Single-Config-SSL-Hosting needs broader support for variables

Sebastian J. Bronner waschtl at
Sun Aug 22 06:03:32 MSD 2010

Hi there,

I've spent considerable effort at hosting my websites with a minimal
configuration overhead. To that end, I have configured nginx so that it
uses the existence of a directory to determine whether a hosting exists
or not. See the following minimalized configuration, to see what I mean:

server {
        listen  80 default;
        root    /srv/www/$host;
        if (!-d $document_root) { return 404; }

My real configuration file is somewhat more extensive. The extra
sections have nothing to do with what I want to talk about here, though.

Now, the configuration above is really great. All I have to do is
configure DNS and create the directory, and my new user is good to go.

I would like to do the same with SSL/SNI, as in the following example:

server {
        listen               443 default ssl;
        ssl_certificate      /etc/ssl/certs/$host.cert;
        ssl_certificate_key  /etc/ssl/private/$host.key;
        root                 /srv/www/$host;
        if (!-d $document_root) { return 404; }

However, before I can do this, two (2) things must first be changed in

1 - The SSL certificate and key must be read on-demand instead of at
daemon startup, as is currently the case.

2 - The ssl_certificate* configuration directives need to support


Is this something anyone else would also enjoy seeing?

How does Igor feel about having this kind of thing in the code?


More information about the nginx-devel mailing list