服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法在Ubuntu 15.04上启动stunnel4
Intereting Posts
PostgreSQL服务initdb不起作用 企业内部URL约定 新的IIS站点 – WebApp错误 Apache没有任何错误页面 仅使用sudo权限编辑根写入文件 简单的networking/路由问题 数据包通过两台路由器DNATing它们,源IP丢失 我可以在哪里托pipe我的YouTube的FLV文件? Linux / Unix – / etc / sudoers – 主机定义 简单拓扑中的路由/网关问题 如何在Ubuntu上以不同的用户身份运行我的瘦服务器? 强制mysql客户端使用IP通过主机名(从python)? 如何阻止特定types的DDoS攻击? 使用桥接NIC适配器进行networking负载平衡 SSH公钥authentication只适用于之前存在活动会话的情况

无法在Ubuntu 15.04上启动stunnel4

在Ubuntu 15.04上启动stunnel4服务时出现以下错误: 

root@scw-d91ec7:~# service stunnel4 start Job for stunnel4.service failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details. root@scw-d91ec7:~# systemctl status stunnel4.service ● stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons) Loaded: loaded (/etc/init.d/stunnel4) Active: failed (Result: exit-code) since Mon 2015-08-24 17:03:25 UTC; 11s ago Docs: man:systemd-sysv-generator(8) Process: 2869 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=1/FAILURE) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] bind: Cannot assign requested address (99) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Closing service [ssh] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Service [ssh] closed Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1 Aug 24 17:03:25 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). Aug 24 17:03:25 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state. Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service failed. Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: You should check that you have specified the pid= in you configuration file

/etc/stunnel/stunnel.conf: 

 root@scw-d91ec7:~# cat /etc/stunnel/stunnel.conf pid = /var/run/stunnel.pid cert = /etc/stunnel/stunnel.pem [ssh] accept = 212.43.222.123:443 connect = 127.0.0.1:22

在/ etc /默认/ stunnel4: 

 root@scw-d91ec7:~# cat /etc/default/stunnel4 # /etc/default/stunnel # Julien LEMOINE <[email protected]> # September 2003 # Change to one to enable stunnel automatic startup ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 # Change to enable the setting of limits on the stunnel instances # For example, to set a large limit on file descriptors (to enable # more simultaneous client connections), set RLIMITS="-n 4096" # More than one resource limit may be modified at the same time, # eg RLIMITS="-n 4096 -d unlimited" RLIMITS=""

Ubuntu发布: 

 root@scw-d91ec7:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 15.04 Release: 15.04 Codename: vivid

stunnel版本: 

 root@scw-d91ec7:~# stunnel -version stunnel 5.06 on arm-unknown-linux-gnueabihf platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP Global options: debug = daemon.notice pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no") curve = prime256v1 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none

… 更多细节: 

 root@scw-d91ec7:~# journalctl -xe Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] errno: (*__errno_location ()) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Reading configuration from file /etc/stunnel/stunnel.conf Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] FIPS mode disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Compression disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Snagged 64 random bytes from /dev/urandom Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] PRNG seeded successfully Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Initializing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading cert from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading key from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [:] Insecure file permissions on /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Private key check succeeded Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Could not load DH parameters from /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Using hardcoded DH parameters Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialized with 2048-bit key Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialized with curve prime256v1 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] SSL options: 0x03000004 (+0x03000000, -0x00000000) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Configuration successful Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Listening file descriptor created (FD=7) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] bind: Cannot assign requested address (99) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Closing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Service [ssh] closed Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1 Aug 24 17:18:12 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). -- Subject: Unit stunnel4.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit stunnel4.service has failed. -- -- The result is failed. Aug 24 17:18:12 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state. Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service failed. Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: You should check that you have specified the pid= in you configuration file

任何想法 ?

这是212.43.222.123真的是你的服务器的IP地址,还是你NAT'D背后的东西? 如果你是NAT,那么你的accept =需要指向你的局域网IP。

什么是ifconfig的输出?

或者我想知道/ etc / services /文件是否阻止您将端口443绑定到https以外的其他服务; 如果这真的是IP地址,请尝试在/etc/services注释引用443的两行,然后重新启动stunnel4。

默认的/etc/services行: 

 https 443/tcp # http protocol over TLS/SSL https 443/udp

改变之后: 

 #https 443/tcp # http protocol over TLS/SSL #https 443/udp

由于您试图在特权端口上进行绑定,因此您需要root权限。 快速testing将尝试绑定到一个更高的端口(8443?),看看它是否工作。