[SR-Users] Kamailio doesn't start with TLS

Олег Подгуйко podguiko at mail.ru
Wed Jun 5 12:18:32 CEST 2019 

When User and Group = kamailio I can't start kamailio.service at all. I get errors () 

>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) ERROR: <core> [core/tcp_main.c:2855]: tcp_init(): bind(9, 0x7fb6ef026f84, 16) on  37.143.9.210:443  : Permission denied
The question is why? If am using User and Group = root it works.

Group Kamailio exist and user too.

I suppose Linux does not allow kamailio to bind to 443 port.


>Среда,  5 июня 2019, 12:42 +03:00 от Denys Pozniak <denys.pozniak at gmail.com>:
>
>Hello!
>Try to set in the service file: 
>User=kamailio
>Group=daemon
>
>ср, 5 июн. 2019 г. в 08:25, Karsten Horsmann < khorsmann at gmail.com >:
>>Hi,
>>
>>Check if group or user Kamailio is still available.
>>
>>I had the same issue on upgrade from 5.0.x to 5.2.3.
>>
>>In my case group Kamailio was gone. 
>>
>>
>>Олег Подгуйко < podguiko at mail.ru > schrieb am Di., 4. Juni 2019, 21:22:
>>>Hi,
>>>
>>>I'm using Centos7
>>>
>>>
>>>I checked the kamailio.servirse file
>>>
>>>It looks like
>>>
>>>[root at p534507 ~]# cat /usr/lib/systemd/system/kamailio.service
>>>[Unit]
>>>Description=Kamailio (OpenSER) - the Open Source SIP Server
>>>Wants=network-online.target
>>>After=network-online.target
>>>ange[Service]
>>>Type=simple
>>>User=kamailio
>>>Group=kamailio
>>>Environment='CFGFILE=/etc/kamailio/kamailio.cfg'
>>>Environment='SHM_MEMORY=64'
>>>Environment='PKG_MEMORY=4'
>>>EnvironmentFile=-/etc/sysconfig/kamailio
>>>ExecStart=/usr/sbin/kamailio -DD -P /var/run/kamailio/kamailio.pid -f $CFGFILE -m $SHM_MEMORY -M $PKG_MEMORY
>>>Restart=on-failure
>>>[Install]
>>>WantedBy=multi-user.target
>>>[root at p534507 ~]#
>>>
>>>I changed
>>>User and Group....... to root..... and kamailio.service is working now. But it looks like strange for me. Why dint't it work with kamailio user?
>>>
>>>
>>>
>>>
>>>>Вторник,  4 июня 2019, 18:20 +03:00 от Karsten Horsmann < khorsmann at gmail.com >:
>>>>
>>>>Hi,
>>>>
>>>>Starting via cli works and via systemctl not. That's an sign for some permissions that systemctl what's to set (group for example or user) are not there. 
>>>>
>>>>Also included files like tls.cfg and certificates are not readable for the user:group systemctl what's to start Kamailio. 
>>>>
>>>>Cheers 
>>>>Karsten 
>>>>Daniel-Constantin Mierla < miconda at gmail.com > schrieb am Di., 4. Juni 2019, 15:16:
>>>>>Hello,
>>>>>
>>>>>what is the operating system you are
>>>>>      using?
>>>>>
>>>>>Cheers,
>>>>>Daniel
>>>>>
>>>>>On 04.06.19 14:21, Олег Подгуйко wrote:
>>>>>>Im trying to use kamailio with websocket and tls. It will be use
>>>>>>      as registrar for websocket clients.
>>>>>>I'm using default config with additional websocket, https and tls
>>>>>>      modules. I created some certs for it and  everething looks like
>>>>>>      good.
>>>>>>But when I started kamailio via (systemctl start kamailio) I get
>>>>>>      some errors
>>>>>>
>>>>>>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) INFO:
>>>>>>        <core> [core/udp_server.c:205]:
>>>>>>        probe_max_receive_buffer(): SO_RCVBUF is finally 425984
>>>>>>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) DEBUG:
>>>>>>        <core> [core/tcp_main.c:2753]: tcp_init(): added 37.143.9.210:443
>>>>>>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) ERROR:
>>>>>>        <core> [core/tcp_main.c:2855]: tcp_init(): bind(9,
>>>>>>        0x7fb6ef026f84, 16) on  37.143.9.210:443 : Permission denied
>>>>>>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) ERROR:
>>>>>>        tls [tls_init.c:342]: tls_h_init_si(): Error while initializing
>>>>>>        TCP part of TLS socket  37.143.9.210:443
>>>>>>июн 04 15:00:52 p534507.kvmvps kamailio[23502]: 0(23502) DEBUG:
>>>>>>        rtpengine [rtpengine.c:1986]: mod_destroy():
>>>>>>        rtpengine_hash_table_destroy() success!
>>>>>>
>>>>>>
>>>>>>If I start it via /usr/sbin/kamailio  - all work.
>>>>>>
>>>>>>What I do wrong?  
>>>>>>
>>>>>>
>>>>>>
>>>>>>-- 
>>>>>>Олег Подгуйко
>>>>>>_______________________________________________
>>>>>>Kamailio (SER) - Users Mailing List
>>>>>>sr-users at lists.kamailio.org
>>>>>>https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>
>>>>>-- 
>>>>>Daniel-Constantin Mierla -- www.asipto.com
>>>>>www.twitter.com/miconda -- www.linkedin.com/in/miconda _______________________________________________
>>>>>Kamailio (SER) - Users Mailing List
>>>>>sr-users at lists.kamailio.org
>>>>>https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>-- 
>>>Олег Подгуйко
>>_______________________________________________
>>Kamailio (SER) - Users Mailing List
>>sr-users at lists.kamailio.org
>>https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>-- 
>
>BR,
>Denys Pozniak
>
>


-- 
Олег Подгуйко
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190605/8c7fa706/attachment.html>

More information about the sr-users mailing list