Giter Club home page Giter Club logo

Comments (16)

cofyc avatar cofyc commented on June 13, 2024

Could you provide your systemd dnscrypt-wrapper.service and logs when you start it?

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , Sorry for confuse, I deploy again, and got following error:

[root@li1260-37 system]# cat /etc/systemd/system/dnscrypt-wrapper.service 
     [Unit]
     Description=dnscrypt-wrapper Service
     After=network.target

     [Service]
     Type=simple
     User=dnscrypt-wrapper
     ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log
     ExecReload=/bin/kill -USR1 $MAINPID
     Restart=on-abort
     LimitNOFILE=51200
     LimitCORE=infinity
     LimitNPROC=51200

     [Install]
     WantedBy=multi-user.target

[root@li1260-37 system]# systemctl start dnscrypt-wrapper
[root@li1260-37 system]# systemctl status dnscrypt-wrapper
● dnscrypt-wrapper.service - dnscrypt-wrapper Service
   Loaded: loaded (/etc/systemd/system/dnscrypt-wrapper.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-09-11 02:29:33 UTC; 7s ago
  Process: 29951 ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log (code=exited, status=1/FAILURE)
 Main PID: 29951 (code=exited, status=1/FAILURE)

Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Started dnscrypt-wrapper Service.
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Starting dnscrypt-wrapper Service...
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: dnscrypt-wrapper.service: main process exited, code=exited, status=1/FAILURE
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: Unit dnscrypt-wrapper.service entered failed state.
Sep 11 02:29:33 li1260-37.members.linode.com systemd[1]: dnscrypt-wrapper.service failed.

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , this systemctl config file is create by myself. in fact, I am not know about a lot about how to
write this correctly, just as a working template, it worked well for some others package, e.g. shadowsocks,
So, maybe my config is maybe not correct?

And, it current worked when invoked from a wrappered bash scripts which wrap same command.

[root@vil963 ~]# ps aux |grep dnscrypt
root      6219  0.0  0.1  16444   652 ?        Ss   22:37   0:00 /usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/root/.dnskey/1.key --provider-cert-file=/root/.dnskey/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log

from dnscrypt-wrapper.

cofyc avatar cofyc commented on June 13, 2024

hi,

[Service]
Type=simple
User=dnscrypt-wrapper

You configured the systemd dnscrypt-wrapper.service to run as dnscrypt-wrapper, but in your ExecStart command, you let it to read some files (e.g. /root/.dnskey/1.key) in your root directory, this will cause permission errors (because only root can access files under /root).

You need to put these files in your a non-root directory (e.g. /etc/dnscrypt-wrapper), and setup permission like this:

chown -R root:root /etc/dnscrypt-wrapper
chmod 0755 /etc/dnscrypt-wrapper
chmod 0664 /etc/dnscrypt-wrapper/*

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , not work.

root@localhost:/etc/dnscrypt-wrapper# cat /etc/systemd/system/dnscrypt-wrapper.service 
     [Unit]
     Description=dnscrypt-wrapper Service
     After=network.target

     [Service]
     Type=simple
     User=dnscrypt-wrapper
     ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log
     ExecReload=/bin/kill -USR1 $MAINPID
     Restart=on-abort
     LimitNOFILE=51200
     LimitCORE=infinity
     LimitNPROC=51200

     [Install]
     WantedBy=multi-user.target
root@localhost:/etc/dnscrypt-wrapper# ls -l
total 20
-r--r--r-- 1 root root 124 Sep 11 03:45 1.cert
-r-------- 1 root root  32 Sep 11 03:45 1.key
-rw-r--r-- 1 root root 101 Sep 11 03:45 fingerprint
-r--r--r-- 1 root root  32 Sep 11 03:45 public.key
-r-------- 1 root root  64 Sep 11 03:45 secret.key
root@localhost:/etc/dnscrypt-wrapper# systemctl start dnscrypt-wrapper
root@localhost:/etc/dnscrypt-wrapper# systemctl status dnscrypt-wrapper
● dnscrypt-wrapper.service - dnscrypt-wrapper Service
   Loaded: loaded (/etc/systemd/system/dnscrypt-wrapper.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2017-09-11 03:50:06 UTC; 9s ago
  Process: 27283 ExecStart=/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-c
 Main PID: 27283 (code=exited, status=1/FAILURE)

Sep 11 03:50:06 localhost systemd[1]: Started dnscrypt-wrapper Service.
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Main process exited, code=exited, status=1/FAILURE
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Unit entered failed state.
Sep 11 03:50:06 localhost systemd[1]: dnscrypt-wrapper.service: Failed with result 'exit-code'.

from dnscrypt-wrapper.

cofyc avatar cofyc commented on June 13, 2024

Have you created dnscrypt-wrapper user?
Try to run this command manually to debug: su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log'

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

Have you created dnscrypt-wrapper user?

@cofyc , yes, I create this user with useradd dnscrypt-wrapper -s /sbin/nologin.

Try to run this command manually to debug:

It failed, $$ return 1.

Thanks

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , I need change User=dnscrypt-wrapper to User=root, right?

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

The problem is: why use user dnscrypt-wrapper run failed?

from dnscrypt-wrapper.

cofyc avatar cofyc commented on June 13, 2024

What's the output of command su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV -l /var/log/dnscrypt-wrapper.log'?

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , No any failed message. (remove -d )

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024 
[root@vil963 ~]# su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.domain.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -VVV -l /var/log/dnscrypt-wrapper.log'
[root@vil963 ~]# echo $?
1

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

/etc/dnscrypt-wrapper/1.key /etc/dnscrypt-wrapper/1.cert seem like correct permission.

[root@vil963 etc]# ls -lh /etc/dnscrypt-wrapper/*
-rw-rw-r-- 1 root root 124 Sep  9 08:46 /etc/dnscrypt-wrapper/1.cert
-rw-rw-r-- 1 root root  32 Sep  9 08:46 /etc/dnscrypt-wrapper/1.key
-rw-rw-r-- 1 root root 101 Sep  9 08:46 /etc/dnscrypt-wrapper/fingerprint
-rw-rw-r-- 1 root root  32 Sep  9 08:46 /etc/dnscrypt-wrapper/public.key
-rw-rw-r-- 1 root root  64 Sep  9 08:46 /etc/dnscrypt-wrapper/secret.key

from dnscrypt-wrapper.

cofyc avatar cofyc commented on June 13, 2024

su dnscrypt-wrapper -s /bin/bash -c '/usr/sbin/dnscrypt-wrapper -a 0.0.0.0:22335 -r 8.8.4.4:53 --provider-name=2.dnscrypt-cert.zw963.com --crypt-secretkey-file=/etc/dnscrypt-wrapper/1.key --provider-cert-file=/etc/dnscrypt-wrapper/1.cert -d -VVV'

Remove -l /var/log/dnscrypt-wrapper.log and run again.

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , sorry

I am wrong.

  1. i use -l to redirect log,i forget it.
  2. another /etc/init.d/ scripts auto start server again, so, error is: [10545] 11 Sep 23:34:16.487 [err] [udp_request.c:516] Unable to bind (UDP) [Address already in use]

from dnscrypt-wrapper.

zw963 avatar zw963 commented on June 13, 2024

@cofyc , change config to /etc/dnsmasq-wrapper is worked.

Thanks

from dnscrypt-wrapper.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.