Nginx SSL/SNI phase

I came across this ‘issue’ on the lua module about having the ability to
control which SSL certificate is used based on a Lua module handler:
I believe at the moment, this phase isn’t exposed so there is no way to
hand it off to a module (Lua or any other module)

Could this phase be opened up?

The current method of handling SNI requires a separate server {} for
every site/certificate in nginx.conf, but also requires a restart or a
HUP to make it effective - something which quickly becomes a headache as
more and more sites/certficates are added.

How I see this working:

server {
listen 80;
listen 443 ssl;

 ssl_by_lua '
     -- get a list of your sites however you usually do it
     local sites = require "sites"
     local hostnames = sites.hostnames()

     -- match the sni to one of the hostnames
     if hostnames[ngx.var.sni] then
         -- communicate the path of the cer/key back to nginx
         ngx.var.ssl_cer = hostnames[ngx.var.sni].cer_path
         ngx.var.ssl_key = hostnames[ngx.var.sni].key_path
         ngx.var.ssl_cer = "/usr/local/nginx/conf/default.cer"
         ngx.var.ssl_key = "/usr/local/nginx/conf/default.key"

 location / {
     # as normal


Many thanks!


I think it can be a great feature for big production environments !


Posted at Nginx Forum:,248429,248722#msg-248722

On 26/03/14 14:09, stremovsky wrote:

I think it can be a great feature for big production environments !

Posted at Nginx Forum:,248429,248722#msg-248722

I noticed a few updates to SNI in the latest releases, do any of them
take us closer to this?