Skip to content

Instantly share code, notes, and snippets.

@avelardi

avelardi/shim.md

Last active March 13, 2023 23:27
Show Gist options
  • Save avelardi/d87f0ce30dda94d1f22902005e621b95 to your computer and use it in GitHub Desktop.
Save avelardi/d87f0ce30dda94d1f22902005e621b95 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx SSL Passphrase Shim Service For Systemd
Raw
shim.md

make fifo: mkfifo -m 600 /path/to/fifo

/etc/nginx/sites-enabled/site

[CUT]
	ssl_certificate		/path/to/cert;
	ssl_password_file       /path/to/fifo;
	ssl_certificate_key	/path/to/key;
[CUT]

/lib/systemd/system/sslpass.service

[Unit]
Description=SSL Passphrase Shim
[Service]
Type=simple
ExecStart=/bin/bash -c 'echo -n `systemd-ask-password "Enter SSL Passphrase: "` > /etc/nginx/sslpass'
#Restart=always
[Install]
WantedBy=nginx.service

Then systemctl daemon-reload && systemctl enable sslpass.service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment