Could your IP address be the one failing? Error: nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied What's the stray back slash for? On Aug 16, 2015 9:17 AM, "Scott Goodwin" <sc...@scottg.net> wrote: > Has this ever worked in the past? It's been a long time since I've looked > at the module and I don't recall if it worked for multiple SSL listening > ports as virtual servers on the same AOLserver instance. I never had an > occasion to use it that way. If it's not capable of doing that in its last > incarnation it will probably take some work to modify it to do it properly. > > /s. > > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tma...@ecognizant.net> wrote: > > Hi, > > I have AOLserver 4.5.2 running with virtual servers - main.tcl with > several sub config files. > > Three of the domain names are using SSL. The certificate is a UCC SSL > Certificate that will accommodate up to 5 domain names. > > If I activate the virtual server for just one of the three domains that > are using SSL, then everything works fine. When I activate two or more of > the sub files that need ssl, the server fails to start. Here is the tail > end of the log file: > > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: > AOLserver/4.5.2 running > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: > security info: uid=502, euid=502, gid=502\ > , egid=502 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nssock > [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: > starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: > starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: > nssock: listening on 23.253.246.52:80 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: nsopenssl: listening on 23.253.246.52\ > :443 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not > start drivers > > > Here is the ssl portion of the main.tcl file: > > ns_section "ns/server/module/nsopenssl" > # ns_param RandomFile /some/file > > ns_param SeedBytes 2048; # was 1024 > > > Here is what the ssl portion of the sub files (all appear to load > successfully - see below): > > #--------------------------------------------------------------------- > > # OpenSSL and nsopenssl > > # http://openacs.org/forums/message-view?message_id=320064 - for nsd code > - note: must use port 443 > # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in > daemontools > #--------------------------------------------------------------------- > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" > ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant > regular user access" > # ns_param admins_ctx "SSL context used for administrator access" > > ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant > outgoing script socket connections" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" > ns_param server ${ecognizant}_users_ctx > ns_param client ${ecognizant}_client_ctx > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" > ns_param Role server > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" > ns_param Role client > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" > ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user > access" > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" > ns_param sslcontext ${ecognizant}_users_ctx > ns_param port $httpsport > ns_param hostname $hostname > ns_param address $address > ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit > > > > ns_section "ns/server/${ecognizant}/modules" > ns_param nslog ${bindir}/nslog${ext} > ns_param nsdb ${bindir}/nsdb${ext} > ns_param nscache ${bindir}/nscache${ext} > ns_param nssha1 ${bindir}/nssha1${ext} > ns_param nsopenssl ${bindir}/nsopenssl${ext} > > > The log file portion of one of the sub files that have ssl: > > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped GET / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped HEAD / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped POST / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: > opened '/usr/local/aolserver/servers/server10/access.log' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache > module version 1.5 server: server10 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: > loading '/usr/local/aolserver/bin/nsopenssl.so' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 512-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 1024-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_users_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_users_ctx (nsopenssl): session cache is turned on for sslcontext > 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_client_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_client_ctx (nsopenssl): session cache is turned on for sslcontext > 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for server is server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > server SSL context: server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for client is server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > client SSL context: server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading 'server10_users_drv' SSL driver > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: > [ns/server/server10]enabletclpages = 1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: > enabling .tcl pages > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 > queued 0 timeout 1000\ > 000 spread 20 > > Here is what the command that starts the server looks like: > > /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it > /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ > .253.246.52:443 > > It looks like the ssl connection (port 443) is being loaded three times, > with the last two failing and preventing the server from starting. > > Does anyone have an insight for me? > > Thank you, > > Thorpe > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aolserver-talk@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aolserver-talk@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > >
------------------------------------------------------------------------------
_______________________________________________ aolserver-talk mailing list aolserver-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/aolserver-talk
