SSL termination is offloaded to the CloudHSM and works just fine. But when I send a USR2 signal to Nginx process, nothing happens.
$ kill -USR2 $(cat /var/run/nginx.pid)
I have straced nginx process when USR2 signal is sent to both processes. Here is the result:
rt_sigsuspend([]) = ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGUSR2 {si_signo=SIGUSR2, si_code=SI_USER, si_pid=23440, si_uid=0} ---
gettimeofday({1570839012, 596258}, NULL) = 0
getppid() = 1
rt_sigreturn() = -1 EINTR (Interrupted system call)
gettimeofday({1570839012, 596492}, NULL) = 0
rename("/var/run/nginx.pid", "/var/run/nginx.pid.oldbin") = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f180aa89b50) = 6133
rt_sigsuspend([] <detached ...>
rt_sigsuspend([]) = ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGUSR2 {si_signo=SIGUSR2, si_code=SI_USER, si_pid=23440, si_uid=0} ---
gettimeofday({1570838962, 952874}, NULL) = 0
getppid() = 1
rt_sigreturn() = -1 EINTR (Interrupted system call)
gettimeofday({1570838962, 953140}, NULL) = 0
rename("/var/run/nginx.pid", "/var/run/nginx.pid.oldbin") = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f3e4a531b50) = 5619
rt_sigsuspend([]) = ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5619, si_status=1, si_utime=0, si_stime=0} ---
gettimeofday({1570838962, 960453}, NULL) = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WNOHANG, NULL) = 5619
wait4(-1, 0x7fff59a47b7c, WNOHANG, NULL) = 0
rt_sigreturn() = -1 EINTR (Interrupted system call)
gettimeofday({1570838962, 960769}, NULL) = 0
rename("/var/run/nginx.pid.oldbin", "/var/run/nginx.pid") = 0
rt_sigsuspend([] <detached ...>