443 is a privileged port, I believe.  If you're specifying a specific
user for aolserver (-u parameter) then that user has to have access to
port 443, I think.

On Oct 28, 10:50 am, Thorpe Mayes <[email protected]> wrote:
> Jeff,
>
> Thanks for the reply and the advice.
>
> Tried it and got this:
>
> 27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Error:  
> nsopenssl: failed to listen on 64.58.34.55:443: Permission denied
> [27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Notice:  
> exiting
> [27/Oct/2010:21:42:27][23535.3083630272][-main-] Notice: driver:  
> starting: nssock
> [27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice:  
> starting
> [27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice:  
> nssock: listening on 64.58.34.55:80
> [27/Oct/2010:21:42:27][23535.3083630272][-main-] Fatal: could not  
> start drivers
> [27/Oct/2010:21:42:28][23547.3084039872][-main-] Notice: nsmain:  
> AOLserver/4.5.0 starting
>
> The server would not start.
>
> Is this related to the https port being a privileged port? I am using  
> daemon tools to start and stop the server.
>
> Thanks.
>
> Thorpe
>
> On Oct 27, 2010, at [Oct/27]  9:16 PM, Jeff wrote:
>
> > Note this line in your startup log:
> > [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice:  
> > nsopenssl: listening on 64.58.34.55:8443
>
> > Your ssl server is running fine athttps://www.getreadytoshift.com:8443/
>
> > Somewhere in your config is a setting like
> > set httpsport 8443
>
> > Change that to
> > set httpsport 443
>
> > and you should be good to go.  Alternately, you could set up port  
> > forwarding, but since you're already running on port 80 there's no  
> > real need.
>
> > -J
>
> > Thorpe Mayes wrote:
> >> I am trying to set up an ssl connection. I am using aolserver 4.5.0.
>
> >> Here is the portion of the nsd file that pertains:
>
> >> # SSL contexts. Each SSL context is a template that SSL connections  
> >> are
> >> created
>
> >> # from. A single SSL context may be used by multiple drivers,  
> >> sockservers
> >> and
>
> >> # sockclients.
>
> >> ns_section ns/server/${servername}/module/nsopenssl/sslcontexts
> >> ns_param users "SSL context used for regular user access"
> >> ### ns_param client "SSL context used for outgoing script socket
> >> connections"
>
> >> # We explicitly tell the server which SSL contexts to use as  
> >> defaults when
> >> an
>
> >> # SSL context is not specified for a particular client or server SSL
>
> >> # connection. Driver connections do not use defaults; they must be
> >> explicitly
>
> >> # specificied in the driver section. The Tcl API will use the  
> >> defaults as
> >> there
>
> >> # is currently no provision to specify which SSL context to use for a
>
> >> # particular connection via an ns_openssl Tcl command.
>
> >> ns_section ns/server/${servername}/module/nsopenssl/defaults
> >> ns_param server users
>
> >> ns_section ns/server/${servername}/module/nsopenssl/sslcontext/users
> >> ns_param Role server
> >> ns_param ModuleDir ${homedir}/servers/${servername}/modules/
> >> nsopenssl; #
> >> ${serverroot}/etc/certs/
>
> >> ns_param CertFile cert.pem
> >> ns_param KeyFile key.pem
> >> ns_param CADir ca
> >> ns_param CAFile ca.pem
> >> ns_param Protocols "SSLv2, SSLv3, TLSv1"
> >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:
> >> +SSLv2:+EXP"
> >> ns_param PeerVerify false
> >> ns_param PeerVerifyDepth 3
> >> ns_param Trace false
>
> >> # SSL drivers. Each driver defines a port to listen on and an  
> >> explitictly
> >> named
>
> >> # SSL context to associate with it. Note that you can now have  
> >> multiple
> >> driver
>
> >> # connections within a single virtual server, which can be tied to  
> >> different
>
> >> # SSL contexts. Isn't that cool?
>
> >> ns_section ns/server/${servername}/module/nsopenssl/ssldrivers
> >> ns_param users "Driver for regular user access"
>
> >> ns_section ns/server/${servername}/module/nsopenssl/ssldriver/users
> >> ns_param sslcontext users
> >> ns_param port $httpsport
> >> ns_param hostname $hostname
> >> ns_param address $address
>
> >> # OpenSSL library support:
>
> >> #ns_param RandomFile /some/file
>
> >> ns_param SeedBytes 1024
>
> >> ================
>
> >> Here is the result when I restart the server:
>
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:
> >> AOLserver/4.5.0 starting
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
> >> security
> >> info: uid=xxx, euid=xxx, gid=xxx, egid=xxx
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
> >> max files:
> >> FD_SETSIZE = 1024, rl_cur = 1024, rl_max = 1024
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: encoding:  
> >> loaded: utf-8
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> fastpath[server8]:
> >> mapped GET /
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> fastpath[server8]:
> >> mapped HEAD /
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> fastpath[server8]:
> >> mapped POST /
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped GET /*.adp
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped HEAD /*.adp
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped POST /*.adp
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped GET /*.html
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped HEAD /*.html
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> adp[server8]:
> >> mapped POST /*.html
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nssock.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nslog.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nslog:  
> >> opened
> >> '/usr/local/aolserver/servers/server8/access.log'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nsperm.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nsxml.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsxml  
> >> module starting
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nsdb.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nspostgres.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: PostgreSQL  
> >> loaded.
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/libphp5.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice:  
> >> Registering PHP for
> >> "*.php"
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload:  
> >> loading
> >> '/usr/local/aolserver/bin/nsopenssl.so'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl:
> >> generating 512-bit temporary RSA key ...
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl:
> >> generating 1024-bit temporary RSA key ...
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): loading SSL context 'users'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' ciphers loaded successfully
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' using SSLv2 protocol
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' using SSLv3 protocol
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' using TLSv1 protocol
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' certificate and key loaded successfully
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): 'users' CA file loaded successfully
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: users  
> >> (nsopenssl):
> >> session cache is turned on for sslcontext 'server8'
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): default SSL context for server is users
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: default  
> >> server SSL
> >> context: users
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl
> >> (server8): loading 'users' SSL driver
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: conf:
> >> [ns/server/server8]enabletclpages = 1
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: tcl:  
> >> enabling .tcl
> >> pages
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:
> >> AOLserver/4.5.0 running
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain:  
> >> security
> >> info: uid=xxx, euid=xxx, gid=xxx, egid=xxx
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver:  
> >> starting:
> >> nsopenssl
> >> [27/Oct/2010:17:23:55][13466.3072859040][-sched-] Notice: sched:  
> >> starting
> >> [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-]  
> >> Notice: starting
> >> [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice:
> >> nsopenssl: listening on 64.58.34.55:8443
> >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver:  
> >> starting:
> >> nssock
> >> [27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice:  
> >> starting
> >> [27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice:  
> >> nssock:
> >> listening on 64.58.34.55:80
>
> >> =============
>
> >> looks like everything loaded
>
> >> However, when I try to go to a page on the server using https, I  
> >> get an
> >> error (Unable to connect - Firefox can't establish a connection to  
> >> the
> >> server atwww.getreadytoshift.com)
>
> >> I copied the text from the .crs files I got from godaddy.com for the
> >> cert.pem and the ca.pem files.
>
> >> Any help will be appreciated.
>
> >> --
> >> AOLserver -http://www.aolserver.com/
>
> >> To Remove yourself from this list, simply send an email 
> >> to<[email protected]
> >> >  with the
> >> body of "SIGNOFF AOLSERVER" in the email message. You can leave the  
> >> Subject: field of your email blank.
>
> ...
>
> read more »


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to 
<[email protected]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.

Reply via email to