Maybe gist your deploy.rb. Because I think your off in the weeds. The stuff your messing with I've never had to mess with including compiling nginx from scratch to support ssl.
Maybe check https://github.com/donnoman/cap-recipes/blob/master/lib/cap_recipes/tasks/nginx/install.rb To see how I install nginx. On Aug 29, 2012, at 9:53 PM, blueHandTalking <[email protected]> wrote: > I am attempting to configure ssl in Nginx for the first time. > > I am getting the following error from > > cap deploy > > Error: > > [err :: 209.166.65.132] 15643:error:0200100D:system > library:fopen:Permission denied:bss_file.c:126:fopen('/usr/lib/ssl/ > openssl.cnf','rb') > > I have the following in my deploy.rb: > > set :user, "deployer" > set :group, "staff" > set :use_sudo, false > > > > /usr/lib/ssl/openssl.cnf is a symlink to /etc/ssl/openssl.cnf, > > group 'staff' , which 'deployer' is a member of, has read permission > for /etc/ssl/openssl.cnf, > and the symlink is root/root for user and group---with 777 permissions > which is normal. > > However, I am unable to do a : less /etc/ssl/openss.cnf > > when I am logged in as deployer. > > So perhaps I do not have a good grasp of the permission system. I > realize that /etc and /etc/ssl > are owned by root---but I thought that if staff is the group for /etc/ > ssl/openssl.cnf, deployer belongs > to staff, and the group permission for /etc/ssl/openssl.cnf is read--- > I should be able to read that file? > > Testing path: > > sudo openssl verify -CApath /etc/ssl/certs server.pem > Error opening certificate file server.pem > > ***FAILED*** > > Testing Connection: > > sudo openssl s_client -connect aceleathergoods.net:443 -CApath /etc/ > ssl/ > CONNECTED(00000003) > depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing > Authority/[email protected] > verify return:1 > depth=0 /CN=aceleathergoods.net > verify return:1 > --- > Certificate chain > 0 s:/CN=aceleathergoods.net > i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/ > [email protected] > 1 s:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root > i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/ > [email protected] > 2 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/ > [email protected] > i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/ > [email protected] > --- > -----(truncated results) > > o client certificate CA names sent > --- > SSL handshake has read 5755 bytes and written 319 bytes > > ....(truncated results) > > Start Time: 1346278528 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > read:errno=0 > > End Result: Success connecting ( at least rest of report did not > seem to indicate any errors). > > So if someone could straighten me out on where I am going wrong on > permissions I would really appreciate it. > Permissions are the default on my Debian Squeeze installation. > > Thanks! > > Jet > > > > > -- > * You received this message because you are subscribed to the Google Groups > "Capistrano" group. > * To post to this group, send email to [email protected] > * To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/capistrano?hl=en -- * You received this message because you are subscribed to the Google Groups "Capistrano" group. * To post to this group, send email to [email protected] * To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano?hl=en
