Lighttpd/chroot: SSL: not enough entropy in the pool
I decided to run lighttpd under a chroot environment which I successfully built and working with mod-fcgi and php5-cgi is running fine along with all the needed php modules.
However while tweaking either lighttpd or php configuration, I'm reloading/restarting the server quite a few times and after some (5-10) successful restarts the startup script gives the following error: "SSL: not enough entropy in the pool" – and of course won't start.
I use mod_ssl with lighty and of course have put /dev/random into the chroot so I'm kind of clueless about what causes this. After a reboot, everything works fine again. But since daily log rotating is active with 'reload', I suppose it will refuse to reload after a few days by itself.
Any ideas how to solve this? Thanks.
5 Replies
@freedomischaos:
Is that graph for the entropy in the chroot or your already existing /dev/random?
I think this munin plugin reads available_entropy from /proc. Since /proc is not available in the chroot (why would it be) I guess it's the available entropy for the entire system.
However, I added the /dev/urandom device to the chroot, and the problem seems to be gone for now. This sounds weirdo as on previous installations I only had the /dev/random device and never had any problems.
@melon:
It seems that my problem is gone away, I just don't know whether it's the higher available entropy or the /dev/urandom I linked into the chroot.
Perhaps the latest version of lighttpd mod_ssl uses the urandom isntead of random. Have to check the lighttpd docs or ask on their IRC channel and you might get a clearer answer.