You can subscribe to this list here.
2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(6) |
Nov
(4) |
Dec
(9) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2012 |
Jan
|
Feb
(14) |
Mar
(15) |
Apr
(9) |
May
(7) |
Jun
(21) |
Jul
(26) |
Aug
(2) |
Sep
(79) |
Oct
(49) |
Nov
(13) |
Dec
|
2013 |
Jan
(2) |
Feb
(7) |
Mar
(2) |
Apr
(13) |
May
(9) |
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
(9) |
Dec
|
2014 |
Jan
|
Feb
(6) |
Mar
|
Apr
|
May
(5) |
Jun
(1) |
Jul
|
Aug
(10) |
Sep
(3) |
Oct
(1) |
Nov
|
Dec
|
2015 |
Jan
|
Feb
(1) |
Mar
(15) |
Apr
(3) |
May
|
Jun
(4) |
Jul
|
Aug
(16) |
Sep
|
Oct
|
Nov
|
Dec
|
2016 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Brad C. <br...@ch...> - 2016-03-25 15:44:26
|
All, Sorry if this is the wrong place, but we're looking for a contractor to help with an AOLserver app that we maintain for JPMorgan Chase. The work will consist of - new functionality - bug fixes - security-related issues - performance We also have a related PHP app that runs in parallel; so PHP knowledge is helpful, but not necessary. Hours will vary, roughly ~5-20 hours per week. Pay is commensurate with experience. Please let me know. Or, if there is another place I should be looking for an experienced AOLserver dev, please also forward that information. Thanks -- ============================== BRAD CHICK ============================== Brad@ChickCentral.com 734.662.1701 (h) 734.646.9372 (m) "Make Some Time for Wasting!" _ | | ___| |__ ___ ___ _ __ ___ / __| '_ \ / _ \/ _ \ '__/ __| (__| | | | __/ __/ | \__ \ \___|_| |_|\___|\___|_| |___/ ================================ |
From: Torben B. <to...@de...> - 2015-08-16 19:37:10
|
Thorpe, my reply to you bounced. Here is original: -------- Forwarded Message -------- Subject: Re: [AOLSERVER] AOL server 4.5.2 w/ virtual servers - SSL not working Date: Sat, 15 Aug 2015 19:55:59 -0700 From: Torben Brosten <to...@de...> To: Thorpe Mayes <tm...@ec...> Thorpe, No guarantees, but you might want to try: 1. setting each http ssl at a different port, and 2. reference each key.pem and cert.pem file only once in the config files. For cases where they are referenced more than once, duplicate the file (with a different name, such as keyfile1.pem, keyfile2.pem etc). This may not get what you need, but I've found this method helps reduce some error conditions. cheers, Torben On 8/15/15 5:17 PM, Thorpe Mayes wrote: > Hi, > > I have AOLserver 4.5.2 running with virtual servers - main.tcl with > several sub config files. > > Three of the domain names are using SSL. The certificate is a UCC SSL > Certificate that will accommodate up to 5 domain names. > > If I activate the virtual server for just one of the three domains that > are using SSL, then everything works fine. When I activate two or more > of the sub files that need ssl, the server fails to start. Here is the > tail end of the log file: > > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > nsmain: AOLserver/4.5.2 running > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > nsmain: security info: uid=502, euid=502, gid=502\ > , egid=502 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > driver: starting: nssock > [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: > sched: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] > Notice: nssock: listening on 23.253.246.52:80 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: nsopenssl: listening on 23.253.246.52\ > :443 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: > driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could > not start drivers > > > Here is the ssl portion of the main.tcl file: > > ns_section "ns/server/module/nsopenssl" > # ns_param RandomFile /some/file > ns_param SeedBytes 2048; # was 1024 > > > Here is what the ssl portion of the sub files (all appear to load > successfully - see below): > > #--------------------------------------------------------------------- > # OpenSSL and nsopenssl > # http://openacs.org/forums/message-view?message_id=320064 - for nsd > code - note: must use port 443 > # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in > daemontools > #--------------------------------------------------------------------- > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" > ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant > regular user access" > # ns_param admins_ctx "SSL context used for administrator access" > ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant > outgoing script socket connections" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" > ns_param server ${ecognizant}_users_ctx > ns_param client ${ecognizant}_client_ctx > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" > ns_param Role server > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" > ns_param Role client > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" > ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user > access" > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" > ns_param sslcontext ${ecognizant}_users_ctx > ns_param port $httpsport > ns_param hostname $hostname > ns_param address $address > ns_param maxinput [expr{1024 * 1000 * 10}] ;# 10 MB upload limit > > > ns_section "ns/server/${ecognizant}/modules" > ns_param nslog ${bindir}/nslog${ext} > ns_param nsdb ${bindir}/nsdb${ext} > ns_param nscache ${bindir}/nscache${ext} > ns_param nssha1 ${bindir}/nssha1${ext} > ns_param nsopenssl ${bindir}/nsopenssl${ext} > > > The log file portion of one of the sub files that have ssl: > > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped GET / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped HEAD / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped POST / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: > opened '/usr/local/aolserver/servers/server10/access.log' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nscache module version 1.5 server: server10 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > modload: loading '/usr/local/aolserver/bin/nsopenssl.so' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 512-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 1024-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_users_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_users_ctx (nsopenssl): session cache is turned on for > sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_client_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_client_ctx (nsopenssl): session cache is turned on for > sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for server is server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > default server SSL context: server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for client is server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > default client SSL context: server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading 'server10_users_drv' SSL driver > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: > [ns/server/server10]enabletclpages = 1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: > enabling .tcl pages > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > default thread pool: minthreads 0 maxthreads 10 idle 0 current 0 > maxconns 4000 queued 0 timeout 1000\ > 000 spread 20 > > Here is what the command that starts the server looks like: > > /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it > /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ > .253.246.52:443 > > It looks like the ssl connection (port 443) is being loaded three times, > with the last two failing and preventing the server from starting. > > Does anyone have an insight for me? > > Thank you, > > Thorpe > > > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > |
From: Jeff R. <dv...@di...> - 2015-08-16 17:27:09
|
The feature of having multiple certificates served on the same ip/port is Server Name Indication (SNI) and the nsopenssl driver does not support it. As you said, getting that to work would require some rewiring. However, I think the certificate described by Thorpe was a single certificate that is valid for multiple domains - Service Alternate Name (SAN), somewhat similar to a wildcard cert. Since it's just one certificate, it doesn't need multiple different ips/ports. The downside of a SAN cert is that if any of the hosts changes, the whole cert needs to be reissued, versus with SNI each host has its own cert. So since it's just one certificate, I think that also means it doesn't need multiple contexts to be set up. Just set up the single context with the SAN certificate, and set up the virtual servers as you would for a non-ssl setup. -J Scott Goodwin wrote: > Im fairly certain that you cant have multiple listeners on the same IP > address and port number on a NIC simultaneously, even if theyre all > binding from the same process. All three of the virtual servers below > are configured to use the same IP address and port number, and the first > nsopenssl instance to bind to it, owns it. The rest get EPERM from the > operating system. I think the way multiple SSL certificates are bound to > a single IP address and port: the server listens on the IP and port, and > looks at the Host header of the incoming connection to determine which > SSL certificate to use for that particular connection. I dont think > AOLserver has the ability to do this today. The other way to do it is to > create three distinct IP addresses on your NIC and use one for each SSL > instance. There may be other ways to make this work, but any of them > will probably require rewiring AOLserver and nsopenssl. > |
From: Scott G. <sc...@sc...> - 2015-08-16 17:15:54
|
So OpenSSL will look at the domain names in the cert and if one of them matches, the SSL connection is accepted? I am behind the times. Thanks for pointing this out. /s. > On Aug 16, 2015, at 12:59 PM, Jeff Rogers <dv...@di...> wrote: > > The feature of having multiple certificates served on the same ip/port is Server Name Indication (SNI) and the nsopenssl driver does not support it. As you said, getting that to work would require some rewiring. > > However, I think the certificate described by Thorpe was a single certificate that is valid for multiple domains - Service Alternate Name (SAN), somewhat similar to a wildcard cert. Since it's just one certificate, it doesn't need multiple different ips/ports. The downside of a SAN cert is that if any of the hosts changes, the whole cert needs to be reissued, versus with SNI each host has its own cert. > > So since it's just one certificate, I think that also means it doesn't need multiple contexts to be set up. Just set up the single context with the SAN certificate, and set up the virtual servers as you would for a non-ssl setup. > > -J > > Scott Goodwin wrote: >> I’m fairly certain that you can’t have multiple listeners on the same IP >> address and port number on a NIC simultaneously, even if they’re all >> binding from the same process. All three of the virtual servers below >> are configured to use the same IP address and port number, and the first >> nsopenssl instance to bind to it, ‘owns’ it. The rest get EPERM from the >> operating system. I think the way multiple SSL certificates are bound to >> a single IP address and port: the server listens on the IP and port, and >> looks at the Host header of the incoming connection to determine which >> SSL certificate to use for that particular connection. I don’t think >> AOLserver has the ability to do this today. The other way to do it is to >> create three distinct IP addresses on your NIC and use one for each SSL >> instance. There may be other ways to make this work, but any of them >> will probably require rewiring AOLserver and nsopenssl. >> |
From: Scott G. <sc...@sc...> - 2015-08-16 13:41:44
|
I’m fairly certain that you can’t have multiple listeners on the same IP address and port number on a NIC simultaneously, even if they’re all binding from the same process. All three of the virtual servers below are configured to use the same IP address and port number, and the first nsopenssl instance to bind to it, ‘owns’ it. The rest get EPERM from the operating system. I think the way multiple SSL certificates are bound to a single IP address and port: the server listens on the IP and port, and looks at the Host header of the incoming connection to determine which SSL certificate to use for that particular connection. I don’t think AOLserver has the ability to do this today. The other way to do it is to create three distinct IP addresses on your NIC and use one for each SSL instance. There may be other ways to make this work, but any of them will probably require rewiring AOLserver and nsopenssl. Aside: the direct email to your address above bounced — see here: <tm...@ec... <mailto:tm...@ec...>>: host ecognizant.net <http://ecognizant.net/>[23.253.246.52] said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) (in reply to RCPT TO command) Reporting-MTA: dns; mailout.nyi.internal X-Postfix-Queue-ID: 4732622053 X-Postfix-Sender: rfc822; sc...@sc... <mailto:sc...@sc...> Arrival-Date: Sun, 16 Aug 2015 09:04:30 -0400 (EDT) /s. > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tm...@ec...> wrote: > > Hi, > > I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub config files. > > Three of the domain names are using SSL. The certificate is a UCC SSL Certificate that will accommodate up to 5 domain names. > > If I activate the virtual server for just one of the three domains that are using SSL, then everything works fine. When I activate two or more of the sub files that need ssl, the server fails to start. Here is the tail end of the log file: > > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: AOLserver/4.5.2 running > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: security info: uid=502, euid=502, gid=502\ > , egid=502 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nssock > [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: nssock: listening on 23.253.246.52:80 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: nsopenssl: listening on 23.253.246.52\ > :443 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not start drivers > > > Here is the ssl portion of the main.tcl file: > > ns_section "ns/server/module/nsopenssl" > # ns_param RandomFile /some/file > ns_param SeedBytes 2048; # was 1024 > > > Here is what the ssl portion of the sub files (all appear to load successfully - see below): > > #--------------------------------------------------------------------- > # OpenSSL and nsopenssl > # http://openacs.org/forums/message-view?message_id=320064 <http://openacs.org/forums/message-view?message_id=320064> - for nsd code - note: must use port 443 > # http://openacs.org/doc/install-nsopenssl.html <http://openacs.org/doc/install-nsopenssl.html> - binding port 443 in daemontools > #--------------------------------------------------------------------- > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" > ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user access" > # ns_param admins_ctx "SSL context used for administrator access" > ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing script socket connections" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" > ns_param server ${ecognizant}_users_ctx > ns_param client ${ecognizant}_client_ctx > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" > ns_param Role server > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" > ns_param Role client > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" > ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" > ns_param sslcontext ${ecognizant}_users_ctx > ns_param port $httpsport > ns_param hostname $hostname > ns_param address $address > ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit > > > ns_section "ns/server/${ecognizant}/modules" > ns_param nslog ${bindir}/nslog${ext} > ns_param nsdb ${bindir}/nsdb${ext} > ns_param nscache ${bindir}/nscache${ext} > ns_param nssha1 ${bindir}/nssha1${ext} > ns_param nsopenssl ${bindir}/nsopenssl${ext} > > > The log file portion of one of the sub files that have ssl: > > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped GET / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped HEAD / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped POST / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: opened '/usr/local/aolserver/servers/server10/access.log' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache module version 1.5 server: server10 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: loading '/usr/local/aolserver/bin/nsopenssl.so' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 512-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 1024-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_users_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' certificate and key loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_users_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_client_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' certificate and key loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_client_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for server is server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default server SSL context: server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for client is server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default client SSL context: server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading 'server10_users_drv' SSL driver > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: [ns/server/server10]enabletclpages = 1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: enabling .tcl pages > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 queued 0 timeout 1000\ > 000 spread 20 > > Here is what the command that starts the server looks like: > > /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ > .253.246.52:443 > > It looks like the ssl connection (port 443) is being loaded three times, with the last two failing and preventing the server from starting. > > Does anyone have an insight for me? > > Thank you, > > Thorpe > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk |
From: Scott G. <sc...@sc...> - 2015-08-16 13:04:39
|
The backslash shows line continuation — the IP address below is 23.253.246.52 (and :443 for the port). /s. > On Aug 16, 2015, at 1:22 AM, Sep <the...@gm...> wrote: > > Could your IP address be the one failing? > > Error: nsopenssl: failed to listen on 23.253.\ > > 246.52:443: Permission denied > > What's the stray back slash for? > > On Aug 16, 2015 9:17 AM, "Scott Goodwin" <sc...@sc... <mailto:sc...@sc...>> wrote: > Has this ever worked in the past? It's been a long time since I've looked at the module and I don't recall if it worked for multiple SSL listening ports as virtual servers on the same AOLserver instance. I never had an occasion to use it that way. If it's not capable of doing that in its last incarnation it will probably take some work to modify it to do it properly. > > /s. > > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tm...@ec... <mailto:tm...@ec...>> wrote: > >> Hi, >> >> I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub config files. >> >> Three of the domain names are using SSL. The certificate is a UCC SSL Certificate that will accommodate up to 5 domain names. >> >> If I activate the virtual server for just one of the three domains that are using SSL, then everything works fine. When I activate two or more of the sub files that need ssl, the server fails to start. Here is the tail end of the log file: >> >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: AOLserver/4.5.2 running >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: security info: uid=502, euid=502, gid=502\ >> , egid=502 >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nssock >> [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: starting >> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: nssock: listening on 23.253.246.52:80 <http://23.253.246.52/> >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: nsopenssl: listening on 23.253.246.52\ >> :443 >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ >> 246.52:443: Permission denied >> [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: exiting >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: starting >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ >> 246.52:443: Permission denied >> [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: exiting >> [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not start drivers >> >> >> Here is the ssl portion of the main.tcl file: >> >> ns_section "ns/server/module/nsopenssl" >> # ns_param RandomFile /some/file >> ns_param SeedBytes 2048; # was 1024 >> >> >> Here is what the ssl portion of the sub files (all appear to load successfully - see below): >> >> #--------------------------------------------------------------------- >> # OpenSSL and nsopenssl >> # http://openacs.org/forums/message-view?message_id=320064 <http://openacs.org/forums/message-view?message_id=320064> - for nsd code - note: must use port 443 >> # http://openacs.org/doc/install-nsopenssl.html <http://openacs.org/doc/install-nsopenssl.html> - binding port 443 in daemontools >> #--------------------------------------------------------------------- >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" >> ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user access" >> # ns_param admins_ctx "SSL context used for administrator access" >> ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing script socket connections" >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" >> ns_param server ${ecognizant}_users_ctx >> ns_param client ${ecognizant}_client_ctx >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" >> ns_param Role server >> ns_param ModuleDir $ssldocdir >> ns_param CertFile cert.pem >> ns_param KeyFile key.pem >> ns_param CAFile ca.pem >> ns_param Protocols "All" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> ns_param PeerVerify false >> ns_param PeerVerifyDepth 3 >> ns_param Trace false >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" >> ns_param Role client >> ns_param ModuleDir $ssldocdir >> ns_param CertFile cert.pem >> ns_param KeyFile key.pem >> ns_param CAFile ca.pem >> ns_param Protocols "All" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> ns_param PeerVerify false >> ns_param PeerVerifyDepth 3 >> ns_param Trace false >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" >> ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access" >> >> >> ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" >> ns_param sslcontext ${ecognizant}_users_ctx >> ns_param port $httpsport >> ns_param hostname $hostname >> ns_param address $address >> ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit >> >> >> ns_section "ns/server/${ecognizant}/modules" >> ns_param nslog ${bindir}/nslog${ext} >> ns_param nsdb ${bindir}/nsdb${ext} >> ns_param nscache ${bindir}/nscache${ext} >> ns_param nssha1 ${bindir}/nssha1${ext} >> ns_param nsopenssl ${bindir}/nsopenssl${ext} >> >> >> The log file portion of one of the sub files that have ssl: >> >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped GET / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped HEAD / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped POST / >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: opened '/usr/local/aolserver/servers/server10/access.log' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache module version 1.5 server: server10 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: loading '/usr/local/aolserver/bin/nsopenssl.so' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 512-bit temporary RSA key ... >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 1024-bit temporary RSA key ... >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_users_ctx' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' certificate and key loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_users_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_client_ctx' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' certificate and key loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_client_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for server is server10_users_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default server SSL context: server10_users_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for client is server10_client_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default client SSL context: server10_client_ctx >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading 'server10_users_drv' SSL driver >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: [ns/server/server10]enabletclpages = 1 >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: enabling .tcl pages >> [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 queued 0 timeout 1000\ >> 000 spread 20 >> >> Here is what the command that starts the server looks like: >> >> /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80 <http://23.253.246.52/>,23\ >> .253.246.52:443 >> >> It looks like the ssl connection (port 443) is being loaded three times, with the last two failing and preventing the server from starting. >> >> Does anyone have an insight for me? >> >> Thank you, >> >> Thorpe >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> aolserver-talk mailing list >> aol...@li... <mailto:aol...@li...> >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aol...@li... <mailto:aol...@li...> > https://lists.sourceforge.net/lists/listinfo/aolserver-talk <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> > |
From: Sep <the...@gm...> - 2015-08-16 05:22:59
|
Could your IP address be the one failing? Error: nsopenssl: failed to listen on 23.253.\ 246.52:443: Permission denied What's the stray back slash for? On Aug 16, 2015 9:17 AM, "Scott Goodwin" <sc...@sc...> wrote: > Has this ever worked in the past? It's been a long time since I've looked > at the module and I don't recall if it worked for multiple SSL listening > ports as virtual servers on the same AOLserver instance. I never had an > occasion to use it that way. If it's not capable of doing that in its last > incarnation it will probably take some work to modify it to do it properly. > > /s. > > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tm...@ec...> wrote: > > Hi, > > I have AOLserver 4.5.2 running with virtual servers - main.tcl with > several sub config files. > > Three of the domain names are using SSL. The certificate is a UCC SSL > Certificate that will accommodate up to 5 domain names. > > If I activate the virtual server for just one of the three domains that > are using SSL, then everything works fine. When I activate two or more of > the sub files that need ssl, the server fails to start. Here is the tail > end of the log file: > > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: > AOLserver/4.5.2 running > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: > security info: uid=502, euid=502, gid=502\ > , egid=502 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nssock > [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: > starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: > starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: > nssock: listening on 23.253.246.52:80 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] > Notice: nsopenssl: listening on 23.253.246.52\ > :443 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: > starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] > Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not > start drivers > > > Here is the ssl portion of the main.tcl file: > > ns_section "ns/server/module/nsopenssl" > # ns_param RandomFile /some/file > > ns_param SeedBytes 2048; # was 1024 > > > Here is what the ssl portion of the sub files (all appear to load > successfully - see below): > > #--------------------------------------------------------------------- > > # OpenSSL and nsopenssl > > # http://openacs.org/forums/message-view?message_id=320064 - for nsd code > - note: must use port 443 > # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in > daemontools > #--------------------------------------------------------------------- > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" > ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant > regular user access" > # ns_param admins_ctx "SSL context used for administrator access" > > ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant > outgoing script socket connections" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" > ns_param server ${ecognizant}_users_ctx > ns_param client ${ecognizant}_client_ctx > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" > ns_param Role server > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" > ns_param Role client > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" > ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user > access" > > > ns_section > "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" > ns_param sslcontext ${ecognizant}_users_ctx > ns_param port $httpsport > ns_param hostname $hostname > ns_param address $address > ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit > > > > ns_section "ns/server/${ecognizant}/modules" > ns_param nslog ${bindir}/nslog${ext} > ns_param nsdb ${bindir}/nsdb${ext} > ns_param nscache ${bindir}/nscache${ext} > ns_param nssha1 ${bindir}/nssha1${ext} > ns_param nsopenssl ${bindir}/nsopenssl${ext} > > > The log file portion of one of the sub files that have ssl: > > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped GET / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped HEAD / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > fastpath[server10]: mapped POST / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: > opened '/usr/local/aolserver/servers/server10/access.log' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache > module version 1.5 server: server10 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: > loading '/usr/local/aolserver/bin/nsopenssl.so' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 512-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl: generating 1024-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_users_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_users_ctx (nsopenssl): session cache is turned on for sslcontext > 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading SSL context 'server10_client_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, > SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' certificate and key loaded > successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > server10_client_ctx (nsopenssl): session cache is turned on for sslcontext > 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for server is server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > server SSL context: server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): default SSL context for client is server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > client SSL context: server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: > nsopenssl (server10): loading 'server10_users_drv' SSL driver > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: > [ns/server/server10]enabletclpages = 1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: > enabling .tcl pages > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default > thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 > queued 0 timeout 1000\ > 000 spread 20 > > Here is what the command that starts the server looks like: > > /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it > /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ > .253.246.52:443 > > It looks like the ssl connection (port 443) is being loaded three times, > with the last two failing and preventing the server from starting. > > Does anyone have an insight for me? > > Thank you, > > Thorpe > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > |
From: Scott G. <sc...@sc...> - 2015-08-16 01:17:04
|
Has this ever worked in the past? It's been a long time since I've looked at the module and I don't recall if it worked for multiple SSL listening ports as virtual servers on the same AOLserver instance. I never had an occasion to use it that way. If it's not capable of doing that in its last incarnation it will probably take some work to modify it to do it properly. /s. > On Aug 15, 2015, at 8:17 PM, Thorpe Mayes <tm...@ec...> wrote: > > Hi, > > I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub config files. > > Three of the domain names are using SSL. The certificate is a UCC SSL Certificate that will accommodate up to 5 domain names. > > If I activate the virtual server for just one of the three domains that are using SSL, then everything works fine. When I activate two or more of the sub files that need ssl, the server fails to start. Here is the tail end of the log file: > > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: AOLserver/4.5.2 running > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: security info: uid=502, euid=502, gid=502\ > , egid=502 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nssock > [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: nssock: listening on 23.253.246.52:80 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: nsopenssl: listening on 23.253.246.52\ > :443 > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: starting > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ > 246.52:443: Permission denied > [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: exiting > [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not start drivers > > > Here is the ssl portion of the main.tcl file: > > ns_section "ns/server/module/nsopenssl" > # ns_param RandomFile /some/file > ns_param SeedBytes 2048; # was 1024 > > > Here is what the ssl portion of the sub files (all appear to load successfully - see below): > > #--------------------------------------------------------------------- > # OpenSSL and nsopenssl > # http://openacs.org/forums/message-view?message_id=320064 - for nsd code - note: must use port 443 > # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in daemontools > #--------------------------------------------------------------------- > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" > ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user access" > # ns_param admins_ctx "SSL context used for administrator access" > ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing script socket connections" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" > ns_param server ${ecognizant}_users_ctx > ns_param client ${ecognizant}_client_ctx > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" > ns_param Role server > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" > ns_param Role client > ns_param ModuleDir $ssldocdir > ns_param CertFile cert.pem > ns_param KeyFile key.pem > ns_param CAFile ca.pem > ns_param Protocols "All" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" > ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access" > > > ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" > ns_param sslcontext ${ecognizant}_users_ctx > ns_param port $httpsport > ns_param hostname $hostname > ns_param address $address > ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit > > > ns_section "ns/server/${ecognizant}/modules" > ns_param nslog ${bindir}/nslog${ext} > ns_param nsdb ${bindir}/nsdb${ext} > ns_param nscache ${bindir}/nscache${ext} > ns_param nssha1 ${bindir}/nssha1${ext} > ns_param nsopenssl ${bindir}/nsopenssl${ext} > > > The log file portion of one of the sub files that have ssl: > > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped GET / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped HEAD / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped POST / > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: opened '/usr/local/aolserver/servers/server10/access.log' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache module version 1.5 server: server10 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: loading '/usr/local/aolserver/bin/nsopenssl.so' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 512-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 1024-bit temporary RSA key ... > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_users_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' certificate and key loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_users_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_client_ctx' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' certificate and key loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_client_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for server is server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default server SSL context: server10_users_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for client is server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default client SSL context: server10_client_ctx > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading 'server10_users_drv' SSL driver > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: [ns/server/server10]enabletclpages = 1 > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: enabling .tcl pages > [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 queued 0 timeout 1000\ > 000 spread 20 > > Here is what the command that starts the server looks like: > > /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ > .253.246.52:443 > > It looks like the ssl connection (port 443) is being loaded three times, with the last two failing and preventing the server from starting. > > Does anyone have an insight for me? > > Thank you, > > Thorpe > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk |
From: Thorpe M. <tm...@ec...> - 2015-08-16 00:17:19
|
Hi, I have AOLserver 4.5.2 running with virtual servers - main.tcl with several sub config files. Three of the domain names are using SSL. The certificate is a UCC SSL Certificate that will accommodate up to 5 domain names. If I activate the virtual server for just one of the three domains that are using SSL, then everything works fine. When I activate two or more of the sub files that need ssl, the server fails to start. Here is the tail end of the log file: [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: AOLserver/4.5.2 running [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: nsmain: security info: uid=502, euid=502, gid=502\ , egid=502 [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nssock [15/Aug/2015:18:39:13][3924.18446744073356683008][-sched-] Notice: sched: starting [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: starting [15/Aug/2015:18:39:13][3924.18446744073356543744][-nssock:driver-] Notice: nssock: listening on 23.253.246.52:80 [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: starting [15/Aug/2015:18:39:13][3924.18446744073356404480][-nsopenssl:driver-] Notice: nsopenssl: listening on 23.253.246.52\ :443 [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: starting [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ 246.52:443: Permission denied [15/Aug/2015:18:39:13][3924.18446744073356265216][-nsopenssl:driver-] Notice: exiting [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Notice: driver: starting: nsopenssl [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: starting [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Error: nsopenssl: failed to listen on 23.253.\ 246.52:443: Permission denied [15/Aug/2015:18:39:13][3924.18446744073356125952][-nsopenssl:driver-] Notice: exiting [15/Aug/2015:18:39:13][3924.18446744073356691200][-main-] Fatal: could not start drivers Here is the ssl portion of the main.tcl file: ns_section "ns/server/module/nsopenssl" # ns_param RandomFile /some/file ns_param SeedBytes 2048; # was 1024 Here is what the ssl portion of the sub files (all appear to load successfully - see below): #--------------------------------------------------------------------- # OpenSSL and nsopenssl # http://openacs.org/forums/message-view?message_id=320064 - for nsd code - note: must use port 443 # http://openacs.org/doc/install-nsopenssl.html - binding port 443 in daemontools #--------------------------------------------------------------------- ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontexts" ns_param ${ecognizant}_users_ctx "SSL context used for $ecognizant regular user access" # ns_param admins_ctx "SSL context used for administrator access" ns_param ${ecognizant}_client_ctx "SSL context used for $ecognizant outgoing script socket connections" ns_section "ns/server/${ecognizant}/module/nsopenssl/defaults" ns_param server ${ecognizant}_users_ctx ns_param client ${ecognizant}_client_ctx ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_users_ctx" ns_param Role server ns_param ModuleDir $ssldocdir ns_param CertFile cert.pem ns_param KeyFile key.pem ns_param CAFile ca.pem ns_param Protocols "All" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false ns_section "ns/server/${ecognizant}/module/nsopenssl/sslcontext/${ecognizant}_client_ctx" ns_param Role client ns_param ModuleDir $ssldocdir ns_param CertFile cert.pem ns_param KeyFile key.pem ns_param CAFile ca.pem ns_param Protocols "All" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldrivers" ns_param ${ecognizant}_users_drv "Driver for regular $ecognizant user access" ns_section "ns/server/${ecognizant}/module/nsopenssl/ssldriver/${ecognizant}_users_drv" ns_param sslcontext ${ecognizant}_users_ctx ns_param port $httpsport ns_param hostname $hostname ns_param address $address ns_param maxinput [expr {1024 * 1000 * 10}] ;# 10 MB upload limit ns_section "ns/server/${ecognizant}/modules" ns_param nslog ${bindir}/nslog${ext} ns_param nsdb ${bindir}/nsdb${ext} ns_param nscache ${bindir}/nscache${ext} ns_param nssha1 ${bindir}/nssha1${ext} ns_param nsopenssl ${bindir}/nsopenssl${ext} The log file portion of one of the sub files that have ssl: [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped GET / [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped HEAD / [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: fastpath[server10]: mapped POST / [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nslog: opened '/usr/local/aolserver/servers/server10/access.log' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nscache module version 1.5 server: server10 [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: modload: loading '/usr/local/aolserver/bin/nsopenssl.so' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 512-bit temporary RSA key ... [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl: generating 1024-bit temporary RSA key ... [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_users_ctx' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' ciphers loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' certificate and key loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_users_ctx' CA file loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_users_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading SSL context 'server10_client_ctx' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' ciphers loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' using all protocols: SSLv2, SSLv3 and TLSv1 [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' certificate and key loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): 'server10_client_ctx' CA file loaded successfully [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: server10_client_ctx (nsopenssl): session cache is turned on for sslcontext 'server10' [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for server is server10_users_ctx [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default server SSL context: server10_users_ctx [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): default SSL context for client is server10_client_ctx [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default client SSL context: server10_client_ctx [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: nsopenssl (server10): loading 'server10_users_drv' SSL driver [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: conf: [ns/server/server10]enabletclpages = 1 [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: tcl: enabling .tcl pages [15/Aug/2015:18:39:12][3924.18446744073356691200][-main-] Notice: default thread pool: minthreads 0 maxthreads 10 idle 0 current 0 maxconns 4000 queued 0 timeout 1000\ 000 spread 20 Here is what the command that starts the server looks like: /usr/local/aolserver/bin/nsd -u nsadmin -g nsadmin -it /usr/local/aolserver/front_end.tcl -b 23.253.246.52:80,23\ .253.246.52:443 It looks like the ssl connection (port 443) is being loaded three times, with the last two failing and preventing the server from starting. Does anyone have an insight for me? Thank you, Thorpe |
From: Thorpe M. <tm...@ec...> - 2015-08-10 14:37:03
|
Hi, Here is where postgres is located on the server: ps auxw | grep postgres | grep -- -D postgres 1740 0.0 0.0 160284 7616 ? S 02:49 0:00 /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data Here is how I installed nspostgres-4.1: make install AOLSERVER=/usr/local/aolserver POSTGRES=/usr/local/pgsql Thorpe > On Aug 10, 2015, at 7:05 AM, Tony Bennett (Brown Paper Tickets) <to...@br...> wrote: > > The same select should work in tcl for the added column. Try updating a record in postgresql and selecting the same record from tcl. If there's a mismatch then they're not connecting to the same place. > > -Tony > > On 8/9/15 5:44 PM, Peter Sadlon wrote: >> Just to better understand your problem, this was the order of events? >> >> old server: create table >> old server: alter table add column >> old server: select any/all columns work >> >> copy to new server >> >> new server: select from original columns work with postgresdql >> new server: select from an added column works with postgresdql >> new server: select from original columns work with tcl >> new server: select from an added column FAILS with tcl >> >> My first guess would be to make sure your config script is connecting to the correct database/server now that you have multiple db servers. Same thing for postgresdql. >> >> Are you connecting with the same username via postgresdql and tcl? >> >> Next check your pg_dump file, do a grep for the new column name, make sure that it is included in the dump. >> >> >> From: tm...@ec... <mailto:tm...@ec...> >> Date: Sun, 9 Aug 2015 14:03:28 -0500 >> To: aol...@li... <mailto:aol...@li...> >> Subject: [AOLSERVER] Aolserver - Postgresql - not recognizing columns added to tables >> >> Hi, >> >> I have moved postgresql databases from one server to another. This was done by dumping the database, moving the resulting file to the new server, and then restoring the dumped file on the new server. >> >> When I directly select rows via postgresdql (on the new server) from a table that had a column added after the table was created and before the table was moved to the new server there are not any problems. >> >> However, when I try to do the same select from within a tcl script an error is thrown - the column does not exist. When I run the sql statement without the offending column, there is not a problem. >> >> So, it appears to me that the problem is with columns that have been added to tables via alter table… >> >> Can anyone shed some light on this problem? >> >> Thank you, >> >> Thorpe >> >> Thorpe Mayes >> eCognizant LLC >> 2313 Lockhill-Selma Road, Ste 164 >> San Antonio, TX 78230 >> Phone: (405) 445-7877 >> Cell: (405) 514-9753 >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ aolserver-talk mailing list aol...@li... <mailto:aol...@li...>https://lists.sourceforge.net/lists/listinfo/aolserver-talk <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> aolserver-talk mailing list >> aol...@li... <mailto:aol...@li...> >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> > > ------------------------------------------------------------------------------ > _______________________________________________ > aolserver-talk mailing list > aol...@li... <mailto:aol...@li...> > https://lists.sourceforge.net/lists/listinfo/aolserver-talk <https://lists.sourceforge.net/lists/listinfo/aolserver-talk> Thank you, Thorpe Thorpe Mayes eCognizant LLC 2313 Lockhill-Selma Road, Ste 164 San Antonio, TX 78230 Phone: (405) 445-7877 Cell: (405) 514-9753 |
From: Tony B. (B. P. Tickets) <to...@br...> - 2015-08-10 12:29:09
|
Also I'm curious to know if there's anything special about the new columns. Are they encrypted or a strange datatype? If it's a newish type of field then the tcl might need updating to use it. On 8/10/15 5:05 AM, Tony Bennett (Brown Paper Tickets) wrote: > The same select should work in tcl for the added column. Try updating > a record in postgresql and selecting the same record from tcl. If > there's a mismatch then they're not connecting to the same place. > > -Tony > > On 8/9/15 5:44 PM, Peter Sadlon wrote: >> Just to better understand your problem, this was the order of events? >> >> old server: create table >> old server: alter table add column >> old server: select any/all columns work >> >> copy to new server >> >> new server: select from original columns work with postgresdql >> new server: select from an added column works with postgresdql >> new server: select from original columns work with tcl >> new server: select from an added column FAILS with tcl >> >> My first guess would be to make sure your config script is connecting >> to the correct database/server now that you have multiple db servers. >> Same thing for postgresdql. >> >> Are you connecting with the same username via postgresdql and tcl? >> >> Next check your pg_dump file, do a grep for the new column name, make >> sure that it is included in the dump. >> >> >> ------------------------------------------------------------------------ >> From: tm...@ec... >> Date: Sun, 9 Aug 2015 14:03:28 -0500 >> To: aol...@li... >> Subject: [AOLSERVER] Aolserver - Postgresql - not recognizing columns >> added to tables >> >> Hi, >> >> I have moved postgresql databases from one server to another. This >> was done by dumping the database, moving the resulting file to the >> new server, and then restoring the dumped file on the new server. >> >> When I directly select rows via postgresdql (on the new server) from >> a table that had a column added after the table was created and >> before the table was moved to the new server there are not any problems. >> >> However, when I try to do the same select from within a tcl script an >> error is thrown - the column does not exist. When I run the sql >> statement without the offending column, there is not a problem. >> >> So, it appears to me that the problem is with columns that have been >> added to tables via alter table… >> >> Can anyone shed some light on this problem? >> >> Thank you, >> >> Thorpe >> >> Thorpe Mayes >> eCognizant LLC >> 2313 Lockhill-Selma Road, Ste 164 >> San Antonio, TX 78230 >> Phone: (405) 445-7877 >> Cell: (405) 514-9753 >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ aolserver-talk >> mailing list aol...@li... >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> aolserver-talk mailing list >> aol...@li... >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk > |
From: Tony B. (B. P. Tickets) <to...@br...> - 2015-08-10 12:19:09
|
The same select should work in tcl for the added column. Try updating a record in postgresql and selecting the same record from tcl. If there's a mismatch then they're not connecting to the same place. -Tony On 8/9/15 5:44 PM, Peter Sadlon wrote: > Just to better understand your problem, this was the order of events? > > old server: create table > old server: alter table add column > old server: select any/all columns work > > copy to new server > > new server: select from original columns work with postgresdql > new server: select from an added column works with postgresdql > new server: select from original columns work with tcl > new server: select from an added column FAILS with tcl > > My first guess would be to make sure your config script is connecting > to the correct database/server now that you have multiple db servers. > Same thing for postgresdql. > > Are you connecting with the same username via postgresdql and tcl? > > Next check your pg_dump file, do a grep for the new column name, make > sure that it is included in the dump. > > > ------------------------------------------------------------------------ > From: tm...@ec... > Date: Sun, 9 Aug 2015 14:03:28 -0500 > To: aol...@li... > Subject: [AOLSERVER] Aolserver - Postgresql - not recognizing columns > added to tables > > Hi, > > I have moved postgresql databases from one server to another. This was > done by dumping the database, moving the resulting file to the new > server, and then restoring the dumped file on the new server. > > When I directly select rows via postgresdql (on the new server) from a > table that had a column added after the table was created and before > the table was moved to the new server there are not any problems. > > However, when I try to do the same select from within a tcl script an > error is thrown - the column does not exist. When I run the sql > statement without the offending column, there is not a problem. > > So, it appears to me that the problem is with columns that have been > added to tables via alter table… > > Can anyone shed some light on this problem? > > Thank you, > > Thorpe > > Thorpe Mayes > eCognizant LLC > 2313 Lockhill-Selma Road, Ste 164 > San Antonio, TX 78230 > Phone: (405) 445-7877 > Cell: (405) 514-9753 > > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ aolserver-talk mailing > list aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk |
From: Sep <the...@gm...> - 2015-08-10 00:47:05
|
I don't quite remember my postgresql, but I'm presuming that maybe postgresql has something like a data dictionary like in Oracle that needs syncing perhaps? Regards. 2015-08-10 8:44 GMT+08:00 Peter Sadlon <f_p...@ho...>: > Just to better understand your problem, this was the order of events? > > old server: create table > old server: alter table add column > old server: select any/all columns work > > copy to new server > > new server: select from original columns work with postgresdql > new server: select from an added column works with postgresdql > new server: select from original columns work with tcl > new server: select from an added column FAILS with tcl > > My first guess would be to make sure your config script is connecting to > the correct database/server now that you have multiple db servers. Same > thing for postgresdql. > > Are you connecting with the same username via postgresdql and tcl? > > Next check your pg_dump file, do a grep for the new column name, make sure > that it is included in the dump. > > > ------------------------------ > From: tm...@ec... > Date: Sun, 9 Aug 2015 14:03:28 -0500 > To: aol...@li... > Subject: [AOLSERVER] Aolserver - Postgresql - not recognizing columns > added to tables > > > Hi, > > I have moved postgresql databases from one server to another. This was > done by dumping the database, moving the resulting file to the new server, > and then restoring the dumped file on the new server. > > When I directly select rows via postgresdql (on the new server) from a > table that had a column added after the table was created and before the > table was moved to the new server there are not any problems. > > However, when I try to do the same select from within a tcl script an > error is thrown - the column does not exist. When I run the sql statement > without the offending column, there is not a problem. > > So, it appears to me that the problem is with columns that have been added > to tables via alter table… > > Can anyone shed some light on this problem? > > Thank you, > > Thorpe > > Thorpe Mayes > eCognizant LLC > 2313 Lockhill-Selma Road, Ste 164 > San Antonio, TX 78230 > Phone: (405) 445-7877 > Cell: (405) 514-9753 > > > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ aolserver-talk mailing > list aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > > ------------------------------------------------------------------------------ > > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > > -- "A scrum a day keeps the pigs at bay" |
From: Peter S. <f_p...@ho...> - 2015-08-10 00:44:39
|
Just to better understand your problem, this was the order of events? old server: create tableold server: alter table add columnold server: select any/all columns work copy to new server new server: select from original columns work with postgresdql new server: select from an added column works with postgresdql new server: select from original columns work with tcl new server: select from an added column FAILS with tcl My first guess would be to make sure your config script is connecting to the correct database/server now that you have multiple db servers. Same thing for postgresdql. Are you connecting with the same username via postgresdql and tcl? Next check your pg_dump file, do a grep for the new column name, make sure that it is included in the dump. From: tm...@ec... Date: Sun, 9 Aug 2015 14:03:28 -0500 To: aol...@li... Subject: [AOLSERVER] Aolserver - Postgresql - not recognizing columns added to tables Hi, I have moved postgresql databases from one server to another. This was done by dumping the database, moving the resulting file to the new server, and then restoring the dumped file on the new server. When I directly select rows via postgresdql (on the new server) from a table that had a column added after the table was created and before the table was moved to the new server there are not any problems. However, when I try to do the same select from within a tcl script an error is thrown - the column does not exist. When I run the sql statement without the offending column, there is not a problem. So, it appears to me that the problem is with columns that have been added to tables via alter table… Can anyone shed some light on this problem? Thank you, Thorpe Thorpe MayeseCognizant LLC2313 Lockhill-Selma Road, Ste 164San Antonio, TX 78230Phone: (405) 445-7877Cell: (405) 514-9753 ------------------------------------------------------------------------------ _______________________________________________ aolserver-talk mailing list aol...@li... https://lists.sourceforge.net/lists/listinfo/aolserver-talk |
From: Ayan G. <ay...@ay...> - 2015-08-09 20:22:17
|
Also, can you see the new columns by searching the information schema in both psql and aolserver? |
From: Ayan G. <ay...@ay...> - 2015-08-09 19:54:14
|
On 08/09/2015 03:03 PM, Thorpe Mayes wrote: > Hi, > > I have moved postgresql databases from one server to another. This > was done by dumping the database, moving the resulting file to the > new server, and then restoring the dumped file on the new server. > > When I directly select rows via postgresdql (on the new server) from > a table that had a column added after the table was created and > before the table was moved to the new server there are not any > problems. > > However, when I try to do the same select from within a tcl script > an error is thrown - the column does not exist. When I run the sql > statement without the offending column, there is not a problem. > > So, it appears to me that the problem is with columns that have been > added to tables via alter table… > > Can anyone shed some light on this problem? > What version of PostgreSQL are you running and which version of libpq is your nspostgres linked against? When you moved servers, did you also change the version of postgres you're using? -ayan |
From: Thorpe M. <tm...@ec...> - 2015-08-09 19:16:10
|
Hi, I have moved postgresql databases from one server to another. This was done by dumping the database, moving the resulting file to the new server, and then restoring the dumped file on the new server. When I directly select rows via postgresdql (on the new server) from a table that had a column added after the table was created and before the table was moved to the new server there are not any problems. However, when I try to do the same select from within a tcl script an error is thrown - the column does not exist. When I run the sql statement without the offending column, there is not a problem. So, it appears to me that the problem is with columns that have been added to tables via alter table… Can anyone shed some light on this problem? Thank you, Thorpe Thorpe Mayes eCognizant LLC 2313 Lockhill-Selma Road, Ste 164 San Antonio, TX 78230 Phone: (405) 445-7877 Cell: (405) 514-9753 |
From: Gustaf N. <ne...@wu...> - 2015-06-23 16:56:34
|
> I’m not up-to-date on proper configurations. Just as a reference: with the ciphers and Protocol from NaviServer's nsssl [1] one can get an A+ rating from SSL Labs [2]. One should also get decent ratings with these configuration values from AOLserver. -g [1] https://bitbucket.org/naviserver/nsssl/ [2] https://www.ssllabs.com/ssltest/analyze.html?d=next-scripting.org Am 23.06.15 um 18:11 schrieb Scott Goodwin: > By the way, ignore my CipherSuite line in there — you obviously don’t > want SSLv2, +LOW, +MEDIUM and other components - you’ll likely just > want the TLS v1.2 ciphers, which are listed here: > > https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites > > Not sure what the CipherSuite string should look like to support that, > but if I have time this week I’ll see if I can figure it out. Be aware > that restricting to just TLS 1.2 may cause some older browsers to not > work with your site, but I haven’t done hands-on work in this area in > years, so > > /s. > > >> On Jun 23, 2015, at 12:00 PM, Scott Goodwin <sc...@sc... >> <mailto:sc...@sc...>> wrote: >> >> An AOLserver configuration file from an old server I used to run has >> this section defined: >> >> ns_param Protocol "SSLv2, SSLv3, TLSv1" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> >> From the OpenSSL documentation: >> >> Only enable TLSv1.2: >> >> SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); >> >> >> So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2: >> >> ns_param Protocol “-ALL,TLSv1.2" >> ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" >> >> >> /s. >> >> >>> On Jun 23, 2015, at 10:36 AM, Paula Giangeruso >>> <pgi...@wi... <mailto:pgi...@wi...>> wrote: >>> >>> Does anyone have TLS v1.2 working on AOLserver? If so how did you >>> go about doing this? >>> >>> Thank You, >>> Paula >>> >>> -- >>> */Paula Giangeruso/*- /*Vice President/Engineering*/ >>> pgi...@wi... >>> <mailto:pgi...@wi...> |www.wineaccess.com >>> <http://www.wineaccess.com/> >>> /*O:*/(610) 642-1255 | */*F:*/*(610) 642-1277 | /*C:*/(609) 731-8092 >>> >>> *wine*/access/ ® >>> direct from the source >>> ------------------------------------------------------------------------------ |
From: Scott G. <sc...@sc...> - 2015-06-23 16:21:38
|
By the way, ignore my CipherSuite line in there — you obviously don’t want SSLv2, +LOW, +MEDIUM and other components - you’ll likely just want the TLS v1.2 ciphers, which are listed here: https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites <https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites> Not sure what the CipherSuite string should look like to support that, but if I have time this week I’ll see if I can figure it out. Be aware that restricting to just TLS 1.2 may cause some older browsers to not work with your site, but I haven’t done hands-on work in this area in years, so I’m not up-to-date on proper configurations. /s. > On Jun 23, 2015, at 12:00 PM, Scott Goodwin <sc...@sc...> wrote: > > An AOLserver configuration file from an old server I used to run has this section defined: > > ns_param Protocol "SSLv2, SSLv3, TLSv1" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > > From the OpenSSL documentation: > Only enable TLSv1.2: > > SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); > > > So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2: > > ns_param Protocol “-ALL,TLSv1.2" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > > > /s. > > >> On Jun 23, 2015, at 10:36 AM, Paula Giangeruso <pgi...@wi... <mailto:pgi...@wi...>> wrote: >> >> Does anyone have TLS v1.2 working on AOLserver? If so how did you go about doing this? >> >> Thank You, >> Paula >> >> -- >> Paula Giangeruso - Vice President/Engineering >> pgi...@wi... <mailto:pgi...@wi...> | www.wineaccess.com <http://www.wineaccess.com/> >> O: ( <>610) 642-1255 | F: (610) 642-1277 | C: (609) 731-8092 >> >> wineaccess ® >> direct from the source >> ------------------------------------------------------------------------------ >> Monitor 25 network devices or servers for free with OpManager! >> OpManager is web-based network management software that monitors >> network devices and physical & virtual servers, alerts via email & sms >> for fault. Monitor 25 devices for free with no restriction. Download now >> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o_______________________________________________ <http://ad.doubleclick.net/ddm/clk/292181274;119417398;o_______________________________________________> >> aolserver-talk mailing list >> aol...@li... >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk > |
From: Scott G. <sc...@sc...> - 2015-06-23 16:16:38
|
An AOLserver configuration file from an old server I used to run has this section defined: ns_param Protocol "SSLv2, SSLv3, TLSv1" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" From the OpenSSL documentation: Only enable TLSv1.2: SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2: ns_param Protocol “-ALL,TLSv1.2" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" /s. > On Jun 23, 2015, at 10:36 AM, Paula Giangeruso <pgi...@wi...> wrote: > > Does anyone have TLS v1.2 working on AOLserver? If so how did you go about doing this? > > Thank You, > Paula > > -- > Paula Giangeruso - Vice President/Engineering > pgi...@wi... <mailto:pgi...@wi...> | www.wineaccess.com <http://www.wineaccess.com/> > O: ( <>610) 642-1255 | F: (610) 642-1277 | C: (609) 731-8092 > > wineaccess ® > direct from the source > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o_______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk |
From: Paula G. <pgi...@wi...> - 2015-06-23 14:58:28
|
Does anyone have TLS v1.2 working on AOLserver? If so how did you go about doing this? Thank You, Paula -- *Paula Giangeruso* - *Vice President/Engineering* pgi...@wi... | www.wineaccess.com *O:* (610) 642-1255 | *F: *(610) 642-1277 | *C:* (609) 731-8092 *wine**access* ® direct from the source |
From: Bernhard v. W. <ber...@qc...> - 2015-04-13 09:02:39
|
Our take on this was to define a list based string literal called tson to avoid the lossy problem. https://github.com/qcode-software/qcode-tcl/blob/master/doc/procs/tson2json.md Bernhard On 13 April 2015 at 07:01, Jeff Rogers <dv...@di...> wrote: > Brad Chick wrote: > > AOLserver community, > > > > I need to generate and parse json in my aolserver web app. Seems like it > > should be easy enough. But there are no aolserver modules that I can > find. > > > > I did find: tcljson > > @ > > > https://code.google.com/p/aolserver/source/browse/trunk/modules/tcljson/?r=103 > > > > But can't seem to get it to build. > > > > What is the easiest/best way to get aolserver to handle json? > > Hi Brad, > > Check out rl_json - https://github.com/RubyLane/rl_json > > It's a plain tcl extension, so it's not aolserver (or naviserver) > specific, but it was written to be used in a naviserver application, so > it integrates perfectly well there. > > There are some other packages listed on the Tcler's Wiki at > http://wiki.tcl.tk/13419. There is a json package included in tcllib, > but I would recommend avoiding it as its json2dict conversion is lossier > than it needs to be, making round trips essentially impossible. > > -J > > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live > exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > aolserver-talk mailing list > aol...@li... > https://lists.sourceforge.net/lists/listinfo/aolserver-talk > |
From: Jeff R. <dv...@di...> - 2015-04-13 06:00:47
|
Brad Chick wrote: > AOLserver community, > > I need to generate and parse json in my aolserver web app. Seems like it > should be easy enough. But there are no aolserver modules that I can find. > > I did find: tcljson > @ > https://code.google.com/p/aolserver/source/browse/trunk/modules/tcljson/?r=103 > > But can't seem to get it to build. > > What is the easiest/best way to get aolserver to handle json? Hi Brad, Check out rl_json - https://github.com/RubyLane/rl_json It's a plain tcl extension, so it's not aolserver (or naviserver) specific, but it was written to be used in a naviserver application, so it integrates perfectly well there. There are some other packages listed on the Tcler's Wiki at http://wiki.tcl.tk/13419. There is a json package included in tcllib, but I would recommend avoiding it as its json2dict conversion is lossier than it needs to be, making round trips essentially impossible. -J |
From: Brad C. <br...@ch...> - 2015-04-12 15:27:53
|
AOLserver community, I need to generate and parse json in my aolserver web app. Seems like it should be easy enough. But there are no aolserver modules that I can find. I did find: tcljson @ https://code.google.com/p/aolserver/source/browse/trunk/modules/tcljson/?r=103 But can't seem to get it to build. What is the easiest/best way to get aolserver to handle json? Thanks -- ============================== BRAD CHICK ============================== Brad@ChickCentral.com 734.662.1701 (h) 734.646.9372 (m) "Make Some Time for Wasting!" _ | | ___| |__ ___ ___ _ __ ___ / __| '_ \ / _ \/ _ \ '__/ __| (__| | | | __/ __/ | \__ \ \___|_| |_|\___|\___|_| |___/ ================================ |
From: Jeff R. <dv...@di...> - 2015-03-20 12:53:54
|
Sep Ng wrote: > Thank you very much for shedding a lot of light into this. > > On Friday, March 20, 2015 at 3:58:19 PM UTC+8, Gustaf Neumann wrote: > > > Am 20.03.15 um 07:48 schrieb Sep Ng: > > what is hurting you? > > > We have instances where we'd get a high number of concurrent > users that the requests are getting queued, but when I look at the > logs, there's a > lot of static files being served for each login > page, let alone other pages being served in aolserver. So, I'm > theorizing that being able to get those > static file requests > pushed into a single thread and free up the connection threads would > help in scalability. > > yes, there is a certain hope, that removing this burden from the > connection threads will improve the situation. Another option to reduce > queuing time is to increase the number of connection threads. > If the bottleneck are slow sql-queries then this pooling stuff will > not help. > > Right now, I do not believe sql queries are the culprit for the > sacalability issues. I have a better understanding on this now. I > think the only real issue from implementation stand point is getting the > reverse proxy setup right. Another thing to try out if you can distinguish static from dynamic by the url pattern is to use [ns_pools] to set up the server so that all static content is served from one threadpool and the slow dynamic pages from a different pool. These would still be ordinary conn threads (no background delivery), but it would keep the static requests from one user from queuing behind the dynamic pages from a different user. I haven't completely thought through exactly how this would work, but my first impression is that it would mean longer queuing times for dynamic requests, but more responsive servicing of static ones, so that pages would be slower to start but faster once they started. -J |