#2531 closed defect (invalid)
You cannot use variables in error_log and ssl_certificate
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.25.x |
| Keywords: | error_log ssl_certificate variables | Cc: | |
| uname -a: |
nginx version: nginx/1.25.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 3.1.2 1 Aug 2023 TLS SNI support enabled configure arguments: --prefix=/olimpo/bin/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_mp4_module --with-http_image_filter_module --with-openssl=../openssl-3.1.2 --without-http_autoindex_module Linux sagan.dataclick.es 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux |
||
| nginx -V: |
nginx version: nginx/1.25.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 3.1.2 1 Aug 2023 TLS SNI support enabled configure arguments: --prefix=/olimpo/bin/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_mp4_module --with-http_image_filter_module --with-openssl=../openssl-3.1.2 --without-http_autoindex_module Linux sagan.dataclick.es 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux |
||
Description (last modified by )
Variables defined by SET are not processed internally
SAMPLE:
set $DOMAIN "mydomain.com";
error_log /mypath/$DOMAIN/logs/error.log;
ssl_certificate /mycerts/$DOMAIN/fullchain.cer
ssl_certificate_key /mycerts/$DOMAIN/$DOMAIN.key;
No problem with access_log and you can use:
access_log /mypath/$DOMAIN/logs/access.log main;
Change History (3)
comment:1 by , 8 months ago
| Description: | modified (diff) |
|---|
comment:2 by , 8 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Short answer:
Variables are not macros, see FAQ for details.
Long answer:
The set directive is evaluated during request handling when looking for a configuration to process a request, see here for details. As such, variable value set by the
setdirective is not available when evaluating the ssl_certificate directive during an SSL handshake. If you want to use variables in thessl_certificatedirective, consider using variables which are always available, such as$ssl_server_namefrom the SSL handshake or provided bymap.Further, the error_log directive does not support variables at all. Error logs are to be evaluated in case of errors, in particular, when memory allocation fails, hence there are no plans to introduce variables support in the
error_logdirective. See #2307 for additional details.