Dynamic SSL Using Nginx


#1

I host an online rails app where many, hundreds, of domains point to it. The routes file looks at the domain and figures out what content to server.

I’m trying to encrypt all of the sites using Lets Encrypt and I have successfully used the acme-client gem to verify domains and generate certificates.

The next big issue is actually using the certificates. It is impractical and timely to create a “server” block in the nginx config file for each and every domain and I want to know if it is possible to serve SSL certificates dynamically? Or as an alternative, what would be a better way to overcome this issue?


#2

If I understand this correctly, you could try lua nginx module, in particular its ssl_certificate_by_lua directive. See https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block and this particular comment for the usage example - https://github.com/openresty/lua-nginx-module/issues/331#issuecomment-77840238


#3

You might also be interested in lua-resty-auto-ssl, which uses the directive @leader mentioned and automates issuance via letsencrypt.sh.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.