TL;DR:
Any nginx setting to say ‘if a vhost’s ssl settings are broken, skip it
and
don’t fail to start’ ?
I’ve certainly RTFM’d this and peered at the source, but I figured I
might
as well throw it out there, in case there’s some hidden setting I’ve
missed.
I’m building a reverse proxy config for thousands of SSL virtual hosts,
to
replace an apache solution.
It very often happens that someone in support will make a mistake with
regards to certs/keys. E.g. updating someone’s SSL cert but actually
putting the CSR there instead.
In apache, since the config is being generated out of mod_perl, I can
get
around this situation by having mod_perl do a modulus check on the cert
and
key and skip the vhost if they don’t match. In my case, I’d far prefer
to
have a missing vhost and have the other 1000 sites working, than all
down.
And, yes, I realize in default apache, it’d just fail to load. And also,
yes, I realize asking something to ignore broken configs is a bit
non-standard 
Since I don’t have mod_perl at my fingertips in nginx to perform a
similar
trick, the startup will just fail.
So I was curious if there’s some obscure setting to tell nginx “if a
vhost
fails to loads its cert properly (or potentially any other vhost
setting),
skip it and continue loading the rest”?
If such a thing did exist, I imagine that the configtest would have to
turn
errors for that vhost into warnings as well.
My guess is obviously ‘no’, but I figured asking woud only cost me the
time
it takes to compose an email.
