Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 85410 invoked from network); 13 Aug 2010 01:06:12 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Aug 2010 01:06:12 -0000 Received: (qmail 18513 invoked by uid 500); 13 Aug 2010 01:06:11 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 18413 invoked by uid 500); 13 Aug 2010 01:06:10 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 18403 invoked by uid 99); 13 Aug 2010 01:06:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2010 01:06:10 +0000 X-ASF-Spam-Status: No, hits=3.6 required=10.0 tests=FREEMAIL_FROM,FS_REPLICA,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jochenkempf@gmail.com designates 74.125.82.180 as permitted sender) Received: from [74.125.82.180] (HELO mail-wy0-f180.google.com) (74.125.82.180) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2010 01:06:06 +0000 Received: by wya21 with SMTP id 21so2833385wya.11 for ; Thu, 12 Aug 2010 18:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=nqMfViPbflSOo9GOFLjV0dBVInYXlYzWoNpSaCYj2/Q=; b=yE3CKQNWlMbCF+SHbaG+CkVceEJazALlf1XDN8TEKxfaRHZdnWC2YhLSawR3fbVZUd +/gnK0ZY9WPz33xMilkXNHPkfD7ehwNJtTXpEwsQ58r1QrRpHqkdjg+Yl08kgUCjbInM Z9ZJPR18lFN+tEPnSTHtjBuvRX67AJoEC714Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=PUMr4cHtXRX2lt67adEXx/yRYRJdwxMMXQ/IGLTo3RfmSp9PyptuJTlEFKo1sd+0JP LLuG67jUcq0GeUat08ng5qzpcrMmiANI0vk/3bFMWewI/McKWXXkVf1L7ZtnLP2JpWcv rylVBWNbZMo6QrfyHq94NCdZy7NagU6YjCJbY= Received: by 10.227.128.147 with SMTP id k19mr854190wbs.52.1281661544260; Thu, 12 Aug 2010 18:05:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.183.148 with HTTP; Thu, 12 Aug 2010 18:05:23 -0700 (PDT) In-Reply-To: References: From: Jochen Kempf Date: Thu, 12 Aug 2010 21:05:23 -0400 Message-ID: Subject: Re: Replication error using basic authentication on nginx To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Has anyone else tried pull replication with ssl secured CouchDB 0.11.2? I just tried it and.....still the same problem: design_docs are not replicated :( Here is the log: [Fri, 13 Aug 2010 01:03:26 GMT] [info] [<0.31773.0>] 201.215.27.127 - - 'GET' /test/_design%2FTest?open_revs=["3-fd3452225ed1b85e7adabb6027f50224"]&revs=true&latest=true&att_encoding_info=true 301 I am using Erlang R13B03 (erts-5.7.4) on both servers - do I have to use the latest Erlang version? 2010/8/11 Jochen Kempf : > Hi Daniel, > > I also tried replication disabling basic auth and setting the > authorization header with "proxy_set_header Authorization > $http_authorization;" in nginx. > > Unless I didn't do something wrong here it should work, right? > But I get the same error during replication! > > I think I'll have to wait the new CouchDB releases as J Chris Anderson > recommended here: > > ------------------------ > sorry the list keeps bouncing my reply. so here it is direct: > > There is a bug in 0.11.1 and 1.0.0 (fixed in trunk and 0.11.2, and > will be in the 1.0.1 release which is due this week). > > The 0.11.2 release has been approved, currently we're just waiting for > it to be uploaded to the mirrors and the website. Watch this space for > details: http://couchdb.apache.org/downloads.html > > The bug is that the replicator "forgets" basic-auth credentials when > there is a redirect (as there is for design documents.) > > The redirect for design documents is because the URL > /db/_design%2Ffoo/_view/foo is considered too ugly, so we make that > resource available at /db/_design/foo/_view/foo. To avoid having the > document in 2 places, we do a redirect, which in this case, the > replicator has to follow. > > The solution is to upgrade to 0.11.2, the 1.0.x svn branch, or wait > for the 1.0.1 release. (Or turn off basic auth.) I'm not aware of > another workaround. > > Chris > ------------------------------------ > > Thanks for your reply Daniel! > > 2010/8/11 Daniel Truemper : >> Hi, >> >> From the gist I see that you have enabled basic authentication inside nginx. Why so? Try do disable it and only use the CouchDB authentication. >> >> In the "http response of replication" the 401 is from nginx not CouchDB. So maybe it gets mixed up somewhere... >> >> Daniel >> >>> Hi, >>> >>> I have been trying to figure out quite for a while why I cannot do >>> "pull replication using nginx basic authentication on the source >>> system. >>> I simply do not know what I am doing wrong nor why couchdb fails >>> replicating giving a not authorized error considering I can >>> successfully do a put request to a design doc. >>> I tried replication both in futon as on console but no chance to get it work :-( >>> >>> I have put a public gist at: http://gist.github.com/518113 >>> which shows a couchdb log for the corresponding "pull replication, a >>> couchdb log for a put request to a design doc, the replication http >>> response, my complete nginx.conf file and my iptables. Both systems >>> use Ubuntu 10.04 and Couchdb 0.11.1. >>> >>> As I use the same credentials for both the basic authentication in >>> nginx and couchdb the put request to a design doc succeeds - why >>> doesn't the replication? >>> >>> Can anyone explain the logic of the couchdb replication log? >>> Why is there a 404 response? >>> Why are there a 301 response? >>> >>> I really got stuck with that and need to find any suitable solution to >>> use couchdb without admin party mode. >>> >>> Any hint is highly appreciated! >> >> >