Welcome! Log In Create A New Profile

Re: Single-Config-SSL-Hosting needs broader support for variables

Forum List Message List New Topic Print View

Igor Sysoev

August 22, 2010 04:10AM

Admin
Registered: 15 years ago
Posts: 4,579

On Sun, Aug 22, 2010 at 04:03:32AM +0200, Sebastian J. Bronner wrote:

> Hi there,
>
> I've spent considerable effort at hosting my websites with a minimal
> configuration overhead. To that end, I have configured nginx so that it
> uses the existence of a directory to determine whether a hosting exists
> or not. See the following minimalized configuration, to see what I mean:
>
> """
> server {
> listen 80 default;
> root /srv/www/$host;
> if (!-d $document_root) { return 404; }
> }
> """
>
> My real configuration file is somewhat more extensive. The extra
> sections have nothing to do with what I want to talk about here, though.
>
> Now, the configuration above is really great. All I have to do is
> configure DNS and create the directory, and my new user is good to go.

This check

if (!-d $document_root) { return 404; }

is useless here.

> I would like to do the same with SSL/SNI, as in the following example:
>
> """
> server {
> listen 443 default ssl;
> ssl_certificate /etc/ssl/certs/$host.cert;
> ssl_certificate_key /etc/ssl/private/$host.key;
> root /srv/www/$host;
> if (!-d $document_root) { return 404; }
> }
> """
>
> However, before I can do this, two (2) things must first be changed in
> nginx:
>
> 1 - The SSL certificate and key must be read on-demand instead of at
> daemon startup, as is currently the case.
>
> 2 - The ssl_certificate* configuration directives need to support
> variables.
>
> Opinions?
>
> Is this something anyone else would also enjoy seeing?
>
> How does Igor feel about having this kind of thing in the code?

I do not think that this will be usefull until the most browsers
will support SNI. For example, in Russian Internet a half of users
still uses Windows XP: http://www.liveinternet.ru/stat/en/oses.html
Although a third of users uses Firefox 3:
http://www.liveinternet.ru/stat/en/browsers.html
anyway there are too many users which use MSIE/WinXP which does not
support SNI.

--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Single-Config-SSL-Hosting needs broader support for variables	Sebastian J. Bronner	2293	August 21, 2010 10:06PM
Re: Single-Config-SSL-Hosting needs broader support for variables	Igor Sysoev	1234	August 22, 2010 04:10AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 237

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018