The backslash shows line continuation — the IP address below is 23.253.246.52 (and :443 for the port).
/s. > On Aug 16, 2015, at 1:22 AM, Sep <thejackschm...@gmail.com> wrote: > > Could your IP address be the one failing? > > Error: nsopenssl: failed to listen on 23.253.\ > > 246.52:443: Permission denied > > What's the stray back slash for? > > On Aug 16, 2015 9:17 AM, "Scott Goodwin" <sc...@scottg.net > <mailto:sc...@scottg.net>> wrote: > Has this ever worked in the past? It's been a long time since I've looked at > the module and I don't recall if it worked for multiple SSL listening ports > as virtual servers on the same AOLserver instance. I never had an occasion to > use it that way. If it's not capable of doing that in its last incarnation it > will probably take some work to modify it to do it properly. > > /s. > > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tma...@ecognizant.net > <mailto:tma...@ecognizant.net>> wrote: > >> Hi, >> >> I have AOLserver 4.5.2 running with virtual servers - main.tcl with several >> sub config files. >> >> Three of the domain names are using SSL. The certificate is a UCC SSL >> Certificate that will accommodate up to 5 domain names. >> >> If I activate the virtual server for just one of the three domains that are >> using SSL, then everything works fine. When I activate two or more of the >> sub files that need ssl, the server fails to start. Here is the tail end of >> the log file: >> >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: >> AOLserver/4.5.2 running >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: >> security info: uid=502, euid=502, gid=502\ >> , egid=502 >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: >> starting: nssock >> [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: >> starting >> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: >> starting >> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: >> nssock: listening on 23.253.246.52:80 <http://23.253.246.52/> >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: >> starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] >> Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] >> Notice: nsopenssl: listening on 23.253.246.52\ >> :443 >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: >> starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] >> Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: >> nsopenssl: failed to listen on 23.253.\ >> 246.52:443: Permission denied >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] >> Notice: exiting >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: >> starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] >> Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: >> nsopenssl: failed to listen on 23.253.\ >> 246.52:443: Permission denied >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] >> Notice: exiting >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not >> start drivers >> >> >> Here is the ssl portion of the main.tcl file: >> >> ns_section "ns/server/module/nsopenssl" >> # ns_param RandomFile /some/file >> >> ns_param SeedBytes 2048; # was 1024 >> >> >> Here is what the ssl portion of the sub files (all appear to load >> successfully - see below): >> >> #--------------------------------------------------------------------- >> >> # OpenSSL and nsopenssl >> >> # http://openacs.org/forums/message-view?message_id=320064 >> <http://openacs.org/forums/message-view?message_id=320064> - for nsd code - >> note: must use port 443 >> # http://openacs.org/doc/install-nsopenssl.html >> <http://openacs.org/doc/install-nsopenssl.html> - binding port 443 in >> daemontools >> #--------------------------------------------------------------------- >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" >> ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular >> user access" >> # ns_param admins_ctx "SSL context used for administrator access" >> >> ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing >> script socket connections" >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" >> ns_param server ${ecognizant}_users_ctx >> ns_param client ${ecognizant}_client_ctx >> >> >> ns_section >> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" >> ns_param Role server >> ns_param ModuleDir $ssldocdir >> ns_param CertFile cert.pem >> ns_param KeyFile key.pem >> ns_param CAFile ca.pem >> ns_param Protocols "All" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> ns_param PeerVerify false >> ns_param PeerVerifyDepth 3 >> ns_param Trace false >> >> >> ns_section >> "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" >> ns_param Role client >> ns_param ModuleDir $ssldocdir >> ns_param CertFile cert.pem >> ns_param KeyFile key.pem >> ns_param CAFile ca.pem >> ns_param Protocols "All" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> ns_param PeerVerify false >> ns_param PeerVerifyDepth 3 >> ns_param Trace false >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" >> ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access" >> >> >> ns_section >> "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" >> ns_param sslcontext ${ecognizant}_users_ctx >> ns_param port $httpsport >> ns_param hostname $hostname >> ns_param address $address >> ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit >> >> >> >> ns_section "ns/server/${ecognizant}/modules" >> ns_param nslog ${bindir}/nslog${ext} >> ns_param nsdb ${bindir}/nsdb${ext} >> ns_param nscache ${bindir}/nscache${ext} >> ns_param nssha1 ${bindir}/nssha1${ext} >> ns_param nsopenssl ${bindir}/nsopenssl${ext} >> >> >> The log file portion of one of the sub files that have ssl: >> >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: >> fastpath[server10]: mapped GET / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: >> fastpath[server10]: mapped HEAD / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: >> fastpath[server10]: mapped POST / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: >> opened '/usr/local/aolserver/servers/server10/access.log' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache >> module version 1.5 server: server10 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: >> loading '/usr/local/aolserver/bin/nsopenssl.so' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: >> generating 512-bit temporary RSA key ... >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: >> generating 1024-bit temporary RSA key ... >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): loading SSL context 'server10_users_ctx' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_users_ctx' ciphers loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_users_ctx' certificate and key loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_users_ctx' CA file loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: >> server10_users_ctx (nsopenssl): session cache is turned on for sslcontext >> 'server10' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): loading SSL context 'server10_client_ctx' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_client_ctx' ciphers loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_client_ctx' certificate and key loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): 'server10_client_ctx' CA file loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: >> server10_client_ctx (nsopenssl): session cache is turned on for sslcontext >> 'server10' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): default SSL context for server is server10_users_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default >> server SSL context: server10_users_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): default SSL context for client is server10_client_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default >> client SSL context: server10_client_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl >> (server10): loading 'server10_users_drv' SSL driver >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: >> [ns/server/server10]enabletclpages = 1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: >> enabling .tcl pages >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default >> thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 >> queued 0 timeout 1000\ >> 000 spread 20 >> >> Here is what the command that starts the server looks like: >> >> /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it >> /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80 >> <http://23.253.246.52/>,23\ >> .253.246.52:443 >> >> It looks like the ssl connection (port 443) is being loaded three times, >> with the last two failing and preventing the server from starting. >> >> Does anyone have an insight for me? >> >> Thank you, >> >> Thorpe >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> aolserver-talk mailing list >> aolserver-talk@lists.sourceforge.net >> <mailto:aolserver-talk@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk >> <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aolserver-talk@lists.sourceforge.net > <mailto:aolserver-talk@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> >
------------------------------------------------------------------------------
_______________________________________________ aolserver-talk mailing list aolserver-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/aolserver-talk
