avelardi/shim.md

Last active March 13, 2023 23:27

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/avelardi/d87f0ce30dda94d1f22902005e621b95.js"></script>
Save avelardi/d87f0ce30dda94d1f22902005e621b95 to your computer and use it in GitHub Desktop.

Download ZIP

Nginx SSL Passphrase Shim Service For Systemd

Raw

shim.md

make fifo: mkfifo -m 600 /path/to/fifo

/etc/nginx/sites-enabled/site

[CUT]
	ssl_certificate		/path/to/cert;
	ssl_password_file       /path/to/fifo;
	ssl_certificate_key	/path/to/key;
[CUT]

/lib/systemd/system/sslpass.service

[Unit]
Description=SSL Passphrase Shim
[Service]
Type=simple
ExecStart=/bin/bash -c 'echo -n `systemd-ask-password "Enter SSL Passphrase: "` > /etc/nginx/sslpass'
#Restart=always
[Install]
WantedBy=nginx.service

Then systemctl daemon-reload && systemctl enable sslpass.service