Hi all--
This might be a silly question, so I apologize, but I would like to know the answer. When configuring Nginx to work with SSL/TLS, best practice appears to be to secure your site's private key by ensuring it's owned by root:root and that its permissions are set to 400. My question, though, is why does this work? The Nginx worker processes, running under their own context, can't access the file that way. Do they rely on the master process (running as root) to read the key for them?
Thanks!