Dynamic SSL Using Nginx

joshblease · July 28, 2016, 10:14am

I host an online rails app where many, hundreds, of domains point to it. The routes file looks at the domain and figures out what content to server.

I’m trying to encrypt all of the sites using Lets Encrypt and I have successfully used the acme-client gem to verify domains and generate certificates.

The next big issue is actually using the certificates. It is impractical and timely to create a “server” block in the nginx config file for each and every domain and I want to know if it is possible to serve SSL certificates dynamically? Or as an alternative, what would be a better way to overcome this issue?

leader · July 28, 2016, 1:21pm

If I understand this correctly, you could try lua nginx module, in particular its ssl_certificate_by_lua directive. See https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block and this particular comment for the usage example - https://github.com/openresty/lua-nginx-module/issues/331#issuecomment-77840238

pfg · July 28, 2016, 2:00pm

You might also be interested in lua-resty-auto-ssl, which uses the directive @leader mentioned and automates issuance via letsencrypt.sh.

system · August 27, 2016, 2:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.