nginx configuration is parsed/analyzed by nginx master process by design.
Moreover, TLS configuration is kept at this level if I recall well.
Thus, the user your master process use needs to have the rights to access
the specified file.
To reload nginx configuration, you will indeed need to use SIGHUP, as nginx
control documentation https://nginx.org/en/docs/control.html states.
---
*B. R.*
On Wed, Jun 21, 2017 at 11:41 PM, A. Schulze <sca@andreasschulze.de> wrote:
> Hello,
>
> https://nginx.org/r/ssl_session_ticket_key mention session ticket key
> rotation.
>
> Which process read these files? master or worker?
> Must it be readable for root only or nginx-user?
> Must I signal nginx processes the rotation? If yes, how? via SIGHUP?
>
> thanks for clarification,
> Andreas
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx