443 is a privileged port, I believe. If you're specifying a specific user for aolserver (-u parameter) then that user has to have access to port 443, I think.
On Oct 28, 10:50 am, Thorpe Mayes <[email protected]> wrote: > Jeff, > > Thanks for the reply and the advice. > > Tried it and got this: > > 27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Error: > nsopenssl: failed to listen on 64.58.34.55:443: Permission denied > [27/Oct/2010:21:42:27][23535.3061283744][-nsopenssl:driver-] Notice: > exiting > [27/Oct/2010:21:42:27][23535.3083630272][-main-] Notice: driver: > starting: nssock > [27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice: > starting > [27/Oct/2010:21:42:27][23535.3060226976][-nssock:driver-] Notice: > nssock: listening on 64.58.34.55:80 > [27/Oct/2010:21:42:27][23535.3083630272][-main-] Fatal: could not > start drivers > [27/Oct/2010:21:42:28][23547.3084039872][-main-] Notice: nsmain: > AOLserver/4.5.0 starting > > The server would not start. > > Is this related to the https port being a privileged port? I am using > daemon tools to start and stop the server. > > Thanks. > > Thorpe > > On Oct 27, 2010, at [Oct/27] 9:16 PM, Jeff wrote: > > > Note this line in your startup log: > > [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice: > > nsopenssl: listening on 64.58.34.55:8443 > > > Your ssl server is running fine athttps://www.getreadytoshift.com:8443/ > > > Somewhere in your config is a setting like > > set httpsport 8443 > > > Change that to > > set httpsport 443 > > > and you should be good to go. Alternately, you could set up port > > forwarding, but since you're already running on port 80 there's no > > real need. > > > -J > > > Thorpe Mayes wrote: > >> I am trying to set up an ssl connection. I am using aolserver 4.5.0. > > >> Here is the portion of the nsd file that pertains: > > >> # SSL contexts. Each SSL context is a template that SSL connections > >> are > >> created > > >> # from. A single SSL context may be used by multiple drivers, > >> sockservers > >> and > > >> # sockclients. > > >> ns_section ns/server/${servername}/module/nsopenssl/sslcontexts > >> ns_param users "SSL context used for regular user access" > >> ### ns_param client "SSL context used for outgoing script socket > >> connections" > > >> # We explicitly tell the server which SSL contexts to use as > >> defaults when > >> an > > >> # SSL context is not specified for a particular client or server SSL > > >> # connection. Driver connections do not use defaults; they must be > >> explicitly > > >> # specificied in the driver section. The Tcl API will use the > >> defaults as > >> there > > >> # is currently no provision to specify which SSL context to use for a > > >> # particular connection via an ns_openssl Tcl command. > > >> ns_section ns/server/${servername}/module/nsopenssl/defaults > >> ns_param server users > > >> ns_section ns/server/${servername}/module/nsopenssl/sslcontext/users > >> ns_param Role server > >> ns_param ModuleDir ${homedir}/servers/${servername}/modules/ > >> nsopenssl; # > >> ${serverroot}/etc/certs/ > > >> ns_param CertFile cert.pem > >> ns_param KeyFile key.pem > >> ns_param CADir ca > >> ns_param CAFile ca.pem > >> ns_param Protocols "SSLv2, SSLv3, TLSv1" > >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW: > >> +SSLv2:+EXP" > >> ns_param PeerVerify false > >> ns_param PeerVerifyDepth 3 > >> ns_param Trace false > > >> # SSL drivers. Each driver defines a port to listen on and an > >> explitictly > >> named > > >> # SSL context to associate with it. Note that you can now have > >> multiple > >> driver > > >> # connections within a single virtual server, which can be tied to > >> different > > >> # SSL contexts. Isn't that cool? > > >> ns_section ns/server/${servername}/module/nsopenssl/ssldrivers > >> ns_param users "Driver for regular user access" > > >> ns_section ns/server/${servername}/module/nsopenssl/ssldriver/users > >> ns_param sslcontext users > >> ns_param port $httpsport > >> ns_param hostname $hostname > >> ns_param address $address > > >> # OpenSSL library support: > > >> #ns_param RandomFile /some/file > > >> ns_param SeedBytes 1024 > > >> ================ > > >> Here is the result when I restart the server: > > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain: > >> AOLserver/4.5.0 starting > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain: > >> security > >> info: uid=xxx, euid=xxx, gid=xxx, egid=xxx > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain: > >> max files: > >> FD_SETSIZE = 1024, rl_cur = 1024, rl_max = 1024 > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: encoding: > >> loaded: utf-8 > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> fastpath[server8]: > >> mapped GET / > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> fastpath[server8]: > >> mapped HEAD / > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> fastpath[server8]: > >> mapped POST / > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped GET /*.adp > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped HEAD /*.adp > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped POST /*.adp > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped GET /*.html > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped HEAD /*.html > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> adp[server8]: > >> mapped POST /*.html > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nssock.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nslog.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nslog: > >> opened > >> '/usr/local/aolserver/servers/server8/access.log' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nsperm.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nsxml.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsxml > >> module starting > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nsdb.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nspostgres.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: PostgreSQL > >> loaded. > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/libphp5.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: > >> Registering PHP for > >> "*.php" > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: modload: > >> loading > >> '/usr/local/aolserver/bin/nsopenssl.so' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl: > >> generating 512-bit temporary RSA key ... > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl: > >> generating 1024-bit temporary RSA key ... > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): loading SSL context 'users' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' ciphers loaded successfully > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' using SSLv2 protocol > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' using SSLv3 protocol > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' using TLSv1 protocol > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' certificate and key loaded successfully > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): 'users' CA file loaded successfully > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: users > >> (nsopenssl): > >> session cache is turned on for sslcontext 'server8' > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): default SSL context for server is users > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: default > >> server SSL > >> context: users > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsopenssl > >> (server8): loading 'users' SSL driver > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: conf: > >> [ns/server/server8]enabletclpages = 1 > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: tcl: > >> enabling .tcl > >> pages > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain: > >> AOLserver/4.5.0 running > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: nsmain: > >> security > >> info: uid=xxx, euid=xxx, gid=xxx, egid=xxx > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver: > >> starting: > >> nsopenssl > >> [27/Oct/2010:17:23:55][13466.3072859040][-sched-] Notice: sched: > >> starting > >> [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] > >> Notice: starting > >> [27/Oct/2010:17:23:55][13466.3061930912][-nsopenssl:driver-] Notice: > >> nsopenssl: listening on 64.58.34.55:8443 > >> [27/Oct/2010:17:23:55][13466.3083437760][-main-] Notice: driver: > >> starting: > >> nssock > >> [27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice: > >> starting > >> [27/Oct/2010:17:23:55][13466.3060874144][-nssock:driver-] Notice: > >> nssock: > >> listening on 64.58.34.55:80 > > >> ============= > > >> looks like everything loaded > > >> However, when I try to go to a page on the server using https, I > >> get an > >> error (Unable to connect - Firefox can't establish a connection to > >> the > >> server atwww.getreadytoshift.com) > > >> I copied the text from the .crs files I got from godaddy.com for the > >> cert.pem and the ca.pem files. > > >> Any help will be appreciated. > > >> -- > >> AOLserver -http://www.aolserver.com/ > > >> To Remove yourself from this list, simply send an email > >> to<[email protected] > >> > with the > >> body of "SIGNOFF AOLSERVER" in the email message. You can leave the > >> Subject: field of your email blank. > > ... > > read more » -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[email protected]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
