Kopano Gateway stops responding after rotation of log

Hello,

It appears the gateway component stops responding to client requests when log rotation occurs.

Sun Jun  4 03:37:15 2017: [info   ] [15138] Log process received sighup
Sun Jun  4 03:37:15 2017: [info   ] [15136] Got SIGHUP config was reloaded
Sun Jun  4 03:37:15 2017: [error  ] [15136] SSL CTX certificate file error: error:0200100D:system library:fopen:Permission denied
Sun Jun  4 03:37:15 2017: [info   ] [15138] Log process received sighup
Sun Jun  4 03:37:15 2017: [error  ] [15136] Error reloading SSL context
Sun Jun  4 03:37:15 2017: [info   ] [15136] Log connection was reset

The gateway service does not crash as I can see it running. The only way to re-establish client connections is to restart kopano-gateway.

OS: Centos 7 (latest release)
Product version: 8,3,1,15
File version: 15

Thanks
Wiz

that sounds a bit like https://jira.kopano.io/browse/KC-684 (which is fixed for the next 8.3.1 rc sheduled for later this week). What permissions have you set for the ssl certificates configured for the gateway? how are the permissions of folders in the tree?

Oh and I should also say that I was not able to reproduce this on a Ubuntu 14.04 machine running the same version of Kopano. But on this specific machine imaps and pop3s is not configured since its not used.

@fbartels said in Kopano Gateway stops responding after rotation of log:

What permissions have you set for the ssl certificates configured for the gateway? how are the permissions of folders in the tree?

Hello Felix,

/etc/kopano/ssl has 0750/drwxr-x— access permissions while the key and crt files have 0600/-rw------- access permissions - both folder and files owned by root:root

I can’t comment on imap and pop3/pop3s as they have been disabled (not used) and I am not seeing any other cert/key access errors in the log besides the one that occurs after log rotation.

Thanks

@Wiz if you are running kopano-gateway as kopano:kopano and your keyfile is only readable (and writeable) for root:root, then you should make it readable for either the kopano user or the kopano group.

Thanks @fbartels … I’ve updated the ownership on the directory/files and will report back.

@fbartels Quick update - the perms fix has resolved this issue.

Thanks again.