Thank you very much!! this configuration works perfectly!!!
Now I have ape under ssl!!! Bye! 2012/4/15 Matija Hiti <[email protected]> > Try to add the following line to your stunnel.conf: > > delay = no > TIMEOUTclose = 0 > > Matija > > > On 15 April 2012 12:17, Michele Vezzoli <[email protected]>wrote: > >> Hi gino, >> I confirm your test, >> >> I have the same problem :) on debian squeeze >> >> Bye >> >> 2012/4/11 Gino <[email protected]> >> >>> Thanks Matija for the reply. >>> >>> >>> >>> >>> I tried opening my browser first to http://0.ape.my-domain.com:6969 >>> and I immediately get the response from APE with the no command given >>> message. >>> Then I tried https://0.ape.your-domain.com:442, I get the same results >>> but it takes extremely long to get a response. It's probably around 1 >>> min until I get the same result. >>> >>> >>> >>> >>> Based on the logs I see messages like ape connected remote server from >>> 127.0.0.1:60001, and since I get a response I eventually get a >>> response I take it stunnel and APE is communicating? >>> >>> >>> >>> >>> But I also noticed the following in the logs: >>> >>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: Remote FD=15 >>> initialized >>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: TCP_NODELAY option set >>> on remote socket >>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: Socket closed on read >>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL write shutdown >>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL alert (write): >>> warning: close notify >>> 2012.04.11 12:30:36 LOG6[2409:140692054951680]: SSL_shutdown >>> successfully sent close_notify >>> 2012.04.11 12:30:38 LOG3[2409:140692054882048]: SSL_accept: Peer >>> suddenly disconnected >>> 2012.04.11 12:30:38 LOG5[2409:140692054882048]: Connection reset: 0 >>> bytes sent to SSL, 0 bytes sent to socket >>> 2012.04.11 12:30:38 LOG7[2409:140692054882048]: ape finished (1 left) >>> 2012.04.11 12:31:36 LOG6[2409:140692054951680]: s_poll_wait timeout: >>> connectionclose >>> 2012.04.11 12:31:36 LOG5[2409:140692054951680]: Connection closed: 395 >>> bytes sent to SSL, 387 bytes sent to socket >>> >>> It says that Peer is suddenly disconnected. Is that normal? >>> >>> >>> The web server I have to use is IIS. It currently has the my- >>> domain.com cert. In stunnel I placed 3 certs, my-domain.com, *.my- >>> domain.com, *.ape.my-domian.com. >>> The wild card certs I made using OpenSSL for now. Would this affect my >>> setup? >>> >>> >>> On Apr 11, 4:11 am, Matija Hiti <[email protected]> wrote: >>> > First try if server replies anything through https. >>> Openhttps://0.ape.your-domain.com:442in your browser. You should get >>> the same >>> > response as withhttp://0.ape.your-domain.com:6969 >>> > >>> > If this works, dig into the jsf settings. Otherwise, search for issues >>> on >>> > server. >>> > >>> > For the server certificate: you need two of them. One for the apache >>> > serving the files (yourdomain.com) and one wildcard for stunnel (*. >>> > ape.your-domain.com). Stunnel works with bundle file, which includes >>> your >>> > certificate, ca certificate and intermediate certificates, if they >>> exist. >>> > Add foreground=yes or check the stunnel error log for errors when you >>> run >>> > it. >>> > >>> > Matija >>> > >>> > On 10 April 2012 14:04, Gino <[email protected]> wrote: >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > > I realized in my previous post I placed the port as 443. That was >>> just >>> > > a typo, my configuration has the port set to 442, same port that is >>> > > set in my apeClientJS.js >>> > > so my stunnel.conf should be: >>> > >>> > > cert = /etc/stunnel/my_main_cert.pem >>> > > cert = /etc/stunnel/my_ape_cert.pem >>> > > cert = /etc/stunnel/my_wildcard_cert.pem >>> > > sslVersion = SSLv3 >>> > > debug = 7 >>> > > output = /var/log/stunnel4/stunnel.log >>> > > [ape] >>> > > accept = 442 >>> > > connect = 6969 >>> > >>> > > and I still get an error with the Check tool - fail to contact >>> > >https://ape.my-domain.com:442 >>> > >>> > > I still haven't been able to get stunnel to work with APE. I've been >>> > > reading what I could find in the internet, but no solution yet. >>> > > Could someone share what certificates they have installed in their >>> web >>> > > server and stunnel server. >>> > > I'm thinking my problem may lie with the certificates I have. As of >>> > > now I'm using certificates made with OpenSSL. >>> > >>> > > I hope someone can help! >>> > >>> > > -- >>> > > You received this message because you are subscribed to the Google >>> > > Groups "APE Project" group. >>> > > To post to this group, send email to [email protected] >>> > > To unsubscribe from this group, send email to >>> > > [email protected] >>> > > For more options, visit this group at >>> > >http://groups.google.com/group/ape-project?hl=en >>> > > --- >>> > > APE Project (Ajax Push Engine) >>> > > Official website :http://www.ape-project.org/ >>> > > Git Hub :http://github.com/APE-Project/ >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "APE Project" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/ape-project?hl=en >>> --- >>> APE Project (Ajax Push Engine) >>> Official website : http://www.ape-project.org/ >>> Git Hub : http://github.com/APE-Project/ >>> >> >> >> >> -- >> ------------------------------ >> *Michele Vezzoli* *IT Manager* >> >> TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 SKYPE: >> michele.vezzoli.vardump >> VarDump S.r.l. - www.var-dump.it >> >> This e-mail message does not imply or cause any obligation, unless it is >> provided by a previous written agreement. This message is confidential: if >> you have received it by mistake, please advise immediately the sender by >> e-mail and destroy the message and its attachments. You are hereby notified >> that any unauthorized use of the content of this message could constitute a >> criminal offence. Thank you. >> >> -- >> You received this message because you are subscribed to the Google >> Groups "APE Project" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/ape-project?hl=en >> --- >> APE Project (Ajax Push Engine) >> Official website : http://www.ape-project.org/ >> Git Hub : http://github.com/APE-Project/ >> > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ > -- ------------------------------ *Michele Vezzoli* *IT Manager* TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 SKYPE: michele.vezzoli.vardump VarDump S.r.l. - www.var-dump.it This e-mail message does not imply or cause any obligation, unless it is provided by a previous written agreement. This message is confidential: if you have received it by mistake, please advise immediately the sender by e-mail and destroy the message and its attachments. You are hereby notified that any unauthorized use of the content of this message could constitute a criminal offence. Thank you. -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
