Single-Config-SSL-Hosting needs broader support for variables

[Sebastian J. Bronner]

Hi there,

I've spent considerable effort at hosting my websites with a minimal
configuration overhead. To that end, I have configured nginx so that it
uses the existence of a directory to determine whether a hosting exists
or not. See the following minimalized configuration, to see what I mean:

"""
server {
        listen  80 default;
        root    /srv/www/$host;
        if (!-d $document_root) { return 404; }
}
"""

My real configuration file is somewhat more extensive. The extra
sections have nothing to do with what I want to talk about here, though.

Now, the configuration above is really great. All I have to do is
configure DNS and create the directory, and my new user is good to go.

I would like to do the same with SSL/SNI, as in the following example:

"""
server {
        listen               443 default ssl;
        ssl_certificate      /etc/ssl/certs/$host.cert;
        ssl_certificate_key  /etc/ssl/private/$host.key;
        root                 /srv/www/$host;
        if (!-d $document_root) { return 404; }
}
"""

However, before I can do this, two (2) things must first be changed in
nginx:

1 - The SSL certificate and key must be read on-demand instead of at
daemon startup, as is currently the case.

2 - The ssl_certificate* configuration directives need to support
variables.

Opinions?

Is this something anyone else would also enjoy seeing?

How does Igor feel about having this kind of thing in the code?

Cheers,
Sebastian