couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frédéric Audon <chave...@gmail.com>
Subject Re: CouchDB 2.0 crashing with SSL
Date Wed, 15 Mar 2017 11:08:57 GMT
2017-03-14 18:28 GMT+01:00 Myles Braithwaite 👾 <me@mylesbraithwaite.com>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Frédéric Audon wrote:
> > I have couchDB 2.0 in single node.
> >
> > I have a crash with SSL
> >
> > [ssl]
> > cert_file = /etc/letsencrypt/archive/db1.fidjy.com/cert1.pem
> > key_file = /etc/letsencrypt/archive/db1.fidjy.com/privkey1.pem
> > ssl_certificate_max_depth = 1
> > ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
> > tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']
> >
> > [info] 2017-03-14T16:49:52.045429Z couchdb@localhost <0.204.0> --------
> > Starting couch_sup
> >
> > [error] 2017-03-14T16:49:52.142392Z couchdb@localhost <0.235.0> --------
> > CRASH REPORT Process  (<0.235.0>) with 0 neighbors exited with reason:
> bad
> > argument in call to
> > mochiweb_socket:'-filter_broken_cipher_suites/1-fun-0-'/1(line:41) at
> > lists:'-filter/2-lc$^0/1-0-'/2(line:1284) <=
> > mochiweb_socket:add_unbroken_ciphers_default/1(line:34) <=
> > mochiweb_socket:listen/4(line:20) <=
> > mochiweb_socket_server:listen/3(line:224) <=
> gen_server:init_it/6(line:306)
> > <= proc_lib:init_p_do_apply/3(line:237); initial_call:
> > {mochiweb_socket_server,init,['Argument__1']}, ancestors:
> > [couch_secondary_services,couch_sup,<0.203.0>], messages: [], links:
> > [<0.212.0>], dictionary: [], trap_exit: true, status: running, heap_size:
> > 1598, stack_size: 27, reductions: 1459
>
> I think you also have to include the `cacert_file` to use Let's Encrypt,
> see documentation here:
> <http://docs.couchdb.org/en/2.0.0/config/http.html#ssl/cacert_file>.
>

cacert_file
Path to file containing PEM encoded CA certificates (trusted certificates
used for verifying a peer certificate). May be omitted if you do not want
to verify the peer:
http://docs.couchdb.org/en/1.6.1/config/http.html#ssl/cacert_file


> Are you sure that the files
> `/etc/letsencrypt/archive/db1.fidjy.com/{cert1,privkey1,fullchain1}.pem`
> are all readably by CouchDB user?
>

Yes, I checked


>
> Also this blog post,
> <https://medium.com/@silverbackdan/installing-
> couchdb-2-0-nosql-with-centos-7-and-certbot-lets-encrypt-
> f412198c3051#.c0kslhcj0>
> suggest using a proxy like Haproxy or Nginx to handle the SSL instead of
> CouchDB


I use couchdDB 1.6 with SSL. It works very well.


> .
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCAAGBQJYyCgiAAoJEKSaZN9bQjWQeyUQALy3cLB2FzJ1D9zl+okgyDBu
> lzpwOEgqu7vIJl7Z8KcQ9um96XNhL/nbNtYOkPjVhwcdic8TBx9BAgHHDNack4VF
> kCOWgIqVhWSX1YvWxi35Ckl47nhDjlSLrA1R06loWtsASq0L/75BMJb6fOvzESjZ
> ++K3436/YccptuOrjVoHVT42urybkcutwUqMv7ZmmB252S/gzmxtJGHKttHjZWbl
> V8n/Sle0/fjI15oqK2br/cY4c1VL8sQhojnIeEMxwvzgMi5Ka8BS/32fRctcVrdO
> PA0omwwCfvW079S3MuQxAb/xyj/RR18DgzHOwDJWlZuFUv7Kg0V9N3/bibb6VSQZ
> NwOlTwagpcktQebbO7a7exZQTToRHRXJ/Qu4+1ypeMEq/xsR4sPS/2TfoPiNVOrf
> 8zBu2VJuMcwxMyryptcwJILv6PN90Eg2i8FMbjIqOb8Z8Jn0BORZNFhd8ZoMksba
> a2f1xmmcF6vkOrH4Lx1APtRFQjayYHDMg/PdVZluOyobXya4PBFrkQPmJzCymHdC
> boKllXm2rrw21JI8C+DK1XMXS64yovinBcJ4fkbPIT31ese1T5svT0eCofmCFoGR
> jEDZquUHAXho9xxEROMuthNLBXSBb7JDsOCiOZ+KZdMQkBQ9xY3QroNIZCMZ4hAg
> WnuU0ynGZPIY7pJrU4KR
> =W0S3
> -----END PGP SIGNATURE-----
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message