In our application we need to support customer ssl certificates and domains. Application stack: AWS Elastic Beanstalk, NodeJs and nginx server.
I've found that we can use nginx variable "$ssl_server_name" for SNI and code like this in nginx configuration:
ssl_certificate /etc/pki/tls/certs/$ssl_server_name.crt;
ssl_certificate_key /etc/pki/tls/certs/$ssl_server_name.key;
I am looking for scalable solution to save customer ssl certificates (it might be 1000s of ssl certs in the future). We don't have money resources to buy nginx plus at this moment. Current ideas:
- Upload ssl certs (crt + key) to S3 bucket and try to attach S3 bucket to EC2 instance(s) as drive and point nginx to use this folder. Any recommendations?
- Upload ssl certs to S3 bucket and use SNS and copy to each EC2 instance somehow.
Any other ideas (without N+ and cloudflare)?
