Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
UltiDev Web Server Pro not working behind stunnel
Options
Previous Topic Next Topic
mburgett
#1 Posted : Saturday, March 3, 2012 9:12:17 PM(UTC)
Groups: Member
Joined: 3/3/2012(UTC)
Posts: 3
Hello,

We have a server behind the firewall that used Cassini web server. We set up an stunnel on our firewall, and everything was working correctly.

I upgraded the app today, and it uninstalled Cassini and installed UltiDev Web Server Pro 2.0.010. Everything *except* access through the stunnel seems to be working fine. (access from other machines behind the firewall, and access through a normal port redirection at the firewall)

I note other stunnels (to other services, like redmine, and Code Collaborator) continue to work fine, and show a very similar packet structure when I sniffed them.

I have a wireshark capture of the stunnel->UltiDev Web Pro traffic. I thought it was odd that the first packet through to Web Pro contains only the 'G' and the 2nd payload begins 'ET / HTTP...' but it doesn't seem to bother the other services hosted on the internal network.

I've attached the wireshark capture of the packets, up to and including the timeout-reset from Web Pro.

Has this been tested with stunnel, and are there any special config settings needed on either side?


File Attachment(s):
stunnel_connect.zip (2kb) downloaded 95 time(s).
Back to top
Ultidev Team
#2 Posted : Saturday, March 3, 2012 11:01:01 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi there!

Unlike UltiDev Cassini, which uses plain sockets to get requests, UltiDev Web Server Pro (UWS) uses HTTP.SYS kernel driver (a.k.a. http server API) - same as IIS 6 and 7. Everything related to networking is now going through http.sys. If the box in question has IIS 6 or 7 on it, could you please try to reach an IIS site via stunnel to ensure the problem is UWS-specific, and not http.sys-stunnel conflict. We didn't test with stunnel, so unfortunately we don't know what is going on.

If you use stunnel just to get encryption/identity, consider using the latest UWS (build 15 as of time of writing) - it now supports SSL.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
mburgett
#3 Posted : Sunday, March 4, 2012 1:18:39 PM(UTC)
Groups: Member
Joined: 3/3/2012(UTC)
Posts: 3
Originally Posted by: Ultidev Team Go to Quoted Post
Unlike UltiDev Cassini, which uses plain sockets to get requests, UltiDev Web Server Pro (UWS) uses HTTP.SYS kernel driver (a.k.a. http server API) - same as IIS 6 and 7. Everything related to networking is now going through http.sys. If the box in question has IIS 6 or 7 on it, could you please try to reach an IIS site via stunnel to ensure the problem is UWS-specific, and not http.sys-stunnel conflict. We didn't test with stunnel, so unfortunately we don't know what is going on.


Thanks for your response, but no I don't have IIS on this box, which why it was originally using the Cassini server.

Originally Posted by: Ultidev Team Go to Quoted Post
If you use stunnel just to get encryption/identity, consider using the latest UWS (build 15 as of time of writing) - it now supports SSL.


The stunnel runs on the machine that has the cert assigned for the address, so I don't think using SSL on the box behind the firewall is an option without adding certs.

Is there any logging I can enable on Web Pro that will help diagnose the problem with the stunnel packets?

Thanks,
Mike
Back to top
Ultidev Team
#4 Posted : Sunday, March 4, 2012 2:26:05 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
We are afraid it's impossible to trace packets all the way to UWS - the listening occurs in http.sys, which is a kernel-level driver, and UWS receives pre-parsed http request and has no access to TCP/IP stack. However, if you research this issue as related to IIS, you may find hepful information.

If you need SSL, UWS has a complete step-b-step document explaining how to get real free server certificate for an Internet web domain.

We are sorry we could not help with stunnel.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
 |  Edit by user
mburgett
#5 Posted : Sunday, March 4, 2012 4:48:28 PM(UTC)
Groups: Member
Joined: 3/3/2012(UTC)
Posts: 3
Originally Posted by: Ultidev Team Go to Quoted Post
We are sorry we could not help with stunnel.


Yes, me too. Since all stunnel is doing is the SSL portion,and sending regular http thru to the internal server this seems like an odd attitude, but it's your option, I just thought you might want to know you'd created a regression issue with Web Pro. (Neither Apache, P4Web nor Code Collaborator have an issue with stunnel, so the problem must be in the Web Pro/http.sys implementation, I would suspect.)

I'll investigate other options. Thank you for your time.
Back to top
Ultidev Team
#6 Posted : Sunday, March 4, 2012 6:16:42 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hello!

We have duly noted the issue, but unfortunately we do not have resources to troubleshoot this issue right now. We are sorry we could not help.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
 |  Edit by user
Rss Feed  Atom Feed
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.

Powered by YAF 1.9.5.5 | YAF © 2003-2011, Yet Another Forum.NET