I’ve encountered a problem with nginx 1.5.10.
I’m running nginx on a highly available system (2 cluster node).
When node1 fails, node2 is automatically coming into play. A few days
the internet connection was bad - on both nodes. They could ping the
Node2 became the active one and tried to start nginx. Nginx did not even
I replayed the whole scenario (switchover) with a working internet
connection. Everything is running perfect then.
But with a broken internet connection nginx does not start up. It’s
The reason is ssl_stapling I found out. Even when I set resolver_timeout
5 seconds, nginx won’t come up within 5 seconds with an internet
with high packet loss.
Unfortunately I cannnot use “ssl_stapling_file”. I tried fetching the
response from globalsign but always get “error querying OCSP response”
globalsign’s ocsp server (but with godaddy it worked).
My cmd was: openssl ocsp -host ocsp2.globalsign.com -noverify -no_nonce
-issuer issuer.crt -cert domain.crt -url
So…it would be nice if nginx did not block on startup or if there was
setting that told nginx “you must startup within x seconds”.
For now I will remove ssl_stapling support altogether.
Posted at Nginx Forum: