Forum OpenACS CMS: running into some errors and or issues

1: running into some errors and or issues

Posted by Vasily Sora on 11/09/18 05:54 PM

I'm using the scripts found here https://openacs.org/xowiki/naviserver-openacs

using the default values I changed the port but even testing it with the default ports result in the same issue. I have not enabled ssl yet. Do these errors tell anyone, anything that could help them help me figure this out?

[09/Nov/2018:16:49:34][28204.7f9206741700][-main-] Notice: OpenSSL 1.0.2p 14 Aug 2018 initialized
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: trying to prebind <216.189.151.43:8085>
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind: proto tcp addr 216.189.151.43 port 8085 reuses 1
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind adds: SockAddr family AF_INET, ip 216.189.151.43, port 8085
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind: tcp: [216.189.151.43]:8085
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: starting to read config file...
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: Use Tcl thread library /usr/local/ns/lib/thread2.8.2/libthread2.8.2.so
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: using threadsafe tcl: 1
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: finished reading config file.
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: binder: started
[09/Nov/2018:16:49:34][28205.7f9206741700][binder] Fatal: binder: recvmsg() failed: recv 53 bytes, 'Success'

2: Re: running into some errors and or issues (response to 1)

Posted by Gustaf Neumann on 11/09/18 07:33 PM

Can it be, that there is already on instance running on that port? With which parameters are you starting the server?

Does starting with the default NaviServer configuration (in the foreground) work for you?

/usr/local/ns/bin/nsd -u nsadmin -t /usr/local/ns/conf/nsd-config.tcl -f

3: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/09/18 08:00 PM

Okay so I reboot the system so even tho I have no idea what could of been the hang up, that is for now resolved. I started it up and its complaining about a password not being supplied. I will re go over the docs you have here but I guess its worth noting that I am trying to use postgresql 10.2 -- perhaps that is a no go. I would prefer to use it but if not I will look into installing the version used in the documentation here.

[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: nsdbpg(postgres): Could not connect to localhost::dbname=oacs-5-9-1: fe_sen
dauth: no password supplied

[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: dbdrv: failed to open database 'postgres:localhost::dbname=oacs-5-9-1'
[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: Error sourcing /var/www/oacs-5-9-1/packages/acs-tcl/tcl/site-nodes-procs.tcl
:

4: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/09/18 08:08 PM

but I should add it does work with the default naviserver config

5: Re: running into some errors and or issues (response to 1)

Posted by Gustaf Neumann on 11/09/18 08:56 PM

Can you connect to the DB via psql without password?

psql -U nsadmin -d oacs-5-9-1

If PostgreSQL asks for a password, you should either allow local access without a password (usual configuration), or provide a password via the config file.

6: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/10/18 05:04 PM

So I changed some setting in postgresql and managed to get things to work. Then I tried to enable ssl I installed lets encrypt cert using this script here

https://bitbucket.org/naviserver/letsencrypt/src/default/

I have the configuration set up and don't see an error in it

http://termbin.com/tlpv

That is a paste of the config.

Here is the error I don't understand.

[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: modload: loading module nsssl from file nsssl.so
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: nsssl:0: enable 0 spooler thread(s)
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: nsssl:0: enable 0 writer thread(s)
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: OpenSSL OpenSSL 1.0.2p 14 Aug 2018 initialized
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Error: nsssl: certificate parameter must be specified in the config file under ns/server/oacs-5-9-1/module/nsssl
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Error: modload: /usr/local/ns/bin/nsssl.so: Ns_ModuleInit returned: -1
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Fatal: modload: failed to load module 'nsssl.so'
[10/Nov/2018:16:03:01][15032.7faf6d598700][binder] Notice: binder: stopped

7: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/10/18 07:24 PM

Oh and I just wanted to say thanks again... I am determine to work through all these issues and use OpenACS and then contribute back... well that is my goal.

Here is anther Issue I'm running into that I'm trying to resolve.

[10/Nov/2018:18:20:36][598.7ff1362a8700][-conn:oacs-5-9-1:0:505-] Error: return: failed to redirect '404': exceeded recursion limit of 3

8: Re: running into some errors and or issues (response to 1)

Posted by Gustaf Neumann on 11/11/18 06:03 PM

Concerning certificate: i think the last to lines of your config file should be removed. The logic in the letsencrypt package is probably not clever enough to handle the loop with the IPv4 and IPv6 addresses.

Concerning "failed to redirect '404': exceeded recursion limit of 3": This means that the server wants to serve a page called "404" for handling "page not found" errors, but does not find that page. There are several improvements in this regards in the development branch of OpenACS. .... I know what's going on: You are using the newest openacs config file from bitbucket, which is expected to work with the newest release of openacs.
You can change the config file to change the path of the error files to some different, or place the error files like in [1] under

packages/acs-subsite/www/shared/

These changes should be probably backported to 5.9.1 such that the config files works out of the box.

-gn

[1] http://cvs.openacs.org/changelog/OpenACS?cs=MAIN%3Agustafn%3A20180219180844

9: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/11/18 06:29 PM

thanks. I had finally spotted the bit at the bottom being a duplicate; removed it and ssl works now. I will look into the advice given here on how to fix the redirect errors. Lastly, however, and one really important to me is... the http connection is not automatically being directed to https -- I really need to figure this bit out.

10: Re: running into some errors and or issues (response to 1)

Posted by Gustaf Neumann on 11/12/18 08:13 PM

Hmm, why is this not working following the rules of [1]. Try to add the following line

Strict-Transport-Security "max-age=31536000; includeSubDomains"

to the nssock_extraheaders (around line 78) in the config file.

[1] https://www.w3.org/TR/upgrade-insecure-requests/#feature-detect

11: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/12/18 08:15 PM

Although I have not fix the redirect issue, I do mostly understand how to resolve it and will resolve it -- I mean the redirect 404 etc.. but I still have no idea how I can force https to be used. This I think is my last hangup, at least in theory.

12: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/12/18 08:16 PM

Okay I'll review 1 again and see if I can add that bit there you suggested and double check it. I think, however, its there already.

13: Re: running into some errors and or issues (response to 1)

Posted by Vasily Sora on 11/12/18 09:09 PM

Strange no idea what I fixed but I got it working now with ssl redirect. I guess we'll just have to assume user error somewhere on my part. Thanks again.