Is there any way to load SSL certificates from a URL?

When nginx starts I want to load the SSL certificates via URL rather
than file system.

This is because the machine that I am running from does not have a
usable file system, and also because I need to fetch the certificates at
the time that nginx is started.

Is there any way to do this?

thanks

as

What about using curl to fetch it and store it on a ramdisk/swapdrive or
where you keep the .conf files?

Posted at Nginx Forum:

Its an embedded system so I don’t have the chance to run anything at
boot time/startup - it just goies straight into nginx.

On 2 May 2015, at 8:11 am, itpp2012 [email protected] wrote:

What about using curl to fetch it and store it on a ramdisk/swapdrive or
where you keep the .conf files?

Posted at Nginx Forum:


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

You can try Lua (init_by_lua) something like
GitHub - ledgetech/lua-resty-http: Lua HTTP client cosocket driver for OpenResty / ngx_lua. with a bit of tweaking, no
usb
port you could use with a small usb stick?

Posted at Nginx Forum:

Might it be possible to load SSL certificates from a URL using Lua?

On 2 May 2015, at 8:11 am, itpp2012 [email protected] wrote:

What about using curl to fetch it and store it on a ramdisk/swapdrive or
where you keep the .conf files?

Posted at Nginx Forum:


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

On Sat, May 02, 2015 at 08:43:25AM +1000, Andrew Stuart wrote:

Hi there,

Its an embedded system so I don’t have the chance to run anything at boot
time/startup - it just goies straight into nginx.

Stock nginx does not load SSL certificates from anything other than
the filesystem.

How you can get the effect that you want, depends on what changes you
can make on your embedded system.

If the nginx-side solution were “include this new module”, but you can’t
replace the nginx binary, then that solution would not be useful for
you.

If you can replace the nginx binary, you could conceivably replace it
with a thing which fetches the certificates from the right place and
puts them in the right place, and then runs the “real” nginx binary,
without needing any changes from stock nginx.

Good luck with it,

f

Francis D. [email protected]