[AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working
Hi,
I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub
config files.
Three of the domain names are using SSL. The certificate is a UCC SSL
Certificate that will accommodate up to 5 domain names.
If I activate the virtual server for just one of the three domains that are
using SSL, then everything works fine. When I activate two or more of the sub
files that need ssl, the server fails to start. Here is the tail end of the log
file:
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
AOLserver/4.5.2 running
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
security info: uid=502, euid=502, gid=502\
, egid=502
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
starting: nssock
[15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched:
starting
[15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
starting
[15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
nssock: listening on 23.253.246.52:80
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice:
starting
[15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice:
nsopenssl: listening on 23.253.246.52\
:443
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice:
starting
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error:
nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice:
exiting
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice:
starting
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error:
nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice:
exiting
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not
start drivers
Here is the ssl portion of the main.tcl file:
ns_section "ns/server/module/nsopenssl"
# ns_param RandomFile /some/file
ns_param SeedBytes 2048; # was 1024
Here is what the ssl portion of the sub files (all appear to load successfully
- see below):
#-
# OpenSSL and nsopenssl
# http://openacs.org/forums/message-view?message_id=320064 - for nsd code -
note: must use port 443
# http://openacs.org/doc/install-nsopenssl.html - binding port 443 in
daemontools
#-
ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts"
ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user
access"
# ns_param admins_ctx "SSL context used for administrator access"
ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing
script socket connections"
ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults"
ns_param server ${ecognizant}_users_ctx
ns_param client ${ecognizant}_client_ctx
ns_section
"ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx"
ns_param Role server
ns_param ModuleDir $ssldocdir
ns_param CertFile cert.pem
ns_param KeyFile key.pem
ns_param CAFile ca.pem
ns_param Protocols "All"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_section
"ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx"
ns_param Role client
ns_param ModuleDir $ssldocdir
ns_param CertFile cert.pem
ns_param KeyFile key.pem
ns_param CAFile ca.pem
ns_param Protocols "All"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers"
ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access"
ns_section
"ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv"
ns_param sslcontext ${ecognizant}_users_ctx
ns_param port $httpsport
ns_param hostname $hostname
ns_param address $address
ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit
Re: [AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working
Has this ever worked in the past? It's been a long time since I've looked at
the module and I don't recall if it worked for multiple SSL listening ports as
virtual servers on the same AOLserver instance. I never had an occasion to use
it that way. If it's not capable of doing that in its last incarnation it will
probably take some work to modify it to do it properly.
/s.
> On Aug 15, 2015, at 8:17 PM, Thorpe Mayes wrote:
>
> Hi,
>
> I have AOLserver 4.5.2 running with virtual servers - main.tcl with several
> sub config files.
>
> Three of the domain names are using SSL. The certificate is a UCC SSL
> Certificate that will accommodate up to 5 domain names.
>
> If I activate the virtual server for just one of the three domains that are
> using SSL, then everything works fine. When I activate two or more of the sub
> files that need ssl, the server fails to start. Here is the tail end of the
> log file:
>
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
> AOLserver/4.5.2 running
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
> security info: uid=502, euid=502, gid=502\
> , egid=502
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nssock
> [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
> nssock: listening on 23.253.246.52:80
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice:
> nsopenssl: listening on 23.253.246.52\
> :443
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error:
> nsopenssl: failed to listen on 23.253.\
> 246.52:443: Permission denied
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice:
> exiting
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error:
> nsopenssl: failed to listen on 23.253.\
> 246.52:443: Permission denied
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice:
> exiting
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not
> start drivers
>
>
> Here is the ssl portion of the main.tcl file:
>
> ns_section "ns/server/module/nsopenssl"
> # ns_param RandomFile /some/file
>
> ns_param SeedBytes 2048; # was 1024
>
>
> Here is what the ssl portion of the sub files (all appear to load
> successfully - see below):
>
> #-
>
> # OpenSSL and nsopenssl
>
> # http://openacs.org/forums/message-view?message_id=320064 - for nsd code -
> note: must use port 443
> # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in
> daemontools
> #-
>
>
> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts"
> ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular
> user access"
> # ns_param admins_ctx "SSL context used for administrator access"
>
> ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing
> script socket connections"
>
>
> ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults"
> ns_param server ${ecognizant}_users_ctx
> ns_param client ${ecognizant}_client_ctx
>
>
> ns_section
> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx"
> ns_param Role server
> ns_param ModuleDir $ssldocdir
> ns_param CertFile cert.pem
> ns_param KeyFile key.pem
> ns_param CAFile ca.pem
> ns_param Protocols "All"
> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
> ns_param PeerVerify false
> ns_param PeerVerifyDepth 3
> ns_param Trace false
>
>
> ns_section
> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx"
> ns_param Role client
> ns_param ModuleDir $ssldocdir
> ns_param CertFile cert.pem
> ns_param KeyF
Re: [AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working
Could your IP address be the one failing?
Error: nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied
What's the stray back slash for?
On Aug 16, 2015 9:17 AM, "Scott Goodwin" wrote:
> Has this ever worked in the past? It's been a long time since I've looked
> at the module and I don't recall if it worked for multiple SSL listening
> ports as virtual servers on the same AOLserver instance. I never had an
> occasion to use it that way. If it's not capable of doing that in its last
> incarnation it will probably take some work to modify it to do it properly.
>
> /s.
>
> On Aug 15, 2015, at 8:17 PM, Thorpe Mayes wrote:
>
> Hi,
>
> I have AOLserver 4.5.2 running with virtual servers - main.tcl with
> several sub config files.
>
> Three of the domain names are using SSL. The certificate is a UCC SSL
> Certificate that will accommodate up to 5 domain names.
>
> If I activate the virtual server for just one of the three domains that
> are using SSL, then everything works fine. When I activate two or more of
> the sub files that need ssl, the server fails to start. Here is the tail
> end of the log file:
>
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
> AOLserver/4.5.2 running
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain:
> security info: uid=502, euid=502, gid=502\
> , egid=502
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nssock
> [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
> starting
> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice:
> nssock: listening on 23.253.246.52:80
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-]
> Notice: starting
> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-]
> Notice: nsopenssl: listening on 23.253.246.52\
> :443
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-]
> Notice: starting
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-]
> Error: nsopenssl: failed to listen on 23.253.\
> 246.52:443: Permission denied
> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-]
> Notice: exiting
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver:
> starting: nsopenssl
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-]
> Notice: starting
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-]
> Error: nsopenssl: failed to listen on 23.253.\
> 246.52:443: Permission denied
> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-]
> Notice: exiting
> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not
> start drivers
>
>
> Here is the ssl portion of the main.tcl file:
>
> ns_section "ns/server/module/nsopenssl"
> # ns_param RandomFile /some/file
>
> ns_param SeedBytes 2048; # was 1024
>
>
> Here is what the ssl portion of the sub files (all appear to load
> successfully - see below):
>
> #-
>
> # OpenSSL and nsopenssl
>
> # http://openacs.org/forums/message-view?message_id=320064 - for nsd code
> - note: must use port 443
> # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in
> daemontools
> #-
>
>
> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts"
> ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant
> regular user access"
> # ns_param admins_ctx "SSL context used for administrator access"
>
> ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant
> outgoing script socket connections"
>
>
> ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults"
> ns_param server ${ecognizant}_users_ctx
> ns_param client ${ecognizant}_client_ctx
>
>
> ns_section
> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx"
> ns_param Role server
> ns_param ModuleDir $ssldocdir
> ns_param CertFile cert.pem
> ns_param KeyFile key.pem
> ns_param CAFile ca.pem
> ns_param Protocols "All"
> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
> ns_param PeerVerify false
> ns_param PeerVerifyDepth 3
> ns_param Trace false
>
>
> ns_section
> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx"
> ns_param Role client
> ns_param ModuleDir $ssldocdir
> ns_param CertFile cert.pem
> ns_param KeyFile key.pem
> ns_param CAFile ca.pem
> ns_param Protocols "All"
> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
> ns_param PeerVerify false
> ns_param PeerVerifyDepth 3
> ns_param Trace fals
