My company product allows our users to customize the brand by choosing a personal subdomain. We handle this with wildcard matching in nginx, and then let Rails decide what to do. We require SSL everywhere and have a wildcard SSL certificate, so it all works great.
Now we would like to offer custom CNAMEs, with SSL, as an optional feature. Since we do not want to provide hundreds of IP addresses, we will use SNI and accept reservations. What is the best way to configure nginx with all of these certificates? We can either allow users to upload their own certificate, or we could buy them for the user. In any case, how do we do nginx, see them and serve them without restarting and on a large scale? Can nginx read dynamically configuration from mysql, read certificate from script or transfer responsibility for Rails certificate? Ideas are welcome!
source
share