You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Olivier LEVILLAIN <ol...@free.fr> on 2017/04/22 17:20:40 UTC
Problem with SSL
Hi,
I'm trying to run CouchDB 2.0.0 on Raspbian Jessy under SSL and I get
errors when starting the daemons.
I just added the following lines to my default.ini file:
in [daemons]:
httpsd={couch_httpd, start_link, [https]}
in [ssl]:
cert_file = /home/couchdb/couchdb/certs/couchdb.pem
key_file = /home/couchdb/couchdb/certs/privkey.pem
The above files exist and have been created as described in
http://docs.couchdb.org/en/latest/config/http.html#secure-socket-level-options
Then sudo service couchdb restart (works fine with http)
In the log file, I can see:
[info] 2017-04-22T16:49:54.246546Z couchdb@localhost <0.7.0> --------
Application couch_log started on node couchdb@localhost
[info] 2017-04-22T16:49:54.282294Z couchdb@localhost <0.7.0> --------
Application folsom started on node couchdb@localhost
[info] 2017-04-22T16:49:54.553328Z couchdb@localhost <0.7.0> --------
Application couch_stats started on node couchdb@localhost
[info] 2017-04-22T16:49:54.554439Z couchdb@localhost <0.7.0> --------
Application khash started on node couchdb@localhost
[info] 2017-04-22T16:49:54.618663Z couchdb@localhost <0.7.0> --------
Application couch_event started on node couchdb@localhost
[info] 2017-04-22T16:49:54.661842Z couchdb@localhost <0.7.0> --------
Application ibrowse started on node couchdb@localhost
[info] 2017-04-22T16:49:54.701897Z couchdb@localhost <0.7.0> --------
Application ioq started on node couchdb@localhost
[info] 2017-04-22T16:49:54.702851Z couchdb@localhost <0.7.0> --------
Application mochiweb started on node couchdb@localhost
[info] 2017-04-22T16:49:54.703968Z couchdb@localhost <0.7.0> --------
Application oauth started on node couchdb@localhost
[info] 2017-04-22T16:49:54.761335Z couchdb@localhost <0.204.0> --------
Apache CouchDB 2.0.0 is starting.
[info] 2017-04-22T16:49:54.762212Z couchdb@localhost <0.205.0> --------
Starting couch_sup
[error] 2017-04-22T16:49:55.144926Z couchdb@localhost <0.204.0> --------
Error starting Apache CouchDB:
{error,{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}}}}}}}
[error] 2017-04-22T16:49:55.158126Z couchdb@localhost <0.213.0> --------
Supervisor couch_secondary_services had child httpsd started with
couch_httpd:start_link(https) at undefined exit with reason
{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},...]}]}}
in context start_error
[error] 2017-04-22T16:49:55.161570Z couchdb@localhost <0.205.0> --------
Supervisor couch_sup had child couch_secondary_services started with
couch_secondary_sup:start_link() at undefined exit with reason
{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,...}]}}}}
in context start_error
[error] 2017-04-22T16:49:55.164234Z couchdb@localhost <0.203.0> --------
CRASH REPORT Process (<0.203.0>) with 0 neighbors exited with reason:
{{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...}
at application_master:init/4(line:133) <=
proc_lib:init_p_do_apply/3(line:237); initial_call:
{application_master,init,['Argument__1','Argument__2',...]}, ancestors:
[<0.202.0>], messages: [{'EXIT',<0.204.0>,normal}], links:
[<0.202.0>,<0.7.0>], dictionary: [], trap_exit: true, status: running,
heap_size: 987, stack_size: 27, reductions: 151
[info] 2017-04-22T16:49:55.167461Z couchdb@localhost <0.7.0> --------
Application couch exited with reason:
{{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...}
I can't see in this log what really fails...
I found https://issues.apache.org/jira/browse/COUCHDB-3162 but I'm not
sure it's the real fix.
If yes, when will couchdb 2.1 be out? (or even 2.0.1?)
Thanks
Olivier
Re: Problem with SSL
Posted by Olivier LEVILLAIN <ol...@free.fr>.
Whoa, such a fast reply!
And it works, thanks!
Bye
Olivier
Le 22/04/2017 19:31, Robert Samuel Newson a crit :
> ciphers = undefined
> tls_versions = undefined
> secure_renegotiate = undefined
>
Re: Problem with SSL
Posted by Robert Samuel Newson <rn...@apache.org>.
Hi,
This is a bug in 2.0 that's been fixed already (COUCHDB-3162), but here's a workaround;
in local.ini add;
[ssl]
ciphers = undefined
tls_versions = undefined
secure_renegotiate = undefined
This will give you the default settings. You can obviously customise these to suit.
NOTE: the default cipher suite that erlang will give will not give you the best rating from ssllabs.com, you'll need to exclude weaker options to get to A- grade.
You also want to say this in [daemons] instead of what you have;
httpsd = {chttpd, start_link, [https]}
B.
> On 22 Apr 2017, at 18:20, Olivier LEVILLAIN <ol...@free.fr> wrote:
>
> Hi,
> I'm trying to run CouchDB 2.0.0 on Raspbian Jessy under SSL and I get errors when starting the daemons.
> I just added the following lines to my default.ini file:
>
> in [daemons]:
> httpsd={couch_httpd, start_link, [https]}
>
> in [ssl]:
> cert_file = /home/couchdb/couchdb/certs/couchdb.pem
> key_file = /home/couchdb/couchdb/certs/privkey.pem
>
> The above files exist and have been created as described in http://docs.couchdb.org/en/latest/config/http.html#secure-socket-level-options
>
> Then sudo service couchdb restart (works fine with http)
>
> In the log file, I can see:
>
> [info] 2017-04-22T16:49:54.246546Z couchdb@localhost <0.7.0> -------- Application couch_log started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.282294Z couchdb@localhost <0.7.0> -------- Application folsom started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.553328Z couchdb@localhost <0.7.0> -------- Application couch_stats started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.554439Z couchdb@localhost <0.7.0> -------- Application khash started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.618663Z couchdb@localhost <0.7.0> -------- Application couch_event started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.661842Z couchdb@localhost <0.7.0> -------- Application ibrowse started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.701897Z couchdb@localhost <0.7.0> -------- Application ioq started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.702851Z couchdb@localhost <0.7.0> -------- Application mochiweb started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.703968Z couchdb@localhost <0.7.0> -------- Application oauth started on node couchdb@localhost
> [info] 2017-04-22T16:49:54.761335Z couchdb@localhost <0.204.0> -------- Apache CouchDB 2.0.0 is starting.
>
> [info] 2017-04-22T16:49:54.762212Z couchdb@localhost <0.205.0> -------- Starting couch_sup
> [error] 2017-04-22T16:49:55.144926Z couchdb@localhost <0.204.0> -------- Error starting Apache CouchDB:
>
> {error,{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}}}}}}}
>
>
> [error] 2017-04-22T16:49:55.158126Z couchdb@localhost <0.213.0> -------- Supervisor couch_secondary_services had child httpsd started with couch_httpd:start_link(https) at undefined exit with reason {'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},...]}]}} in context start_error
> [error] 2017-04-22T16:49:55.161570Z couchdb@localhost <0.205.0> -------- Supervisor couch_sup had child couch_secondary_services started with couch_secondary_sup:start_link() at undefined exit with reason {shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,306}]},{proc_lib,init_p_do_apply,...}]}}}} in context start_error
> [error] 2017-04-22T16:49:55.164234Z couchdb@localhost <0.203.0> -------- CRASH REPORT Process (<0.203.0>) with 0 neighbors exited with reason: {{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...} at application_master:init/4(line:133) <= proc_lib:init_p_do_apply/3(line:237); initial_call: {application_master,init,['Argument__1','Argument__2',...]}, ancestors: [<0.202.0>], messages: [{'EXIT',<0.204.0>,normal}], links: [<0.202.0>,<0.7.0>], dictionary: [], trap_exit: true, status: running, heap_size: 987, stack_size: 27, reductions: 151
> [info] 2017-04-22T16:49:55.167461Z couchdb@localhost <0.7.0> -------- Application couch exited with reason: {{shutdown,{failed_to_start_child,couch_secondary_services,{shutdown,{failed_to_start_child,httpsd,{'EXIT',{badarg,[{erlang,'++',[undefined,"."],[]},{couch_util,parse_term,1,[{file,"src/couch_util.erl"},{line,164}]},{couch_httpd,start_link,1,[{file,"src/couch_httpd.erl"},{line,46}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,314}]},{supervisor,start_children,3,[{file,"supervisor.erl"},{line,297}]},{supervisor,init_children,2,[{file,"supervisor.erl"},{line,263}]},{gen_server,...},...]}}}}}},...}
>
>
> I can't see in this log what really fails...
> I found https://issues.apache.org/jira/browse/COUCHDB-3162 but I'm not sure it's the real fix.
> If yes, when will couchdb 2.1 be out? (or even 2.0.1?)
>
> Thanks
> Olivier