Dynamic Cert/Key Lookup

Hello,

is it possible to dynamical get an cert/key from an database or an
script for SNI?

I want to dynamical add new domains with certs for an web app without
changing the config oder restarting nginx:

  1. get SNI request for domain example342343.com
    http://example342343.com/
  2. ask mysql for the cert and key for example342343.com
    http://example342343.com/
  3. start encryption

Is that possible?

Greets

Mo

On 2016-06-23 09:39, Moritz Machner wrote:

  1. ask mysql for the cert and key for example342343.com
    http://example342343.com
  2. start encryption

Is that possible?

Yes, though you would need a bundle called OpenResty (openresty.org)
that comes with nginx, LUA and some patches to make it all work
smoother.
You will lose some features that standard nginx comes with, like http2.

I’m working on my own project with it. Though I would recommend against
using MySQL, but consider either a file-based storage with a shared
dictionary inside nginx as cache, and/or use redis as backend.
There’s a few articles on it, I was working on one myself as I’m going,
and it’s in no way perfect (plus I made some changes already):

https://finalx.nl/display/NG/OpenResty

After which I stumbled upon https://github.com/GUI/lua-resty-auto-ssl
which basically does everything I want, and you perhaps as well … it
even uses letsencrypt.sh to generate certificates and keys on-the-fly
when a request comes in.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs