rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: tiro_uspsss on December 29, 2012, 11:31:54 AM
-
hello all! :)
I have been using HFS for the last ~2 weeks & I LOVE it! :D
Time to move up tho! Time for SSL!
I read this guide:
http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
but I cannot get it to work :(
I also would like to set-up HFS with a domain name I have, example: www.aaa.com
how do I do this including SSL?
The errors that show in the stunnel log vary depending on what numbers I put in for accept & connect (I tried different ones). At the moment I have my router set up to port forward 443 to my server. The most common error the log shows, says this:
Error binding service [https] to 0.0.0.0:443
bind: Permission denied (WSAEACCES) (10013)
help would be really appreciated! :-[
-
for what i can understand, your stunnel is unable to take ownership of port 443.
this may happen if another software is already occupying it, or a system firewall is preventing it.
check both.
-
I typed into cmd: "netstat -a -b" & it says that svchost is listening on 443 :(
would this be the problem?
if so how do I get stunnel to take control of 443?
-
woohoo! stunnel now has control of 443! :D
what I did:
I typed into cmd: "netstat -aon" this showed ports that were in use/being listened as well as the corresponding PID (Process ID). PID is a selectable column in task manager, so I then found the process & killed it! I then started up stunnel & it had no issues!
Now I need to get HFS to work with it + be able to type in www.example.com, then all is working! :)
what do I need to do to get 'www.example.com" to work with HFS?
-
any help? :(
-
You won't be able to do it within your local network unless your computer is hooked up directly from the internet without a router.
Other people will be able to access your computer with example.com regardless of the IP Stunnel is set to accept (make it 127.0.0.1), but you won't from within your network without modifying your HOSTS file.
Also you probably should have figured out WHAT was on port 443 before you just killed its process.
If you have Windows Vista/7/8 then you can use task manager to find out WHAT services are using that process ID. You probably should do that.
-
You won't be able to do it within your local network unless your computer is hooked up directly from the internet without a router.
Other people will be able to access your computer with example.com regardless of the IP Stunnel is set to accept (make it 127.0.0.1), but you won't from within your network without modifying your HOSTS file.
Also you probably should have figured out WHAT was on port 443 before you just killed its process.
If you have Windows Vista/7/8 then you can use task manager to find out WHAT services are using that process ID. You probably should do that.
:-\ you suuuure its not possible??
I did know what the process was - it was some VMWare related process :) After I killed it, I fired up VMWare & a VM, all worked fine! :)
-
in task manager, so I then found the process & killed it! I then started up stunnel & it had no issues!
you probably killed IIS (internet information services).
You can find it in windows' services panel. From there you can stop it, otherwise it will start again.
-
what do I need to do to get 'www.example.com" to work with HFS?
is the domain pointing to your external IP address?
-
Network Activ Webserver has a nice introduction/tutorial to website hosting:
http://www.networkactiv.com/WebServer_Support.html
Take a look here: Web Site and Web Hosting Basics Tutorial
-
you probably killed IIS (internet information services).
You can find it in windows' services panel. From there you can stop it, otherwise it will start again.
read my previous post :) I knew that is was a VMWare related process :)
is the domain pointing to your external IP address?
it is, yes, so I don't know why it isn't working :(
Network Activ Webserver has a nice introduction/tutorial to website hosting:
http://www.networkactiv.com/WebServer_Support.html
Take a look here: Web Site and Web Hosting Basics Tutorial
thanks! will do! :)
-
I have a static IP with my ISP - I know that that is a good thing to have......... are the DNS server numbers important? esp. if I'm trying to use www.example.com with my server?
-
ok, I am really close to getting it working! :)
I just started up stunnel, then hfs.. when I tried to connect it eventually came back with: 'connection closed by remote server'... here is the stunnel log page:
edit: I know I'm close because when I tried to connect, it asked for me to approve of the cerificate! :D
-
When you connect with your browser, does hfs show an ongoing connection?
Enable connections in the log
-
ok, I'm getting closer! :)
I watched closely the connections log in HFS... an address would flash very briefly... I then checked the BANNED IP list... for some reason I had banned 127.0.0.1 - which, if I understand correctly Stunnel needs this address to connect to/thru with HFS. So I removed then ban. Stunnel now connects with HFS.
However; when I enter the url (www.example.com) on another PC which is connected to the internet thru a VPN, HFS connection log shows that the PC has connected via 127.0.0.1. This doesn't seem right. The VPN PC displays the site correctly. I then tried connecting via my smartphone to seem if the site was really running... it wasn't - it simply errors out eventually. :(
any ideas?
-
this is quite normal, all connexctions transiting through STUNNEL are identified in local mode (127.0.0.1) by hfs, there is nothing to do to change this situation.
-
I watched closely the connections log in HFS... an address would flash very briefly...
that's not the log. The log is on the right (you get a "log" label on it, indeed).
You are looking at the bottom, that's the connections panel, that's not persistent (unless you right click and enable "leave...", but ensure you disable it after a while, to not get flooded).
connected via 127.0.0.1. This doesn't seem right.
sadly that's how stunnel works.
future: HFS 3 is expected to support https.