You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Olivier LEVILLAIN <ol...@free.fr> on 2017/04/22 17:20:40 UTC

Problem with SSL

Hi,
I'm trying to run CouchDB 2.0.0 on Raspbian Jessy under SSL and I get 
errors when starting the daemons.
I just added the following lines to my default.ini file:

in [daemons]:
httpsd={couch_httpd, start_link, [https]}

in [ssl]:
cert_file = /home/couchdb/couchdb/certs/couchdb.pem
key_file = /home/couchdb/couchdb/certs/privkey.pem

The above files exist and have been created as described in 
http://docs.couchdb.org/en/latest/config/http.html#secure-socket-level-options 


Then sudo service couchdb restart (works fine with http)

In the log file, I can see:

[info] 2017-04-22T16:49:54.246546Z couchdb@localhost <0.7.0> -------- 
Application couch_log started on node couchdb@localhost
[info] 2017-04-22T16:49:54.282294Z couchdb@localhost <0.7.0> -------- 
Application folsom started on node couchdb@localhost
[info] 2017-04-22T16:49:54.553328Z couchdb@localhost <0.7.0> -------- 
Application couch_stats started on node couchdb@localhost
[info] 2017-04-22T16:49:54.554439Z couchdb@localhost <0.7.0> -------- 
Application khash started on node couchdb@localhost
[info] 2017-04-22T16:49:54.618663Z couchdb@localhost <0.7.0> -------- 
Application couch_event started on node couchdb@localhost
[info] 2017-04-22T16:49:54.661842Z couchdb@localhost <0.7.0> -------- 
Application ibrowse started on node couchdb@localhost
[info] 2017-04-22T16:49:54.701897Z couchdb@localhost <0.7.0> -------- 
Application ioq started on node couchdb@localhost
[info] 2017-04-22T16:49:54.702851Z couchdb@localhost <0.7.0> -------- 
Application mochiweb started on node couchdb@localhost
[info] 2017-04-22T16:49:54.703968Z couchdb@localhost <0.7.0> -------- 
Application oauth started on node couchdb@localhost
[info] 2017-04-22T16:49:54.761335Z couchdb@localhost <0.204.0> -------- 
Apache CouchDB 2.0.0 is starting.

[info] 2017-04-22T16:49:54.762212Z couchdb@localhost <0.205.0> -------- 
Starting couch_sup
[error] 2017-04-22T16:49:55.144926Z couchdb@localhost <0.204.0> -------- 
Error starting Apache CouchDB:

{error,{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}}}}}}}


[error] 2017-04-22T16:49:55.158126Z couchdb@localhost <0.213.0> -------- 
Supervisor couch_secondary_services had child httpsd started with 
couch_httpd:start_link(https) at undefined exit with reason 
{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},...]}]}} 
in context start_error
[error] 2017-04-22T16:49:55.161570Z couchdb@localhost <0.205.0> -------- 
Supervisor couch_sup had child couch_secondary_services started with 
couch_secondary_sup:start_link() at undefined exit with reason 
{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,...}]}}}} 
in context start_error
[error] 2017-04-22T16:49:55.164234Z couchdb@localhost <0.203.0> -------- 
CRASH REPORT Process  (<0.203.0>) with 0 neighbors exited with reason: 
{{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...} 
at application_master:init/4(line:133) <= 
proc_lib:init_p_do_apply/3(line:237); initial_call: 
{application_master,init,['Argument__1','Argument__2',...]}, ancestors: 
[<0.202.0>], messages: [{'EXIT',<0.204.0>,normal}], links: 
[<0.202.0>,<0.7.0>], dictionary: [], trap_exit: true, status: running, 
heap_size: 987, stack_size: 27, reductions: 151
[info] 2017-04-22T16:49:55.167461Z couchdb@localhost <0.7.0> -------- 
Application couch exited with reason: 
{{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...}


I can't see in this log what really fails...
I found https://issues.apache.org/jira/browse/COUCHDB-3162 but I'm not 
sure it's the real fix.
If yes, when will couchdb 2.1 be out? (or even 2.0.1?)

Thanks
Olivier

Re: Problem with SSL

Posted by Olivier LEVILLAIN <ol...@free.fr>.

Whoa, such a fast reply!
And it works, thanks!
Bye
Olivier
Le 22/04/2017  19:31, Robert Samuel Newson a crit :
> ciphers = undefined
> tls_versions = undefined
> secure_renegotiate = undefined
>

Re: Problem with SSL

Posted by Robert Samuel Newson <rn...@apache.org>.

Hi,

This is a bug in 2.0 that's been fixed already (COUCHDB-3162), but here's a workaround;

in local.ini add;

[ssl]
ciphers = undefined
tls_versions = undefined
secure_renegotiate = undefined

This will give you the default settings. You can obviously customise these to suit.

NOTE: the default cipher suite that erlang will give will not give you the best rating from ssllabs.com, you'll need to exclude weaker options to get to A- grade.

You also want to say this in [daemons] instead of what you have;

httpsd = {chttpd, start_link, [https]}

B.

> On 22 Apr 2017, at 18:20, Olivier LEVILLAIN <ol...@free.fr> wrote:
> 
> Hi,
> I'm trying to run CouchDB 2.0.0 on Raspbian Jessy under SSL and I get errors when starting the daemons.
> I just added the following lines to my default.ini file:
> 
> in [daemons]:
> httpsd={couch_httpd, start_link, [https]}
> 
> in [ssl]:
> cert_file = /home/couchdb/couchdb/certs/couchdb.pem
> key_file = /home/couchdb/couchdb/certs/privkey.pem
> 
> The above files exist and have been created as described in http://docs.couchdb.org/en/latest/config/http.html#secure-socket-level-options 
> 
> Then sudo service couchdb restart (works fine with http)
> 
> In the log file, I can see:
> 
> [info] 2017-04-22T16:49:54.246546Z couchdb@localhost <0.7.0> -------- Application couch_log started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.282294Z couchdb@localhost <0.7.0> -------- Application folsom started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.553328Z couchdb@localhost <0.7.0> -------- Application couch_stats started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.554439Z couchdb@localhost <0.7.0> -------- Application khash started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.618663Z couchdb@localhost <0.7.0> -------- Application couch_event started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.661842Z couchdb@localhost <0.7.0> -------- Application ibrowse started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.701897Z couchdb@localhost <0.7.0> -------- Application ioq started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.702851Z couchdb@localhost <0.7.0> -------- Application mochiweb started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.703968Z couchdb@localhost <0.7.0> -------- Application oauth started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.761335Z couchdb@localhost <0.204.0> -------- Apache CouchDB 2.0.0 is starting.
> 
> [info] 2017-04-22T16:49:54.762212Z couchdb@localhost <0.205.0> -------- Starting couch_sup
> [error] 2017-04-22T16:49:55.144926Z couchdb@localhost <0.204.0> -------- Error starting Apache CouchDB:
> 
> {error,{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}}}}}}}
> 
> 
> [error] 2017-04-22T16:49:55.158126Z couchdb@localhost <0.213.0> -------- Supervisor couch_secondary_services had child httpsd started with couch_httpd:start_link(https) at undefined exit with reason {'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},...]}]}} in context start_error
> [error] 2017-04-22T16:49:55.161570Z couchdb@localhost <0.205.0> -------- Supervisor couch_sup had child couch_secondary_services started with couch_secondary_sup:start_link() at undefined exit with reason {shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,...}]}}}} in context start_error
> [error] 2017-04-22T16:49:55.164234Z couchdb@localhost <0.203.0> -------- CRASH REPORT Process  (<0.203.0>) with 0 neighbors exited with reason: {{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...} at application_master:init/4(line:133) <= proc_lib:init_p_do_apply/3(line:237); initial_call: {application_master,init,['Argument__1','Argument__2',...]}, ancestors: [<0.202.0>], messages: [{'EXIT',<0.204.0>,normal}], links: [<0.202.0>,<0.7.0>], dictionary: [], trap_exit: true, status: running, heap_size: 987, stack_size: 27, reductions: 151
> [info] 2017-04-22T16:49:55.167461Z couchdb@localhost <0.7.0> -------- Application couch exited with reason: {{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...}
> 
> 
> I can't see in this log what really fails...
> I found https://issues.apache.org/jira/browse/COUCHDB-3162 but I'm not sure it's the real fix.
> If yes, when will couchdb 2.1 be out? (or even 2.0.1?)
> 
> Thanks
> Olivier