Comments (16)
Could you provide your systemd dnscrypt-wrapper.service and logs when you start it?
from dnscrypt-wrapper.
@cofyc , Sorry for confuse, I deploy again, and got following error:
[root@li1260-37 system]# cat /etc/systemd/system/dnscrypt-wrapper.service
[Unit]
Description=dnscrypt-wrapper Service
After=network.target
[Service]
Type=simple
User=dnscrypt-wrapper
ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log
ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-abort
LimitNOFILE=51200
LimitCORE=infinity
LimitNPROC=51200
[Install]
WantedBy=multi-user.target
[root@li1260-37 system]# systemctl start dnscrypt-wrapper
[root@li1260-37 system]# systemctl status dnscrypt-wrapper
● dnscrypt-wrapper.service - dnscrypt-wrapper Service
Loaded: loaded (/etc/systemd/system/dnscrypt-wrapper.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2017-09-11 02:29:33 UTC; 7s ago
Process: 29951 ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log (code=exited, status=1/FAILURE)
Main PID: 29951 (code=exited, status=1/FAILURE)
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Started dnscrypt-wrapper Service.
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Starting dnscrypt-wrapper Service...
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: dnscrypt-wrapper.service: main process exited, code=exited, status=1/FAILURE
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Unit dnscrypt-wrapper.service entered failed state.
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: dnscrypt-wrapper.service failed.
from dnscrypt-wrapper.
@cofyc , this systemctl config file
is create by myself. in fact, I am not know about a lot about how to
write this correctly, just as a working template, it worked well for some others package, e.g. shadowsocks,
So, maybe my config is maybe not correct?
And, it current worked when invoked from a wrappered bash scripts which wrap same command.
[root@vil963 ~]# ps aux |grep dnscrypt
root 6219 0.0 0.1 16444 652 ? Ss 22:37 0:00 /usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log
from dnscrypt-wrapper.
hi,
[Service]
Type=simple
User=dnscrypt-wrapper
You configured the systemd dnscrypt-wrapper.service to run as dnscrypt-wrapper
, but in your ExecStart
command, you let it to read some files (e.g. /root/.dnskey/1.key
) in your root directory, this will cause permission errors (because only root can access files under /root
).
You need to put these files in your a non-root directory (e.g. /etc/dnscrypt-wrapper
), and setup permission like this:
chown -R root:root /etc/dnscrypt-wrapper
chmod 0755 /etc/dnscrypt-wrapper
chmod 0664 /etc/dnscrypt-wrapper/*
from dnscrypt-wrapper.
@cofyc , not work.
root@localhost:/etc/dnscrypt-wrapper# cat /etc/systemd/system/dnscrypt-wrapper.service
[Unit]
Description=dnscrypt-wrapper Service
After=network.target
[Service]
Type=simple
User=dnscrypt-wrapper
ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log
ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-abort
LimitNOFILE=51200
LimitCORE=infinity
LimitNPROC=51200
[Install]
WantedBy=multi-user.target
root@localhost:/etc/dnscrypt-wrapper# ls -l
total 20
-r--r--r-- 1 root root 124 Sep 11 03:45 1.cert
-r-------- 1 root root 32 Sep 11 03:45 1.key
-rw-r--r-- 1 root root 101 Sep 11 03:45 fingerprint
-r--r--r-- 1 root root 32 Sep 11 03:45 public.key
-r-------- 1 root root 64 Sep 11 03:45 secret.key
root@localhost:/etc/dnscrypt-wrapper# systemctl start dnscrypt-wrapper
root@localhost:/etc/dnscrypt-wrapper# systemctl status dnscrypt-wrapper
● dnscrypt-wrapper.service - dnscrypt-wrapper Service
Loaded: loaded (/etc/systemd/system/dnscrypt-wrapper.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2017-09-11 03:50:06 UTC; 9s ago
Process: 27283 ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-c
Main PID: 27283 (code=exited, status=1/FAILURE)
Sep 11 03:50:06 localhost systemd[1]: Started dnscrypt-wrapper Service.
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Main process exited, code=exited, status=1/FAILURE
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Unit entered failed state.
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Failed with result 'exit-code'.
from dnscrypt-wrapper.
Have you created dnscrypt-wrapper
user?
Try to run this command manually to debug: su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log'
from dnscrypt-wrapper.
Have you created dnscrypt-wrapper user?
@cofyc , yes, I create this user with useradd dnscrypt-wrapper -s /sbin/nologin
.
Try to run this command manually to debug:
It failed, $$ return 1.
Thanks
from dnscrypt-wrapper.
@cofyc , I need change User=dnscrypt-wrapper
to User=root
, right?
from dnscrypt-wrapper.
The problem is: why use user dnscrypt-wrapper
run failed?
from dnscrypt-wrapper.
What's the output of command su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log'
?
from dnscrypt-wrapper.
@cofyc , No any failed message. (remove -d )
from dnscrypt-wrapper.
[root@vil963 ~]# su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -VVV -l /var/log/dnscrypt-wrapper.log'
[root@vil963 ~]# echo $?
1
from dnscrypt-wrapper.
/etc/dnscrypt-wrapper/1.key /etc/dnscrypt-wrapper/1.cert seem like correct permission.
[root@vil963 etc]# ls -lh /etc/dnscrypt-wrapper/*
-rw-rw-r-- 1 root root 124 Sep 9 08:46 /etc/dnscrypt-wrapper/1.cert
-rw-rw-r-- 1 root root 32 Sep 9 08:46 /etc/dnscrypt-wrapper/1.key
-rw-rw-r-- 1 root root 101 Sep 9 08:46 /etc/dnscrypt-wrapper/fingerprint
-rw-rw-r-- 1 root root 32 Sep 9 08:46 /etc/dnscrypt-wrapper/public.key
-rw-rw-r-- 1 root root 64 Sep 9 08:46 /etc/dnscrypt-wrapper/secret.key
from dnscrypt-wrapper.
su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV'
Remove -l /var/log/dnscrypt-wrapper.log
and run again.
from dnscrypt-wrapper.
@cofyc , sorry
I am wrong.
- i use
-l
to redirect log,i forget it. - another /etc/init.d/ scripts auto start server again, so, error is:
[10545] 11 Sep 23:34:16.487 [err] [udp_request.c:516] Unable to bind (UDP) [Address already in use]
from dnscrypt-wrapper.
@cofyc , change config to /etc/dnsmasq-wrapper is worked.
Thanks
from dnscrypt-wrapper.
Related Issues (20)
- CLOSE_WAIT HOT 3
- Support for Raspberry Pi / Raspbian? HOT 2
- 请教:在使用dnscrypt-proxy 2.x版本中,如果使用非443端口。 HOT 2
- Log entry "Received a suspicious query from the client" HOT 2
- After success run one or two days, get following error message and not work HOT 5
- Support for xchacha20: no HOT 2
- undefind sodium_bin2base64 HOT 6
- Default expiration days is 1? HOT 2
- [ERROR] Invalid provider key HOT 3
- Suspicious certificate received HOT 1
- 关于创建密钥对时的问题:创建密钥对时一定要使用域名吗?只使用IP是否可以? HOT 2
- dnscrypt-wrapper make pihole random crash?
- How to have each client connect to a different resolver HOT 1
- How to generate TXT record for DNS for protocol version 2? HOT 1
- FreeBSD 12 - No chacha support? HOT 1
- 在客户机器(比如mac上)怎么使用Stamp? HOT 2
- SEGV when passing the same key twice
- Provide a tool/option to verify certificates
- dnscrypt-wrapper --gen-provider-keypair have bug
- Unable to build on aarch64-apple-darwin (Apple Silicon) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dnscrypt-wrapper.