# Apache2 reload takes ages

## questionaire

hi there,

starting apache2 or reloading it takes only sometimes (!) ages.

it may also be that it hangs up at this line:

 *Quote:*   

> [Sat Feb 24 08:56:33 2007] [info] Server: Apache/2.0.58, Interface: mod_ssl/2.0.58, Library: OpenSSL/0.9.8d
> 
> [Sat Feb 24 08:56:33 2007] [notice] Digest: generating secret for digest authentication ...

 

something is wrong with openssl, but i really dont know  :Sad: 

----------

## bunder

how long is ages?   :Laughing: 

```
generating secret for digest authentication
```

having to wait for that is normal if you have a slower cpu...  its almost like running ssh-keygen.

----------

## questionaire

its a Core2Duo E6600 (2x2,9GHz) with 2GB Ram - is that slow?  :Wink: 

Ages means up to two minutes

----------

## bunder

 *questionaire wrote:*   

> its a Core2Duo E6600 (2x2,9GHz) with 2GB Ram - is that slow? 
> 
> Ages means up to two minutes

 

oh jeez, that is long... much longer than it really really should.   :Laughing: 

tried re-emerging apache and openssl?  can we see your make.conf?

cheers

----------

## questionaire

yes reemerged openssl, apache, libssl - also tried apache 1.3

make.conf:

```
cat /etc/make.conf

# These settings were set by the catalyst build script that automatically built this stage

# Please consult /etc/make.conf.example for a more detailed example

CFLAGS="-O2 -march=pentium4 -pipe -mmmx -msse"

CHOST="i686-pc-linux-gnu"

CXXFLAGS="${CFLAGS}"

MAKEOPTS="-j3"

SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"

USE="xsl tokenizer curl curlwrappers bcmath cjk ctype exif mysqli pcre pdo soap unicode xmlreader xmlwriter clamd subject-rewrite symlink checkpath mode-owner iconv vroot apache2 spamd bzlib crypt ldap mime session sharedmem simplexml mbox pam pam-mysql sockets gd dbx ftp imagemagick jpeg libwww maildir mhash mysql ncurses pdf perl php png tcpd sasl snmp ssl xml zlib imap latin1 bzip2 calendar cgi force-cgi-redirect hash zip clamav hardened sse2 big-tables -X -x11 -sdl -cups -apache -gtk -kde -mbox -ssmtp"

GENTOO_MIRRORS="ftp://gentoo.inode.at/source/ http://gentoo.intergenia.de http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"

LINGUAS="de"

FEATURES="parallel-fetch"

```

----------

## Janne Pikkarainen

Kernel is probably running out of entropy. If your motherboard includes a hardware random number generator, then see if it's supported by the kernel. If not, then you'll need to generate the entropy in some other way - the easiest is to emerge rng-tools and use rngd (/etc/init.d/rngd start). rngd just shovels numbers from /dev/urandom to /dev/random whenever necessary to do so, and that keeps kernel entropy pool filled.

----------

## questionaire

hey thanks  :Smile: 

----------

## KShots

 *Janne Pikkarainen wrote:*   

> Kernel is probably running out of entropy. If your motherboard includes a hardware random number generator, then see if it's supported by the kernel. If not, then you'll need to generate the entropy in some other way - the easiest is to emerge rng-tools and use rngd (/etc/init.d/rngd start). rngd just shovels numbers from /dev/urandom to /dev/random whenever necessary to do so, and that keeps kernel entropy pool filled.

 Hey, I think I'm facing this same problem, although mine never finishes. I'd suspect that questionaire's apache process finishes because he can switch to another console and type away there, generating entropy, and work off of that... but I'm working on a headless, diskless machine. Is there anything I can do about this?

EDIT: Even though I do have a hardware random number generator support, and told apache to point at /dev/urandom, I still needed rng-tools. Installing that fixed my issue. Thanks!

----------

## CodAv

Another solution is to simply not load mod_auth_digest, as you probably won't need it in most cases.

----------

## KShots

Nope, not unless you're running any kind of encryption with authentication. Me, just about everything I do uses encryption and authentication... so I need my mod_auth_digest. Actually, I don't know of too many useful apache servers in existence that don't use encryption and authentication...

----------

## evilTone

the rndg trick worked a treat for me also

thanks for posting that hint  :Very Happy: 

----------

