couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stephenson <b...@cherrypc.com>
Subject Setting up SSL Certs for CouchDB 2.0 on Ubuntu 16.04
Date Thu, 13 Jul 2017 04:25:05 GMT
Hi all,

I apologize to you all for being MIA here for so long. I redid all my email a few months ago
and the address I’d used here was deleted.

Anyway I’ve been working with a DigitalOcean VPS running CouchDB 2 installed on Ubuntu 16.04
with this script:

	https://github.com/afiskon/install-couchdb <https://github.com/afiskon/install-couchdb>

That works great and it also sets up a service to start CouchDB (which I was having trouble
with when building it from source myself).

After that I moved on setting up SSL. From what I’ve gathered I should use Haproxy and can
use Certbot to do this and I found this guide by Daniel West on using Haproxy and Certbot
with CouchDB on Centos 7:

	https://medium.com/@silverbackdan/installing-couchdb-2-0-nosql-with-centos-7-and-certbot-lets-encrypt-f412198c3051
<https://medium.com/@silverbackdan/installing-couchdb-2-0-nosql-with-centos-7-and-certbot-lets-encrypt-f412198c3051>

With that and some other reading I’ve got Haproxy working using the example config file
that comes with CouchDB:

	root@ebloc:~# curl http://ebloc.com:15984
	{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache Software Foundation”}}

Next I used Fauxton to create the CouchDB admin user and rebooted the VPS and I’m still
good. I made a few databases using Fauxton and curl and all is working fine:

	root@ebloc:~# curl -X PUT http://admin:password@ebloc.com:15984/bill
	{"ok":true}

Here I made a “snapshot” of my DigitalOcean “Droplet” so I could start over from this
point and then I tried to use Fauxton to setup a single node as per the Daniel West guide
but that mucked things up for me and I could no longer access CouchDB so I rebuilt my Droplet
from the snapshot.

With the rebuilt VPS I’ve not messed with the CouchDB "local.ini” or “default.ini”
files at all and everything is working so I installed Certbot and Openssl. 

In the Daniel West guide he has: "Step 6. Create CertBot hook for Haproxy — Bash script”.


I started there and followed though to: "Step 9. Configure Haproxy for HTTPS"

When I was finished and ran "service haproxy restart” I got an error. I rebuilt the Droplet
and repeated those steps a few times to make sure I didn’t fat finger any input but got
the same error each time.

So I tried again by just issuing the cert and copying the fullchain.pem to the path in the
shown in Step 9:

	/etc/haproxy/cert-haproxy.pem

 After restarting haproxy I get the same error:

"Job for haproxy.service failed because the control process exited with error code. See "systemctl
status haproxy.service" and "journalctl -xe" for details.” 

Below I’ve included what those output but this line in it looks like what I might need to
know more about:

	"input_userauth_request: invalid user teamspeak [preauth]"

I have no idea where to go from here so any pointers would be much appreciated.

Thank you all for being here,

—

Bill Stephenson
bill@cherrypc.com

———————————————————————


root@ebloc:~# systemctl status haproxy.service
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2017-07-13 03:38:29 UTC; 8min ago
     Docs: man:haproxy(1)
           file:/usr/share/doc/haproxy/configuration.txt.gz
  Process: 4274 ExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q (code=exited, status=0/SUCCESS)
 Main PID: 4278 (haproxy-systemd)
    Tasks: 3
   Memory: 1.0M
      CPU: 47ms
   CGroup: /system.slice/haproxy.service
           ├─4278 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
           ├─4280 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
           └─4282 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds

Jul 13 03:38:29 ebloc systemd[1]: Starting HAProxy Load Balancer...
Jul 13 03:38:29 ebloc systemd[1]: Started HAProxy Load Balancer.
Jul 13 03:38:29 ebloc haproxy-systemd-wrapper[4278]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy
-f /etc/ha
Jul 13 03:38:29 ebloc hap

———————————————————

root@ebloc:~# journalctl -xe
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Service hold-off time over, scheduling
restart.
Jul 13 03:36:35 ebloc systemd[1]: Stopped HAProxy Load Balancer.
-- Subject: Unit haproxy.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has finished shutting down.
Jul 13 03:36:35 ebloc systemd[1]: Starting HAProxy Load Balancer...
-- Subject: Unit haproxy.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has begun starting up.
Jul 13 03:36:35 ebloc haproxy[4264]: [ALERT] 193/033635 (4264) : parsing [/etc/haproxy/haproxy.cfg:39]
: 'bind *:159
Jul 13 03:36:35 ebloc haproxy[4264]: [ALERT] 193/033635 (4264) : Error(s) found in configuration
file : /etc/haproxy
Jul 13 03:36:35 ebloc haproxy[4264]: [ALERT] 193/033635 (4264) : Proxy 'http-in': no SSL certificate
specified for b
Jul 13 03:36:35 ebloc haproxy[4264]: [ALERT] 193/033635 (4264) : Fatal errors found in configuration.
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Control process exited, code=exited status=1
Jul 13 03:36:35 ebloc systemd[1]: Failed to start HAProxy Load Balancer.
-- Subject: Unit haproxy.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has failed.
-- 
-- The result is failed.
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Unit entered failed state.
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Failed with result 'exit-code'.
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Service hold-off time over, scheduling
restart.
Jul 13 03:36:35 ebloc systemd[1]: Stopped HAProxy Load Balancer.
-- Subject: Unit haproxy.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has finished shutting down.
Jul 13 03:36:35 ebloc systemd[1]: haproxy.service: Start request repeated too quickly.
Jul 13 03:36:35 ebloc systemd[1]: Failed to start HAProxy Load Balancer.
-- Subject: Unit haproxy.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has failed.
-- 
-- The result is failed.
Jul 13 03:38:29 ebloc systemd[1]: Stopped HAProxy Load Balancer.
-- Subject: Unit haproxy.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has finished shutting down.
Jul 13 03:38:29 ebloc systemd[1]: Starting HAProxy Load Balancer...
-- Subject: Unit haproxy.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has begun starting up.
Jul 13 03:38:29 ebloc systemd[1]: Started HAProxy Load Balancer.
-- Subject: Unit haproxy.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit haproxy.service has finished starting up.
-- 
-- The start-up result is done.
Jul 13 03:38:29 ebloc haproxy-systemd-wrapper[4278]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy
-f /etc/ha
Jul 13 03:38:29 ebloc haproxy-systemd-wrapper[4278]: [WARNING] 193/033829 (4280) : config
: log format ignored for f
Jul 13 03:41:16 ebloc sshd[4286]: Invalid user teamspeak from 212.237.53.109
Jul 13 03:41:16 ebloc sshd[4286]: input_userauth_request: invalid user teamspeak [preauth]
Jul 13 03:41:16 ebloc sshd[4286]: Received disconnect from 212.237.53.109 port 59258:11: Normal
Shutdown, Thank you 
Jul 13 03:41:16 ebloc sshd[4286]: Disconnected from 212.237.53.109 port 59258 [preauth]
Jul 13 03:43:18 ebloc sshd[4288]: Received disconnect from 221.194.44.212 port 42206:11: 
[preauth]
Jul 13 03:43:18 ebloc sshd[4288]: Disconnected from 221.194.44.212 port 42206 [preauth]
lines 1295-1366/1366 (END)

————————————————————————






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message