Ubuntu
無法在 Ubuntu 15.04 上啟動 stunnel4
在 Ubuntu 15.04 上啟動 stunnel4 服務時出現以下錯誤:
root@scw-d91ec7:~# service stunnel4 start Job for stunnel4.service failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details. root@scw-d91ec7:~# systemctl status stunnel4.service ● stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons) Loaded: loaded (/etc/init.d/stunnel4) Active: failed (Result: exit-code) since Mon 2015-08-24 17:03:25 UTC; 11s ago Docs: man:systemd-sysv-generator(8) Process: 2869 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=1/FAILURE) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] bind: Cannot assign requested address (99) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Closing service [ssh] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Service [ssh] closed Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1 Aug 24 17:03:25 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). Aug 24 17:03:25 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state. Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service failed. Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: You should check that you have specified the pid= in you configuration file
/etc/stunnel/stunnel.conf:
root@scw-d91ec7:~# cat /etc/stunnel/stunnel.conf pid = /var/run/stunnel.pid cert = /etc/stunnel/stunnel.pem [ssh] accept = 212.43.222.123:443 connect = 127.0.0.1:22
/etc/default/stunnel4:
root@scw-d91ec7:~# cat /etc/default/stunnel4 # /etc/default/stunnel # Julien LEMOINE <speedblue@debian.org> # September 2003 # Change to one to enable stunnel automatic startup ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 # Change to enable the setting of limits on the stunnel instances # For example, to set a large limit on file descriptors (to enable # more simultaneous client connections), set RLIMITS="-n 4096" # More than one resource limit may be modified at the same time, # e.g. RLIMITS="-n 4096 -d unlimited" RLIMITS=""
Ubuntu 版本:
root@scw-d91ec7:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 15.04 Release: 15.04 Codename: vivid
隧道版本:
root@scw-d91ec7:~# stunnel -version stunnel 5.06 on arm-unknown-linux-gnueabihf platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP Global options: debug = daemon.notice pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no") curve = prime256v1 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
… 更多細節:
root@scw-d91ec7:~# journalctl -xe Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] errno: (*__errno_location ()) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Reading configuration from file /etc/stunnel/stunnel.conf Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] FIPS mode disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Compression disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Snagged 64 random bytes from /dev/urandom Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] PRNG seeded successfully Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Initializing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading cert from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading key from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [:] Insecure file permissions on /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Private key check succeeded Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Could not load DH parameters from /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Using hardcoded DH parameters Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialized with 2048-bit key Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialized with curve prime256v1 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] SSL options: 0x03000004 (+0x03000000, -0x00000000) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Configuration successful Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Listening file descriptor created (FD=7) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] bind: Cannot assign requested address (99) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Closing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Service [ssh] closed Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1 Aug 24 17:18:12 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). -- Subject: Unit stunnel4.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit stunnel4.service has failed. -- -- The result is failed. Aug 24 17:18:12 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state. Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service failed. Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: You should check that you have specified the pid= in you configuration file
任何的想法 ?
這
212.43.222.123
真的是您伺服器的 IP 地址,還是您在某些東西後面進行了 NAT?如果您是 NAT,那麼您accept =
需要指向您的 LAN ip。的輸出是
ifconfig
什麼?或者我想知道/etc/services/文件是否阻止您將埠 443 綁定到 https 以外的服務;如果這確實是 IP 地址,請嘗試註釋掉引用 443 的 2 行,
/etc/services
然後再次重新啟動 stunnel4。預設
/etc/services
行:https 443/tcp # http protocol over TLS/SSL https 443/udp
更改後:
#https 443/tcp # http protocol over TLS/SSL #https 443/udp