diff --git a/lib/secure-streams/README.md b/lib/secure-streams/README.md
index de44106b8..ffad3e7b2 100644
--- a/lib/secure-streams/README.md
+++ b/lib/secure-streams/README.md
@@ -274,6 +274,11 @@ configured with `-DLWS_UNIX_SOCK=1`
 **SERVER**: If given, the network interface name or IP address the listen socket
 should bind to.
 
+**SERVER**: If begins with '!', the rest of the endpoint name is the
+vhost name of an existing vhost to bind to, instead of creating a new
+one.  This is useful when the vhost layout is already being managed by
+lejp-conf JSON and it's more convenient to put the details in there.
+
 ### `port`
 
 **CLIENT**: The port number as an integer on the endpoint to connect to
diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c
index dd335c579..86c187dd2 100644
--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@@ -1048,10 +1048,30 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 	if (h->policy->flags & LWSSSPOLF_SERVER) {
 		const struct lws_protocols *pprot[3], **ppp = &pprot[0];
 		struct lws_context_creation_info i;
-		struct lws_vhost *vho;
+		struct lws_vhost *vho = NULL;
 
 		lwsl_info("%s: creating server\n", __func__);
 
+		if (h->policy->endpoint &&
+		    h->policy->endpoint[0] == '!') {
+			/*
+			 * There's already a vhost existing that we want to
+			 * bind to, we don't have to specify and create one.
+			 *
+			 * The vhost must enable any protocols that we want.
+			 */
+
+			vho = lws_get_vhost_by_name(context,
+						    &h->policy->endpoint[1]);
+			if (!vho) {
+				lwsl_err("%s: no vhost %s\n", __func__,
+						&h->policy->endpoint[1]);
+				goto late_bail;
+			}
+
+			goto extant;
+		}
+
 		/*
 		 * This streamtype represents a server, we're being asked to
 		 * instantiate a corresponding vhost for it
@@ -1099,15 +1119,16 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 		}
 #endif
 
-		if (lws_fi(&ssi->fic, "ss_srv_vh_fail"))
-			vho = NULL;
-		else
+
+		if (!lws_fi(&ssi->fic, "ss_srv_vh_fail"))
 			vho = lws_create_vhost(context, &i);
 		if (!vho) {
 			lwsl_err("%s: failed to create vh", __func__);
 			goto late_bail;
 		}
 
+extant:
+
 		/*
 		 * Mark this vhost as having to apply ss server semantics to
 		 * any incoming accepted connection