Connection Refused Errors connecting to CouchDB 2.0
2,217 views
Skip to first unread message
Doug Snyder
Jun 13, 2017, 5:51:47 PM6/13/17
to us...@couchdb.apache.org
I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server. I've
got it installed and running as a systemd service and it responses with its
friendly hello world message when I access it from the server using
127.0.0.1 or 0.0.0.0
$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
in my local.ini file I've configed the bind_address to 0.0.0.0
[httpd]
bind_address = 0.0.0.0
My understanding was that if I had this bind address I could connect to
port 5984 from any ip address open in my firewall
I'm using firewalld for my firewall and I've configured it to open port
5984 This config is confirmed by listing the configuration of the public
zone:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: couchdb2 dhcpv6-client http https ssh
ports: 443/tcp 5984/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
I've also created a service called couchdb2 at
/etc/firewalld/services/couchdb2.xml with XML:
<service>
<short>couchdb2</short>
<description>CouchDB 2.0 Instance</description>
<port protocol="tcp" port="5984"/>
</service>
From what I know about firewalld I should be able to receive connection on
5984 now
but when I curl from my laptop my connection is refused:
$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
* Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0
When I connect to the couchdb instance locally via either 127.0.0.1 or
0.0.0.0 I can see the 200 response in my couchdb log:
$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
But when I curled from my laptop nothing shows up in the couchdb log for
the Connection Refused error.
I tried to figure out if firewalld was blocking the connection to CouchDB
by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS at
/etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10
I restart firewalld and confirm its running at debug level 10:
$ sudo systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
Docs: man:firewalld(1)
Main PID: 25209 (firewalld)
CGroup: /system.slice/firewalld.service
└─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid --debug=10
Then I curl from my laptop again, get a connection refused error, and look
at the logs:
$ tail -n 64 /var/log/firewalld
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
2017-06-13 16:41:26 DEBUG1:
config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
2017-06-13 16:41:26
DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
These are config messages from when firewalld restarted. There's nothing
logged regarding the connection refused. I'm not sure if firewalld would
log a connection that passed through to CouchDB on 5984 or not. Maybe it
got through to CouchDB and this is a CouchDB issue?
To the best of my knowledge both CouchDB and firewalld are configured
correctly, but its not working like I expected. Any help would be
appreciated, whether you know the problem or whether you can just help me
discern if the problem is related to CouchDB or firewalld.
got it installed and running as a systemd service and it responses with its
friendly hello world message when I access it from the server using
127.0.0.1 or 0.0.0.0
$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
in my local.ini file I've configed the bind_address to 0.0.0.0
[httpd]
bind_address = 0.0.0.0
My understanding was that if I had this bind address I could connect to
port 5984 from any ip address open in my firewall
I'm using firewalld for my firewall and I've configured it to open port
5984 This config is confirmed by listing the configuration of the public
zone:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: couchdb2 dhcpv6-client http https ssh
ports: 443/tcp 5984/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
I've also created a service called couchdb2 at
/etc/firewalld/services/couchdb2.xml with XML:
<service>
<short>couchdb2</short>
<description>CouchDB 2.0 Instance</description>
<port protocol="tcp" port="5984"/>
</service>
From what I know about firewalld I should be able to receive connection on
5984 now
but when I curl from my laptop my connection is refused:
$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
* Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0
When I connect to the couchdb instance locally via either 127.0.0.1 or
0.0.0.0 I can see the 200 response in my couchdb log:
$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
But when I curled from my laptop nothing shows up in the couchdb log for
the Connection Refused error.
I tried to figure out if firewalld was blocking the connection to CouchDB
by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS at
/etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10
I restart firewalld and confirm its running at debug level 10:
$ sudo systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
Docs: man:firewalld(1)
Main PID: 25209 (firewalld)
CGroup: /system.slice/firewalld.service
└─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid --debug=10
Then I curl from my laptop again, get a connection refused error, and look
at the logs:
$ tail -n 64 /var/log/firewalld
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
2017-06-13 16:41:26 DEBUG1:
config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
2017-06-13 16:41:26
DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
These are config messages from when firewalld restarted. There's nothing
logged regarding the connection refused. I'm not sure if firewalld would
log a connection that passed through to CouchDB on 5984 or not. Maybe it
got through to CouchDB and this is a CouchDB issue?
To the best of my knowledge both CouchDB and firewalld are configured
correctly, but its not working like I expected. Any help would be
appreciated, whether you know the problem or whether you can just help me
discern if the problem is related to CouchDB or firewalld.
Doug Snyder
Jun 21, 2017, 10:50:14 PM6/21/17
to us...@couchdb.apache.org
I've been waiting over a week to get any reply, with no success. I'm trying
to get a basic server up. Can anybody help me with what should be a pretty
simple problem?
to get a basic server up. Can anybody help me with what should be a pretty
simple problem?
Joan Touzet
Jun 22, 2017, 3:11:44 AM6/22/17
to us...@couchdb.apache.org
Hi Doug, have you tried completely disabling firewalld and seeing if it
works?
-Joan
works?
-Joan
Noel Quintos
Jun 22, 2017, 10:14:19 AM6/22/17
to us...@couchdb.apache.org
Hi Doug,
In my case, I set bind_address to 0.0.0.0 under Section "chttpd". I am
using it under windows, though, and not sure if it makes any difference.
--
Noel P. Quintos
In my case, I set bind_address to 0.0.0.0 under Section "chttpd". I am
using it under windows, though, and not sure if it makes any difference.
Noel P. Quintos
Doug Snyder
Jun 22, 2017, 8:16:50 PM6/22/17
to us...@couchdb.apache.org, Joan Touzet
Its on a production server. I'm getting logs of people from China and
Russia trying to hack into my ssh. Is that a good idea to do even for a
minute?
Russia trying to hack into my ssh. Is that a good idea to do even for a
minute?
Doug Snyder
Jun 22, 2017, 8:51:31 PM6/22/17
to us...@couchdb.apache.org, Joan Touzet
Noel, that seemed to do the trick for me. For the community maybe this
should be clarified because the docs are contradictory as far as I can tell.
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I
was trying to do:
bind_address
<http://docs.couchdb.org/en/2.0.0/config/http.html#httpd/bind_address>
Defines the IP address by which CouchDB will be accessible:
[httpd]bind_address = 127.0.0.1
To let CouchDB listen any available IP address, just set up 0.0.0.0 value:
[httpd]bind_address = 0.0.0.0
But,is an seemingly ominous contradiction, the comments in the .ini file
comments:
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
I don't understand the reference to the "frontend" clustered port because I
just came from CouchDB 1.6.1 and don't understand and am not using
clustering yet.
But the docs seem to say that [httpd] bind_address SHOULD be configured for
a simple unclustered server or maybe a clustered one too.
The local.ini comments for [chttpd] mention the Mochiweb HTTP server and I
don't know what that is or if I'm using it and I can't tell if that
reference only describes on of the lines called server_options
Again nothing about chttpd is explained in the docs.
should be clarified because the docs are contradictory as far as I can tell.
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I
was trying to do:
bind_address
<http://docs.couchdb.org/en/2.0.0/config/http.html#httpd/bind_address>
Defines the IP address by which CouchDB will be accessible:
[httpd]bind_address = 127.0.0.1
To let CouchDB listen any available IP address, just set up 0.0.0.0 value:
[httpd]bind_address = 0.0.0.0
But,is an seemingly ominous contradiction, the comments in the .ini file
comments:
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
I don't understand the reference to the "frontend" clustered port because I
just came from CouchDB 1.6.1 and don't understand and am not using
clustering yet.
But the docs seem to say that [httpd] bind_address SHOULD be configured for
a simple unclustered server or maybe a clustered one too.
The local.ini comments for [chttpd] mention the Mochiweb HTTP server and I
don't know what that is or if I'm using it and I can't tell if that
reference only describes on of the lines called server_options
Again nothing about chttpd is explained in the docs.
Joan Touzet
Jun 23, 2017, 1:14:54 AM6/23/17
to Doug Snyder, us...@couchdb.apache.org
Our documentation should be improved here, I agree. I made the local.ini
file at least a bit clearer a while ago:
https://github.com/apache/couchdb/blob/master/rel/overlay/etc/local.ini#L29-L32
but I don't know if that change made it into 2.0 or post-2.0.
NOTE:
You should be doing *everything* in CouchDB 2.0 through the clustered
port (default: 5984) unless *explicitly* instructed to do otherwise in
the documentation. We do not guarantee that all functionality is
supported by the node-local (5986) port - there have been bugs reported
that we will not be fixing. We will most likely be removing the
node-local port in CouchDB 3.0.
I wrote and released a utility, couchup, that helps migrate 1.x
databases to 2.x. It will be included in 2.1, but you can get your
hands on it early here:
https://github.com/apache/couchdb/blob/master/rel/overlay/bin/couchup
Click on "raw" and save it, then run it. python 2.7 or 3.x and the
python-requests library are required to use couchup.
Hope this helps,
Joan Touzet
----- Original Message -----
From: "Doug Snyder" <webco...@gmail.com>
To: us...@couchdb.apache.org, "Joan Touzet" <woh...@apache.org>
Sent: Thursday, 22 June, 2017 8:51:18 PM
Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
file at least a bit clearer a while ago:
https://github.com/apache/couchdb/blob/master/rel/overlay/etc/local.ini#L29-L32
but I don't know if that change made it into 2.0 or post-2.0.
NOTE:
You should be doing *everything* in CouchDB 2.0 through the clustered
port (default: 5984) unless *explicitly* instructed to do otherwise in
the documentation. We do not guarantee that all functionality is
supported by the node-local (5986) port - there have been bugs reported
that we will not be fixing. We will most likely be removing the
node-local port in CouchDB 3.0.
I wrote and released a utility, couchup, that helps migrate 1.x
databases to 2.x. It will be included in 2.1, but you can get your
hands on it early here:
https://github.com/apache/couchdb/blob/master/rel/overlay/bin/couchup
Click on "raw" and save it, then run it. python 2.7 or 3.x and the
python-requests library are required to use couchup.
Hope this helps,
Joan Touzet
----- Original Message -----
From: "Doug Snyder" <webco...@gmail.com>
To: us...@couchdb.apache.org, "Joan Touzet" <woh...@apache.org>
Sent: Thursday, 22 June, 2017 8:51:18 PM
Subject: Re: Connection Refused Errors connecting to CouchDB 2.0
Noel, that seemed to do the trick for me. For the community maybe this should be clarified because the docs are contradictory as far as I can tell.
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I was trying to do:
bind_address
As far as I can see there is absolutely no documentation for chttpd.
There's a section called: CouchDB HTTP Server
ere's a at http://docs.couchdb.org/en/2.0.0/config/http.html
and it explicity says that [httpd] should be configured for exactly what I was trying to do:
bind_address
Reply all
Reply to author
Forward
0 new messages