do not fail when ssl cert not present.
mdounin at mdounin.ru
Fri Jun 19 14:38:11 UTC 2015
On Thu, Jun 18, 2015 at 11:22:27PM +0200, Christ-Jan Wijtmans wrote:
> > If you want nginx to only load existing certificates, you'll have
> > to teach it to do so by only using appropriate directives when
> > certificates and keys are actually available. The "include"
> > directive may help if you want to automate this, see
> > http://nginx.org/r/include.
> I dont see how include here helps. Basically currently there is no
> certificate. And i want to give the user control over the certificate
> which is why i placed in ~/etc/. Which means when the user deletes it
> the server wont restart.
You'll have to write a script to automate checking if a user
placed a certificate or not, and update nginx config
appropriately. Generating a single include file is usually easier
than re-generating the whole config.
> >> Also i do not believe its proper to fail the entire server if one
> >> server block fails.
> > Current approach is as follows: if there is a problem with a
> > configuration, nginx will refuse to use it. This way, if you'll
> > make an typo in your configuration and ask nginx to reload the
> > configuration, nginx will just refuse to load bad configuration
> > and will continue to work with old one. This makes sure that
> > nginx won't suddenly become half-working due to a typo which can
> > be easily detected.
> The server config didnt fail. There was no typo.
You've asked nginx to load a non-existing file. That's an obvious
error which is easy to detect. The above paragraph tries to
explain why the nginx behaviour is such a situation is to reject
the configuration, and why this behaviour won't be changed.
More information about the nginx