We have a post-hook script run by LetsEncrypt certificate renewal (using
certbot) that checks the Nginx config (
nginx -t) before doing a reload. The config check always writes its results to STDERR, even if the config check is successful. Since
certbot colors output on STDERR in red, that may needlessly give users a jolt.
The simple solution would be to redirect STDERR of the config check to
/dev/null, but since that would suppress all error messages (even those indicating a problem) I'd like to avoid it. A somewhat more appropriate approach would be filtering the success messages:
nginx -t 2>&1 | grep -Ev '(syntax is ok|test is successful)$' >&2
Since the only "success" output I expect from the command is the two lines indicating that the syntax is OK and the config test was successful I could live with this.
An alternative would be to write STDERR to a temp file and then process this file:
nginx -t 2> nginx_tmp.err
grep -Ev '(syntax is ok|test is successful)$' < nginx_tmp.err >&2
rm -f nginx_tmp.err
But the additional file handling feels kinda unelegant, so I was wondering if there was a cleaner way to filter just STDERR without touching STDOUT and without using temp files.