question about nginx start & stop
Maxim Dounin
mdounin at mdounin.ru
Sun Apr 17 02:14:09 UTC 2022
Hello!
On Fri, Apr 15, 2022 at 03:58:52PM +0800, Zhangfei Gao wrote:
> Hi,
>
> I have questions about nginx start and stop
> I am using
> // start
> sudo sbin/nginx
> //stop
> sudo sbin/nginx -s quit
>
> 1. openssl engine is init (ngx_ssl_init) twice, but openssl engine
> destroy function is not called.
> So start nginx and nginx -s quit, engine init twice but not called
> engine destroy.
> If we start and stop nginx many times, resource leakage will happen.
OPENSSL_init_ssl manpage says:
As of version 1.1.0 OpenSSL will automatically allocate all resources
that it needs so no explicit initialisation is required. Similarly it
will also automatically deinitialise as required.
If there is a resource leak, this is a bug in the OpenSSL engine
you are testing with. It's probably up to the OpenSSL development
docs how to fix this properly.
> 2. Currently the nginx master process do ngx_ssl_init then ngx_daemon
> start daemon and master process exit.
> Now linux kernel has a patch to release resources in mm_put at process exit.
> As a result ngx_ssl_init in the master process can not be used in daemon.
> So is this behavior (release resources in mm_put) not expected?
>
> src/core/nginx.c
> main:
> ngx_ssl_init
> OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)
> init openssl_engine: bind_fn
> ngx_daemon
> start daemon and main process exit
Forked processes are expected to match the original process on
Unix systems in terms of available resources, such as allocated
memory and open files. If in your setup OpenSSL library becomes
unusable after fork(), expect multiple issues.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list