packagist · pscheit · Nov 19, 2024 · Nov 14, 2024 · Nov 18, 2024 · Nov 18, 2024
diff --git a/docs/self-hosted/kubernetes-troubleshooting.md b/docs/self-hosted/kubernetes-troubleshooting.md
@@ -36,3 +36,28 @@ System.
 > a year. As Private Packagist only allows a time-drift of up to one (1) minute, we
 > recommend using TOTP devices that have the ability to stay synchronized with
 > the correct time (such as a phone, or re-programmable TOTP hardware devices).
+
+#### Issues with Reverse-Proxy running in front of the Kubernetes Cluster
+
+Please follow the instructions below, if you are experiencing problems with the reverse-proxy not being able to connect to
+the cluster and encountering errors like this:
+```
+Peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream
+```
+
+The following examples assume you are using nginx as a reverse-proxy. Please consult the documentation of other 
+reverse-proxy servers to achieve the same result.
+
+Ensure that the SNI (Server Name Indication) TLS Extension is properly set for requests to the ingress controller of the Kubernetes Cluster.
+This is not the case when using IPs in `proxy_pass` and will result in an SSL handshake error.
+
+To pass the SNI hostname from the incoming request to the upstream server, add the following directives to nginx:
+``` 
+proxy_ssl_name $host;
+proxy_ssl_server_name on;
+```
+
+If you are using different hostnames on the upstream and on the reverse-proxy, set the value in the
+`proxy_ssl_name` directive to the corresponding hostname of the upstream server.
+
+