[stunnel-users] Stunnel running for a few minutes and then stop and can't handle multiple domains
Thomas Manson
dev.mansonthomas at gmail.com
Mon Apr 2 01:31:49 CEST 2012
Please... help... ;)
On Fri, Mar 30, 2012 at 12:48, Thomas Manson <dev.mansonthomas at gmail.com>wrote:
> Here is the logs when it doesn't works (there's a stunnel.log but empty)
>
> The symptoms are the following :
>
> * stunnel still running in memory
>
> 1 8426 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8427 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8428 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8429 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8430 8414 18168 pts/0 10698 S 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8431 8431 8431 ? -1 Ss 109 0:00 /usr/bin/stunnel4
> /etc/stunnel/base.conf
> 1 8440 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranet.onesite.com.conf
> 1 8441 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranetonesite.com.conf
> 1 8442 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranet.onesite.com.conf
> 1 8443 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranet.onesite.com.conf
> 1 8444 8414 18168 pts/0 10698 S 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranet.onesite.com.conf
> 1 8445 8445 8445 ? -1 Ss 0 0:00 /usr/bin/stunnel4
> /etc/stunnel/extranet.onesite.com.conf
>
> The browser gets the following error (translated from french) :
>
> the connection with the server has be reset while loading the page (on
> firefox)
>
> See the logs attached.
>
> Connecting on 127.0.0.1:82 is working (HAProxy running, and webservers
> are up)
>
> So I quite don't understand what's going on.
>
> >2012.03.29 17:29:11 LOG3[8431:140689358976768]: SSL_accept: Peer
> suddenly disconnected
>
> this is quite strange...
>
> Any idea ?
>
> Regards,
> Thomas.
>
>
> On Thu, Mar 29, 2012 at 15:39, Thomas Manson <dev.mansonthomas at gmail.com>wrote:
>
>> Hi,
>>
>> I've setup a stunnel install to handle several website SSL part of the
>> HTTP (then redirected to HAProxy LoadBalancer).
>>
>> I can successfully start one site, but if I add another website (so
>> another stunnel conf file in /etc/stunnel) then the first is said to be
>> already running while it's not and the second starts for real.
>>
>>
>> thomas at ns0:/var/log/stunnel4$ sudo service stunnel4 start
>> Starting SSL tunnels: [Started: /etc/stunnel/base.conf] [Started:
>> /etc/stunnel/extranet.onesite.com.conf] *[Already running:
>> /etc/stunnel/mansonthomas.com.conf] stunnel.*
>>
>> (mansonthomas.com was my first try before implementing a client website)
>>
>> Also, in /var/log/stunnel.log I've only the logs for base.conf, not for
>> the two other one. What should I do to have the logs? I've tryed to add
>> debug=7 at the beginning of the two conf file, but nothing.
>>
>>
>> After some times, the extranet site https stops working...
>>
>> I was off in holidays for the last two weeks, so I didn't have the time
>> to really dig into this...
>>
>> what would be the first steps to debug this issues ?
>>
>> Regards,
>> Thomas.
>>
>> 2012.03.29 15:31:41 LOG5[8181:140471188047648]: Reading configuration
>> from file /etc/stunnel/base.conf
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Snagged 64 random bytes
>> from /dev/urandom
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: PRNG seeded successfully
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Using DH parameters from
>> /etc/stunnel/sites/mainsite.com/mainsite.com.crt
>> 2012.03.29 15:31:41 LOG6[8181:140471188047648]: DH initialized with 2048
>> bit key
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: ECDH initialized
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Certificate:
>> /etc/stunnel/sites/mainsite.com/mainsite.com.crt
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Certificate loaded
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Key file:
>> /etc/stunnel/sites/mainsite.com/mainsite.com.key
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Private key loaded
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: SSL context initialized
>> for service https-mainsite.com
>> 2012.03.29 15:31:41 LOG5[8181:140471188047648]: Configuration successful
>> 2012.03.29 15:31:41 LOG5[8181:140471188047648]: No limit detected for
>> the number of clients
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=3
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=4
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=4
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=5
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=5
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=6
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=6
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=7
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=7
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: libwrap_init: FD=8
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: signal_pipe: FD=9
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: signal_pipe: FD=10
>> allocated (blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: accept socket: FD=11
>> allocated (non-blocking mode)
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Option SO_REUSEADDR set
>> on accept socket
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Service
>> https-mainsite.com bound to 8.19.1.2:443
>> 2012.03.29 15:31:41 LOG7[8181:140471188047648]: Service
>> https-mainsite.com opened FD=11
>> 2012.03.29 15:31:41 LOG7[8187:140471188047648]: Created pid file
>> /var/run/stunnel4/stunnel4.pid
>> 2012.03.29 15:31:41 LOG5[8187:140471188047648]: stunnel 4.35 on
>> x86_64-pc-linux-gnu with OpenSSL 1.0.0e 6 Sep 2011
>> 2012.03.29 15:31:41 LOG5[8187:140471188047648]: Threading:PTHREAD
>> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>> 2012.03.29 15:31:49 LOG7[8187:140471188047648]: Dispatching signals from
>> the signal pipe
>> 2012.03.29 15:31:49 LOG5[8187:140471188047648]: Received signal 15;
>> terminating
>> 2012.03.29 15:31:49 LOG7[8187:140471188047648]: removing pid file
>> /var/run/stunnel4/stunnel4.pid
>> 2012.03.29 15:32:38 LOG5[8280:140481745549088]: Reading configuration
>> from file /etc/stunnel/base.conf
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Snagged 64 random bytes
>> from /dev/urandom
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: PRNG seeded successfully
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Using DH parameters from
>> /etc/stunnel/sites/mainsite.com/mainsite.com.crt
>> 2012.03.29 15:32:38 LOG6[8280:140481745549088]: DH initialized with 2048
>> bit key
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: ECDH initialized
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Certificate:
>> /etc/stunnel/sites/mainsite.com/mainsite.com.crt
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Certificate loaded
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Key file:
>> /etc/stunnel/sites/mainsite.com/mainsite.com.key
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Private key loaded
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: SSL context initialized
>> for service https-mainsite.com
>> 2012.03.29 15:32:38 LOG5[8280:140481745549088]: Configuration successful
>> 2012.03.29 15:32:38 LOG5[8280:140481745549088]: No limit detected for
>> the number of clients
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=3
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=4
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=4
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=5
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=5
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=6
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=6
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=7
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=7
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: libwrap_init: FD=8
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: signal_pipe: FD=9
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: signal_pipe: FD=10
>> allocated (blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: accept socket: FD=11
>> allocated (non-blocking mode)
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Option SO_REUSEADDR set
>> on accept socket
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Service
>> https-mainsite.com bound to 8.19.1.2:443
>> 2012.03.29 15:32:38 LOG7[8280:140481745549088]: Service
>> https-mainsite.com opened FD=11
>> 2012.03.29 15:32:38 LOG7[8286:140481745549088]: Created pid file
>> /var/run/stunnel4/stunnel4.pid
>> 2012.03.29 15:32:38 LOG5[8286:140481745549088]: stunnel 4.35 on
>> x86_64-pc-linux-gnu with OpenSSL 1.0.0e 6 Sep 2011
>> 2012.03.29 15:32:38 LOG5[8286:140481745549088]: Threading:PTHREAD
>> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120402/b34ddfe8/attachment.html>
More information about the stunnel-users
mailing list