Re: [AOLSERVER] Configuring nsopenssl - unable to get to work

[Thorpe Mayes]

Jeff,

Thanks for the reply and the advice.
Tried it and got this:

27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Error:  
nsopenssl: failed to listen on 64.58.34.55:443: Permission denied
[27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Notice:  
exiting
[27/Oct/2010:21:42:27][23535.3083630272][-main-] Notice: driver:  
starting: nssock
[27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice:  
starting
[27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice:  
nssock: listening on 64.58.34.55:80
[27/Oct/2010:21:42:27][23535.3083630272][-main-] Fatal: could not  
start drivers
[27/Oct/2010:21:42:28][23547.3084039872][-main-] Notice: nsmain:  
AOLserver/4.5.0 starting


The server would not start.

Is this related to the https port being a privileged port? I am using  
daemon tools to start and stop the server.

Thanks.

Thorpe


On Oct 27, 2010, at [Oct/27]  9:16 PM, Jeff wrote:

Note this line in your startup log:
[27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice:  
nsopenssl: listening on 64.58.34.55:8443

Your ssl server is running fine at https://www.getreadytoshift.com:8443/

Somewhere in your config is a setting like
set httpsport 8443

Change that to
set httpsport 443

and you should be good to go.  Alternately, you could set up port  
forwarding, but since you're already running on port 80 there's no  
real need.

-J


Thorpe Mayes wrote:
I am trying to set up an ssl connection. I am using aolserver 4.5.0.

Here is the portion of the nsd file that pertains:

# SSL contexts. Each SSL context is a template that SSL connections  
are
created

# from. A single SSL context may be used by multiple drivers,  
sockservers
and

# sockclients.



ns_section ns/server/${servername}/module/nsopenssl/sslcontexts
ns_param users "SSL context used for regular user access"
### ns_param client "SSL context used for outgoing script socket
connections"



# We explicitly tell the server which SSL contexts to use as  
defaults when
an

# SSL context is not specified for a particular client or server SSL


# connection. Driver connections do not use defaults; they must be
explicitly

# specificied in the driver section. The Tcl API will use the  
defaults as
there

# is currently no provision to specify which SSL context to use for a


# particular connection via an ns_openssl Tcl command.



ns_section ns/server/${servername}/module/nsopenssl/defaults
ns_param server users

ns_section ns/server/${servername}/module/nsopenssl/sslcontext/users
ns_param Role server
ns_param ModuleDir ${homedir}/servers/${servername}/modules/ 
nsopenssl; #
${serverroot}/etc/certs/

ns_param CertFile cert.pem
ns_param KeyFile key.pem
ns_param CADir ca
ns_param CAFile ca.pem
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW: 
+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false

# SSL drivers. Each driver defines a port to listen on and an  
explitictly
named

# SSL context to associate with it. Note that you can now have  
multiple
driver

# connections within a single virtual server, which can be tied to  
different


# SSL contexts. Isn't that cool?



ns_section ns/server/${servername}/module/nsopenssl/ssldrivers
ns_param users "Driver for regular user access"


ns_section ns/server/${servername}/module/nsopenssl/ssldriver/users
ns_param sslcontext users
ns_param port $httpsport
ns_param hostname $hostname
ns_param address $address


# OpenSSL library support:


#ns_param RandomFile /some/file


ns_param SeedBytes 1024

================

Here is the result when I restart the server:

[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:
AOLserver/4.5.0 starting
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
security
info: uid=xxx, euid=xxx, gid=xxx, egid=xxx
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
max files:
FD_SETSIZE = 1024, rl_cur = 1024, rl_max = 1024
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: encoding:  
loaded: utf-8
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
fastpath[server8]:
mapped GET /
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
fastpath[server8]:
mapped HEAD /
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
fastpath[server8]:
mapped POST /
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped GET /*.adp
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped HEAD /*.adp
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped POST /*.adp
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped GET /*.html
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped HEAD /*.html
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
adp[server8]:
mapped POST /*.html
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nssock.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nslog.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nslog:  
opened
'/usr/local/aolserver/servers/server8/access.log'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nsperm.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nsxml.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsxml  
module starting
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nsdb.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nspostgres.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: PostgreSQL  
loaded.
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/libphp5.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
Registering PHP for
"*.php"
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
loading
'/usr/local/aolserver/bin/nsopenssl.so'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl:
generating 512-bit temporary RSA key ...
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl:
generating 1024-bit temporary RSA key ...
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): loading SSL context 'users'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' ciphers loaded successfully
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' using SSLv2 protocol
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' using SSLv3 protocol
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' using TLSv1 protocol
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' certificate and key loaded successfully
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): 'users' CA file loaded successfully
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: users  
(nsopenssl):
session cache is turned on for sslcontext 'server8'
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): default SSL context for server is users
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: default  
server SSL
context: users
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
(server8): loading 'users' SSL driver
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: conf:
[ns/server/server8]enabletclpages = 1
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: tcl:  
enabling .tcl
pages
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:
AOLserver/4.5.0 running
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
security
info: uid=xxx, euid=xxx, gid=xxx, egid=xxx
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver:  
starting:
nsopenssl
[27/Oct/2010:17:23:55][13466.3072859040][-sched-] Notice: sched:  
starting
[27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-]  
Notice: starting
[27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice:
nsopenssl: listening on 64.58.34.55:8443
[27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver:  
starting:
nssock
[27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice:  
starting
[27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice:  
nssock:
listening on 64.58.34.55:80


=============

looks like everything loaded

However, when I try to go to a page on the server using https, I  
get an
error (Unable to connect - Firefox can't establish a connection to  
the
server at www.getreadytoshift.com)

I copied the text from the .crs files I got from godaddy.com for the
cert.pem and the ca.pem files.

Any help will be appreciated.


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to<lists...@listserv.aol.com 
>  with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the  
Subject: field of your email blank.


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com 
> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the  
Subject: field of your email blank.



--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to 
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.