Single-Config-SSL-Hosting needs broader support for variables
Igor Sysoev
igor at sysoev.ru
Sun Aug 22 12:08:55 MSD 2010
On Sun, Aug 22, 2010 at 04:03:32AM +0200, Sebastian J. Bronner wrote:
> Hi there,
>
> I've spent considerable effort at hosting my websites with a minimal
> configuration overhead. To that end, I have configured nginx so that it
> uses the existence of a directory to determine whether a hosting exists
> or not. See the following minimalized configuration, to see what I mean:
>
> """
> server {
> listen 80 default;
> root /srv/www/$host;
> if (!-d $document_root) { return 404; }
> }
> """
>
> My real configuration file is somewhat more extensive. The extra
> sections have nothing to do with what I want to talk about here, though.
>
> Now, the configuration above is really great. All I have to do is
> configure DNS and create the directory, and my new user is good to go.
This check
if (!-d $document_root) { return 404; }
is useless here.
> I would like to do the same with SSL/SNI, as in the following example:
>
> """
> server {
> listen 443 default ssl;
> ssl_certificate /etc/ssl/certs/$host.cert;
> ssl_certificate_key /etc/ssl/private/$host.key;
> root /srv/www/$host;
> if (!-d $document_root) { return 404; }
> }
> """
>
> However, before I can do this, two (2) things must first be changed in
> nginx:
>
> 1 - The SSL certificate and key must be read on-demand instead of at
> daemon startup, as is currently the case.
>
> 2 - The ssl_certificate* configuration directives need to support
> variables.
>
> Opinions?
>
> Is this something anyone else would also enjoy seeing?
>
> How does Igor feel about having this kind of thing in the code?
I do not think that this will be usefull until the most browsers
will support SNI. For example, in Russian Internet a half of users
still uses Windows XP: http://www.liveinternet.ru/stat/en/oses.html
Although a third of users uses Firefox 3:
http://www.liveinternet.ru/stat/en/browsers.html
anyway there are too many users which use MSIE/WinXP which does not
support SNI.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx-devel
mailing list