<div dir="ltr"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Hi,</span><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">We are trying to use nginx to support the DoD PKI infrastructure, which includes many DoD and contractor CRLs. The combined CRL file is over 350MB in size, which seems to crash nginx during a reload (at least on Red Hat 6). Our cert/key/crl set up is valid and working, and when only including a subset of the CRL files we have, reloads work fine.</div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">When we concatenate all the CRLs we need to support, the config reload request causes worker threads to become defunct and messages in the error log indicate the following:</div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span></span><p class="gmail-m_2419373206062243596gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span class="gmail-m_2419373206062243596gmail-s1" style="font-variant-ligatures:no-common-ligatures">2018/07/26 16:05:25 [alert] 30624#30624: fork() failed while spawning "worker process" (12: Cannot allocate memory)</span></p><p class="gmail-m_2419373206062243596gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span class="gmail-m_2419373206062243596gmail-s1" style="font-variant-ligatures:no-common-ligatures">2018/07/26 16:05:25 [alert] 30624#30624: sendmsg() failed (9: Bad file descriptor)</span></p><p class="gmail-m_2419373206062243596gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span class="gmail-m_2419373206062243596gmail-s1" style="font-variant-ligatures:no-common-ligatures">2018/07/26 16:08:42 [alert] 30624#30624: worker process 1611 exited on signal 9</span></p><br></div><div style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">Is there any way we can get nginx to support such a large volume of CRLs?</div><br></div>