Hi.
Am 17-11-2015 21:13, schrieb lakarjail:
[snipp]
Please note that :
- nginx server starts correctly in command line (#nginx ), not using
service. SSL configuration (like file locations and permissions seems
therefore correct). Password is -that way- asked on terminal.
- when doing the same SSL configuration with Apache2, the password
is
well required when starting/restarting Apache2 server with "service
apache2
start".
== Problem and Question ==
1) I am not about to remove password of a cert key, since it's usually
a
bad security practise (considering the server get compromised, the cert
will
have to be revoked, etc.).
On top of that, as explained, I never had problems on Apache2 using a
password protected key Cert file. When I run Apache service, password
is
well asked. I can not consider the solution of removing the password,
when
other solutions work properly.
I also checked ssl_password_file proposal. Storing the password in that
way
would set the security system as if no password was set on the key cert
file. Therefore, I can't -as well- follow that solution.
2) What I fail to understand, if it is a bug, or a feature is the
following
: Nginx, when run as command line asks me for my cert key password and
runs
correctly. Why this behaviour can't be applied on a service ?
The command:
---
# nginx
---
Asks for a password, runs webserver Nginx correctly. However :
---
# service nginx start
---
doesn't, password is not asked on terminal, producing the journalctl
above
mentionned. Why this difference of response ? Why an Apache2-like (that
works in both situation) mechanism can't be introduced with Nginx ?
Do you know this directive?
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file
Br Aleks
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
