skip to Main Content

I am trying to modify NGINX config file using sed. I wand to replace the values of ssl_certificate and ssl_certificate_key

config="/etc/nginx/httpd.conf"
certfile="server.pem"
keyfile="key.pem"

sed -i -e "s/(ssl_certificate */etc/pki/nginx/).*/1$certfile/" $config
sed -i -e "s/(ssl_certificate_key */etc/pki/nginx/private/).*/1$keyfile/" $config

With the starting lines that I want to modify looking like this

ssl_certificate /etc/pki/nginx/selfsigned.crt;
ssl_certificate_key /etc/pki/nginx/private/selfsigned.key;
ssl_dhparam /etc/pki/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

I end up with

ssl_certificate /etc/pki/nginx/server.pem
ssl_certificate_key /etc/pki/nginx/server.pem
ssl_dhparam /etc/pki/nginx/server.pem
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

What I am trying to achieve is to substitute selfsigned.crt with server.pem and selfsigned.key with key.pem to achieve

ssl_certificate /etc/pki/nginx/server.pem
ssl_certificate_key /etc/pki/nginx/key.pem
ssl_dhparam /etc/pki/nginx/dhparam.pem
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Please, advise. TIA

2

Answers


  1. Chosen as BEST ANSWER

    I got it:

    cat /etc/nginx/httpd.conf | sed -e "s/(ssl_certificate */etc/pki/nginx/).*/1$certfile/" -e "s/(ssl_certificate_key */etc/pki/nginx/private/).*/1$keyfile/"
    
    server {
        listen 443 default_server ssl;
        server_name _;
        root /usr/share/nginx/html;
    
    
        ssl_certificate /etc/pki/nginx/server.pem
        ssl_certificate_key /etc/pki/nginx/private/key.pem
        ssl_dhparam /etc/pki/nginx/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    

  2. Using sed

    $ sed "/certificate/s|(.*/).*(.$)|1$certfile2|" input_file
    ssl_certificate /etc/pki/nginx/server.pem;
    ssl_certificate_key /etc/pki/nginx/private/server.pem;
    ssl_dhparam /etc/pki/nginx/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    

    Match lines with certificate and carry out the substitution on those lines.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search