do not fail when ssl cert not present.

Maxim Dounin mdounin at
Fri Jun 19 14:38:11 UTC 2015


On Thu, Jun 18, 2015 at 11:22:27PM +0200, Christ-Jan Wijtmans wrote:

> > If you want nginx to only load existing certificates, you'll have
> > to teach it to do so by only using appropriate directives when
> > certificates and keys are actually available.  The "include"
> > directive may help if you want to automate this, see
> >
> I dont see how include here helps. Basically currently there is no
> certificate. And i want to give the user control over the certificate
> which is why i placed in ~/etc/. Which means when the user deletes it
> the server wont restart.

You'll have to write a script to automate checking if a user 
placed a certificate or not, and update nginx config 
appropriately.  Generating a single include file is usually easier 
than re-generating the whole config.

> >> Also i do not believe its proper to fail the entire server if one
> >> server block fails.
> >
> > Current approach is as follows: if there is a problem with a
> > configuration, nginx will refuse to use it.  This way, if you'll
> > make an typo in your configuration and ask nginx to reload the
> > configuration, nginx will just refuse to load bad configuration
> > and will continue to work with old one.  This makes sure that
> > nginx won't suddenly become half-working due to a typo which can
> > be easily detected.
> The server config didnt fail. There was no typo.

You've asked nginx to load a non-existing file.  That's an obvious 
error which is easy to detect.  The above paragraph tries to 
explain why the nginx behaviour is such a situation is to reject 
the configuration, and why this behaviour won't be changed.

Maxim Dounin

More information about the nginx mailing list