B.R. via nginx:
nginx configuration is parsed/analyzed by nginx master process by design. Moreover, TLS configuration is kept at this level if I recall well. Thus, the user your master process use needs to have the rights to access the specified file. To reload nginx configuration, you will indeed need to use SIGHUP, as nginx control documentation <https://nginx.org/en/docs/control.html> states.
Which process read these files? master or worker? Must it be readable for root only or nginx-user?
OK, looks like master process only read the files. I changes the mode 0400, ohwner root and at least got no failure after send SIGUP nginx master process.
Must I signal nginx processes the rotation? If yes, how? via SIGHUP?
that's still my open question. which code will use the content of the files referenced by https://nginx.org/r/ssl_session_ticket_key ? Andreas _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
