session ticket key rotation

A. Schulze sca at
Thu Jun 22 09:42:12 UTC 2017

B.R. via nginx:

> nginx configuration is parsed/analyzed by nginx master process by design.
> Moreover, TLS configuration is kept at this level if I recall well.
> Thus, the user your master process use needs to have the rights to access
> the specified file.
> To reload nginx configuration, you will indeed need to use SIGHUP, as nginx
> control documentation <> states.

>> Which process read these files? master or worker?
>> Must it be readable for root only or nginx-user?

OK, looks like master process only read the files.
I changes the mode 0400, ohwner root and at least got no failure after
send SIGUP nginx master process.

>> Must I signal nginx processes the rotation? If yes, how? via SIGHUP?
that's still my open question. which code will use the content of the files
referenced by ?


More information about the nginx mailing list