Nginx SSL/SNI phase

I came across this ‘issue’ on the lua module about having the ability to
control which SSL certificate is used based on a Lua module handler:
I believe at the moment, this phase isn’t exposed so there is no way to
hand it off to a module (Lua or any other module)

Could this phase be opened up?

The current method of handling SNI requires a separate server {} for
every site/certificate in nginx.conf, but also requires a restart or a
HUP to make it effective - something which quickly becomes a headache as
more and more sites/certficates are added.

How I see this working:

server {
listen 80;
listen 443 ssl;

 ssl_by_lua '
     -- get a list of your sites however you usually do it
     local sites = require "sites"
     local hostnames = sites.hostnames()

     -- match the sni to one of the hostnames
     if hostnames[ngx.var.sni] then
         -- communicate the path of the cer/key back to nginx
         ngx.var.ssl_cer = hostnames[ngx.var.sni].cer_path
         ngx.var.ssl_key = hostnames[ngx.var.sni].key_path
         ngx.var.ssl_cer = "/usr/local/nginx/conf/default.cer"
         ngx.var.ssl_key = "/usr/local/nginx/conf/default.key"

 location / {
     # as normal


Many thanks!


I think it can be a great feature for big production environments !


Posted at Nginx Forum:,248429,248722#msg-248722

On 26/03/14 14:09, stremovsky wrote:

I think it can be a great feature for big production environments !

Posted at Nginx Forum:,248429,248722#msg-248722

I noticed a few updates to SNI in the latest releases, do any of them
take us closer to this?


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs