On Mon, 3 May 2004 15:32:24 -0400, Scott Goodwin <[EMAIL PROTECTED]> wrote:
>It's not a threading issue. AOLserver 4.x opens the listen sockets for
>all comm modules including nsopenssl, and the error message is coming
>from the DriverThread function in nsd/driver.c when it attempts to
>start listening on the port. The reason it says "nsopenssl" is, well,
>because that's the name of the thread). I trust the error message
>because it's coming from the OS; the driver code is very
>straightforward. So my guess is that you really aren't root at start
>time.
I am most certainly root.
>Post the OS make, model and version (my guess is you're using Solaris),
Redhat 7.1 on x486
>the command line that you use to start the server
#! /bin/sh
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib:/usr/local/ssl/lib
exec /usr/local/aolserver/bin/nsd -it /etc/aolserver/7-sisters.com.tcl -B
/etc/aolserver/7-sisters.com.bnd -u nsadmin -g web
where 7-sisters.com.bnd contains:
192.168.1.2:80
192.168.1.2:443
>and your nsd.tcl file
>with any sensitive stuff removed.
ns_log notice "nsd.tcl: starting to read config file..."
set httpport 80
set httpsport 443
set hostname www.7-sisters.com
set address 192.168.1.2
set homedir /usr/local/aolserver
set bindir ${homedir}/bin
set logdir /var/log/aolserver
set rundir /var/run/aolserver
if [file isdirectory "$homedir/servers/7-sisters.com"] {
set server "7-sisters.com"
set servername "${hostname} server"
set pageroot /web/${server}/www
}
set directoryfile index.adp,index.tcl,index.php,index.html,index.htm
set sslkeyfile
${homedir}/servers/${server}/modules/nsopenssl/www.7-sisters.com.key
set sslcertfile
${homedir}/servers/${server}/modules/nsopenssl/www.7-sisters.com.crt
ns_section "ns/parameters"
ns_param User nsadmin
ns_param Group nsadmin
ns_param home $homedir
ns_param pidfile $rundir/nsd.pid
ns_param debug false
ns_param MailHost mail.7-sisters.com
ns_param ServerLog ${logdir}/${server}-error.log
ns_param LogRoll on
ns_param MaxBackup 9
ns_section "ns/threads"
ns_param mutexmeter true ;# measure lock contention
ns_param stacksize [expr 256*1024] ;# Per-thread stack size for hungry C
modules. Increased to 256 for PHP.
ns_section "ns/servers"
ns_param $server $servername
ns_section "ns/server/${server}"
ns_param directoryfile $directoryfile
ns_param pageroot $pageroot
ns_param globalstats false ;# Enable built-in statistics
ns_param urlstats false ;# Enable URL statistics
ns_param maxurlstats 1000 ;# Max number of URL's to do
stats on
ns_param enabletclpages true ;# Parse tcl files in
# pageroot (dangerous)
ns_param maxthreads 5
ns_param minthreads 5
ns_section "ns/server/${server}/module/nssock"
ns_param port $httpport
ns_param hostname $hostname
ns_param address $address
ns_section ns/server/${server}/module/nsopenssl/sslcontexts
ns_param ${server}_ctx "SSL context for regular user access"
ns_param ${server}_client_ctx "SSL context for outgoing script socket
connections"
ns_section ns/server/${server}/module/nsopenssl/defaults
ns_param server ${server}_ctx
ns_param client ${server}_client_ctx
ns_section ns/server/${server}/module/nsopenssl/sslcontext/${server}_ctx
ns_param Role server
ns_param CertFile ${sslcertfile}
ns_param KeyFile ${sslkeyfile}
ns_param CADir ca
ns_param CAFile ca/freesslca.crt
ns_param ModuleDir ${homedir}/servers/${server}/modules/nsopenssl/
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
ns_section ns/server/${server}/module/nsopenssl/sslcontext/${server}_client_ctx
ns_param Role client
ns_param CertFile ${sslcertfile}
ns_param KeyFile ${sslkeyfile}
ns_param CADir ca
ns_param CAFile ca/freesslca.crt
ns_param ModuleDir ${homedir}/servers/${server}/modules/nsopenssl/
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
ns_section ns/server/${server}/module/nsopenssl/ssldrivers
ns_param ${server}_drv "Driver for regular user access"
ns_section ns/server/${server}/module/nsopenssl/ssldriver/${server}_drv
ns_param Sslcontext ${server}_ctx
ns_param Port 443
ns_section "ns/server/${server}/module/nslog"
ns_param EnableHostnameLookup Off
ns_param File ${logdir}/${server}-access.log
ns_param LogCombined On
ns_param RollLog On
ns_param RollDay *
ns_param RollHour 0
ns_param RollDir ${logdir}/access-report/
ns_param RollFmt %Y-%m-%d-%H:%M
ns_param RollOnSignal On
ns_param MaxBackup 7 ;# Max number to keep around when rolling
ns_section "ns/server/${server}/modules"
ns_param nssock ${bindir}/nssock.so
ns_param nslog ${bindir}/nslog.so
ns_param nsdb ${bindir}/nsdb.so
ns_param nsperm ${bindir}/nsperm.so
if { [file exists $sslcertfile] && [file exists $sslkeyfile] } {
ns_param nsopenssl ${bindir}/nsopenssl.so
} else {
ns_log warning "nsd.tcl: nsopenssl not loaded because key/cert files do
not exist."
}
ns_log notice "nsd.tcl: finished reading config file [info script]."
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of
your email blank.
