Forum OpenACS CMS: running into some errors and or issues

Request notifications

I'm using the scripts found here https://openacs.org/xowiki/naviserver-openacs

using the default values I changed the port but even testing it with the default ports result in the same issue. I have not enabled ssl yet. Do these errors tell anyone, anything that could help them help me figure this out?

[09/Nov/2018:16:49:34][28204.7f9206741700][-main-] Notice: OpenSSL 1.0.2p  14 Aug 2018 initialized
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: trying to prebind <216.189.151.43:8085>
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind: proto tcp addr 216.189.151.43 port 8085 reuses 1
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind adds: SockAddr family AF_INET, ip 216.189.151.43, port 8085
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: prebind: tcp: [216.189.151.43]:8085
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: starting to read config file...
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: Use Tcl thread library /usr/local/ns/lib/thread2.8.2/libthread2.8.2.so
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: using threadsafe tcl: 1
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: nsd.tcl: finished reading config file.
[09/Nov/2018:16:49:34][28205.7f9206741700][-main-] Notice: binder: started
[09/Nov/2018:16:49:34][28205.7f9206741700][binder] Fatal: binder: recvmsg() failed: recv 53 bytes, 'Success'

Collapse
Posted by Gustaf Neumann on
Can it be, that there is already on instance running on that port? With which parameters are you starting the server?

Does starting with the default NaviServer configuration (in the foreground) work for you?

/usr/local/ns/bin/nsd -u nsadmin -t /usr/local/ns/conf/nsd-config.tcl -f

Collapse
Posted by Vasily Sora on
Okay so I reboot the system so even tho I have no idea what could of been the hang up, that is for now resolved. I started it up and its complaining about a password not being supplied. I will re go over the docs you have here but I guess its worth noting that I am trying to use postgresql 10.2 -- perhaps that is a no go. I would prefer to use it but if not I will look into installing the version used in the documentation here.

[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: nsdbpg(postgres):  Could not connect to localhost::dbname=oacs-5-9-1: fe_sen
dauth: no password supplied

[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: dbdrv: failed to open database 'postgres:localhost::dbname=oacs-5-9-1'
[09/Nov/2018:18:54:58][559.7f572c612700][-main-] Error: Error sourcing /var/www/oacs-5-9-1/packages/acs-tcl/tcl/site-nodes-procs.tcl
:

Collapse
Posted by Vasily Sora on
but I should add it does work with the default naviserver config
Collapse
Posted by Gustaf Neumann on
Can you connect to the DB via psql without password?

psql -U nsadmin -d oacs-5-9-1

If PostgreSQL asks for a password, you should either allow local access without a password (usual configuration), or provide a password via the config file.

Collapse
Posted by Vasily Sora on
So I changed some setting in postgresql and managed to get things to work. Then I tried to enable ssl I installed lets encrypt cert using this script here

https://bitbucket.org/naviserver/letsencrypt/src/default/

I have the configuration set up and don't see an error in it

http://termbin.com/tlpv

That is a paste of the config.

Here is the error I don't understand.

[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: modload: loading module nsssl from file nsssl.so
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: nsssl:0: enable 0 spooler thread(s)
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: nsssl:0: enable 0 writer thread(s)
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Notice: OpenSSL OpenSSL 1.0.2p  14 Aug 2018 initialized
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Error: nsssl: certificate parameter must be specified in the config file under ns/server/oacs-5-9-1/module/nsssl
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Error: modload: /usr/local/ns/bin/nsssl.so: Ns_ModuleInit returned: -1
[10/Nov/2018:16:03:01][15032.7faf6d598700][-main-] Fatal: modload: failed to load module 'nsssl.so'
[10/Nov/2018:16:03:01][15032.7faf6d598700][binder] Notice: binder: stopped

Collapse
Posted by Vasily Sora on
Oh and I just wanted to say thanks again... I am determine to work through all these issues and use OpenACS and then contribute back... well that is my goal.

Here is anther Issue I'm running into that I'm trying to resolve.

[10/Nov/2018:18:20:36][598.7ff1362a8700][-conn:oacs-5-9-1:0:505-] Error: return: failed to redirect '404': exceeded recursion limit of 3

Collapse
Posted by Gustaf Neumann on
Concerning certificate: i think the last to lines of your config file should be removed. The logic in the letsencrypt package is probably not clever enough to handle the loop with the IPv4 and IPv6 addresses.

Concerning "failed to redirect '404': exceeded recursion limit of 3": This means that the server wants to serve a page called "404" for handling "page not found" errors, but does not find that page. There are several improvements in this regards in the development branch of OpenACS. .... I know what's going on: You are using the newest openacs config file from bitbucket, which is expected to work with the newest release of openacs.
You can change the config file to change the path of the error files to some different, or place the error files like in [1] under

packages/acs-subsite/www/shared/

These changes should be probably backported to 5.9.1 such that the config files works out of the box.

-gn

[1] http://cvs.openacs.org/changelog/OpenACS?cs=MAIN%3Agustafn%3A20180219180844

Collapse
Posted by Vasily Sora on
thanks. I had finally spotted the bit at the bottom being a duplicate; removed it and ssl works now. I will look into the advice given here on how to fix the redirect errors. Lastly, however, and one really important to me is... the http connection is not automatically being directed to https -- I really need to figure this bit out.
Collapse
Posted by Gustaf Neumann on
Hmm, why is this not working following the rules of [1]. Try to add the following line
Strict-Transport-Security "max-age=31536000; includeSubDomains"
to the nssock_extraheaders (around line 78) in the config file.

[1] https://www.w3.org/TR/upgrade-insecure-requests/#feature-detect

Collapse
Posted by Vasily Sora on
Although I have not fix the redirect issue, I do mostly understand how to resolve it and will resolve it -- I mean the redirect 404 etc.. but I still have no idea how I can force https to be used. This I think is my last hangup, at least in theory.
Collapse
Posted by Vasily Sora on
Okay I'll review 1 again and see if I can add that bit there you suggested and double check it. I think, however, its there already.
Collapse
Posted by Vasily Sora on
Strange no idea what I fixed but I got it working now with ssl redirect. I guess we'll just have to assume user error somewhere on my part. Thanks again.