Forum OpenACS Q&A: Re: 5.0: Installation: missing clue (running on port 80)

Collapse
16: Re: 5.0: Installation: missing clue (running on port 80) (response to 1)
Posted by Lachlan Myers on 02/20/04 04:51 AM
This thread gave me the final pieces of the "ports below 1024 on Aolserver 4" and nsopenssl puzzle.

In case its helpful for some-one else, here are the pieces:

  1. The daemontools "run" or the command line nsd -t list must include either a
    • -b {Ipaddress:port} or a
    • -B {filename}.

    If you modify the run file, all comments between the config.tcl and the -b have to be removed, or it will not load. [thanks Hans]
    The -B is used if you have multiple {Ipaddress:port} pairs. If you want to use http and https, you need to include each as an {Ipaddress:port} pair. [thanks Bart]
  2. For an ssl connection, Aolserver 4 must be used with Scottg's latest nsopenssl (I'm using version 3beta12). This requires a "with threads" version of OpenSSL, see details at scottg.net, or in the nsopenssl README.
  3. For a single ip address, the following contribution will implement it. [thanks Matthew G] 
#---------------------------------------------------------------------
#
# OpenSSL, nsopenssl and aolserver 4
#
#---------------------------------------------------------------------
#
# SSL contexts. Define the ssl contexts for this server.

ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param ssl_incoming_requests_context   "SSL context used for regular user access to the website"
ns_param ssl_outgoing_context            "SSL context used for outgoing script socket connections"

ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server               ssl_incoming_requests_context
ns_param client               ssl_outgoing_context

ns_section "ns/server/${server}/module/nsopenssl/sslcontext/ssl_incoming_requests_context"
ns_param Role                  server
ns_param ModuleDir             ${serverroot}/etc/certs
ns_param CertFile              certfile.pem
ns_param KeyFile               keyfile.pem
#ns_param CADir                 ca-client/dir
#ns_param CAFile                ca-client/ca-client.crt
ns_param Protocols             "SSLv3, TLSv1"
ns_param CipherSuite           "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify            false
ns_param PeerVerifyDepth       3
ns_param Trace                 true

# SSL drivers. Each driver defines a port and a named SSL context to associate with it.

ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param ssl_incoming_requests_driver "Driver for regular user access to the website"

ns_section "ns/server/${server}/module/nsopenssl/ssldriver/ssl_incoming_requests_driver"
ns_param sslcontext            ssl_incoming_requests_context
ns_param port                  $httpsport
ns_param hostname              $hostname
ns_param address               $address
Collapse
17: Re: 5.0: Installation: missing clue (running on port 80) (response to 16)
Posted by Vinod Kurup on 02/20/04 05:01 AM
You can also include more than 1 bind parameter by using commas to separate the addresses. 
nsd -t config.tcl -b 0.0.0.0:80,0.0.0.0:443