You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Doug Snyder <we...@gmail.com> on 2017/06/13 21:51:41 UTC
Connection Refused Errors connecting to CouchDB 2.0
I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server. I've
got it installed and running as a systemd service and it responses with its
friendly hello world message when I access it from the server using
127.0.0.1 or 0.0.0.0
$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
in my local.ini file I've configed the bind_address to 0.0.0.0
[httpd]
bind_address = 0.0.0.0
My understanding was that if I had this bind address I could connect to
port 5984 from any ip address open in my firewall
I'm using firewalld for my firewall and I've configured it to open port
5984 This config is confirmed by listing the configuration of the public
zone:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: couchdb2 dhcpv6-client http https ssh
ports: 443/tcp 5984/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
I've also created a service called couchdb2 at
/etc/firewalld/services/couchdb2.xml with XML:
<service>
<short>couchdb2</short>
<description>CouchDB 2.0 Instance</description>
<port protocol="tcp" port="5984"/>
</service>
From what I know about firewalld I should be able to receive connection on
5984 now
but when I curl from my laptop my connection is refused:
$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
* Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0
When I connect to the couchdb instance locally via either 127.0.0.1 or
0.0.0.0 I can see the 200 response in my couchdb log:
$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
But when I curled from my laptop nothing shows up in the couchdb log for
the Connection Refused error.
I tried to figure out if firewalld was blocking the connection to CouchDB
by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS at
/etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10
I restart firewalld and confirm its running at debug level 10:
$ sudo systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
Docs: man:firewalld(1)
Main PID: 25209 (firewalld)
CGroup: /system.slice/firewalld.service
└─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid --debug=10
Then I curl from my laptop again, get a connection refused error, and look
at the logs:
$ tail -n 64 /var/log/firewalld
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
2017-06-13 16:41:26 DEBUG1:
config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
2017-06-13 16:41:26
DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
These are config messages from when firewalld restarted. There's nothing
logged regarding the connection refused. I'm not sure if firewalld would
log a connection that passed through to CouchDB on 5984 or not. Maybe it
got through to CouchDB and this is a CouchDB issue?
To the best of my knowledge both CouchDB and firewalld are configured
correctly, but its not working like I expected. Any help would be
appreciated, whether you know the problem or whether you can just help me
discern if the problem is related to CouchDB or firewalld.
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Noel Quintos <np...@gmail.com>.
Hi Doug,
In my case, I set bind_address to 0.0.0.0 under Section "chttpd". I am
using it under windows, though, and not sure if it makes any difference.
On Wed, Jun 21, 2017 at 8:50 PM, Doug Snyder <we...@gmail.com> wrote:
> I've been waiting over a week to get any reply, with no success. I'm trying
> to get a basic server up. Can anybody help me with what should be a pretty
> simple problem?
>
> On Tue, Jun 13, 2017 at 5:51 PM, Doug Snyder <we...@gmail.com>
> wrote:
>
> > I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server.
> I've
> > got it installed and running as a systemd service and it responses with
> its
> > friendly hello world message when I access it from the server using
> > 127.0.0.1 or 0.0.0.0
> >
> > $ curl 127.0.0.1:5984
> > {"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
> > Software Foundation"}}
> > $ curl 0.0.0.0:5984
> > {"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
> > Software Foundation"}}
> >
> > in my local.ini file I've configed the bind_address to 0.0.0.0
> >
> > [httpd]
> > bind_address = 0.0.0.0
> >
> > My understanding was that if I had this bind address I could connect to
> > port 5984 from any ip address open in my firewall
> >
> > I'm using firewalld for my firewall and I've configured it to open port
> > 5984 This config is confirmed by listing the configuration of the public
> > zone:
> >
> > $ sudo firewall-cmd --zone=public --list-all
> > public (active)
> > target: default
> > icmp-block-inversion: no
> > interfaces: eth0
> > sources:
> > services: couchdb2 dhcpv6-client http https ssh
> > ports: 443/tcp 5984/tcp
> > protocols:
> > masquerade: no
> > forward-ports:
> > sourceports:
> > icmp-blocks:
> > rich rules:
> >
> > I've also created a service called couchdb2 at /etc/firewalld/services/
> couchdb2.xml
> > with XML:
> >
> > <service>
> > <short>couchdb2</short>
> > <description>CouchDB 2.0 Instance</description>
> > <port protocol="tcp" port="5984"/>
> > </service>
> >
> > From what I know about firewalld I should be able to receive connection
> on
> > 5984 now
> >
> > but when I curl from my laptop my connection is refused:
> >
> > $ curl my-server:5984 --verbose
> > * Rebuilt URL to: my-server:5984/
> > * Trying <my-ip>...
> > * connect to <my-ip> port 5984 failed: Connection refused
> > * Failed to connect to my-server port 5984: Connection refused
> > * Closing connection 0
> >
> > When I connect to the couchdb instance locally via either 127.0.0.1 or
> > 0.0.0.0 I can see the 200 response in my couchdb log:
> >
> > $ sudo journalctl -u couchdb2
> > ...
> > [notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
> > 222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
> > [notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
> > 2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
> >
> > But when I curled from my laptop nothing shows up in the couchdb log for
> > the Connection Refused error.
> >
> > I tried to figure out if firewalld was blocking the connection to CouchDB
> > by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS
> at
> > /etc/sysconfig/firewalld
> >
> > FIREWALLD_ARGS=--debug=10
> >
> > I restart firewalld and confirm its running at debug level 10:
> >
> > $ sudo systemctl status firewalld
> > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
> > vendor preset: enabled)
> > Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
> > Docs: man:firewalld(1)
> > Main PID: 25209 (firewalld)
> > CGroup: /system.slice/firewalld.service
> > └─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork
> --nopid --debug=10
> >
> > Then I curl from my laptop again, get a connection refused error, and
> look
> > at the logs:
> >
> > $ tail -n 64 /var/log/firewalld
> > 2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
> > 2017-06-13 16:41:26 DEBUG1:
> > config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
> > 2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
> > 2017-06-13 16:41:26
> > DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
> >
> > These are config messages from when firewalld restarted. There's nothing
> > logged regarding the connection refused. I'm not sure if firewalld would
> > log a connection that passed through to CouchDB on 5984 or not. Maybe it
> > got through to CouchDB and this is a CouchDB issue?
> >
> > To the best of my knowledge both CouchDB and firewalld are configured
> > correctly, but its not working like I expected. Any help would be
> > appreciated, whether you know the problem or whether you can just help me
> > discern if the problem is related to CouchDB or firewalld.
> >
>
--
Noel P. Quintos
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Joan Touzet <wo...@apache.org>.
Our documentation should be improved here, I agree. I made the local.ini
file at least a bit clearer a while ago:
https://github.com/apache/couchdb/blob/master/rel/overlay/etc/local.ini#L29-L32
but I don't know if that change made it into 2.0 or post-2.0.
NOTE:
You should be doing *everything* in CouchDB 2.0 through the clustered
port (default: 5984) unless *explicitly* instructed to do otherwise in
the documentation. We do not guarantee that all functionality is
supported by the node-local (5986) port - there have been bugs reported
that we will not be fixing. We will most likely be removing the
node-local port in CouchDB 3.0.
I wrote and released a utility, couchup, that helps migrate 1.x
databases to 2.x. It will be included in 2.1, but you can get your
hands on it early here:
https://github.com/apache/couchdb/blob/master/rel/overlay/bin/couchup
Click on "raw" and save it, then run it. python 2.7 or 3.x and the
python-requests library are required to use couchup.
Hope this helps,
Joan Touzet
----- Original Message -----
From: "Doug Snyder" <we...@gmail.com>
To: user@couchdb.apache.org, "Joan Touzet" <wo...@apache.org>
Sent: Thursday, 22 June, 2017 8:51:18 PM
Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
Noel, that seemed to do the trick for me. For the community maybe this should be clarified because the docs are contradictory as far as I can tell.
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I was trying to do:
bind_address
Defines the IP address by which CouchDB will be accessible:
[httpd] bind_address = 127.0.0.1
To let CouchDB listen any available IP address, just set up 0.0.0.0 value:
[httpd] bind_address = 0.0.0.0
But,is an seemingly ominous contradiction, the comments in the .ini file comments:
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
I don't understand the reference to the "frontend" clustered port because I just came from CouchDB 1.6.1 and don't understand and am not using clustering yet.
But the docs seem to say that [httpd] bind_address SHOULD be configured for a simple unclustered server or maybe a clustered one too.
The local.ini comments for [chttpd] mention the Mochiweb HTTP server and I don't know what that is or if I'm using it and I can't tell if that reference only describes on of the lines called server_options
Again nothing about chttpd is explained in the docs.
On Thu, Jun 22, 2017 at 8:16 PM, Doug Snyder < webcoach101@gmail.com > wrote:
Its on a production server. I'm getting logs of people from China and Russia trying to hack into my ssh. Is that a good idea to do even for a minute?
On Thu, Jun 22, 2017 at 3:11 AM, Joan Touzet < wohali@apache.org > wrote:
Hi Doug, have you tried completely disabling firewalld and seeing if it
works?
-Joan
----- Original Message -----
From: "Doug Snyder" < webcoach101@gmail.com >
To: user@couchdb.apache.org
Sent: Wednesday, 21 June, 2017 10:50:09 PM
Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
I've been waiting over a week to get any reply, with no success. I'm trying
to get a basic server up. Can anybody help me with what should be a pretty
simple problem?
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Doug Snyder <we...@gmail.com>.
Noel, that seemed to do the trick for me. For the community maybe this
should be clarified because the docs are contradictory as far as I can tell.
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I
was trying to do:
bind_address
<http://docs.couchdb.org/en/2.0.0/config/http.html#httpd/bind_address>
Defines the IP address by which CouchDB will be accessible:
[httpd]bind_address = 127.0.0.1
To let CouchDB listen any available IP address, just set up 0.0.0.0 value:
[httpd]bind_address = 0.0.0.0
But,is an seemingly ominous contradiction, the comments in the .ini file
comments:
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
I don't understand the reference to the "frontend" clustered port because I
just came from CouchDB 1.6.1 and don't understand and am not using
clustering yet.
But the docs seem to say that [httpd] bind_address SHOULD be configured for
a simple unclustered server or maybe a clustered one too.
The local.ini comments for [chttpd] mention the Mochiweb HTTP server and I
don't know what that is or if I'm using it and I can't tell if that
reference only describes on of the lines called server_options
Again nothing about chttpd is explained in the docs.
On Thu, Jun 22, 2017 at 8:16 PM, Doug Snyder <we...@gmail.com> wrote:
> Its on a production server. I'm getting logs of people from China and
> Russia trying to hack into my ssh. Is that a good idea to do even for a
> minute?
>
> On Thu, Jun 22, 2017 at 3:11 AM, Joan Touzet <wo...@apache.org> wrote:
>
>> Hi Doug, have you tried completely disabling firewalld and seeing if it
>> works?
>>
>> -Joan
>>
>> ----- Original Message -----
>> From: "Doug Snyder" <we...@gmail.com>
>> To: user@couchdb.apache.org
>> Sent: Wednesday, 21 June, 2017 10:50:09 PM
>> Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
>>
>> I've been waiting over a week to get any reply, with no success. I'm
>> trying
>> to get a basic server up. Can anybody help me with what should be a pretty
>> simple problem?
>>
>
>
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Doug Snyder <we...@gmail.com>.
Its on a production server. I'm getting logs of people from China and
Russia trying to hack into my ssh. Is that a good idea to do even for a
minute?
On Thu, Jun 22, 2017 at 3:11 AM, Joan Touzet <wo...@apache.org> wrote:
> Hi Doug, have you tried completely disabling firewalld and seeing if it
> works?
>
> -Joan
>
> ----- Original Message -----
> From: "Doug Snyder" <we...@gmail.com>
> To: user@couchdb.apache.org
> Sent: Wednesday, 21 June, 2017 10:50:09 PM
> Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
>
> I've been waiting over a week to get any reply, with no success. I'm trying
> to get a basic server up. Can anybody help me with what should be a pretty
> simple problem?
>
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Joan Touzet <wo...@apache.org>.
Hi Doug, have you tried completely disabling firewalld and seeing if it
works?
-Joan
----- Original Message -----
From: "Doug Snyder" <we...@gmail.com>
To: user@couchdb.apache.org
Sent: Wednesday, 21 June, 2017 10:50:09 PM
Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
I've been waiting over a week to get any reply, with no success. I'm trying
to get a basic server up. Can anybody help me with what should be a pretty
simple problem?
Re: Connection Refused Errors connecting to CouchDB 2.0
Posted by Doug Snyder <we...@gmail.com>.
I've been waiting over a week to get any reply, with no success. I'm trying
to get a basic server up. Can anybody help me with what should be a pretty
simple problem?
On Tue, Jun 13, 2017 at 5:51 PM, Doug Snyder <we...@gmail.com> wrote:
> I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server. I've
> got it installed and running as a systemd service and it responses with its
> friendly hello world message when I access it from the server using
> 127.0.0.1 or 0.0.0.0
>
> $ curl 127.0.0.1:5984
> {"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
> Software Foundation"}}
> $ curl 0.0.0.0:5984
> {"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
> Software Foundation"}}
>
> in my local.ini file I've configed the bind_address to 0.0.0.0
>
> [httpd]
> bind_address = 0.0.0.0
>
> My understanding was that if I had this bind address I could connect to
> port 5984 from any ip address open in my firewall
>
> I'm using firewalld for my firewall and I've configured it to open port
> 5984 This config is confirmed by listing the configuration of the public
> zone:
>
> $ sudo firewall-cmd --zone=public --list-all
> public (active)
> target: default
> icmp-block-inversion: no
> interfaces: eth0
> sources:
> services: couchdb2 dhcpv6-client http https ssh
> ports: 443/tcp 5984/tcp
> protocols:
> masquerade: no
> forward-ports:
> sourceports:
> icmp-blocks:
> rich rules:
>
> I've also created a service called couchdb2 at /etc/firewalld/services/couchdb2.xml
> with XML:
>
> <service>
> <short>couchdb2</short>
> <description>CouchDB 2.0 Instance</description>
> <port protocol="tcp" port="5984"/>
> </service>
>
> From what I know about firewalld I should be able to receive connection on
> 5984 now
>
> but when I curl from my laptop my connection is refused:
>
> $ curl my-server:5984 --verbose
> * Rebuilt URL to: my-server:5984/
> * Trying <my-ip>...
> * connect to <my-ip> port 5984 failed: Connection refused
> * Failed to connect to my-server port 5984: Connection refused
> * Closing connection 0
>
> When I connect to the couchdb instance locally via either 127.0.0.1 or
> 0.0.0.0 I can see the 200 response in my couchdb log:
>
> $ sudo journalctl -u couchdb2
> ...
> [notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
> 222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
> [notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
> 2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
>
> But when I curled from my laptop nothing shows up in the couchdb log for
> the Connection Refused error.
>
> I tried to figure out if firewalld was blocking the connection to CouchDB
> by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS at
> /etc/sysconfig/firewalld
>
> FIREWALLD_ARGS=--debug=10
>
> I restart firewalld and confirm its running at debug level 10:
>
> $ sudo systemctl status firewalld
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
> vendor preset: enabled)
> Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
> Docs: man:firewalld(1)
> Main PID: 25209 (firewalld)
> CGroup: /system.slice/firewalld.service
> └─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid --debug=10
>
> Then I curl from my laptop again, get a connection refused error, and look
> at the logs:
>
> $ tail -n 64 /var/log/firewalld
> 2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
> 2017-06-13 16:41:26 DEBUG1:
> config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
> 2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
> 2017-06-13 16:41:26
> DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
>
> These are config messages from when firewalld restarted. There's nothing
> logged regarding the connection refused. I'm not sure if firewalld would
> log a connection that passed through to CouchDB on 5984 or not. Maybe it
> got through to CouchDB and this is a CouchDB issue?
>
> To the best of my knowledge both CouchDB and firewalld are configured
> correctly, but its not working like I expected. Any help would be
> appreciated, whether you know the problem or whether you can just help me
> discern if the problem is related to CouchDB or firewalld.
>