Nginx - Only enable SSL if SSL Certificates Exist
You can create an additional file ssl.conf and put here ssl configs:
ssl_certificate /etc/nginx/certs/atvcap_cabundle.crt;ssl_certificate_key /etc/nginx/certs/atvcap.key;
Then include from the main config:
server_name atvcap.server.com;include /somepath/ssl.conf*;
Make sure to include * symbol - this will not break when the file does not exist at development mode.
The answer of @super_p is correct. But to answer to @AbdolHosein comment I add my answer here if it's not clear.
You need to include your ssl_certificate
directive in the included file.
# sample nginx confighttp { server { listen 80 deferred; server_name _; include /ssl/ssl.conf*; client_body_timeout 5s; client_header_timeout 5s; root /code; }}
Then in your /ssl/ssl.conf
you can do whatever you want, such as enabling HTTPS:
# this is the /ssl/ssl.conf filelisten 443 ssl http2;listen [::]:443 ssl http2;ssl_certificate /ssl/cert.cer;ssl_certificate_key /ssl/key.key;ssl_session_timeout 1d;ssl_session_cache shared:MozSSL:10m;ssl_session_tickets off;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;ssl_prefer_server_ciphers off;
The trick is that we don't look if the certificate exists but we check if the /ssl/ssl.conf
exists. This is thanks to the *
in the include /ssl/ssl.conf*;
directory as stated by @super_p