Single-Config-SSL-Hosting needs broader support for variables
Sebastian J. Bronner
waschtl at sbronner.com
Sun Aug 22 06:03:32 MSD 2010
Hi there,
I've spent considerable effort at hosting my websites with a minimal
configuration overhead. To that end, I have configured nginx so that it
uses the existence of a directory to determine whether a hosting exists
or not. See the following minimalized configuration, to see what I mean:
"""
server {
listen 80 default;
root /srv/www/$host;
if (!-d $document_root) { return 404; }
}
"""
My real configuration file is somewhat more extensive. The extra
sections have nothing to do with what I want to talk about here, though.
Now, the configuration above is really great. All I have to do is
configure DNS and create the directory, and my new user is good to go.
I would like to do the same with SSL/SNI, as in the following example:
"""
server {
listen 443 default ssl;
ssl_certificate /etc/ssl/certs/$host.cert;
ssl_certificate_key /etc/ssl/private/$host.key;
root /srv/www/$host;
if (!-d $document_root) { return 404; }
}
"""
However, before I can do this, two (2) things must first be changed in
nginx:
1 - The SSL certificate and key must be read on-demand instead of at
daemon startup, as is currently the case.
2 - The ssl_certificate* configuration directives need to support
variables.
Opinions?
Is this something anyone else would also enjoy seeing?
How does Igor feel about having this kind of thing in the code?
Cheers,
Sebastian
More information about the nginx-devel
mailing list