Hi all-- This might be a silly question, so I apologize, but I would like to know the answer. When configuring Nginx to work with SSL/TLS, best practice appears to be to secure your site's private key by ensuring it's owned by root:root and that its permissions are set to 400. My question, though, is why does this work? The Nginx worker processes, running under their own context, can't access the file that way. Do they rely on the master process (running as root) to read the key for them? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233606,233606#msg-233606
on 2012-12-05 18:05
on 2012-12-06 11:23
Hello! On Wed, Dec 05, 2012 at 12:05:02PM -0500, pokrface wrote: > Hi all-- > > This might be a silly question, so I apologize, but I would like to know the > answer. When configuring Nginx to work with SSL/TLS, best practice appears > to be to secure your site's private key by ensuring it's owned by root:root > and that its permissions are set to 400. My question, though, is why does > this work? The Nginx worker processes, running under their own context, > can't access the file that way. Do they rely on the master process (running > as root) to read the key for them? Worker processes doesn't read keys, but use keys already in memory (read by the master process during reading/parsing the configuration file, and inherited via fork() syscall, much like all other configuration data). -- Maxim Dounin http://nginx.com/support.html
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.