Hello,
I am noob in stunnel and I trying configure my environment but I have one problem.
My stunnel.conf is:
foreground = yes output = /srv/slapgrid/slappart1/var/log/stunnel.log pid = /srv/slapgrid/slappart1/var/run/stunnel.pid syslog = no debug = 7 foreground = yes delay = yes client = yes socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 key = /srv/slapgrid/slappart1/srv/ca/private/mykey.key cert = /srv/slapgrid/slappart1/srv/ca/certs/mycert.crt
[varnish_SOFTINST-51] accept = 10.0.235.44:26012 connect = [2a01:e34:ec03:*:*:*:*:*]:15000
In the stunnel compilation the option "--enable-ipv6" was used. And ipv6 address is one zope server to connect using https
I have this traceback:
2011.08.09 00:19:51 LOG7[12724:140272018274048]: local socket: FD=7 allocated (non-blocking mode) 2011.08.09 00:19:51 LOG7[12724:140272018274048]: Service varnish_SOFTINST-51 accepted FD=7 from 10.0.235.44:39673 2011.08.09 00:19:51 LOG7[12724:140272018409232]: Service varnish_SOFTINST-51 started 2011.08.09 00:19:51 LOG7[12724:140272018409232]: Option TCP_NODELAY set on local socket 2011.08.09 00:19:51 LOG5[12724:140272018409232]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:39673 2011.08.09 00:19:59 LOG3[12724:140272018409232]: Error resolving '[2a01:e34:ec03:*:*:*:*:*]': Neither nodename nor servname known (EAI_NONAME) 2011.08.09 00:19:59 LOG3[12724:140272018409232]: No host resolved 2011.08.09 00:19:59 LOG5[12724:140272018409232]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.08.09 00:19:59 LOG7[12724:140272018409232]: Service varnish_SOFTINST-51 finished (0 left) 2011.08.09 00:19:59 LOG7[12724:140272018409232]: str_stats: 0 block(s), 0 byte(s) 2011.08.09 00:20:09 LOG7[12724:140272018274048]: local socket: FD=7 allocated (non-blocking mode) 2011.08.09 00:20:09 LOG7[12724:140272018274048]: Service varnish_SOFTINST-51 accepted FD=7 from 10.0.235.44:39675 2011.08.09 00:20:09 LOG7[12724:140272018409232]: Service varnish_SOFTINST-51 started 2011.08.09 00:20:09 LOG7[12724:140272018409232]: Option TCP_NODELAY set on local socket 2011.08.09 00:20:09 LOG5[12724:140272018409232]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:39675 2011.08.09 00:20:14 LOG7[12724:140272018274048]: Dispatching signals from the signal pipe 2011.08.09 00:20:14 LOG5[12724:140272018274048]: Received signal 15; terminating 2011.08.09 00:20:14 LOG7[12724:140272018274048]: str_stats: 0 block(s), 0 byte(s) 2011.08.09 00:20:14 LOG7[12724:140272018274048]: removing pid file /srv/slapgrid/slappart1/var/run/stunnel.pid
Please, someone can help me? maybe I am doing stupid things..
thanks in advance
Gabriel Monnerat wrote:
[varnish_SOFTINST-51] accept = 10.0.235.44:26012 connect = [2a01:e34:ec03:*:*:*:*:*]:15000
[cut]
2011.08.09 00:19:59 LOG3[12724:140272018409232]: Error resolving '[2a01:e34:ec03:*:*:*:*:*]': Neither nodename nor servname known (EAI_NONAME)
[cut]
Please, someone can help me? maybe I am doing stupid things..
1. Skip square brackets from IP address. 2. Change "*" to numbers. 8-)
Mike
On 09-08-2011 11:35, Michal Trojnara wrote:
Gabriel Monnerat wrote:
[varnish_SOFTINST-51] accept = 10.0.235.44:26012 connect = [2a01:e34:ec03:*:*:*:*:*]:15000
[cut]
2011.08.09 00:19:59 LOG3[12724:140272018409232]: Error resolving '[2a01:e34:ec03:*:*:*:*:*]': Neither nodename nor servname known (EAI_NONAME)
[cut]
Please, someone can help me? maybe I am doing stupid things..
- Skip square brackets from IP address.
Yes. Thanks
- Change "*" to numbers. 8-)
:)
Now I have this in log:
2011.08.09 11:56:18 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:58876 2011.08.09 11:56:19 LOG5[23690:139807064278800]: connect_blocking: connected 2a01:e34:ec03:8610:*:*:*:*:15000 2011.08.09 11:56:19 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 connected remote server from 2001:0:4137:9e76:0:134:4525:79a7:54770 2011.08.09 11:56:19 LOG5[23690:139807064278800]: Connection closed: 56 bytes sent to SSL, 460 bytes sent to socket 2011.08.09 11:56:29 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:58888 2011.08.09 11:56:29 LOG5[23690:139807064278800]: connect_blocking: connected 2a01:e34:ec03:8610:*:*:*:*:15000 2011.08.09 11:56:29 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 connected remote server from 2001:0:4137:9e76:0:134:4525:79a7:54782 2011.08.09 11:56:30 LOG5[23690:139807064278800]: Connection closed: 56 bytes sent to SSL, 460 bytes sent to socket
Is this a expected behaviour?
If I try access via browser I have this message...
/Bad Request
Your browser sent a request that this server could not understand /
Because in my case, my architecture is:
Apache > varnish > stunnel > backend
And the varnish have problems to access the stunnel
Thanks.
Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
On 09-08-2011 12:38, Gabriel Monnerat wrote:
Now I have this in log:
2011.08.09 11:56:18 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:58876 2011.08.09 11:56:19 LOG5[23690:139807064278800]: connect_blocking: connected 2a01:e34:ec03:8610:*:*:*:*:15000 2011.08.09 11:56:19 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 connected remote server from 2001:0:4137:9e76:0:134:4525:79a7:54770 2011.08.09 11:56:19 LOG5[23690:139807064278800]: Connection closed: 56 bytes sent to SSL, 460 bytes sent to socket 2011.08.09 11:56:29 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 accepted connection from 10.0.235.44:58888 2011.08.09 11:56:29 LOG5[23690:139807064278800]: connect_blocking: connected 2a01:e34:ec03:8610:*:*:*:*:15000 2011.08.09 11:56:29 LOG5[23690:139807064278800]: Service varnish_SOFTINST-51 connected remote server from 2001:0:4137:9e76:0:134:4525:79a7:54782 2011.08.09 11:56:30 LOG5[23690:139807064278800]: Connection closed: 56 bytes sent to SSL, 460 bytes sent to socket
Is this a expected behaviour?
If I try access via browser I have this message...
/Bad Request
Your browser sent a request that this server could not understand /
Because in my case, my architecture is:
Apache > varnish > stunnel > backend
And the varnish have problems to access the stunnel
This problem was fixed adding this parameters to stunnel.conf:
sslVersion = SSLv3 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
-
Gabriel Monnerat -
Michal Trojnara