I get new domains added/removed to my platform every day so I need to be able to terminate those SSLs properly. I have generated 15,000+ certificate and I use nginx to terminate them.
Issue that I am having is: when I get a new certificate, It takes 2-3 minutes to reload nginx. When server is under high load, it takes much more than that.
Running nginx reload multiple times has some side effects as well so I was wondering to find out what is the best way to terminate a lot of SSL certs. ? HA proxy? Nginx? Something else?
For web servers serving many (like millions of) https sites, it is often desired to lazily load and cache the SSL certificate chain and private key data for the https sites actually being served by a particular server. This Lua module provides API to support such use cases in the context of the ssl_certificate_by_lua* directive.