Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@couchdb.apache.org
Received-SPF: pass (athena.apache.org: domain of jochenkempf@gmail.com
 designates 74.125.82.42 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        b=CPC9bfIpRMTkoiGh9/XJXWyZKcFtSRn2t89sDGruMT4qy0GFHlcY2tCu5sL/iury1+
         zaP62yZHv3HIa31Mi5gT4hRjutbyftqFwa+8yPEuE7aPz55RIGU797taAdXcXDHeuMO6
         QagQOU40YX3vXNstch4C4byuVoFKSPAMRsR7s=
MIME-Version: 1.0
In-Reply-To: <AANLkTimKsieRg17YWkmd2ovpzaut0d=aBQ+E0uEBp3re@mail.gmail.com>
References: <AANLkTinw2UEo7=Y1r7Scc92D1qzkGCdFEFOSmP454LF4@mail.gmail.com>
 <C9FC5F4F-9852-44E7-A004-DE9B6CC4A5B9@googlemail.com>
 <AANLkTi=AvRpQUs7CrpG3gyaG7ox2WyU3YDQGsJk__6Bg@mail.gmail.com>
 <AANLkTimKsieRg17YWkmd2ovpzaut0d=aBQ+E0uEBp3re@mail.gmail.com>
From: Jochen Kempf <jochenkempf@gmail.com>
Date: Fri, 13 Aug 2010 10:58:21 -0400
Message-ID: <AANLkTim4pTaH8qGNaNF+ksXmUS1xWxDeB1CKOXc0_SZm@mail.gmail.com>
Subject: Re: Replication error using basic authentication on nginx
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1

Hopefully I can figure out one day what is going wrong with ssl
replication (nginx) - by now I just exclude design docs from
replication using a replication filter.

Filter doc:
{
   "_id": "_design/Replication",
   "_rev": "1-26c7c5e5b28a0b67caad16540207982e",
   "filters": {
       "no_design": "function(doc,req){       var s =
doc._id.substr(0,7);       if (s == '_design') {         return false;
      } else {         return true;       }     }"
   }
}


2010/8/12 Jochen Kempf <jochenkempf@gmail.com>:
> Has anyone else tried pull replication with ssl secured CouchDB 0.11.2?
>
> I just tried it and.....still the same problem: design_docs are not
> replicated :(
>
> Here is the log:
> [Fri, 13 Aug 2010 01:03:26 GMT] [info] [<0.31773.0>] 201.215.27.127 -
> - 'GET' /test/_design%2FTest?open_revs=["3-fd3452225ed1b85e7adabb6027f50224"]&revs=true&latest=true&att_encoding_info=true
> 301
>
> I am using Erlang R13B03 (erts-5.7.4) on both servers - do I have to
> use the latest Erlang version?
>
>
>
> 2010/8/11 Jochen Kempf <jochenkempf@gmail.com>:
>> Hi Daniel,
>>
>> I also tried replication disabling basic auth and setting the
>> authorization header with "proxy_set_header Authorization
>> $http_authorization;" in nginx.
>>
>> Unless I didn't do something wrong here it should work, right?
>> But I get the same error during replication!
>>
>> I think I'll have to wait the new CouchDB releases as J Chris Anderson
>> recommended here:
>>
>> ------------------------
>> sorry the list keeps bouncing my reply. so here it is direct:
>>
>> There is a bug in 0.11.1 and 1.0.0 (fixed in trunk and 0.11.2, and
>> will be in the 1.0.1 release which is due this week).
>>
>> The 0.11.2 release has been approved, currently we're just waiting for
>> it to be uploaded to the mirrors and the website. Watch this space for
>> details: http://couchdb.apache.org/downloads.html
>>
>> The bug is that the replicator "forgets" basic-auth credentials when
>> there is a redirect (as there is for design documents.)
>>
>> The redirect for design documents is because the URL
>> /db/_design%2Ffoo/_view/foo is considered too ugly, so we make that
>> resource available at /db/_design/foo/_view/foo. To avoid having the
>> document in 2 places, we do a redirect, which in this case, the
>> replicator has to follow.
>>
>> The solution is to upgrade to 0.11.2, the 1.0.x svn branch, or wait
>> for the 1.0.1 release. (Or turn off basic auth.) I'm not aware of
>> another workaround.
>>
>> Chris
>> ------------------------------------
>>
>> Thanks for your reply Daniel!
>>
>> 2010/8/11 Daniel Truemper <truemped@googlemail.com>:
>>> Hi,
>>>
>>> From the gist I see that you have enabled basic authentication inside nginx. Why so? Try do disable it and only use the CouchDB authentication.
>>>
>>> In the "http response of replication" the 401 is from nginx not CouchDB. So maybe it gets mixed up somewhere...
>>>
>>> Daniel
>>>
>>>> Hi,
>>>>
>>>> I have been trying to figure out quite for a while why I cannot do
>>>> "pull replication using nginx basic authentication on the source
>>>> system.
>>>> I simply do not know what I am doing wrong nor why couchdb fails
>>>> replicating giving a not authorized error considering I can
>>>> successfully do a put request to a design doc.
>>>> I tried replication both in futon as on console but no chance to get it work :-(
>>>>
>>>> I have put a public gist at: http://gist.github.com/518113
>>>> which shows a couchdb log for the corresponding "pull replication, a
>>>> couchdb log for a put request to a design doc, the replication http
>>>> response, my complete nginx.conf file and my iptables. Both systems
>>>> use Ubuntu 10.04 and Couchdb 0.11.1.
>>>>
>>>> As I use the same credentials for both the basic authentication in
>>>> nginx and couchdb the put request to a design doc succeeds - why
>>>> doesn't the replication?
>>>>
>>>> Can anyone explain the logic of the couchdb replication log?
>>>> Why is there a 404 response?
>>>> Why are there a 301 response?
>>>>
>>>> I really got stuck with that and need to find any suitable solution to
>>>> use couchdb without admin party mode.
>>>>
>>>> Any hint is highly appreciated!
>>>
>>>
>>
>