On Mon, 3 May 2004 15:32:24 -0400, Scott Goodwin <[EMAIL PROTECTED]> wrote:

>It's not a threading issue. AOLserver 4.x opens the listen sockets for
>all comm modules including nsopenssl, and the error message is coming
>from the DriverThread function in nsd/driver.c when it attempts to
>start listening on the port. The reason it says "nsopenssl" is, well,
>because that's the name of the thread). I trust the error message
>because it's coming from the OS; the driver code is very
>straightforward. So my guess is that you really aren't root at start
>time.

I am most certainly root.

>Post the OS make, model and version (my guess is you're using Solaris),

Redhat 7.1 on x486

>the command line that you use to start the server

#! /bin/sh

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib:/usr/local/ssl/lib
exec /usr/local/aolserver/bin/nsd -it /etc/aolserver/7-sisters.com.tcl -B
/etc/aolserver/7-sisters.com.bnd -u nsadmin -g web

where 7-sisters.com.bnd contains:

192.168.1.2:80
192.168.1.2:443

>and your nsd.tcl file
>with any sensitive stuff removed.

ns_log notice "nsd.tcl: starting to read config file..."

set httpport              80
set httpsport             443

set hostname              www.7-sisters.com
set address               192.168.1.2

set homedir /usr/local/aolserver
set bindir  ${homedir}/bin

set logdir /var/log/aolserver
set rundir /var/run/aolserver

if [file isdirectory "$homedir/servers/7-sisters.com"] {
    set server             "7-sisters.com"
    set servername         "${hostname} server"
    set pageroot           /web/${server}/www
}
set directoryfile          index.adp,index.tcl,index.php,index.html,index.htm

set sslkeyfile
${homedir}/servers/${server}/modules/nsopenssl/www.7-sisters.com.key
set sslcertfile
${homedir}/servers/${server}/modules/nsopenssl/www.7-sisters.com.crt

ns_section "ns/parameters"
 ns_param   User  nsadmin
 ns_param   Group nsadmin
 ns_param   home         $homedir
 ns_param   pidfile      $rundir/nsd.pid
 ns_param   debug        false
 ns_param   MailHost     mail.7-sisters.com
 ns_param   ServerLog    ${logdir}/${server}-error.log
 ns_param   LogRoll      on
 ns_param   MaxBackup 9

ns_section "ns/threads"
 ns_param   mutexmeter      true      ;# measure lock contention
 ns_param   stacksize [expr 256*1024] ;# Per-thread stack size for hungry C
modules. Increased to 256 for PHP.

ns_section "ns/servers"
    ns_param   $server     $servername

ns_section "ns/server/${server}"
    ns_param   directoryfile        $directoryfile
    ns_param   pageroot             $pageroot
    ns_param   globalstats          false     ;# Enable built-in statistics
    ns_param   urlstats             false     ;# Enable URL statistics
    ns_param   maxurlstats          1000      ;# Max number of URL's to do
stats on
    ns_param   enabletclpages       true      ;# Parse tcl files in
            # pageroot (dangerous)
    ns_param   maxthreads 5
    ns_param   minthreads 5


ns_section "ns/server/${server}/module/nssock"
    ns_param   port         $httpport
    ns_param   hostname     $hostname
    ns_param   address      $address

ns_section ns/server/${server}/module/nsopenssl/sslcontexts
 ns_param ${server}_ctx "SSL context for regular user access"
 ns_param ${server}_client_ctx "SSL context for outgoing script socket
connections"

ns_section ns/server/${server}/module/nsopenssl/defaults
 ns_param server ${server}_ctx
 ns_param client ${server}_client_ctx

ns_section ns/server/${server}/module/nsopenssl/sslcontext/${server}_ctx
        ns_param Role server
 ns_param CertFile ${sslcertfile}
 ns_param KeyFile ${sslkeyfile}
        ns_param CADir ca
        ns_param CAFile ca/freesslca.crt
 ns_param ModuleDir ${homedir}/servers/${server}/modules/nsopenssl/
        ns_param Protocols "SSLv2, SSLv3, TLSv1"
        ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
        ns_param PeerVerify false
        ns_param PeerVerifyDepth 3
        ns_param Trace false
        ns_param SessionCache true
        ns_param SessionCacheID 1
        ns_param SessionCacheSize 512
        ns_param SessionCacheTimeout 300

ns_section ns/server/${server}/module/nsopenssl/sslcontext/${server}_client_ctx
        ns_param Role client
 ns_param CertFile ${sslcertfile}
 ns_param KeyFile ${sslkeyfile}
        ns_param CADir ca
        ns_param CAFile ca/freesslca.crt
 ns_param ModuleDir ${homedir}/servers/${server}/modules/nsopenssl/
        ns_param Protocols "SSLv2, SSLv3, TLSv1"
        ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
        ns_param PeerVerify false
        ns_param PeerVerifyDepth 3
        ns_param Trace false
        ns_param SessionCache true
        ns_param SessionCacheID 1
        ns_param SessionCacheSize 512
        ns_param SessionCacheTimeout 300

ns_section ns/server/${server}/module/nsopenssl/ssldrivers
 ns_param ${server}_drv "Driver for regular user access"

ns_section ns/server/${server}/module/nsopenssl/ssldriver/${server}_drv
 ns_param Sslcontext ${server}_ctx
        ns_param Port 443

ns_section "ns/server/${server}/module/nslog"
    ns_param   EnableHostnameLookup Off
    ns_param   File                ${logdir}/${server}-access.log
    ns_param   LogCombined         On
    ns_param   RollLog             On
    ns_param   RollDay             *
    ns_param   RollHour            0
    ns_param   RollDir   ${logdir}/access-report/
    ns_param   RollFmt             %Y-%m-%d-%H:%M
    ns_param   RollOnSignal        On
    ns_param   MaxBackup         7   ;# Max number to keep around when rolling

ns_section "ns/server/${server}/modules"
  ns_param   nssock          ${bindir}/nssock.so
 ns_param   nslog           ${bindir}/nslog.so
 ns_param   nsdb            ${bindir}/nsdb.so
 ns_param   nsperm          ${bindir}/nsperm.so
if { [file exists $sslcertfile] && [file exists $sslkeyfile] } {
    ns_param nsopenssl ${bindir}/nsopenssl.so
} else {
    ns_log warning "nsd.tcl: nsopenssl not loaded because key/cert files do
not exist."
}

ns_log notice "nsd.tcl: finished reading config file [info script]."


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of 
your email blank.

Reply via email to