Logrotate failures on Apache 2 with password protected SSL key

Question

Logrotate failures on Apache 2 with password protected SSL key

I have Apache 2 installed on Debian with mod_ssl installed. The private key of the server is protected by the password phase, which must be entered at startup. Error and access logs are logarithmed weekly. I found that Apache crashes with a passphrase error shortly after starting logrotate.

I understand that logrotate starts SIGHUP in Apache after archiving the logs, and I suspect that this causes a reboot and subsequent failure to get the passphrase for the server key.

Well, enough with my theories, here is the question:

Is there a “better way” to configure Apache so that its SSL server keys can be protected with a passphrase (without saving this passphrase in a file somewhere) so that it does not work when logrotate starts?

It is normal to require user input at server startup, but not restart or reboot.

+3

ssl apache2 crash passphrase logrotate

Mike tunnicliffe Sep 16 '08 at 10:26

source share

3 answers

You can use Cronolog , which does not require an explosion. Here is an example:

CustomLog "| /usr/sbin/cronolog /pathtologs/%Y_%m/sitename.com-%Y%m%d.log" combined

+2

Andrew Cholakian 16 . '08 22:33

, :

openssl rsa -in example.tld.key -out example.tld.key

+2

Derek P. 07 . '09 17:03

Yann ramin · Accepted Answer · 2008-09-16T22:28:06+0000

One option is to use the Apache log rotation tool. It is configured a little differently than the system logrotate, but as it works with pipes, it can move files without restarting Apache.

Logrotate failures on Apache 2 with password protected SSL key

More articles: