feat(ssl): Nginx config integration - extract domains and audit SSL automatically

[scottsen]

Problem

Auditing SSL certificates for nginx configurations requires a complex pipeline:

# Current workflow (painful):
grep -h server_name /etc/nginx/conf.d/*.conf | \
  grep -v '#' | \
  awk '{print $2}' | \
  sed 's/;$//' | \
  grep -v 'localhost\|_' | \
  sort -u | \
  sed 's/^/ssl:\/\//' | \
  reveal --stdin --check --format=json | \
  jq 'select(.days_until_expiry < 7)'

This is:

• Error-prone (easy to miss edge cases in nginx config parsing)
• Hard to remember
• Difficult to teach to team members

Proposed Solution

Option A: Extract flag for ssl:// adapter

reveal ssl://nginx:///etc/nginx/conf.d/*.conf --check

# Automatically:
# 1. Parse nginx configs
# 2. Extract server_name directives
# 3. Dedupe and filter (skip localhost, _, etc.)
# 4. Run SSL checks on each
# 5. Report results

Option B: Nginx adapter with domain extraction

# Extract domains from nginx config
reveal nginx:///etc/nginx/conf.d/*.conf --extract=domains

# Output:
# domain1.com
# domain2.com
# ...

# Then pipe to ssl://
reveal nginx:///etc/nginx/conf.d/*.conf --extract=domains | \
  sed 's/^/ssl:\/\//' | reveal --stdin --check

Option C: Composable adapter syntax

reveal ssl://$(reveal nginx:///etc/nginx/*.conf --domains) --check

Use Case

SaaS platforms with hundreds of white-label domains configured in nginx. Need to:

1. Audit all SSL certs periodically
2. Find expired/expiring certs quickly
3. Identify domains with DNS issues (no longer pointing to us)

Implementation Notes

Nginx config parsing could use:

• Simple regex for server_name directives (covers 90% of cases)
• Or existing nginx config parser libraries

Key edge cases:

• Multiple server_name values per line
• server_name with wildcards (*.example.com)
• Commented-out server blocks
• Include directives