Dynamic Cert/Key Lookup


is it possible to dynamical get an cert/key from an database or an
script for SNI?

I want to dynamical add new domains with certs for an web app without
changing the config oder restarting nginx:

  1. get SNI request for domain example342343.com
  2. ask mysql for the cert and key for example342343.com
  3. start encryption

Is that possible?



On 2016-06-23 09:39, Moritz Machner wrote:

  1. ask mysql for the cert and key for example342343.com
  2. start encryption

Is that possible?

Yes, though you would need a bundle called OpenResty (openresty.org)
that comes with nginx, LUA and some patches to make it all work
You will lose some features that standard nginx comes with, like http2.

I’m working on my own project with it. Though I would recommend against
using MySQL, but consider either a file-based storage with a shared
dictionary inside nginx as cache, and/or use redis as backend.
There’s a few articles on it, I was working on one myself as I’m going,
and it’s in no way perfect (plus I made some changes already):


After which I stumbled upon https://github.com/GUI/lua-resty-auto-ssl
which basically does everything I want, and you perhaps as well … it
even uses letsencrypt.sh to generate certificates and keys on-the-fly
when a request comes in.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs