couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Myles Braithwaite 👾 ...@mylesbraithwaite.com>
Subject Re: CouchDB 2.0 crashing with SSL
Date Tue, 14 Mar 2017 17:28:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Frédéric Audon wrote:
> I have couchDB 2.0 in single node.
> 
> I have a crash with SSL
> 
> [ssl]
> cert_file = /etc/letsencrypt/archive/db1.fidjy.com/cert1.pem
> key_file = /etc/letsencrypt/archive/db1.fidjy.com/privkey1.pem
> ssl_certificate_max_depth = 1
> ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
> tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']
> 
> [info] 2017-03-14T16:49:52.045429Z couchdb@localhost <0.204.0> --------
> Starting couch_sup
> 
> [error] 2017-03-14T16:49:52.142392Z couchdb@localhost <0.235.0> --------
> CRASH REPORT Process  (<0.235.0>) with 0 neighbors exited with reason: bad
> argument in call to
> mochiweb_socket:'-filter_broken_cipher_suites/1-fun-0-'/1(line:41) at
> lists:'-filter/2-lc$^0/1-0-'/2(line:1284) <=
> mochiweb_socket:add_unbroken_ciphers_default/1(line:34) <=
> mochiweb_socket:listen/4(line:20) <=
> mochiweb_socket_server:listen/3(line:224) <= gen_server:init_it/6(line:306)
> <= proc_lib:init_p_do_apply/3(line:237); initial_call:
> {mochiweb_socket_server,init,['Argument__1']}, ancestors:
> [couch_secondary_services,couch_sup,<0.203.0>], messages: [], links:
> [<0.212.0>], dictionary: [], trap_exit: true, status: running, heap_size:
> 1598, stack_size: 27, reductions: 1459

I think you also have to include the `cacert_file` to use Let's Encrypt,
see documentation here:
<http://docs.couchdb.org/en/2.0.0/config/http.html#ssl/cacert_file>.

Are you sure that the files
`/etc/letsencrypt/archive/db1.fidjy.com/{cert1,privkey1,fullchain1}.pem`
are all readably by CouchDB user?

Also this blog post,
<https://medium.com/@silverbackdan/installing-couchdb-2-0-nosql-with-centos-7-and-certbot-lets-encrypt-f412198c3051#.c0kslhcj0>
suggest using a proxy like Haproxy or Nginx to handle the SSL instead of
CouchDB.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJYyCgiAAoJEKSaZN9bQjWQeyUQALy3cLB2FzJ1D9zl+okgyDBu
lzpwOEgqu7vIJl7Z8KcQ9um96XNhL/nbNtYOkPjVhwcdic8TBx9BAgHHDNack4VF
kCOWgIqVhWSX1YvWxi35Ckl47nhDjlSLrA1R06loWtsASq0L/75BMJb6fOvzESjZ
++K3436/YccptuOrjVoHVT42urybkcutwUqMv7ZmmB252S/gzmxtJGHKttHjZWbl
V8n/Sle0/fjI15oqK2br/cY4c1VL8sQhojnIeEMxwvzgMi5Ka8BS/32fRctcVrdO
PA0omwwCfvW079S3MuQxAb/xyj/RR18DgzHOwDJWlZuFUv7Kg0V9N3/bibb6VSQZ
NwOlTwagpcktQebbO7a7exZQTToRHRXJ/Qu4+1ypeMEq/xsR4sPS/2TfoPiNVOrf
8zBu2VJuMcwxMyryptcwJILv6PN90Eg2i8FMbjIqOb8Z8Jn0BORZNFhd8ZoMksba
a2f1xmmcF6vkOrH4Lx1APtRFQjayYHDMg/PdVZluOyobXya4PBFrkQPmJzCymHdC
boKllXm2rrw21JI8C+DK1XMXS64yovinBcJ4fkbPIT31ese1T5svT0eCofmCFoGR
jEDZquUHAXho9xxEROMuthNLBXSBb7JDsOCiOZ+KZdMQkBQ9xY3QroNIZCMZ4hAg
WnuU0ynGZPIY7pJrU4KR
=W0S3
-----END PGP SIGNATURE-----


Mime
View raw message