **Save**.
+
+{% when 'sni' %}
+The following creates a new SNI with basic configuration:
+
+1. In Kong Manager or Gateway Manager, go to **SNIs**.
+2. On the SNIs tab, click **New SNI**.
+3. In the **Name** field, enter a name for the SNI:
+    ```
+    {{ include.presenter.data['name'] }}
+    ```
+4. In the **SSL Certificate ID** field, enter the ID for an existing Certificate:
+    ```
+    {{ include.presenter.data['certificate']['id'] }}
 {% when 'workspace' %}
 The following creates a new Workspace:
 
 1. From the Kong Manager Dashboard select **New Workspace**
 2. Add a name, then select **Create New Workspace**
 
 This will create a new Workspace, and from here you can start managing entities from Kong Manager.
+
 {% when 'certificate' %}
 The following creates a new Certificate with basic configuration:
 
@@ -85,3 +99,4 @@ The following creates a new Certificate with basic configuration:
 {% endcase %}
 {% endif %}
 
+
@@ -58,6 +58,11 @@ rows:
       - type: entity_card
         config:
           entity: event-hook
+  - columns:
+    - blocks:
+      - type: entity_card
+        config:
+          entity: sni
     - blocks:
       - type: entity_card
         config:

@@ -53,7 +53,6 @@ app/_gateway_entities/workspace.md:
   - app/_src/gateway/kong-enterprise/workspaces.md
 app/_gateway_entities/event_hooks.md:
   - app/_src/gateway/latest/kong-enterprise/event-hooks.md
-
 # how-tos
 app/_how-tos/add-rate-limiting-tiers-with-kong-gateway.md: 
   - /app/_hub/kong-inc/rate-limiting-advanced/how-to/_index.md
@@ -72,6 +71,8 @@ app/_how-tos/set-up-ai-proxy-advanced-with-anthropic.md:
   - app/_hub/kong-inc/ai-proxy-advanced/how-to/llm-provider-integration-guides/_anthropic.md
 app/_how-tos/set-up-ai-proxy-with-anthropic.md:
   - app/_hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/_anthropic.md
+app/_how-tos/proxy-tls-passthrough-traffic-using-sni.md:
+  - app/_src/gateway/how-kong-works/routing-traffic.md
 
 # plugins
 app/_kong_plugins/ai-rate-limiting-advanced/index.md: