Aleks: Have you even read the 1st message from lakarjail?
(s)he said he had a look at it. It seems (s)he only wants interactive
solutions with the password being written nowhere.
Although the reasoning appearing strange to me (someone needs to be there
in case of unexpected reload/restart, otherwise, as long as it is stored
and extracted automatically, whatever storage solutions being chosen, it
ends up all the same to me), (s)he seems to be knowing what (s)he wants.
---
*B. R.*
On Wed, Nov 18, 2015 at 11:02 PM, Aleksandar Lazic <al-nginx@none.at> wrote:
> Hi.
>
> Am 17-11-2015 21:13, schrieb lakarjail:
>
> [snipp]
>
>
> Please note that :
>>
>> - nginx server starts correctly in command line (#nginx ), not using
>> service. SSL configuration (like file locations and permissions seems
>> therefore correct). Password is -that way- asked on terminal.
>> - when doing the same SSL configuration with Apache2, the password is
>> well required when starting/restarting Apache2 server with "service
>> apache2
>> start".
>>
>> == Problem and Question ==
>>
>>
>> 1) I am not about to remove password of a cert key, since it's usually a
>> bad security practise (considering the server get compromised, the cert
>> will
>> have to be revoked, etc.).
>> On top of that, as explained, I never had problems on Apache2 using a
>> password protected key Cert file. When I run Apache service, password is
>> well asked. I can not consider the solution of removing the password, when
>> other solutions work properly.
>> I also checked ssl_password_file proposal. Storing the password in that
>> way
>> would set the security system as if no password was set on the key cert
>> file. Therefore, I can't -as well- follow that solution.
>>
>> 2) What I fail to understand, if it is a bug, or a feature is the
>> following
>> : Nginx, when run as command line asks me for my cert key password and
>> runs
>> correctly. Why this behaviour can't be applied on a service ?
>> The command:
>> ---
>> # nginx
>> ---
>> Asks for a password, runs webserver Nginx correctly. However :
>> ---
>> # service nginx start
>> ---
>> doesn't, password is not asked on terminal, producing the journalctl above
>> mentionned. Why this difference of response ? Why an Apache2-like (that
>> works in both situation) mechanism can't be introduced with Nginx ?
>>
>
> Do you know this directive?
>
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file
>
> Br Aleks
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
