In my case, I need to change .crt and .key SSL certificate files many times, and always after this we need to use "nginx reload" for changes to apply.
Nginx reload is not good for me, there are many workers who are waiting for the completion of the old connections.
Is it possible for nginx to catch the change of .crt .key files on the fly, without nginx reload?
Maybe some modules exist for this?
Asked
Active
Viewed 4,010 times
2
Glorfindel
- 1,213
- 4
- 15
- 22
Zer Gud
- 21
- 1
- 3
-
1According to [this Q&A](https://serverfault.com/questions/378581/nginx-config-reload-without-downtime) `nginx reload` is already graceful. – Henrik Pingel May 06 '20 at 09:44
-
1If me need 100 nginx reload per 1 min. this graceful? – Zer Gud May 06 '20 at 09:48
-
2You are changing the Nginx config 100 times a minute? That doesn't sound like a normal use case for Nginx to me. I would suggest that you edit the question and add more details about your use case. – Henrik Pingel May 06 '20 at 10:02
-
A certificate with an expiry time of half a second? – Gerard H. Pille May 06 '20 at 13:40
-
3I may have a valid business case. I need to add certificate about 50 times a day, a reload takes about 50 seconds (20000 certificates). Reloads seem to to hurt performance and can lead under rare conditions to problems (we observed problems with shared memory, or reload of not fully reloaded nginx). I believe there was a plan how to do this without reload but cannot find it now. – brablc Jun 30 '20 at 14:28
-
Why would anyone need to change their Nginx config 100 times a minute or issue a new certificate every second? That sounds really out-of-the-world. – om-ha Oct 13 '21 at 15:40
-
1The use case is quite obvious: sites for many different domains hosted using a single server. 20k certs with a yearly expiration means almost 55 expired certs per day on average. For Let's Encrypt certificates, the expiration is quarterly, so just 5k certs are enough to generate such a rate of reloads. – Palec Feb 07 '22 at 02:03