[AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working

Thorpe Mayes Sat, 15 Aug 2015 17:18:46 -0700

Hi,

I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub 
config files.


Three of the domain names are using SSL. The certificate is a UCC SSL 
Certificate that will accommodate up to 5 domain names. 

If I activate the virtual server for just one of the three domains that are 
using SSL, then everything works fine. When I activate two or more of the sub 
files that need ssl, the server fails to start. Here is the tail end of the log 
file:

[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: 
AOLserver/4.5.2 running
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: 
security info: uid=502, euid=502, gid=502\
, egid=502
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: 
starting: nssock
[15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: 
starting
[15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: 
starting
[15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: 
nssock: listening on 23.253.246.52:80
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: 
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: 
starting
[15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: 
nsopenssl: listening on 23.253.246.52\
:443
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: 
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: 
starting
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: 
nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied
[15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: 
exiting
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: 
starting: nsopenssl
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: 
starting
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: 
nsopenssl: failed to listen on 23.253.\
246.52:443: Permission denied
[15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: 
exiting
[15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not 
start drivers


Here is the ssl portion of the main.tcl file:

ns_section "ns/server/module/nsopenssl"
# ns_param RandomFile /some/file                                                
                                    
ns_param SeedBytes  2048;  # was 1024   


Here is what the ssl portion of the sub files (all appear to load successfully 
- see below):

#---------------------------------------------------------------------          
                                    
# OpenSSL and nsopenssl                                                         
                                    
# http://openacs.org/forums/message-view?message_id=320064 - for nsd code - 
note: must use port 443                 
# http://openacs.org/doc/install-nsopenssl.html - binding port 443 in 
daemontools                                   
#---------------------------------------------------------------------          
                                    

ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts"
ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user 
access"
# ns_param admins_ctx "SSL context used for administrator access"               
                                    
ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing 
script socket connections"


ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults"
ns_param server ${ecognizant}_users_ctx
ns_param client ${ecognizant}_client_ctx


ns_section 
"ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx"
ns_param Role server
ns_param ModuleDir $ssldocdir
ns_param CertFile cert.pem
ns_param KeyFile key.pem
ns_param CAFile ca.pem
ns_param Protocols "All"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false


ns_section 
"ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx"
ns_param Role client
ns_param ModuleDir $ssldocdir
ns_param CertFile cert.pem
ns_param KeyFile key.pem
ns_param CAFile ca.pem
ns_param Protocols "All"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false


ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers"
ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access"


ns_section 
"ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv"
ns_param sslcontext ${ecognizant}_users_ctx
ns_param port $httpsport
ns_param hostname $hostname
ns_param address $address
ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit               
                                    


ns_section "ns/server/${ecognizant}/modules"
ns_param nslog   ${bindir}/nslog${ext}
ns_param nsdb    ${bindir}/nsdb${ext}
ns_param nscache ${bindir}/nscache${ext}
ns_param nssha1  ${bindir}/nssha1${ext}
ns_param nsopenssl ${bindir}/nsopenssl${ext}


The log file portion of one of the sub files that have ssl:

[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: 
fastpath[server10]: mapped GET /
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: 
fastpath[server10]: mapped HEAD /
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: 
fastpath[server10]: mapped POST /
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: opened 
'/usr/local/aolserver/servers/server10/access.log'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache 
module version 1.5 server: server10
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: 
loading '/usr/local/aolserver/bin/nsopenssl.so'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: 
generating 512-bit temporary RSA key ...
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: 
generating 1024-bit temporary RSA key ...
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): loading SSL context 'server10_users_ctx'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_users_ctx' ciphers loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_users_ctx' certificate and key loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_users_ctx' CA file loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: 
server10_users_ctx (nsopenssl): session cache is turned on for sslcontext 
'server10'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): loading SSL context 'server10_client_ctx'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_client_ctx' ciphers loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_client_ctx' certificate and key loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): 'server10_client_ctx' CA file loaded successfully
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: 
server10_client_ctx (nsopenssl): session cache is turned on for sslcontext 
'server10'
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): default SSL context for server is server10_users_ctx
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default 
server SSL context: server10_users_ctx
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): default SSL context for client is server10_client_ctx
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default 
client SSL context: server10_client_ctx
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl 
(server10): loading 'server10_users_drv' SSL driver
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: 
[ns/server/server10]enabletclpages = 1
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: enabling 
.tcl pages
[15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default 
thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 queued 0 
timeout 1000\
000 spread 20

Here is what the command that starts the server looks like:

/usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it 
/usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\
.253.246.52:443

It looks like the ssl connection (port 443) is being loaded three times, with 
the last two failing and preventing the server from starting. 

Does anyone have an insight for me?

Thank you,

Thorpe

------------------------------------------------------------------------------

_______________________________________________
aolserver-talk mailing list
aolserver-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/aolserver-talk

[AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working

Reply via email to