B.R. via nginx:
> nginx configuration is parsed/analyzed by nginx master process by design.
> Moreover, TLS configuration is kept at this level if I recall well.
> Thus, the user your master process use needs to have the rights to access
> the specified file.
>
> To reload nginx configuration, you will indeed need to use SIGHUP, as nginx
> control documentation https://nginx.org/en/docs/control.html states.
>> Which process read these files? master or worker?
>> Must it be readable for root only or nginx-user?
OK, looks like master process only read the files.
I changes the mode 0400, ohwner root and at least got no failure after
send SIGUP nginx master process.
>> Must I signal nginx processes the rotation? If yes, how? via SIGHUP?
that's still my open question. which code will use the content of the files
referenced by https://nginx.org/r/ssl_session_ticket_key ?
Andreas
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx