rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: ninjapimp on February 10, 2010, 08:56:21 PM
-
I've tried for a few hours but i can't make it work.
i get this error from the stunnel log:
2010.02.10 14:27:13 LOG7[3828:2352]: Snagged 64 random bytes from C:/.rnd
2010.02.10 14:27:13 LOG7[3828:2352]: Wrote 1024 new random bytes to C:/.rnd
2010.02.10 14:27:13 LOG7[3828:2352]: RAND_status claims sufficient entropy for the PRNG
2010.02.10 14:27:13 LOG7[3828:2352]: PRNG seeded successfully
2010.02.10 14:27:13 LOG7[3828:2352]: Certificate: stunnel.pem
2010.02.10 14:27:13 LOG7[3828:2352]: Certificate loaded
2010.02.10 14:27:13 LOG7[3828:2352]: Key file: stunnel.pem
2010.02.10 14:27:13 LOG7[3828:2352]: Private key loaded
2010.02.10 14:27:13 LOG7[3828:2352]: SSL context initialized for service https
2010.02.10 14:27:13 LOG5[3828:2352]: stunnel 4.29 on x86-pc-mingw32-gnu with OpenSSL 0.9.8l 5 Nov 2009
2010.02.10 14:27:13 LOG5[3828:2352]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2010.02.10 14:27:13 LOG5[3828:1048]: No limit detected for the number of clients
2010.02.10 14:27:13 LOG7[3828:1048]: FD 200 in non-blocking mode
2010.02.10 14:27:13 LOG7[3828:1048]: SO_REUSEADDR option set on accept socket
2010.02.10 14:27:13 LOG3[3828:1048]: Error binding https to 0.0.0.0:443
2010.02.10 14:27:13 LOG3[3828:1048]: bind: Permission denied (WSAEACCES) (10013)
2010.02.10 14:27:13 LOG3[3828:1048]: Server is down
--------------------------------------------------------
i download stunnel from here: ftp://stunnel.mirt.net/stunnel/
i create a fresh PEM file from here: http://www.stunnel.org/pem/
here is my list of what I've done to set it up thus far:
1. make a new fodler called HFS_2
2. put a copy of hfs253.exe in it and rename it to HFS_SSL_253.exe
3. download stunnel and extract it to same folder as hfs
4. place the created PEM file in same folder as HFS
5. i then read http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
6. edit/create the stunnel.conf file which looks like this:
; Lines preceded with a “;” are comments
; Empty lines are ignored
; For more options and details: see the manual (stunnel.html)
; File with certificate and private key
cert = stunnel.pem
key = stunnel.pem
; Log (1= minimal, 5=recommended, 7=all) and log file)
; Preceed with a “;” to disable logging
debug = 5
output = stunnel.log
; Some performance tuning
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Data compression algorithm: zlib or rle
compression = zlib
; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled)
options = ALL
options = NO_SSLv2
; Service-level configuration
; Stunnel listens to port 443 (HTTPS) to any IP
; and connects to port 44300 (HFS) on localhost
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
TIMEOUTclose = 0
7. in HFS i change IP address to 127.0.0.1
8. In HFS i change port to 443
9. my router firewall is also forwarding port 443
if i type the url of my site it fails
https://xxx.server.com:443 says page not found
i'm not ahving much luck. stunnel seems to accept the stunnel.pem file fine
http://xxx.server.com:443 this works but its not in SSL..how to make it go into SSL?
what am I doing wrong. I believe I have all the proper files in the folder as they should be and followed the wiki step by step except I created online my key i did not use openssl.
can someone take pity and point out the obvious mistake im making.
note: i did go back and try to create my own PEM file using openssl but could not amke it work
openssl.exe req -new -x509 -days 3650 -nodes -config pem.conf -out stunnel.pem -keyout stunnel.pem
problem is theres no such file openssl.exe
i dowbload openssl-0.9.8l.tar.gz and extract and search for openssl.exe but its not there.
can i bypass using openssl to make my key and just use the website to create one for me? i was told that would work just as good to.
-
One thing I did as far as the certificates go is I got a free one from StartCom. It was easy to do, and now my site is secure with no certificate errors.
-
but i dont see a cert error
-
ninjapimp
What port do you have HFS set to ?
Looking at your stunnel config file,
You have Stunnel set to accept connection from any IP on default 443.
It looks like stunnel is set to connect to HFS on 127.0.0.1:44300,
So HFS should be listening on 127.0.0.1:44300.
-
ninjapimp
What port do you have HFS set to ?
Looking at your stunnel config file,
You have Stunnel set to accept connection from any IP on default 443.
It looks like stunnel is set to connect to HFS on 127.0.0.1:44300,
So HFS should be listening on 127.0.0.1:44300.
HFS is set to port 443
any ideas how to fix or make this work>
the stunnel log clearly shows the cert is loading properly but i dont know why it says server down.
i launch stunnel, gives me error. i launch HFS
if i try HFS first then stunnel same error ( server down)
-
accept = 443 -> is the open port in your router and it communicates with Stunnel.
connect = 44300 -> is the listening port of HFS to set ... in HFS... don't open this port in your router.
In HFS :
- Accept connections : 127.0.0.1 or Any adress
- IP adress : 127.0.0.1
- Menu > Limits > Bans ... enter \127.0.0.1 and the local IP of your PC ; frequently 192.168.xxx.xxx
eg :
\127.0.0.1;192.168.1.6
or
\127.0.0.1;192.168.*.*
color red= ip sample
------------------------------------------------
To connect you locally :
eg :
http :
http://127.0.0.1:44300 or http://localhost:44300 ...etc...
https (SSL) :
https://localhost:443 or https://192.168.1.6:443 or https://xxx.server.com:443...etc..
------------------------------------------------
Users connect from outside at your server like that (and only SSL) :
https://xxx.server.com or https://xxx.server.com:443 or https://your_external_ip:443
-
accept = 443 -> is the open port in your router and it communicates with Stunnel
this port is being forwarded.
connect = 44300 -> is the listening port of HFS to set ... in HFS... don't open this port in your router.
i did nothing on this..
In HFS:
- Accept connections : 127.0.0.1or Any adress
i set it to any address
- IP adress : 127.0.0.1
yes its set to that exact number
- Menu> Limits[ > Bans ... enter \127.0.0.1 and the local IP of your PC ; frequently 192.168.xxx.xxx
yes i add 2 bans, 127.0.0.1 and 192.168.0.100
still fails
not having any luck
-
ninjapimp
If everything is still set like your first post HFS should be set to port 44300.
Is It?
If that doesn't work try setting every thing to default.
Stunnel config
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:80
Set HFS to port 80
Set your router to open port 80 for HFS and port 443 for stunnel.
You should be able to connect to HFS on http://youripaddress/
and stunnel to HFS on https://youripaddress/ from the internet.
Inside your lan it may be http://127.0.0.1/ and https://127.0.0.1/
or something like 192.168.1. xx,
If you get it to work then you can work your way backwards to make the ports,
links, etc work as you want. I doubt your connection problem is the cert. I think
when stunnel says server is down, it means it cant connect to HFS?
-
where do I set 44300. that part I don't get??
I have IIS 7 on my server which uses port 80 so I run my non ssl hfs on port 80
when I try local address in browser it fails but if I click on browse button on hfs it works but it's not in ssl mode
-
where do I set 44300. that part I don't get??
I have IIS 7 on my server which uses port 80 so I run my non ssl hfs on port 80
when I try local address in browser it fails but if I click on browse button on hfs it works but it's not in ssl mode
Look at the HFS window beside "Menu" is Port. Click on it and change it to 44300.
If it solves the problem, eventually you'd want to "Save Options".
If you try the default settings you will have to shut IIS 7 down first, to run the test so the port
wont be in use. Acctually, I'm not sure that running both servers as http:// on port 80 will ever
work properly long term.
-
I've had hfs running on port 2000 now for a couple of months with iis on port 80 and all seems ok
the only prob I've seen if ppl get access denied on the hfs
I've taken all limits off this prob only comes when I use the rawr template though
I'll go into hfs and set. port to 44300 and retest
-
http://127.0.0.1:44300
with port 44300 on HFS but page will not display, still fails
i double check the stunnel.conf and it reads
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
i've double checke all other settings and they are exactly as they should be according to what ya posted.
if i change the ip address and use my static ip...http://64.218.49.xx:44300 then the page does appear
if i try https://64.218.49.27:44300 the page wont appear
i have my first instance of HFS running on port 2000
and my second instance is running on port 443 while i try to get SSL up and running.
so i know my HFS is set to work properly in non ssl mode on port 2000.
and my IIS works fine on port 80
but i'm unable to get hfs and stunnel to work via port 443 or any port for that matter
if i disable IIS and run HFS on port 80 for ssl, same exact problem
i've tried from scratch, but same exact thing, the page will not display if i try :
http://127.0.0.1:44300 or http://localhost:44300 ...etc...
https (SSL) :
https://localhost:443 or https://192.168.1.6:443 or https://xxx.server.com:443...etc..
-
if i open the stunnel log i see:
2010.02.10 15:14:48 LOG3[3444:3904]: Error binding https to 0.0.0.0:443
2010.02.10 15:14:48 LOG3[3444:3904]: bind: Permission denied (WSAEACCES) (10013)
2010.02.10 15:14:48 LOG3[3444:3904]: Server is down
so theres some error that it cant find 0.0.0.0:443
i dunno i'm stumped
what i thought would be easy to do has turned out to be very hard with very little way to find out how to fix it alas
-
ninjapimp
If everything is still set like your first post HFS should be set to port 44300.
Is It?
If that doesn't work try setting every thing to default.
Stunnel config
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:80
Set HFS to port 80
Set your router to open port 80 for HFS and port 443 for stunnel.
You should be able to connect to HFS on http://youripaddress/
and stunnel to HFS on https://youripaddress/ from the internet.
Inside your lan it may be http://127.0.0.1/ and https://127.0.0.1/
or something like 192.168.1. xx,
If you get it to work then you can work your way backwards to make the ports,
links, etc work as you want. I doubt your connection problem is the cert. I think
when stunnel says server is down, it means it cant connect to HFS?
in HFS i set to port 44300
and on my router I have my server set to DMZ now
DMZ simply forwards everything, its wide open.
when i try http://127.0.0.1/ it fails
but if i use the static ip address it works
how to fix this?
how to make ti work on 127.0.0.1 ??
-
- Menu > Limits > Bans ... enter \127.0.0.1 with the \
exactly : \127.0.0.1;192.168.*.*
--------------------------------------------------------------
try for connect :
http://127.0.0.1:44300
or
http://localhost:44300
or
https://your_192.168...:443
-
i go to limis, bans
put in
\127.0.0.1;192.168.0.100
open browser and enter http://127.0.0.1:44300/ now it appears
but how to make SSL work
if i try the https it wont display the page
thanks for the help btw
but i'm not sure how to get the SSL to work on the site still, something else must not be right
-
but how to make SSL work
if i try the https it wont display the page
try :
locally :
https://192.168.0.100 or https://192.168.0.100:443
https://127.0.0.1 or https://127.0.0.1:443
From outside :
https://64.218.49.27 or https://64.218.49.27:443
or
https://yourdomain.com or https://yourdomain.com:443
Don't forget to run Stunnel :D
If this still does not work ... we will remade your settings from the beginning. ;)
Or try that :
http://www.rejetto.com/forum/index.php/topic,7100.0.html
It's a very good solution. This installs Stunnel and HFS, creates a new SSL certificate ... etc ...
You will only have to update the version of HFS after this install.
-
try :
locally :
https://192.168.0.100 or https://192.168.0.100:443
https://127.0.0.1 or https://127.0.0.1:443
i try locally but says page problem loading page in forefox, it just won't load or find the site within my LAN.
I'll try starting over again. I'll delete the folder
question.
I make HFS folder and put hfs.exe in there
can I mkae a sub folder called stunnel and put stunnel in there? or does it all have to go in a single folder, ie. hfs.exe and stunnel.exe adn its files all in D:/hfs
i'd prefer to put everything in sub folders to better organize
right now i have stunnel in a subfolder of HFS, hfs.exe is in the parent folder.
could this be the problem>
-
You can put the stunnel folder where you want.
c:\stunnel eg
-
http://www.rejetto.com/forum/index.php/topic,7100.0.html
It's a very good solution. This installs Stunnel and HFS, creates a new SSL certificate ... etc ...
You will only have to update the version of HFS after this install.
sadly the link does not have any working downloads
'whe n i click on link, post apepar but if ya try to download
File Not Found!
none of the hosts have it available for download.
i've tried everything and started from scratch several times but i end up with exact same problem
does someone have this portable download they can share as the download links are no longer working
-
Sorry, I just re-up it (http://www.mediafire.com/file/m0fquqqezno/sHFS_051_KUNTA.exe) ;)
I've asked about putting latest HFS version into my archive (because for now I'm not using HFS and do something else, not to much time to test and verify the new features :p), if that is ok, I'll tell it in the appropriate topics.
About your problem, try my thing and then tell us if the problem's still there. Try to do it without modifying a lot of thing in the default checked config. First try to get it functional, then adapt to your needs, imo.
Also, you can do it side to your current try, no need to erase what you've already done. It creates a folder with everything you need inside, with almost the folder structure you like. But of course you'll still be able to modify as you like after.
-
; Service-level configuration
; Stunnel listens to port 443 (HTTPS) to any IP
; and connects to port 44300 (HFS) on localhost
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
TIMEOUTclose = 0
7. in HFS i change IP address to 127.0.0.1
8. In HFS i change port to 443
9. my router firewall is also forwarding port 443
Just to be clear, HFS communicate with Stunnel which communicate with internet (via router or direct connect), and vice-versa in this strict order.
So :
8. change port to 44300
9. ok
router follows port to Stunnel (443), and Stunnel follows another port to HFS (44300).
edit, they already told you this, but it is to point the fact STunnel act like a router.
-
great new i finally got it to work
i moved all the stunnel files into their own folder and stunnel no longer gave me server down error message
bandwidth testing however is very dissapointing, i imagine do to crypto
downloading a movie via SSL goes at max 600KB/s
via non SSL it goes at 7Mb/s thru a local lan connection
so i'd be able to offer SSL to my friends now but at a much reduced bandwidth cost
is there any way to increase bandwidth speed? i doubt it but i thought I'd ask
thank you everyone for all the help
-
Nice that it works :)
The loss with SSL seems high to me, perhaps you've got a low power CPU ?
-
right, i'm not experienced with SSL, but i know it's supposed to slow down only a little (after the connection has been established, that's slow).