Please... help... ;)<br><br><div class="gmail_quote">On Fri, Mar 30, 2012 at 12:48, Thomas Manson <span dir="ltr"><<a href="mailto:dev.mansonthomas@gmail.com">dev.mansonthomas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Here is the logs when it doesn't works (there's a stunnel.log but empty)<div><br></div><div>The symptoms are the following : </div><div><br></div><div>* stunnel still running in memory</div><div><br></div><div><div>
1 8426 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div><div> 1 8427 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div><div> 1 8428 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div>
<div> 1 8429 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div><div> 1 8430 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div><div>
1 8431 8431 8431 ? -1 Ss 109 0:00 /usr/bin/stunnel4 /etc/stunnel/base.conf</div><div> 1 8440 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranet.onesite.com.conf</div>
<div> 1 8441 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranetonesite.com.conf</div><div> 1 8442 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranet.onesite.com.conf</div>
<div> 1 8443 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranet.onesite.com.conf</div><div> 1 8444 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranet.onesite.com.conf</div>
<div> 1 8445 8445 8445 ? -1 Ss 0 0:00 /usr/bin/stunnel4 /etc/stunnel/extranet.onesite.com.conf</div></div><div><br></div><div>The browser gets the following error (translated from french) : </div>
<div>
<br></div><div>the connection with the server has be reset while loading the page (on firefox)</div><div><br></div><div>See the logs attached.</div><div><br></div><div>Connecting on <a href="http://127.0.0.1:82" target="_blank">127.0.0.1:82</a> is working (HAProxy running, and webservers are up)</div>
<div><br></div><div>So I quite don't understand what's going on.</div><div><br></div><div>><a href="tel:2012.03.29%2017" value="+12012032917" target="_blank">2012.03.29 17</a>:29:11 LOG3[8431:140689358976768]: SSL_accept: Peer suddenly disconnected</div>
<div><br></div><div>this is quite strange...</div>
<div><br></div><div>Any idea ?</div><div><br></div><div>Regards,</div><div>Thomas.</div><div class="HOEnZb"><div class="h5"><div><br><br><div class="gmail_quote">On Thu, Mar 29, 2012 at 15:39, Thomas Manson <span dir="ltr"><<a href="mailto:dev.mansonthomas@gmail.com" target="_blank">dev.mansonthomas@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<div><br></div><div> I've setup a stunnel install to handle several website SSL part of the HTTP (then redirected to HAProxy LoadBalancer).</div>
<div><br></div><div> I can successfully start one site, but if I add another website (so another stunnel conf file in /etc/stunnel) then the first is said to be already running while it's not and the second starts for real.</div>
<div><br></div><div><br></div><div><div>thomas@ns0:/var/log/stunnel4$ sudo service stunnel4 start</div><div>Starting SSL tunnels: [Started: /etc/stunnel/base.conf] [Started: /etc/stunnel/extranet.onesite.com.conf] <b>[Already running: /etc/stunnel/mansonthomas.com.conf] stunnel.</b></div>
</div><div><br></div><div>(<a href="http://mansonthomas.com" target="_blank">mansonthomas.com</a> was my first try before implementing a client website)</div><div><br></div><div>Also, in /var/log/stunnel.log I've only the logs for base.conf, not for the two other one. What should I do to have the logs? I've tryed to add debug=7 at the beginning of the two conf file, but nothing.</div>
<div><br></div><div><br></div><div> After some times, the extranet site https stops working...</div><div><br></div><div> I was off in holidays for the last two weeks, so I didn't have the time to really dig into this...</div>
<div><br></div><div> what would be the first steps to debug this issues ? </div><div><br></div><div>Regards,</div><div>Thomas.</div><div><br></div><div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG5[8181:140471188047648]: Reading configuration from file /etc/stunnel/base.conf</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Snagged 64 random bytes from /dev/urandom</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: PRNG seeded successfully</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Using DH parameters from /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.crt" target="_blank">mainsite.com/mainsite.com.crt</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG6[8181:140471188047648]: DH initialized with 2048 bit key</font></div><div>
<font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: ECDH initialized</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Certificate: /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.crt" target="_blank">mainsite.com/mainsite.com.crt</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Certificate loaded</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Key file: /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.key" target="_blank">mainsite.com/mainsite.com.key</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Private key loaded</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: SSL context initialized for service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG5[8181:140471188047648]: Configuration successful</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG5[8181:140471188047648]: No limit detected for the number of clients</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=3 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=4 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=4 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=5 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=5 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=6 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=6 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=7 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=7 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=8 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: signal_pipe: FD=9 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: signal_pipe: FD=10 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: accept socket: FD=11 allocated (non-blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Option SO_REUSEADDR set on accept socket</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a> bound to <a href="http://8.19.1.2:443" target="_blank">8.19.1.2:443</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8181:140471188047648]: Service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a> opened FD=11</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG7[8187:140471188047648]: Created pid file /var/run/stunnel4/stunnel4.pid</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG5[8187:140471188047648]: stunnel 4.35 on x86_64-pc-linux-gnu with OpenSSL 1.0.0e 6 Sep 2011</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:41 LOG5[8187:140471188047648]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:49 LOG7[8187:140471188047648]: Dispatching signals from the signal pipe</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:49 LOG5[8187:140471188047648]: Received signal 15; terminating</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:31:49 LOG7[8187:140471188047648]: removing pid file /var/run/stunnel4/stunnel4.pid</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG5[8280:140481745549088]: Reading configuration from file /etc/stunnel/base.conf</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Snagged 64 random bytes from /dev/urandom</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: PRNG seeded successfully</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Using DH parameters from /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.crt" target="_blank">mainsite.com/mainsite.com.crt</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG6[8280:140481745549088]: DH initialized with 2048 bit key</font></div><div>
<font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: ECDH initialized</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Certificate: /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.crt" target="_blank">mainsite.com/mainsite.com.crt</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Certificate loaded</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Key file: /etc/stunnel/sites/<a href="http://mainsite.com/mainsite.com.key" target="_blank">mainsite.com/mainsite.com.key</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Private key loaded</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: SSL context initialized for service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG5[8280:140481745549088]: Configuration successful</font></div><div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG5[8280:140481745549088]: No limit detected for the number of clients</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=3 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=4 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=4 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=5 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=5 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=6 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=6 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=7 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=7 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=8 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: signal_pipe: FD=9 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: signal_pipe: FD=10 allocated (blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: accept socket: FD=11 allocated (non-blocking mode)</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Option SO_REUSEADDR set on accept socket</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a> bound to <a href="http://8.19.1.2:443" target="_blank">8.19.1.2:443</a></font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8280:140481745549088]: Service <a href="http://https-mainsite.com" target="_blank">https-mainsite.com</a> opened FD=11</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG7[8286:140481745549088]: Created pid file /var/run/stunnel4/stunnel4.pid</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG5[8286:140481745549088]: stunnel 4.35 on x86_64-pc-linux-gnu with OpenSSL 1.0.0e 6 Sep 2011</font></div>
<div><font face="'courier new', monospace"><a href="tel:2012.03.29%2015" value="+12012032915" target="_blank">2012.03.29 15</a>:32:38 LOG5[8286:140481745549088]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP</font></div>
</div><div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br>