Large CRL file crashing nginx on reload
Shaun Tarves
shaun.tarves at jackpinetech.com
Thu Jul 26 20:16:11 UTC 2018
Hi,
We are trying to use nginx to support the DoD PKI infrastructure, which
includes many DoD and contractor CRLs. The combined CRL file is over 350MB
in size, which seems to crash nginx during a reload (at least on Red Hat
6). Our cert/key/crl set up is valid and working, and when only including a
subset of the CRL files we have, reloads work fine.
When we concatenate all the CRLs we need to support, the config reload
request causes worker threads to become defunct and messages in the error
log indicate the following:
2018/07/26 16:05:25 [alert] 30624#30624: fork() failed while spawning
"worker process" (12: Cannot allocate memory)
2018/07/26 16:05:25 [alert] 30624#30624: sendmsg() failed (9: Bad file
descriptor)
2018/07/26 16:08:42 [alert] 30624#30624: worker process 1611 exited on
signal 9
Is there any way we can get nginx to support such a large volume of CRLs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180726/664a8455/attachment.html>
More information about the nginx
mailing list