Enabling ssl crashes windows nginx 1.0.0

I just got nginx running great on my windows box over port 80. As soon
as I tried to have it serve up ssl things quickly degrade.

After starting up nginx I get a prompt to enter my passphrase for my ssl
which is correct. After entering the passphrase… nginx looks to run for
5 seconds and then quits. I see this in the log:

2011/04/18 09:49:09 [alert] 1992#4548: the event “ngx_master_1992” was
not signaled for 5s

I’m not sure what can be done about this error. My conf looks like:

server {
listen 443 default ssl;
server_name _;

    ssl_certificate      ssl/mysite.crt;
    ssl_certificate_key  ssl/mysite.key;

    location / {
        root   html;
        index  index.html index.htm;


    }

}

I feel like I’m missing something rather minor. Any help would be much
appreciated.

Thanks,
Jake

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,192121,192121#msg-192121

Have same problems, anybody solved this?
Tried with nginx 1.0.0 and 0.9.7, results are same.
Here is ssl part of config file:

server {
    listen       443;
    server_name  localhost;

    ssl                  on;
    ssl_certificate      ssl/server.crt;
    ssl_certificate_key  ssl/server.key;

    ssl_session_timeout  5m;

    location / {
        root   html;
        index  index.html index.htm;
    }
}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,192121,192244#msg-192244

On Mon, Apr 18, 2011 at 12:57:57PM -0400, jakehilton wrote:

I’m not sure what can be done about this error. My conf looks like:
index index.html index.htm;

    }

}

I feel like I’m missing something rather minor. Any help would be much
appreciated.

An nginx worker of Windows version does not inherit configuraiton
file from a master process as Unix version does. So it loads certificate
separately and waits for the passphrase too. The only solution is to
remove passphrase from certificate key.


Igor S.

Removing the passphrase did in fact work! Thank you.

Pitty there is a disconnect from the prompt to enter in the passphrase
and the worker.

I think nginx is worth it though. :slight_smile:

Thanks,
Jake

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,192121,192385#msg-192385

On Mon, Apr 18, 2011 at 11:59 PM, Igor S. [email protected] wrote:

An nginx worker of Windows version does not inherit configuraiton
file from a master process as Unix version does. So it loads certificate
separately and waits for the passphrase too. The only solution is to
remove passphrase from certificate key.

Set strong permissions of course, but you can also probably protect
the key file with the encrypting file system on Windows boxes,
encrypted with the only the user account nginx uses and no recovery
key. This makes it about as safe as possible, although an attacker
that gains LocalSystem privileges can still get at the private key
with some work (really, anyone who has the rights to attach a debugger
to the nginx process could get the key from memory).

RPM

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs