docs: administration: tls: document IP literal SNI behavior

[eschabell]

• added an info callout explaining that connections to IPv4 or IPv6 addresses omit the SNI extension per RFC 6066, and that tls.vhost can be used when hostname-based SNI is required

Note this update is for code changes without corresponding doc PR

Summary by CodeRabbit

• Documentation
  • Added clarification on TLS SNI extension handling for IP address connections and recommendations for using hostnames when required.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f5d20ed-0f3c-49ba-bd95-2ea0ececd28e

📥 Commits

Reviewing files that changed from the base of the PR and between 22be61b and b6740c9.

📒 Files selected for processing (1)

• administration/transport-security.md

---

📝 Walkthrough

Walkthrough

A single informational note is added to the TLS documentation clarifying that Fluent Bit does not send the TLS SNI extension when connecting to IP addresses (per RFC 6066), explains that certificate validation still occurs, and recommends using hostnames with the tls.vhost parameter when SNI or hostname-based certificates are required.

Changes

TLS SNI Behavior Documentation

Layer / File(s)	Summary
TLS SNI IP address handling documentation administration/transport-security.md	Informational note clarifying that TLS SNI extensions are not sent for IP-based connection targets, certificate validation still applies to the IP, and guidance to use hostnames with tls.vhost when SNI is needed.

🎯 2 (Simple) | ⏱️ ~5 minutes

Suggested labels

5.0

Suggested reviewers

• cosmo0920
• patrick-stephens

Poem

🐰 A note hops in with clarity bright,
"No SNI for IPs, but validation's right!"
"Use a hostname instead, let tls.vhost guide the way,
Fluent Bit's transport security, explained to stay! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: documenting IP literal SNI behavior in the TLS section of administration documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[eschabell]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.