If you have a problem with your Apache webserver failing to start up properly, and you see this in your error log:
[Tue Dec 04 09:25:54 2007] [notice] Digest: generating secret for digest authentication ...
... then it's possible your machine has run out of entropy. You can test by doing:
cat /dev/random
CTRL-C
... if your screen isn't filled with garbage, then there's no more random available.
I fixed this by:
rm /dev/random
ln -s /dev/urandom /dev/random
No idea if this is the 'correct' approach but it worked for me. Posted here since Google didn't show up anything useful for Debian.
Technorati Tags: apache, debian, howto, linux, open source, hosting, software, sysadmin
Posted by savs at December 4, 2007 9:40 AMActually this is the WORST possible approach. A better one is to create some entropy. As the kernel collects it from hardware interrupts and other stuff, it is as easy as creating some disk activity:
find /
or
dbupdate
Posted by: Odi at December 4, 2007 10:26 AMFind the available memory on linux with:
cat /proc/sys/kernel/random/entropy_avail
To specify a different entropy source when building httpd, I think it's necessary to build APR separately --with-devrandom=/dev/urandom
the 'best' way is to change this in APR at compile time.
Pass this to your APR ./configure:
--with-devrandom=/dev/urandom
And you don't need to modify anything else.
Posted by: Paul Querna at December 4, 2007 3:21 PMWhy not just change httpd to look for the random seed in /dev/urandom? See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrandomseed
That way you change to a nonblocking random source and you avoid messing up the system for other things that might care more about the quality of the random source.
There's also the --with-devrandom=/dev/urandom argument in ./configure if you don't want to muck with your /dev dir.