Hi, have several CouchDB instances replicating through untrusted network space. Thus these instances are behind a Nginx SSL-Proxy. Everything works fine though when for whatever reason one of the connection breaks then this pull replication never recovers. Even restarting the replication job does not have any effect despite not giving an error. Also in Futon the replication jobs are still reported as running (they never go away).
I just have set up a local test environment with just two nodes
replicating to each other. One of the nodes is behind Nginx with SSL,
and the other is directly reachable unencrypted. When restarting the
unencrypted instance the pull replication on the other Couch recovers
like a charm and and things are in sync quickly again. Not so when i
restart the instance behind HTTPS. This replication never results in any
action again until the instance doing the pull replication is restarted.
After a couple bit of debugging i found that it seems like the _changes
feed is never again requested from the just restarted instance. As soon
as i restart the instance i get the following entry in the Nginx log:
10.1.1.201 - - [10/Mar/2010:17:40:50 +0100]
"GET
/database_1/_changes?style=all_docs&heartbeat=10000&since=3135&feed=continuous
HTTP/1.1" 200 408 "-" "CouchDB/0.10.1"
This means the long running connection has just finished (this was the
former working replication request). Afterwards i would suspect the
Couch to start up such a request again, though this never happens.
I am using CouchDB 0.10.1 on Ubuntu 9.10 64bit with Nginx 0.7.62.
Any help or ideas are highly appreciated
Simon
The nginx confiuration looks like so:
# -----------
server {
listen 8444;
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
server_name somehost1;
proxy_buffering off;
access_log /var/log/nginx/couchssl-access.log;
location / {
proxy_pass http://127.0.0.1:5984;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# -----------
--
Simon Eisenmann
[ mailto:[email protected] ]
[ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ]
[ T. +49.711.896656.68 | F.+49.711.89665610 ]
[ http://www.struktur.de | mailto:[email protected] ]
smime.p7s
Description: S/MIME cryptographic signature
