I am connecting to the internet in country where many sites blocked. So the method of connection is:
ssh -D 3030 root#46.101.111.333
then I configured in the Network Preferences
this way I able to connect anywhere using my browser. No problem. But when I want to install NPM modules or Meteor.js plugins with Terminal I get an error.
in NPM:
errno: 'ECONNREFUSED' If you are behind a proxy, please make sure that the 'proxy' config is set properly. See: 'npm help config'
in METEOR:
Unable to update package catalog (are you offline?)
If you are using Meteor behind a proxy, set HTTP_PROXY and HTTPS_PROXY
environment variables or see this page for more details:
https://github.com/meteor/meteor/wiki/Using-Meteor-behind-a-proxy
I followed both Meteor & NPM documentations.
Meteor
export HTTP_PROXY=http://root:password#46.101.111.333:3030
export HTTPS_PROXY=http://root:password#46.101.111.333:3030
meteor update
NPM
npm config set proxy http://root:password#46.101.111.333:3030
npm config set https-proxy http://root:password#46.101.111.333:3030
and some others...
Please help, what do I need to do else.. Is it ssh or proxy specific issue. Are my settings correct ?
Suppose your SOCKS5 proxy is: 127.0.0.1:3030 ...
Install proxychains-ng by homebrew
Create a ~/.proxychains/proxychains.conf
for example, you may need to add one line:
socks5 127.0.0.1 3030
following [ProxyList]:
# proxychains.conf VER 4
#
# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#
# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list.
# this option is good to test your IDS :)
# Make sense only if random_chain
#chain_len = 2
# Quiet mode (no output from library)
#quiet_mode
# Proxy DNS requests - no leak for DNS data
proxy_dns
# set the class A subnet number to usefor use of the internal remote DNS mapping
# we use the reserved 224.x.x.x range by default,
# if the proxified app does a DNS request, we will return an IP from that range.
# on further accesses to this ip we will send the saved DNS name to the proxy.
# in case some control-freak app checks the returned ip, and denies to
# connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x.
# of course you should make sure that the proxified app does not need
# *real* access to this subnet.
# i.e. dont use the same subnet then in the localnet section
#remote_dns_subnet 127
#remote_dns_subnet 10
remote_dns_subnet 224
# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000
# By default enable localnet for loopback address ranges
# RFC5735 Loopback address range
localnet 127.0.0.0/255.0.0.0
# RFC1918 Private Address Ranges
# localnet 10.0.0.0/255.0.0.0
# localnet 172.16.0.0/255.240.0.0
# localnet 192.168.0.0/255.255.0.0
# Example for localnet exclusion
## Exclude connections to 192.168.1.0/24 with port 80
# localnet 192.168.1.0:80/255.255.255.0
## Exclude connections to 192.168.100.0/24
# localnet 192.168.100.0/255.255.255.0
## Exclude connections to ANYwhere with port 80
# localnet 0.0.0.0:80/0.0.0.0
# ProxyList format
# type host port [user pass]
# (values separated by 'tab' or 'blank')
#
#
# Examples:
#
# socks5 192.168.67.78 1080 lamer secret
# http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
#
#
# proxy types: http, socks4, socks5
# ( auth types supported: "basic"-http "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5 127.0.0.1 3030
then run the meteor by adding proxychains4 in front, e.g.:
proxychains4 meteor add angularui:angular-ui-router
Related
I do believe I am most likely having issues with my HAProxy file, but I am unsure. I have previously used this same config file to access other services in containers, as well as other services on other loadbalancers, as well as apache systems, and now I am unable to do so.
I do not believe that the other service is to blame, as they are native snap installs.
HAProxy status URI shows the status as L7STS/502, and attempting to load the pages for the port show as 503.
Before, a page was loading, but it was Nextcloud, and so I went into the Gitlab config.rb file, and changed the Default Port for NGinx from 80 to 8800, and ran the gitlab-ctl reconfigure command to rebuild Git onto the other port, and made the correction appropriately inside of HAProxy as well.
Other services that are not behind a proxy of any kind are loading just fine, and docker container services are not loading appropriately either, showing the same 503 error, which leads me further to believe its my HAProxy config file.
Here is a HAProxy Config File:
global
log 127.0.0.1 syslog
maxconn 1000
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option contstats
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
###########################################
#
# HAProxy Stats page
#
###########################################
listen stats
bind *:9090
mode http
maxconn 10
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth -----:-----
###########################################
#
# Front end for all
#
###########################################
frontend ALL
bind *:80
mode http
# Define path for lets encrypt
acl is_letsencrypt path_beg -i /.well-known/acme-challenge/
use_backend letsencrypt if is_letsencrypt
# Define hosts
acl host_horizon hdr(host) -i horizon.eduarmor.com
acl host_eduarmor hdr(host) -i www.eduarmor.com
acl host_nextcloud hdr(host) -i nextcloud.eduarmor.com
acl host_git hdr(host) -i git.eduarmor.com
acl host_minecraft hdr(host) -i mine.eduarmor.com
acl host_sugar hdr(host) -i sugar.eduarmor.com
acl host_maas hdr(host) -i maas.eduarmor.com
acl host_rocketchat hdr(host) -i rocketchat.eduarmor.com
acl host_hive hdr(host) -i hive.eduarmor.com
# Direct hosts to backend
use_backend horizon if host_horizon
use_backend eduarmor if host_eduarmor
use_backend nextcloud if host_nextcloud
use_backend git if host_git
use_backend minecraft if host_minecraft
use_backend sugar if host_sugar
use_backend maas if host_maas
use_backend rocketchat if host_rocketchat
use_backend hive if host_hive
###########################################
#
# Back end letsencrypt
#
###########################################
backend letsencrypt
server letsencrypt 127.0.0.1:8888
###########################################
#
# Back end for Horizon
#
###########################################
backend horizon
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.30:80 check
# server server2 0.0.0.0:80 check
###########################################
#
# Back end for EduArmor
#
###########################################
backend eduarmor
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.59:80 check
# server server2 0.0.0.0:80 check
##########################################
#
# Back end for Nextcloud
#
##########################################
backend nextcloud
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:80 check
##########################################
#
# Back end, Gitlab
#
##########################################
backend git
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:8800 check
##########################################
#
# Back end, Minecraft
#
##########################################
backend minecraft
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:25565 check
##########################################
#
# Back end, PHPSugar
#
##########################################
backend sugar
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:80 check
##########################################
#
# Back End, MAAS
#
##########################################
backend maas
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.100:5240 check
##########################################
#
# Back end for Rocketchat
#
##########################################
backend rocketchat
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:3000 check
server server2 10.0.0.102:3000 check
##########################################
#
# Back end for The Hive
#
##########################################
backend hive
balance roundrobin
# option httpchk GET /check
option httpchk GET /
# http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 10.0.0.101:9000 check
server server2 10.0.0.102:9000 check
I would greatly appreciate any advice or insight into solving this problem, as well as any additional resources you may have on best practices, especially including configuring for SSL/TLS usage.
The solution was to comment out the option httpchk GET / comment, specifically for thehive backend, as well as shift away from using docker-compose to docker-swarm, which also substantially increased my knowledge as a whole of how docker works. The combination of issues from docker-compose combined with the / CHK was causing HAProxy to read the services as down, and returning a 503 error, which also meant it would never serve the services.
I would like to thank the anonymous person who volunteered their time to teach me docker-swarm and CI/CD processes tonight. I am much better for it than I would ever have been with being just spoon fed the answer, and I thank you so much for it, so do a lot of homeless veterans.
I use WebStorm and working with React. from some moment IDE just stoped watching for file changes and now I have to reload my server to see the changes. I have no idea what I did.
I found this (https://blog.jetbrains.com/idea/2010/04/native-file-system-watcher-for-linux/) page, but it's not helpful for me. my /etc/sysctl.conf is now looking like this:
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
#fs.inotify.max_user_watches=524288
This usually happens when the project is large and contains many files.
I have also faced a similar issue. I solved it by increasing the file watch size.
Just uncomment the line fs.inotify.max_user_watches=524288 from the file /etc/sysctl.conf and save it. To load the new setting run sudo sysctl -p in the terminal
I'm trying to serve SonarQube using Caddy. I'm able to view the site, but it returns 502 Bad Gateway. The service appears to be up and running. Also curling locally is rejected.
curl
curl -I 0.0.0.0:9000
curl: (7) Failed to connect to 0.0.0.0 port 9000: Connection refused
sonar.properties
#--------------------------------------------------------------------------------------------------
# WEB SERVER
# Web server is executed in a dedicated Java process. By default heap size is 512Mb.
# Use the following property to customize JVM options.
# Recommendations:
#
# The HotSpot Server VM is recommended. The property -server should be added if server mode
# is not enabled by default on your environment:
# http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
#
# Startup can be long if entropy source is short of entropy. Adding
# -Djava.security.egd=file:/dev/./urandom is an option to resolve the problem.
# See https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Entropy_Source
#
#sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings like -Xmx
#sonar.web.javaAdditionalOpts=
# Binding IP address. For servers with more than one IP address, this property specifies which
# address will be used for listening on the specified ports.
# By default, ports will be used on all IP addresses associated with the server.
#sonar.web.host=0.0.0.0
# Web context. When set, it must start with forward slash (for example /sonarqube).
# The default value is root context (empty value).
#sonar.web.context=
# TCP port for incoming HTTP connections. Default value is 9000.
#sonar.web.port=9000
sonar.web.https.port=8999
Caddyfile
https://....com {
tls self_signed
gzip
proxy / 0.0.0.0:9000
}
http://....com {
tls off
gzip
proxy / 127.0.0.1:9000
}
0.0.0.0 is not a routable address. It is used by servers as a "meta-address" to specify that it should listen on all available addresses as opposed to just one. So a server can listen on 0.0.0.0, but a client cannot make requests to 0.0.0.0. Your Caddyfile should look like this:
https://....com {
tls self_signed
gzip
proxy / 127.0.0.1:9000
}
http://....com {
tls off
gzip
proxy / 127.0.0.1:9000
}
And local cURL requests should look like this: curl 127.0.0.1:9000
Scenario
Two host machines, one Windows, one OS X, both running Vagrant and Virtualbox.
Problem
VirtualBox on Mac cannot bind to ports below 1024 without root access.
Don't know how to port forward port on Windows machine
Symptoms
Apache running perfectly on both machines
Mac can access site.local:8080 and use pfctl to access this on site.local
Windows machine can access site.local:8080 or site.local:80 (no port forwarding)
curl site.local on guest machine returns expected output
curl site.local on host machine returns connection refused
iptables on host machine dis
Port forwarding guest port 80 to host port 80 on Mac was working until today. Don't know how or why. Stopped for some reason.
Question
How can I force VirtualBox to run as root on port 80 (regarded as a bad idea)
Alternatively, how can I setup port forwarding on the Windows machine so that site.local:8080 is accessible at site.local?
Alternatively, how can I setup an OS-specific Vagrantfile that can be version controlled.
What I've tried
http://gielberkers.com/fixing-vagrant-port-forwarding-osx-yosemite/ - Works
Port forwarding on Windows 7 - Doesn't work
Enabling config.vm.network "public_network" and binding to en0 gives this error:
==> default: Configuring and enabling network interfaces...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
ARPCHECK=no /sbin/ifup eth1 2> /dev/null
Stdout from the command:
Determining IP information for eth1... failed.
Stderr from the command:
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = “devbox”
config.vm.provision :shell, path: "provision.sh"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
config.vm.network "forwarded_port", guest: 80, host: 80
config.vm.network "forwarded_port", guest: 443, host: 443
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# If true, then any SSH connections made will enable agent forwarding.
# Default value: false
# config.ssh.forward_agent = true
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Don't boot with headless mode
# vb.gui = true
#
# # Use VBoxManage to customize the VM. For example to change memory:
# vb.customize ["modifyvm", :id, "--memory", "1024"]
# end
#
# View the documentation for the provider you're using for more
# information on available options.
# Enable provisioning with CFEngine. CFEngine Community packages are
# automatically installed. For example, configure the host as a
# policy server and optionally a policy file to run:
#
# config.vm.provision "cfengine" do |cf|
# cf.am_policy_hub = true
# # cf.run_file = "motd.cf"
# end
#
# You can also configure and bootstrap a client to an existing
# policy server:
#
# config.vm.provision "cfengine" do |cf|
# cf.policy_server_address = "10.0.2.15"
# end
# Enable provisioning with Puppet stand alone. Puppet manifests
# are contained in a directory path relative to this Vagrantfile.
# You will need to create the manifests directory and a manifest in
# the file default.pp in the manifests_path directory.
#
# config.vm.provision "puppet" do |puppet|
# puppet.manifests_path = "manifests"
# puppet.manifest_file = "default.pp"
# end
# Enable provisioning with chef solo, specifying a cookbooks path, roles
# path, and data_bags path (all relative to this Vagrantfile), and adding
# some recipes and/or roles.
#
# config.vm.provision "chef_solo" do |chef|
# chef.cookbooks_path = "../my-recipes/cookbooks"
# chef.roles_path = "../my-recipes/roles"
# chef.data_bags_path = "../my-recipes/data_bags"
# chef.add_recipe "mysql"
# chef.add_role "web"
#
# # You may also specify custom JSON attributes:
# chef.json = { mysql_password: "foo" }
# end
# Enable provisioning with chef server, specifying the chef server URL,
# and the path to the validation key (relative to this Vagrantfile).
#
# The Opscode Platform uses HTTPS. Substitute your organization for
# ORGNAME in the URL and validation key.
#
# If you have your own Chef Server, use the appropriate URL, which may be
# HTTP instead of HTTPS depending on your configuration. Also change the
# validation key to validation.pem.
#
# config.vm.provision "chef_client" do |chef|
# chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
# chef.validation_key_path = "ORGNAME-validator.pem"
# end
#
# If you're using the Opscode platform, your validator client is
# ORGNAME-validator, replacing ORGNAME with your organization name.
#
# If you have your own Chef Server, the default validation client name is
# chef-validator, unless you changed the configuration.
#
# chef.validation_client_name = "ORGNAME-validator"
end
try to use following string in config file:
config.vm.network "forwarded_port", guest: 80, host: 80
https://docs.vagrantup.com/v2/networking/forwarded_ports.html
in additional you need to enable Public Network in the Vagrantfile
config.vm.network "public_network"
http://docs.vagrantup.com/v2/networking/public_network.html
If that doesnt help, may you please show your Vagrantfile?
I am configuring the haproxy.cfg file for haproxy. i need to add cipher suite in this file. for that i am using bind command. My bind command is as below.
bind 0.0.0.0:443 ssl crt /etc/ssl/certs/private1.pem nosslv3
prefer-server-ciphers ciphers
TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:#STRENGTH
With bind command bind *:443 it is working fine. once i add the other arguments its throwing error.
After including this command in haproxy.cfg file and restarting the haproxy service. i am getting the error.
**
[ALERT] 164/074924 (31084) : parsing [/etc/haproxy/haproxy.cfg:80] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 164/074924 (31084) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 164/074924 (31084) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.
**
For resolving this issue i tried to install "libssl-dev" package. but i am not able to install that package also.
**Please guide me to do this. and i need to know is it neccesary to give the pem file entry in bind, or i can directly include cipher itself like this.
bind *:8443 ciphers TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:#STRENGTH**
Appending my haproxy.cfg file below.
**#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
frontend inbound
mode http
bind 0.0.0.0:443 ssl crt /etc/ssl/certs/private1.pem nosslv3 prefer-server-ciphers ciphers TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:#STRENGTH
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend postgresqlcluster1
mode http
balance roundrobin
server postgres1 192.44.9.101:8080 check**
You need to be using 1.5-dev19+ (current is 15.-dev26) to utilize any of the ssl functionality; based on the error and the config excerpt, it looks like you are running 1.4.