I'm configuring a new lighttpd instance to serve my websites on Ubuntu 8.04 32-bit.
I decided to run lighttpd under a chroot environment which I successfully built and working with mod-fcgi and php5-cgi is running fine along with all the needed php modules.

However while tweaking either lighttpd or php configuration, I'm reloading/restarting the server quite a few times and after some (5-10) successful restarts the startup script gives the following error: "SSL: not enough entropy in the pool" – and of course won't start.

I use mod_ssl with lighty and of course have put /dev/random into the chroot so I'm kind of clueless about what causes this. After a reboot, everything works fine again. But since daily log rotating is active with 'reload', I suppose it will refuse to reload after a few days by itself.

Any ideas how to solve this? Thanks.

Did a quick check with available entropy, the munin daily graph seems OK to me:

Is that graph for the entropy in the chroot or your already existing /dev/random?

_________________
If it ain't broke, you didn't tweak it enough. If it is broke, use more duct tape.
http://independentchaos.com

I think this munin plugin reads available_entropy from /proc. Since /proc is not available in the chroot (why would it be) I guess it's the available entropy for the entire system.

However, I added the /dev/urandom device to the chroot, and the problem seems to be gone for now. This sounds weirdo as on previous installations I only had the /dev/random device and never had any problems.

It seems that my problem is gone away, I just don't know whether it's the higher available entropy or the /dev/urandom I linked into the chroot.

Perhaps the latest version of lighttpd mod_ssl uses the urandom isntead of random. Have to check the lighttpd docs or ask on their IRC channel and you might get a clearer answer.

_________________
If it ain't broke, you didn't tweak it enough. If it is broke, use more duct tape.

http://independentchaos.com